385
edits
Labs/Sigma: Difference between revisions
Jump to navigation
Jump to search
→Add-on Behavior: add list of actions
(→Add-on Behavior: add list of actions) |
|||
| Line 82: | Line 82: | ||
= Add-on Behavior = | = Add-on Behavior = | ||
Sigma will automatically fetch and follow the manifest when triggered by a number of events. | |||
== Main Workflow == | |||
# Download the <tt>.sig</tt> signature file | |||
# Check if the signature matches the local state <tt>signature</tt> | |||
## If it matches, stop the update as the manifest and signature are unchanged | |||
# Download the <tt>.json</tt> manifest file | |||
# Check that the manifest and signature are correct with the embedded public key | |||
## If the signature is not correct, abort | |||
# Check that the <tt>timestamp</tt> is a valid date | |||
## If not or missing, abort | |||
# Check that the <tt>timestamp</tt> is at most 30 days old | |||
## If it's too old, abort because we don't trust old manifests | |||
# Check that the <tt>timestamp</tt> is newer than the local state <tt>timestamp</tt> | |||
## If it's older or the same, abort because we only trust newer manifests | |||
# Check if the <tt>infoUrl</tt> is different from the local state <tt>infoUrl</tt> | |||
## If it is different, open a new tab with the new url and save <tt>infoUrl</tt> | |||
# For each add-on object in <tt>install</tt>, try to install the add-on if necessary | |||
## Check if a local add-on exists with the <tt>id</tt> | |||
### If it exists, check if it's newer or the current <tt>version</tt> | |||
#### If it's newer or current, don't re-install this add-on | |||
## Check that the <tt>hash</tt> is a valid "algorithm:hex value" hash | |||
### If it's not a valid hash, don't install this add-on | |||
## Download the add-on .xpi at the <tt>url</tt> | |||
## Check that the <tt>hash</tt> matches the computed hash for the .xpi | |||
### If the hash does not match, don't install this add-on | |||
## Install the add-on | |||
# For each add-on id in <tt>uninstall</tt>, uninstall if necessary | |||
## Check if a local add-on exists with the add-on id | |||
### If it exists, uninstall it | |||
# Save state (<tt>installIds</tt>, <tt>signature</tt>, <tt>timestamp</tt>) from the manifest now that we've followed the instructions | |||
== Triggering Events == | |||