Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow programatically signing from an xpi file #3241

Closed
kewisch opened this issue Sep 7, 2024 · 3 comments · Fixed by #3250
Closed

Allow programatically signing from an xpi file #3241

kewisch opened this issue Sep 7, 2024 · 3 comments · Fixed by #3250
Labels
component: signing priority: p5

Comments

@kewisch
Copy link
Contributor

kewisch commented Sep 7, 2024

Is this a feature request or a bug?

Feature request

What is the current behavior?

Programmatically, the only way to sign is using webExt.cmd.sign, which also does a build. https://github.com/mozilla/sign-addon is deprecated, likely because it was included in utils/submit-addon.js. There doesn't seem to be a way to trigger a submission for an existing xpi.

What is the expected or desired behavior?

If we add utils/submit-addon to exports, I'd be able to use it directly. I'm open to other ideas.
@filips123 filips123 mentioned this issue Sep 7, 2024
Open
@kewisch
Copy link
Contributor Author

kewisch commented Sep 10, 2024

I realized I can just import { signAddon as signAddonV5 } from "../node_modules/web-ext/lib/util/submit-addon.js"; which seems to be getting me what I want, but if you are ok adding a named shortcut I can spin up a PR.

@Rob--W
Copy link
Member

Rob--W commented Sep 12, 2024

We're in favor of allowing zip files to be signed. A more generic issue was filed at #3242, to offer a CLI option to do the same.

I'm inclined to only accept zip files and not xpi files to avoid accidentally submitting a signed file again, but I am willing to consider xpi files if there is a compelling use case.

I realized I can just import { signAddon as signAddonV5 } from "../node_modules/web-ext/lib/util/submit-addon.js"; which seems to be getting me what I want, but if you are ok adding a named shortcut I can spin up a PR.

Patches are welcome!

@kewisch
Copy link
Contributor Author

kewisch commented Sep 12, 2024
edited
Loading

I'm inclined to only accept zip files and not xpi files to avoid accidentally submitting a signed file again, but I am willing to consider xpi files if there is a compelling use case.

Might be worth rather checking for an existing signature, or failing on the server side if a signed file is uploaded. zip vs xpi is really just a file extension, so I don't think it makes a difference.

I'll send a PR soon

@kewisch kewisch mentioned this issue Sep 12, 2024
Merged
@rpl rpl closed this as completed in #3250 Dec 19, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
component: signing priority: p5
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Export submit-addon via package.json kewisch/web-ext
2 participants
@kewisch @Rob--W