FirefoxOS/New security model/Getting Started with Signed Packages: Difference between revisions

Jump to navigation Jump to search

FirefoxOS/New security model/Getting Started with Signed Packages (view source)

Revision as of 08:58, 16 November 2015

85 bytes added ,  16 November 2015
→‎Creating/Modifying a Signed Package
Line 16: Line 16:


== Creating/Modifying a Signed Package ==
== Creating/Modifying a Signed Package ==
Signed Packages are similar to existing web apps packaged apps - i.e. they consist of HTML, JavaScript, CSS files and other resources, and are packed into a package with a manifest.webapp file. Note that Signed Packages use a very different manifest.webapp format to open web apps.
Signed Packages are similar to existing web apps packaged apps - i.e. they consist of HTML, JavaScript, CSS files and other resources, and are packed into a package with a manifest.webapp file.
<br>
<br>


=== 1. Creating a Signed Package Manifest ===
=== 0. Write a Regular Gaia App ===
The manifest must contain the following two fields:
The first step to create and host your signed package is to create a normal gaia app.
* '''moz-permissions'''    : same format as Open Web App permission section
* '''moz-package-origin''': specifies the origin where the package will be hosted


For further details see: https://wiki.mozilla.org/FirefoxOS/New_security_model/Packaging
=== 1. Add Additional Fields to the Manifest File ===
<br>
# package-identifer: A UUID to uniquely identify this package. The identifier will be treated a part of the origin. So please be careful to change this value across versions.
Example manifest:
# moz-package-origin: The origin where the package is going to be hosted. This prevents the package from being downloaded and hosted by other people.
{
 
  "moz-permissions": [
Note that the packaging/signing tool would automatically add other fields to the manifest file like "moz-resources".
    {
      "systemXHR": {
        "description": "Needed to download stuff"
      },
      "devicestorage:pictures": {
        "description": "Need to load pictures"
      }
    }
  ],
  "moz-package-origin": "https://example.com"
}
After signing, several additional fields will be added (package-identifier & moz-resources)


=== 2. Signing Your Package ===
=== 2. Create and Sign Your Package ===
* Install a [https://github.com/johnathan79717/fxos-package-signing-tool signing tool]
* Install a [https://github.com/johnathan79717/fxos-package-signing-tool signing tool]
* Follow the tool instructions to sign the package
* Follow the tool instructions to sign the package


=== 3. Upload Your Package ===
=== 3. Host Your Package ===
* Signed Packages are hosted as a file on a web server. The only requirements are:
* Signed Packages are hosted as a file on a web server. The only requirements are:
** The package is served with the MIME type of “application/package”
** The package is served with the MIME type of “application/package”
** The package is served from the location specified in the manifest (moz-package-location)
** The package is served from the location specified in the manifest (moz-package-origin)
 
You can now use [URL-of-the-package]!//[relative-path-to-resource] to navigate the packaged web content via your browser. For example, if you host your package in http://foo.com/app.pak, then the path to "index.html" inside the package would be http://foo.com/app.pak!//index.html.
 
<br>
<br>


Hchang
Confirmed users
158

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/1105711"

Navigation menu