Add-ons/Extension Signing: Difference between revisions

Remove obsolete information about hotfix; fix link
(→‎Latest Builds: Updated for 95.0.2 and 96.0b8)
(Remove obsolete information about hotfix; fix link)
Line 59: Line 59:


=== Signing of special add-ons ===
=== Signing of special add-ons ===
There are three special cases of add-ons developed by Mozilla: System add-ons, Mozilla Extensions and Hotfixes.
There are three special cases of add-ons developed by Mozilla: System add-ons and Mozilla Extensions.


* If the add-on is a system add-on, the Organizational Unit (OU) of the end-entity certificate must be set to "Mozilla Components".
* If the add-on is a system add-on, the Organizational Unit (OU) of the end-entity certificate must be set to "Mozilla Components".
* If the add-on is a Mozilla Extension, the OU of the EE cert must be set to "Mozilla Extensions".
* If the add-on is a Mozilla Extension, the OU of the EE cert must be set to "Mozilla Extensions".
* If the add-on is a hotfix, the add-on ID must match the pref `extensions.hotfix.id` (currently `firefox-hotfix@mozilla.org`) and the public key hash of the end-entity cert must match the fingerprints set in `extensions.hotfix.certs.1.sha1Fingerprint` or `extensions.hotfix.certs.2.sha1Fingerprint`.
* If the add-on is signed with the staging root, in Nightly you need to set the pref `xpinstall.signatures.dev-root = true` to tell Firefox to verify it
* If the add-on is signed with the staging root, in Nightly you need to set the pref `xpinstall.signatures.dev-root = true` to tell Firefox to verify it


refs:
refs:
* https://searchfox.org/mozilla-central/source/toolkit/mozapps/extensions/internal/XPIProvider.jsm
* https://searchfox.org/mozilla-central/source/toolkit/mozapps/extensions/internal/XPIProvider.jsm
* https://developer.mozilla.org/en-US/docs/Signing_a_XPI
* Out-dated information about how XPIs were signed in the past: https://web.archive.org/web/20200105223104/https://developer.mozilla.org/en-US/docs/Archive/Add-ons/Signing_an_XPI


== Documentation ==
== Documentation ==
Line 74: Line 73:
* [https://blog.mozilla.org/addons/2015/04/15/the-case-for-extension-signing/ The Case for Extension Signing], Add-ons Blog.
* [https://blog.mozilla.org/addons/2015/04/15/the-case-for-extension-signing/ The Case for Extension Signing], Add-ons Blog.
* [https://bugzilla.mozilla.org/show_bug.cgi?id=signed-addons Main tracking bug].
* [https://bugzilla.mozilla.org/show_bug.cgi?id=signed-addons Main tracking bug].
* [https://extensionworkshop.com/documentation/publish/signing-and-distribution-overview/#distributing-your-addon Signing and distributing your add-on], Extension Workshop.


== Timeline ==
== Timeline ==
44

edits