Starting with Firefox 48 unsigned extensions are no longer allowed. Before we could stave off this requirement by setting "xpinstall.signatures.required" to false in the login script, but that's no longer the case. Extensions need to be signed now.
If we want to push out unaltered extensions as MSIs these instructions are still fine. Downloading the signed XPIs and converting them to MSIs does not affect the signature at all and Firefox will happily accept them. However, for the next couple of articles we're going to be making some changes which would invalidate the signature. Fortunately we can get around this by getting our edited versions signed while still keeping them private.
Preparing the Code
Once you've downloaded and extracted the contents of the XPI you want to change (see the instructions at the beginning of this article) delete the META-INF folder if there is one. These are the signature files for
signed extensions. They're not going to be valid after we make any changes and
we're going to get new ones anyway so let's clear the old ones out.
Next see if there are any JAR files in the code. If there are we have to extract their contents. Like
XPI files, JAR files are just ZIP files with a different extension. You just need to
change the extension and then you can unzip it.
Now open install.rdf in a text editor. You want to copy the value of the first <em:id> tag somewhere.
Next we have to change it to something else. We need to get the extension signed by addons.mozilla.org and they won't accept an ID that's already registered with them. The new ID must be either a GUID or in the form of an e-mail address like extensionname@mydomain.com. It doesn't have to be a real e-mail address, it's just an identifier, though it should be something no one else will use so use your own domain if you have one.
Now we need to do a global search and replace to replace the original ID with your new one in case it's referenced in the code anywhere. Most programmer's editors should be able to do this across a folder and all its subfolders. I like EditPlus but many programs should have this functionality.
Note that you'll have to search all file types, since text files in the code can have one of several different extensions. For example, in XMarks I found references to the original ID in JS, JSM, and PROPERTIES files.
Make Your Changes
At this point you're ready to make any changes you want to the code. Come back to this article and follow the rest of the instructions when you're done.
Packaging and Signing
Now that you've made your changes, pack everything back up. If there were any JAR files update them with the changed files and change their file extensions from ZIP back to JAR. When you're done with the entire project put everything into a ZIP file and change the extension to XPI. This is your edited but unsigned extension.
Now we need to sign it. First get an account at addons.mozilla.org. It's free.
Once you have that you can start the submission process by going here. Make sure to check "Do not list my add-on on this site". Your edited add-on is for private use only, you're not distributing it through addons.mozilla.org. Upload your edited XPI.
The rest of the submission process is straightforward. There may be some code warnings but you can just ignore them. The approval and signing process is automated so you'll get a link to the signed version almost immediately. You can download that and then follow the rest of the instructions here to turn it into a MSI to be pushed out through Active Directory.
No comments:
Post a Comment