Simplify or automate signing of Jetpack XPIs

From MozillaWiki
Jump to navigation Jump to search
Please use "Edit with form" above to edit this page.

Status

Simplify signing XPIs in Jetpack
Stage Draft
Status `
Release target Jetpack Future
Health OK
Status note Investigating what signing of XPIs gets us.

{{#set:Feature name=Simplify signing XPIs in Jetpack

|Feature stage=Draft |Feature status=` |Feature version=Jetpack Future |Feature health=OK |Feature status note=Investigating what signing of XPIs gets us. }}

Team

Product manager Dave Mason
Directly Responsible Individual `
Lead engineer `
Security lead `
Privacy lead `
Localization lead `
Accessibility lead `
QA lead `
UX lead `
Product marketing lead `
Operations lead `
Additional members `

{{#set:Feature product manager=Dave Mason

|Feature feature manager=` |Feature lead engineer=` |Feature security lead=` |Feature privacy lead=` |Feature localization lead=` |Feature accessibility lead=` |Feature qa lead=` |Feature ux lead=` |Feature product marketing lead=` |Feature operations lead=` |Feature additional members=` }}

Open issues/risks

`

Stage 1: Definition

1. Feature overview

Currently, addon authors that want to sign their XPIs to self-host their extensions need to generate the XPI file, extract the install manifest, sign the manifest, put it back into the XPI, generate the hash of the XPI, add the hash to the update manifest, sign it, and then verify that everything works.

It would be nice if there was a way in the SDK to automate or simplify at least part of this process.

2. Users & use cases

Users who want to self-host their addons without paying for an SSL certificate to prove identity.

3. Dependencies

`

4. Requirements

`

Non-goals

`

Stage 2: Design

5. Functional specification

`

6. User experience design

`

Stage 3: Planning

7. Implementation plan

`

8. Reviews

Security review

`

Privacy review

`

Localization review

`

Accessibility

`

Quality Assurance review

`

Operations review

`

Stage 4: Development

9. Implementation

`

Stage 5: Release

10. Landing criteria

` {{#set:Feature open issues and risks=` |Feature overview=Currently, addon authors that want to sign their XPIs to self-host their extensions need to generate the XPI file, extract the install manifest, sign the manifest, put it back into the XPI, generate the hash of the XPI, add the hash to the update manifest, sign it, and then verify that everything works.

It would be nice if there was a way in the SDK to automate or simplify at least part of this process. |Feature users and use cases=Users who want to self-host their addons without paying for an SSL certificate to prove identity. |Feature dependencies=` |Feature requirements=` |Feature non-goals=` |Feature functional spec=` |Feature ux design=` |Feature implementation plan=` |Feature security review=` |Feature privacy review=` |Feature localization review=` |Feature accessibility review=` |Feature qa review=` |Feature operations review=` |Feature implementation notes=` |Feature landing criteria=` }}

Feature details

Priority Unprioritized
Rank 999
Theme / Goal `
Roadmap Jetpack
Secondary roadmap Jetpack
Feature list Jetpack
Project `
Engineering team Jetpack

{{#set:Feature priority=Unprioritized

|Feature rank=999 |Feature theme=` |Feature roadmap=Jetpack |Feature secondary roadmap=Jetpack |Feature list=Jetpack |Feature project=` |Feature engineering team=Jetpack }}

Team status notes

  status notes
Products ` `
Engineering ` `
Security sec-review-needed
   
     Full Query    
   
ID Summary Priority Status
761810 SecReview: Simplify signing XPIs in Jetpack -- RESOLVED

1 Total; 0 Open (0%); 1 Resolved (100%); 0 Verified (0%);

Privacy ` `
Localization ` `
Accessibility ` `
Quality assurance ` `
User experience ` `
Product marketing ` `
Operations ` `

{{#set:Feature products status=`

|Feature products notes=` |Feature engineering status=` |Feature engineering notes=` |Feature security status=sec-review-needed |Feature security health=Blocked

|Feature security notes=

Full Query
ID Summary Priority Status
761810 SecReview: Simplify signing XPIs in Jetpack -- RESOLVED

1 Total; 0 Open (0%); 1 Resolved (100%); 0 Verified (0%);

|Feature privacy status=` |Feature privacy notes=` |Feature localization status=` |Feature localization notes=` |Feature accessibility status=` |Feature accessibility notes=` |Feature qa status=` |Feature qa notes=` |Feature ux status=` |Feature ux notes=` |Feature product marketing status=` |Feature product marketing notes=` |Feature operations status=` |Feature operations notes=` }}