For those using XPISigner, and there appears to be a few of you according to the site stats, there will be an update released next month:
Features:
I’ve been working on a firefox extension in my spare time, a little something that’s not quite ready for primetime yet. Having worked in the security industry for the last 7 years I was conscious that my extension probably wouldn’t be accepted by very many people if it wasn’t signed.[1] The closest thing to ‘official’ documentation on signing an extension is Signing-an-XPI (mozdevgroup.org).
After a couple of days of pain, I’ve decided to write up a doc on how I was able to successfully sign an xpi using a test cert. For no better reason than I know I will forget by next week and honestly I wouldn’t want to wish the pain I endured doing this on others.
Great, this guy has done all the hard figuring out and is going to give us the couple of steps needed to do the job…
Step 1 – Build NSS First off you will need to fetch and compile the NSS tools you will need to do this. Sorry, there is no way around this.
Hey! I wanted to sign an extension, not compile the security subsystem of Mozilla. I’m off elsewhere … http://oy-oy.eu/huh/firefox-extension-code-signed-with-spc-pvk/ At least this time it only involves several binary downloads, but you have to set PATHs etc so that’s going to put people off. Has no-one sat down and created a simple tool that doesn’t require you do download zips from here and exes from there? … guess not. I didn’t really want to have to do it but in then end there wasn’t really a choice. I pulled the source for the latest firefox release (2.0.0.3), grabbed a signed extension (google toolbar) and sat myself down to figure out what it was that kept people from making this easy. Firefox XPI Internal Structure is a look at how the verification process works and XPISigner is the fruit of my labours.
Recent Comments