Simplify or automate signing of Jetpack XPIs

From MozillaWiki
Jump to: navigation, search
Please use "Edit with form" above to edit this page.

Status

Simplify signing XPIs in Jetpack
Stage Draft
Status `
Release target Jetpack Future
Health OK
Status note Investigating what signing of XPIs gets us.

Team

Product manager Dave Mason
Directly Responsible Individual `
Lead engineer `
Security lead `
Privacy lead `
Localization lead `
Accessibility lead `
QA lead `
UX lead `
Product marketing lead `
Operations lead `
Additional members `

Open issues/risks

`

Stage 1: Definition

1. Feature overview

Currently, addon authors that want to sign their XPIs to self-host their extensions need to generate the XPI file, extract the install manifest, sign the manifest, put it back into the XPI, generate the hash of the XPI, add the hash to the update manifest, sign it, and then verify that everything works.

It would be nice if there was a way in the SDK to automate or simplify at least part of this process.

2. Users & use cases

Users who want to self-host their addons without paying for an SSL certificate to prove identity.

3. Dependencies

`

4. Requirements

`

Non-goals

`

Stage 2: Design

5. Functional specification

`

6. User experience design

`

Stage 3: Planning

7. Implementation plan

`

8. Reviews

Security review

`

Privacy review

`

Localization review

`

Accessibility

`

Quality Assurance review

`

Operations review

`

Stage 4: Development

9. Implementation

`

Stage 5: Release

10. Landing criteria

`


Feature details

Priority Unprioritized
Rank 999
Theme / Goal `
Roadmap Jetpack
Secondary roadmap Jetpack
Feature list Jetpack
Project `
Engineering team Jetpack

Team status notes

  status notes
Products ` `
Engineering ` `
Security sec-review-needed
   
     Full Query    
ID Summary Priority Status
761810 SecReview: Simplify signing XPIs in Jetpack -- NEW

1 Total; 1 Open (100%); 0 Resolved (0%); 0 Verified (0%);

Privacy ` `
Localization ` `
Accessibility ` `
Quality assurance ` `
User experience ` `
Product marketing ` `
Operations ` `
The given value "
   
     Full Query    
ID Summary Priority Status
761810 SecReview: Simplify signing XPIs in Jetpack -- NEW

1 Total; 1 Open (100%); 0 Resolved (0%); 0 Verified (0%);

" contains strip markers and therefore it cannot be parsed sufficiently.