Create a mach command to facilitate signing addons

NEW
Unassigned

Status

defect
3 years ago
3 years ago

People

(Reporter: ahal, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

Here is the current documentation for signing addons:
https://wiki.mozilla.org/EngineeringProductivity/HowTo/SignExtensions

Developers need to install jpm, manually create .xpi files and jump through other hoops to get their addons signed. A good first step to make this easier for them, would be to create a mach command that handles a lot of this work for them.

The mach command should probably avoid using jpm, and stick directly to the AMO signing API. Here is documentation for using this API directly:
http://addons-server.readthedocs.org/en/latest/topics/api/signing.html

The API uses the JSON Web Token (JWT) protocol for authentication. There is a modules called PyJWT that can help with generating these tokens:
https://pypi.python.org/pypi/PyJWT/1.4.0

And we can uses requests to make the actual API calls.
Blocks: 1233200
:ahal is this still planned to be implemented in the near future?
Flags: needinfo?(ahalberstadt)
No, I don't think there are currently any plans to work on this. Unless there are a lot of complaints around this, I don't foresee it climbing very high up our priority list. Maybe it would make a good contributor project.
Flags: needinfo?(ahalberstadt)
okay thanks, I will remove it as a blocker on bug 1233200
No longer blocks: 1233200
You need to log in before you can comment on or make changes to this bug.