Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How do you sign your Firefox extensions?

I have developed a couple of extensions for Firefox, and am annoyed that it is so hard to get the extension signed. When an extension isn't signed, it says "Author not verified" when it is installed, and to me that just looks wrong.

I have a simple build script that builds my .xpi file from sources, and I have a licenced copy of PKZip (which according to a number of tutorials is required to build a signed xpi file that Firefox requires), but I haven't found a way to get a free/cheap certificate that actually works or a set of instructions that do the trick.

Since my extensions are free, I don't want to spend $400 on a commercial certificate, but I don't mind spending $50 or so to get it done. I have both Linux and Windows machines, although my build script currently uses Windows and that would be most convenient to use.

How have you solved this? What do I need to do to automatically and securely sign my extensions when they are built?

Edit: I appreciate the Google hits, but the steps they provide aren't complete enough on how to actually get a certificate that works. The feeling I get reminds me of this classic:

alt text

like image 634
Allan Mertner Avatar asked Sep 24 '08 20:09

Allan Mertner


1 Answers

I've used the comodo certificate to sign XPIs. It was the cheapest option at the time.

I've written a few posts on the XPI Format and a howto for signing using a java commandline tool.

My tool XPISigner simplifies the process considerably and is integratable into build systems.

I've removed the tool as it no longer works with FF4 or higher. Source is available on http://code.google.com/p/xpisigner/ if anyone feels like fixing.

like image 83
koregan Avatar answered Oct 24 '22 04:10

koregan