Changes

Add-ons/Extension Signing

16 bytes removed, 13:09, 24 December 2021

Remove obsolete information about hotfix; fix link

=== Signing of special add-ons ===

There are three special cases of add-ons developed by Mozilla: System add-ons, and Mozilla Extensions ~~and Hotfixes~~.

* If the add-on is a system add-on, the Organizational Unit (OU) of the end-entity certificate must be set to "Mozilla Components".

* If the add-on is a Mozilla Extension, the OU of the EE cert must be set to "Mozilla Extensions".

* If the add-on is a hotfix, the add-on ID must match the pref `extensions.hotfix.id` (currently `firefox-hotfix@mozilla.org`) and the public key hash of the end-entity cert must match the fingerprints set in `extensions.hotfix.certs.1.sha1Fingerprint` or `extensions.hotfix.certs.2.sha1Fingerprint`.

* If the add-on is signed with the staging root, in Nightly you need to set the pref `xpinstall.signatures.dev-root = true` to tell Firefox to verify it

refs:

* https://searchfox.org/mozilla-central/source/toolkit/mozapps/extensions/internal/XPIProvider.jsm

* Out-dated information about how XPIs were signed in the past: https://web.archive.org/web/20200105223104/https://developer.mozilla.org/en-US/docs/~~Signing_a_XPI~~Archive/Add-ons/Signing_an_XPI

== Documentation ==

* [https://blog.mozilla.org/addons/2015/04/15/the-case-for-extension-signing/ The Case for Extension Signing], Add-ons Blog.

* [https://bugzilla.mozilla.org/show_bug.cgi?id=signed-addons Main tracking bug].

* [https://extensionworkshop.com/documentation/publish/signing-and-distribution-overview/#distributing-your-addon Signing and distributing your add-on], Extension Workshop.

== Timeline ==

Robwu

44

edits

Changes

Add-ons/Extension Signing

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

How to Contribute

MozillaWiki

Around Mozilla

Tools