Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How can I build a Safari extension package from the command line?

Instead of going to Extension Builder > Build Package…, I'd like to built a .safariextz package from the MyExtension.safariextension folder.

I know I can unpack an extension with xar -xf. I suspect the way back involves packing it with xar, but then I'll need to do the code signing thing, which may or may not involve codesign(1).

like image 755
kch Avatar asked Aug 06 '10 11:08

kch


People also ask

How do I create a custom Safari extension?

Enable your app extension in SafariOpen Safari and choose Safari > Preferences. Select the Advanced tab, then select the “Show Develop menu in menu bar” checkbox. Choose Develop > Allow Unsigned Extensions, enter your password, and click OK.

What language are Safari extensions written in?

Safari app extensions use a combination of JavaScript, CSS, and native code written in Objective-C or Swift. Because you build Safari app extensions on the standard app extension model, you get many native app benefits: You bundle Safari app extensions inside your app and distribute them through the App Store.


2 Answers

Here are Omar Ismail's instructions, omitting the need for separate shell scripts. This will all occur in a directory safari/, where we will be signing the directory safari/appname.safariextension/ to become the extension safari/appname.safariextz. The first thing is to sign the extension the official way, with Extension Builder's Build Package.

Set up Xar:
1. Download and unzip/untar https://github.com/downloads/mackyle/xar/xar-1.6.1.tar.gz to wherever you want the executable xar-1.6.1 (xar 1.6dev doesn't support the options we need)
2. in xar-1.6.1/

./configure
make
sudo make install
sudo ln -s /full/path/to/xar-1.6.1/src/xar /usr/local/bin/xar161

Set up your certificates:
1. in safari/

mkdir certs/
xar161 -f appname.safariextz --extract-certs certs/

2. open Keychain Access and export your Safari Developer certificate to safari/certs/certs.p12 (use a blank password for certs.p12, and then use your Mac's password to export the cert)
3. in safari/certs/

openssl pkcs12 -in certs.p12 -nodes | openssl x509 -outform der -out cert.der
(same blank password)
openssl pkcs12 -in certs.p12 -nodes | openssl rsa -out key.pem
(same blank password)
openssl dgst -sign key.pem -binary < key.pem | wc -c > size.txt

It's possible that you can get the certificates from certs/cert.p12, and not need the --extract-certs step (and hence not need the extension built the official way), but I don't know openssl well enough, and it's only for the set up that you need that step anyway.

Once everything is set up, to sign the extension:
In safari/

xar161 -czf appname.safariextz --distribution appname.safariextension/
xar161 --sign -f appname.safariextz --digestinfo-to-sign digest.dat --sig-size `cat certs/size.txt` --cert-loc certs/cert.der --cert-loc certs/cert01 --cert-loc certs/cert02
openssl rsautl -sign -inkey certs/key.pem -in digest.dat -out sig.dat
xar161 --inject-sig sig.dat -f appname.safariextz
rm -f sig.dat digest.dat

This was all on a 2006 Snow Leopard MacBook, so it's possible things may be different on a machine that's more up to date.

like image 102
Teepeemm Avatar answered Sep 21 '22 17:09

Teepeemm


Looks like there is a way to patch XAR with a signature option. http://code.google.com/p/xar/issues/detail?id=76#c0

like image 45
gleuch Avatar answered Sep 20 '22 17:09

gleuch