How do you package and self host your Firefox extensions?

Question

I'm developing a site-specific Firefox extension. The official hosting/updating mechanism at addons.mozilla.org forces my users to login to download my plugin (until it get approved for public status), which isn't good for me, especially as my plugin is unlikely to be deemed useful to the web at large and will be stuck in the sandbox forever.

It seems like I'm forced to use McCoy (a GUI only program) to sign some of my artifacts and openssl to create a hash which I manually insert into update.rdf before signing it. I really want to have some tools I can stick in my automated build process that don't require manual steps from me each time. Is there an opensource tool that mimics the behavior of addons.mozilla.org that I can use for self hosting? Or a set of command line tools (that work on OS X) I can call from my build before I deploy?

Happy to have any experiences you have had in this process... how do you do it now? what have you tried? what worked, what didn't?

Answer 1

Just biting the bullet and using an SSL cert is what I ended up doing... If your update.rdf is on a secure server, the update process and descriptors seems to work very easily.. and I don't have to do anything super fancy to my build process.

You still need the hash:

openssl sha1 plugin.xpi

the resulting hash needs to end up in upgrade.rdf

<em:updateHash>sha1:b100d1207b38bbbea1add4eb96947ee4ea4b7a3e</em:updateHash>

but there's no longer any need to deal with mccoy and all the signing stuff.

Answer 2

You can follow the directions here on how to sign an XPI file. You can easily bundle the steps up into a script that will run as part of your build.