If you're new here, you may want to subscribe to my RSS feed. Thanks for visiting!
Our good friends over at Mozilla have taken a step ahead to enhance security for Firefox3 and protect users from man-in-the-middle kind of attacks during extension installation. You can find the technical details at mozilla developer center. While there's a lot of rich documentation there, I just wanted to outline the basic steps required to release extensions, thereby making it simpler than reading the documentation.
First release: -
Here you are basically preparing your extension to tell Firefox that it does support secure updates. (You can do this in other ways like using a SSL server to host the extension. But if you can't then read on).
- Create a key using the McCoy tool.
- Save this key.
- Add this key to your extensions install.rdf with the McCoy tool by clicking Install on the McCoy UI.
- Package the xpi.
- Do a sha1 hash check using KB841290.
- Update the update.rdf with the sha1 hash of the xpi.
- Sign the update.rdf with the McCoy tool.
- Upload the update.rdf and add-on XPI to your server.
Here you are offering updates, and Firefox needs to verify that the update that the updated xpi being offered over the internet connection has the correct checksum as mentioned in update.rdf by the extension developer.
For later releases : -
- Implement the changes to your extension.
- Update the install.rdf to reflect the new version etc.
- Package the xpi.
- Do a sha1 hash check using KB841290.
- Update the update.rdf with the sha1 hash of the xpi.
- Sign the update.rdf with the McCoy tool.
- Upload the update.rdf and add-on XPI to your server.
If you find discrepancies in the above steps of if they don't work for you please drop me a line.
|
|
|
|
|
 |
{ 0 comments… add one now }