Closed Bug 432307 Opened 16 years ago Closed 5 years ago

Provide a command line handler to generate the signature for the update manifest

Categories

(Other Applications Graveyard :: McCoy, enhancement)

x86
Linux
enhancement
Not set
normal

Tracking

(Not tracked)

RESOLVED WONTFIX

People

(Reporter: Marcin.Kasperski, Unassigned)

Details

User-Agent:       Mozilla/5.0 (X11; U; Linux x86_64; pl-PL; rv:1.9b5) Gecko/2008041515 Firefox/3.0b5
Build Identifier: 

I just tried mccoy. My godness - it completely massacred my update.rdf, reformatting it, changing readable identifiers into cryptic "rdf:#something", reorganizing to the alternative layout and even dropping part of it (older versions). NO, NO, NO, NO, NO, NO. Plus it can't be used in batch build.

Please, provide something symmetrical to sha1sum - the command line script, which would be given the path to the update.rdf and the private key (name or path), and which would output the signature to the standard output, so I can copy&paste it at appropriate place (or capture it in the build script).

Reproducible: Always

Steps to Reproduce:
1.Take nicely formatted update.rdf (best if containing info about more than one version of the extension)
2.Run mccoy.
3.See what happened to update.rdf
4.Cry.
Actual Results:  
Total mess, update.rdf which is in no way similar to the one I wrote.

Expected Results:  
Calculated control sum which I can handle by myself, or update.rdf changed in such a way that only the em:signature attribute is changed, without modifications to the file content, structure and formatting.
Just in case: here is what I gave to mccoy:

<?xml version="1.0" encoding="UTF-8"?>
<RDF:RDF xmlns:RDF="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
         xmlns:em="http://www.mozilla.org/2004/em-rdf#">

  <RDF:Description about="urn:mozilla:extension:smtuning@mekk.waw.pl">
    <em:updates>
      <RDF:Seq>

        <!-- Każde li to informacja o kolejnej wersji -->
        <RDF:li>
          <RDF:Description>
            <em:version>1.11.0</em:version>
            <em:targetApplication>
              <RDF:Description>
                <em:id>{ec8030f7-c20a-464f-9b0e-13a3a9e97384}</em:id>
                <em:minVersion>1.5</em:minVersion>
                <em:maxVersion>3.0.0.*</em:maxVersion>
                <em:updateLink>http://mekk.waw.pl/download/smtuning/smtuning-1.11.0.xpi</em:updateLink>
                <em:updateInfoURL>http://mekk.waw.pl/mk/eng/chess/art/smtuning/history</em:updateInfoURL>
                <em:updateHash>sha1:697e9d3184d0e38bb8bd510a14755f5f25a8901e</em:updateHash>
              </RDF:Description>
            </em:targetApplication>
          </RDF:Description>
        </RDF:li>

        <RDF:li>
          <RDF:Description>
            <em:version>1.10.0</em:version>
            <em:targetApplication>
              <RDF:Description>
                <em:id>{ec8030f7-c20a-464f-9b0e-13a3a9e97384}</em:id>
                <em:minVersion>1.5</em:minVersion>
                <em:maxVersion>3.0.0.*</em:maxVersion>
                <em:updateLink>http://mekk.waw.pl/download/smtuning/smtuning-1.10.0.xpi</em:updateLink>
                <em:updateInfoURL>http://mekk.waw.pl/mk/eng/chess/art/smtuning/history</em:updateInfoURL>
                <em:updateHash>sha1:1bc2f1d1105533ff2425ce88b22bc6561f54bc3a</em:updateHash>
              </RDF:Description>
            </em:targetApplication>
          </RDF:Description>
        </RDF:li>

      </RDF:Seq>
    </em:updates>

    <!-- A signature is only necessary if your add-on includes an updateKey
         in its install.rdf. -->
    <em:signature>MIGTMA0GCSqGSIb3DQEBBQUAA4GBAMO1O2gwSCCth1GwYMgscfaNakpN40PJfOWt
                  ub2HVdg8+OXMciF8d/9eVWm8eH/IxuxyZlmRZTs3O5tv9eWAY5uBCtqDf1WgTsGk
                  jrgZow1fITkZI7w0//C8eKdMLAtGueGfNs2IlTd5P/0KH/hf1rPc1wUqEqKCd4+L
                  BcVq13ad</em:signature>
  </RDF:Description>
</RDF:RDF>

and here is what it produced:

