Home > firefox > Self-signing Firefox addons

Self-signing Firefox addons

I’m heavy user of Pentadactyl – a Firefox addon which allows you to use a browser without a mouse. Occasionally I need to compile it from source to make it work on a new Firefox. In the past it could be used right away after compiling but since some time Mozilla requires all addons to be signed before they can be installed used in Firefox. Luckily it’s possible to self-sign an addon. It’s a simple and fast process but still a bit annoying. Self-signing is done with a tool called jpm provided by Mozilla. It can be installed with npm:

npm install jpm

Before using jpm to sign an addon you need to get a developer JSON Web Token issuer and secret token from https://addons.mozilla.org/developers/addon/api/key/. The command is:

$ ./node_modules/jpm/bin/jpm sign --api-key 'user:<KEY>' --api-secret \
 '<API_SECRET>' --xpi pentadactyl-1.2pre.xpi

During this process you can get several different errors. Some of them are:

Server response: You do not own this addon. (status: 403)
JPM [info] FAIL

Replace em:id=“<EMAIL>“ in install.rdf inside your addon XPI file with e-mail address you used to register at addons.mozilla.org

If you got this error:

Error: Received bad response from the server while requesting https://addons.mozilla.org/api/v3/addons/arkadiusz%40drabczyk.org/versions/1.44pre/

status: 401
response: {"detail":"Unknown JWT iss (issuer)."}

You used incorrect API key/secret. Make sure that you used correct keys.

Error: Received bad response from the server while requesting https://addons.mozilla.org/api/v3/addons/arkadiusz%40drabczyk.org/versions/1.44pre/

status: 401
response: {"detail":"JWT iat (issued at time) is invalid. Make sure your system clock is synchronized with something like TLSdate."}

Every call to Mozilla API relies on JSON web tokens which have an expiration time set. Make sure that you have your local time synchronized with one of ntp servers, for example:

sudo ntpdate ntp.ubuntu.com

If you got this error:

JPM [info] Signing XPI: /home/ja/dactyl/downloads/pentadactyl-1.2pre.xpi
Server response: Version already exists. (status: 409)
JPM [info] FAIL

Replace em:version=<VERSION> in install.rdf with a new unique version.

After a successfully signing of your xpi jpm will automatically download it to your local machine. You can now install it in Firefox without any problems.

Kategorienfirefox Tags:
  1. Bisher keine Kommentare