Skip to content

Instantly share code, notes, and snippets.

@kumar303

kumar303/test-jpm-signing-on-stage.md

Last active November 6, 2015 20:21
Show Gist options
  • Save kumar303/00bce62ca500c6855c83 to your computer and use it in GitHub Desktop.
Save kumar303/00bce62ca500c6855c83 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
test-jpm-signing-on-stage.md

We're about to release some tools for developers to sign add-ons so they can publish the .xpi files to their own site as opposed to hosting them on addons.mozilla.org. This would let users install the add-ons in a release or beta channel when add-on signatures are required.

Can you help test what we have so far? Here's how:

  • Clone jpm and install it so you can run jpm from your shell:
git clone https://github.com/mozilla-jetpack/jpm.git
cd jpm
npm install
npm link

jpm sign --api-key ... --api-secret ... --api-url-prefix https://addons.allizom.org/api/v3
  • If your add-on passed validation, the script would have downloaded a signed xpi file
  • Set some prefs in Nightly so you can verify that the xpi was signed correctly
    • Open about:config
    • Create a new boolean preference, xpinstall.signatures.dev-root, and set it to true. This will tell Nightly to check add-on signatures using the staging cert.
    • Restart Nightly
  • Try to install the add-on by opening the signed xpi file (File > Open...). Nightly should let you install it or else it will complain that the signature is invalid.

Let us know if it worked!

thanks, Kumar

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment