Simplify or automate signing of Jetpack XPIs

Status

{{#set:Feature name=Simplify signing XPIs in Jetpack

|Feature stage=Draft |Feature status=` |Feature version=Jetpack Future |Feature health=OK |Feature status note=Investigating what signing of XPIs gets us. }}

Team

{{#set:Feature product manager=Dave Mason

|Feature feature manager=` |Feature lead engineer=` |Feature security lead=` |Feature privacy lead=` |Feature localization lead=` |Feature accessibility lead=` |Feature qa lead=` |Feature ux lead=` |Feature product marketing lead=` |Feature operations lead=` |Feature additional members=` }}

Open issues/risks

`

Stage 1: Definition

1. Feature overview

Currently, addon authors that want to sign their XPIs to self-host their extensions need to generate the XPI file, extract the install manifest, sign the manifest, put it back into the XPI, generate the hash of the XPI, add the hash to the update manifest, sign it, and then verify that everything works.

It would be nice if there was a way in the SDK to automate or simplify at least part of this process.

2. Users & use cases

Users who want to self-host their addons without paying for an SSL certificate to prove identity.

3. Dependencies

`

4. Requirements

`

Non-goals

`

Stage 2: Design

5. Functional specification

`

6. User experience design

`

Stage 3: Planning

7. Implementation plan

`

8. Reviews

Security review

`

Privacy review

`

Localization review

`

Accessibility

`

Quality Assurance review

`

Operations review

`

Stage 4: Development

9. Implementation

`

Stage 5: Release

10. Landing criteria

` {{#set:Feature open issues and risks=` |Feature overview=Currently, addon authors that want to sign their XPIs to self-host their extensions need to generate the XPI file, extract the install manifest, sign the manifest, put it back into the XPI, generate the hash of the XPI, add the hash to the update manifest, sign it, and then verify that everything works.

It would be nice if there was a way in the SDK to automate or simplify at least part of this process. |Feature users and use cases=Users who want to self-host their addons without paying for an SSL certificate to prove identity. |Feature dependencies=` |Feature requirements=` |Feature non-goals=` |Feature functional spec=` |Feature ux design=` |Feature implementation plan=` |Feature security review=` |Feature privacy review=` |Feature localization review=` |Feature accessibility review=` |Feature qa review=` |Feature operations review=` |Feature implementation notes=` |Feature landing criteria=` }}

Feature details

{{#set:Feature priority=Unprioritized

|Feature rank=999 |Feature theme=` |Feature roadmap=Jetpack |Feature secondary roadmap=Jetpack |Feature list=Jetpack |Feature project=` |Feature engineering team=Jetpack }}

Team status notes

   

     Full Query    
   

{{#set:Feature products status=`

|Feature products notes=` |Feature engineering status=` |Feature engineering notes=` |Feature security status=sec-review-needed |Feature security health=Blocked

|Feature security notes=

1 Total; 0 Open (0%); 1 Resolved (100%); 0 Verified (0%);

|Feature privacy status=` |Feature privacy notes=` |Feature localization status=` |Feature localization notes=` |Feature accessibility status=` |Feature accessibility notes=` |Feature qa status=` |Feature qa notes=` |Feature ux status=` |Feature ux notes=` |Feature product marketing status=` |Feature product marketing notes=` |Feature operations status=` |Feature operations notes=` }}