<?xml version="1.0"?>
<RDF:RDF xmlns:em="http://www.mozilla.org/2004/em-rdf#"
         xmlns:NC="http://home.netscape.com/NC-rdf#"
         xmlns:RDF="http://www.w3.org/1999/02/22-rdf-syntax-ns#">
  <RDF:Description RDF:about="rdf:#$p83Vm2"
                   em:id="{ec8030f7-c20a-464f-9b0e-13a3a9e97384}"
                   em:minVersion="1.5"
                   em:maxVersion="3.0.0.*"
                   em:updateLink="http://mekk.waw.pl/download/smtuning/smtuning-1.10.0.xpi"
                   em:updateInfoURL="http://mekk.waw.pl/mk/eng/chess/art/smtuning/history"
                   em:updateHash="sha1:1bc2f1d1105533ff2425ce88b22bc6561f54bc3a" />
  <RDF:Description RDF:about="rdf:#$m83Vm2"
                   em:version="1.10.0">
    <em:targetApplication RDF:resource="rdf:#$p83Vm2"/>
  </RDF:Description>
  <RDF:Description RDF:about="rdf:#$c83Vm2"
                   em:version="1.11.0">
    <em:targetApplication RDF:resource="rdf:#$f83Vm2"/>
  </RDF:Description>
  <RDF:Seq RDF:about="rdf:#$b83Vm2">
    <RDF:li RDF:resource="rdf:#$c83Vm2"/>
    <RDF:li RDF:resource="rdf:#$m83Vm2"/>
  </RDF:Seq>
  <RDF:Description RDF:about="urn:mozilla:extension:smtuning@mekk.waw.pl"
                   em:signature="MIGTMA0GCSqGSIb3DQEBDQUAA4GBAGo7m19I11IvPBAZoqqf1cZqpRZ10QBfQTBgqTcPhgaecyhT47Vgiy6bCdHu6XeZ71EyYuPwl86/9QtdDt2UkmnnlAFZ8/sfhCVYnE2MQwNE3ilrHEefUwaWcTImBAdZAP5l3W4CryCCCqFuiCUpLxKZiPX5tcC314ek2aN4Ubzu">
    <em:updates RDF:resource="rdf:#$b83Vm2"/>
  </RDF:Description>
  <RDF:Description RDF:about="rdf:#$f83Vm2"
                   em:id="{ec8030f7-c20a-464f-9b0e-13a3a9e97384}"
                   em:minVersion="1.5"
                   em:maxVersion="3.0.0.*"
                   em:updateLink="http://mekk.waw.pl/download/smtuning/smtuning-1.11.0.xpi"
                   em:updateInfoURL="http://mekk.waw.pl/mk/eng/chess/art/smtuning/history"
                   em:updateHash="sha1:697e9d3184d0e38bb8bd510a14755f5f25a8901e" />
</RDF:RDF>
Most of the comments here seem to be talking about a different problem (that the update.rdf file is outputted in a non-human readable format) so I'm going to clarify the summary here. Let me know if I have misunderstood the point of this bug.
Depends on: 395368
Summary: Please give command line command which works like sha1sum - reads file and writes the correct sum to stdout → Provide a command line handler to generate the hash for xpis
No, not at all. I am not talking about xpi hash-es. I am talking about **** update signatures ****. To get the hash I can run "sha1sum blah.xpi" and it gladly presents me one.

To clarify: it would be nice to have some script run like:

  $ /path/to/mccoy_signature -key "MyKeyName" /path/to/update.rdf

which would ***not*** modify update.rdf in any way, but instead would print the correct signature to the standard output.

Such a tool could be wrapped in build scripts or alternative GUIs, or used manually, to fill <em:signature> in update.rdf without spoiling the file structure and organization.


Additionally (but this is separate issue) it would be nice if mccoy GUI, instead of rewriting and massacring update.rdf limited its actions to locating <em:signature> (or adding it if missing) and rewriting its content WITHOUT MAKING ANY OTHER CHANGES TO THE update.rdf FILE.
(btw, is the way this signature is calculated documented anywhere?)
Ok I think as this stands this is a lower priority in preference to just adding straight to the update manifest from the command line (bug 396525)
No longer depends on: 395368
Summary: Provide a command line handler to generate the hash for xpis → Provide a command line handler to generate the signature for the update manifest
Bug 396525 could be implemented with two-line script if this one is implemented (calculate the sum, then patch update.rdf using regexp or xmlpath substitution), the reverse does not hold (even if bug396525 is implemented there is still no way to calculate the sum for given update.rdf file without rewriting it to the new structure) :-(
That is true to a certain extent. However there is no reason to generate a signature except to put it into an update manifest so I don't see any value in not just doing the full operation.
As I already said twice, it is currently impossible to generate a signature for existing update.rdf. The only operation mccoy handles currently is to generate new, roughly equivalent (but very significantly rearranged) update.rdf containing signature.

The operation I ask for here could be used for the following purposes:

- to calculate the sum manually and write it manually into the correct place of update.rdf without rewriting and reformatting the file

- as a helper for tools, extensions, build scripts, wizards etc used for update.rdf generation

- within the prerelease testing (to batch-verify the sum)

Severity: major → enhancement
Status: UNCONFIRMED → NEW
Ever confirmed: true
McCoy is no longer maintained, closing.
Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → WONTFIX
Product: Other Applications → Other Applications Graveyard
You need to log in before you can comment on or make changes to this bug.