.cvsignore inside signed XPI breaks installation (Signing could not be verified because -260 error)

RESOLVED INVALID

Status

Core Graveyard
Installer: XPInstall Engine
RESOLVED INVALID
10 years ago
2 years ago

People

(Reporter: Martin Hajduch, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(2 attachments)

(Reporter)

Description

10 years ago
User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.11) Gecko/20071207 Firefox/2.0.0.11
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.11) Gecko/20071207 Firefox/2.0.0.11

attaching two signed XPI extensinos (DLL removed so they provide no functionality, only demonstrate the problem) -> both signed with our company's thawte code signing certificate -> one of them can be installed without a problem, the other one fails with error 'Signing could not be verified because -260'

the only difference is, that from autocost-ok.xpi i have removed '.cvsignore' file from components directory and signed/packaged again

looks like presence of '.cvsignore' file is enough to break the installation

NOTE: first 'software installation' screen works correctly and shows that the extension is signed and the 'O' record of the certificate, only subsequent process fails

Reproducible: Always

Steps to Reproduce:
1. install attached autocost-bad.xpi
2. install attached autocost-ok.xpi
3. see the difference
(Reporter)

Comment 1

10 years ago
Created attachment 292696 [details]
extension with .cvsignore file -> broken
(Reporter)

Comment 2

10 years ago
Created attachment 292697 [details]
extension WITHOUT .cvsignore file -> works

Updated

10 years ago
Component: General → Installer: XPInstall Engine
Product: Firefox → Core
QA Contact: general → xpi-engine
The problem is that there really isn't a .cvsignore inside the zip file, but the manifest.mf file claims that there should be. Whatever you are using to create the zip is not including the .cvsignore in it and whatever you are using to sign it is including the .cvsignore in the signed manifest.

newton:Desktop dave$ unzip -l broken.zip
Archive:  test.zip
  Length     Date   Time    Name
 --------    ----   ----    ----
     2473  12-11-07 23:56   META-INF/zigbert.rsa
     4486  12-11-07 23:56   META-INF/manifest.mf
     4594  12-11-07 23:56   META-INF/zigbert.sf
      459  10-04-07 18:29   chrome.manifest
        0  06-06-07 10:48   chrome/.keep
    34940  10-04-07 18:29   chrome/autocost.jar
     1239  08-13-07 12:29   chrome/content/about.xul
        0  08-13-07 12:29   chrome/content/autocost.js
     1239  08-14-07 10:25   chrome/content/autocost.xul
       96  08-14-07 10:25   chrome/content/autocostOptions.js
     2736  08-14-07 10:25   chrome/content/autocostOptions.xul
     1069  08-16-07 18:05   chrome/content/autocostOverlay.js
     2009  08-13-07 13:14   chrome/content/autocostOverlay.xul
        0  06-06-07 10:48   chrome/icons/.keep
        0  06-06-07 10:48   chrome/icons/default/.keep
     3653  09-10-07 12:54   chrome/locale/de-DE/autocost.dtd
     5613  08-09-07 16:08   chrome/locale/de-DE/autocost.properties
     3653  09-10-07 12:52   chrome/locale/en-US/autocost.dtd
     5613  07-26-07 09:41   chrome/locale/en-US/autocost.properties
        0  06-06-07 12:03   chrome/skin/.keep
      538  08-13-07 12:29   chrome/skin/autocost.png
      445  08-13-07 12:29   chrome/skin/autocost16x16.png
      851  08-13-07 12:29   chrome/skin/autocost24x24.png
      241  08-13-07 12:29   chrome/skin/autocostOptions.css
      597  08-13-07 12:29   chrome/skin/autocostOverlay.css
      538  06-06-07 12:55   chrome/skin/classic/autocost.png
        0  06-06-07 10:48   components/.keep
     4906  10-04-07 18:29   components/autocost.xpt
     6331  09-10-07 16:18   components/autocostAPI.js
      314  10-04-07 18:29   components/autocostAPI.xpt
        0  06-06-07 10:48   defaults/.keep
     3662  09-06-07 15:45   defaults/preferences/autocost.js
     1516  10-04-07 18:28   install.rdf
 --------                   -------
    93811                   33 files
Status: UNCONFIRMED → RESOLVED
Last Resolved: 10 years ago
Resolution: --- → INVALID
(Assignee)

Updated

2 years ago
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.