Closed
Bug 1160969
Opened 9 years ago
Closed 9 years ago
Sign multi-package XPIs
Categories
(addons.mozilla.org Graveyard :: Code Quality, defect)
addons.mozilla.org Graveyard
Code Quality
Tracking
(Not tracked)
VERIFIED
FIXED
2015-05
People
(Reporter: magopian, Assigned: magopian)
References
Details
At the moment, we're not properly signing multi-package XPIs (https://developer.mozilla.org/en-US/docs/Multiple_Item_Packaging). The proper way to sign them is to 1/ unzip them 2/ check the install.rdf/package.json from inside the contained XPIs 3/ if their type is 2 (extension), then sign them as we sign simple extension XPIs 4/ repackage the multi-package XPI (bumping its version number) :mossop :dveditz :kmag should we also bump the version number of the included extensions?
Assignee | ||
Updated•9 years ago
|
Summary: Sign beta versions of add-ons → Sign multi-package XPIs
Updated•9 years ago
|
Flags: needinfo?(kmaglione+bmo)
Flags: needinfo?(dtownsend)
Comment 1•9 years ago
|
||
multipackage XPIs are an oddity. Firefox doesn't do automatic updates for the multipackage XPI itself. So there is no need to bump version numbers when repackaging existing ones (same goes for the XPIs inside the package). Firefox does search for and install updates to the extensions/themes included inside the package so hopefully the authors also include these as separate listings on AMO.
Flags: needinfo?(dtownsend)
Assignee | ||
Comment 2•9 years ago
|
||
PR: https://github.com/mozilla/olympia/pull/541#discussion_r29613564
Assignee: nobody → mathieu
Assignee | ||
Comment 3•9 years ago
|
||
Fixed in: https://github.com/mozilla/olympia/commit/77686e328aa370617f31868f3d1b3788174c57f9 STR: 1/ upload a new multi-package xpi (you can make one rather easily following the instructions in https://developer.mozilla.org/en-US/docs/Multiple_Item_Packaging), then review it. 2/ once it's been reviewed, download the XPI again, and unzip it 3/ make sure the XPI itself wasn't signed (there's no META-INF folder) 4/ make sure the internal extensions (the XPIs inside the multi-package) have been signed (only if they had a type of 2)
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
Comment 4•9 years ago
|
||
Verified as fixed in FF37(Win7) in addons-dev.allizom.org Only internal xpis are signed and only those with type == 2. Closing bug.
Status: RESOLVED → VERIFIED
Updated•8 years ago
|
Product: addons.mozilla.org → addons.mozilla.org Graveyard
Updated•7 years ago
|
Flags: needinfo?(kmaglione+bmo)
You need to log in
before you can comment on or make changes to this bug.
Description
•