tags:

views:

321

answers:

2
+3  Q: 

How do you package and self host your Firefox extensions?

I'm developing a site-specific Firefox extension. The official hosting/updating mechanism at addons.mozilla.org forces my users to login to download my plugin (until it get approved for public status), which isn't good for me, especially as my plugin is unlikely to be deemed useful to the web at large and will be stuck in the sandbox forever.

It seems like I'm forced to use McCoy (a GUI only program) to sign some of my artifacts and openssl to create a hash which I manually insert into update.rdf before signing it. I really want to have some tools I can stick in my automated build process that don't require manual steps from me each time. Is there an opensource tool that mimics the behavior of addons.mozilla.org that I can use for self hosting? Or a set of command line tools (that work on OS X) I can call from my build before I deploy?

Happy to have any experiences you have had in this process... how do you do it now? what have you tried? what worked, what didn't?

+1  A: 

You can follow the directions here on how to sign an XPI file. You can easily bundle the steps up into a script that will run as part of your build.

dj2  2008-11-30 22:36:53
That requires a fairly expensive cert, doesn't it? not great for experimentation and hobbyists, but certainly an option.
danb  2008-11-30 22:43:57
additionally, I am looking for an answer on OS X. this is a great step by step for windows development... probably some tweaks would make it good for other OSs.
danb  2008-11-30 23:06:14
dj2  2008-12-01 22:40:13
Sorry about the formatting mess...You can also self sign a cert. I'm not sure how that interacts with FireFox. If you need to import the root CA or if it just asks the user if they want to accept the cert from a unknown CA.
dj2  2008-12-01 22:41:36
+1  A: 

Just biting the bullet and using an SSL cert is what I ended up doing... If your update.rdf is on a secure server, the update process and descriptors seems to work very easily.. and I don't have to do anything super fancy to my build process.

You still need the hash:

openssl sha1 plugin.xpi

the resulting hash needs to end up in upgrade.rdf

<em:updateHash>sha1:b100d1207b38bbbea1add4eb96947ee4ea4b7a3e</em:updateHash>

but there's no longer any need to deal with mccoy and all the signing stuff.

danb  2008-12-01 02:04:27

related questions

Install-base of Java JRE?
Software Deployment in a Virtual Environment
Rails requires RubyGems >= 0.9.4. Please install RubyGems
Deploying a Git subdirectory in Capistrano
Any capistrano comparable for windows/.net?
Pushing out MSI files
Generic design for packaging of user changes for deployment
What's the best way to create ClickOnce deployments
What are some good SSH Servers for windows?
How Do You Secure database.yml?
Whats the best way to securely publish a site post build?
.net solution subversion best practices?
JRuby / Rack deployment
Best practices for managing and deploying large javascript apps
Building Standalone Applications in JavaScript
Issues with DB after publishing via Database Publishing Wizard from MSFT
How do I make a custom .net client profile installer?
What's the general consensus on supporting Windows 2000?
How do you deploy your SharePoint solutions?
ILMerge Best Practices
Error ADMA5026E for WebSphere Application Server Network Deployment
What is called a Node in a WebSpere Network Deployment
What is your favorite web app deployment workflow with SVN?
An executable Python app
Deploying SQL Server Databases from Test to Live