Confirmed users
158
edits
FirefoxOS/New security model/Getting Started with Signed Packages: Difference between revisions
FirefoxOS/New security model/Getting Started with Signed Packages (view source)
Revision as of 08:58, 17 November 2015
, 17 November 2015→Configure your device
| (5 intermediate revisions by the same user not shown) | |||
| Line 5: | Line 5: | ||
The steps in the process are: | The steps in the process are: | ||
* Create a regular gaia app | * Create a regular gaia app | ||
* Add required | * Add additional required attributes to the manifest file | ||
* Use the developer signing tool to | * Use the developer signing tool to create and sign your package | ||
* Host the package in where you specify in the manifest file | * Host the package in where you specify in the manifest file | ||
| Line 14: | Line 14: | ||
before testing this feature. | before testing this feature. | ||
The configuring steps will be covered in detail below. | |||
<br><br> | <br><br> | ||
| Line 22: | Line 22: | ||
=== 1. Write a Regular Gaia App === | === 1. Write a Regular Gaia App === | ||
The first step to create and host your signed package is to create a normal gaia app. Claim the permissions/system message/web activity as usual in the manifest | The first step to create and host your signed package is to create a normal gaia app. Claim the permissions/system message/web activity as usual in the manifest even though system message and web activity is still not supported at the moment. | ||
=== 2. Add Required | === 2. Add Additional Required Attributes to the Manifest File === | ||
Beside the well-known | Beside the well-known attributes in the gaia manifest, there are two additional attributes required by signed package and you have to manually add to the manifest: | ||
# package-identifer: A UUID string to uniquely identify this package. The identifier will be considered as a part of the origin. So please be careful to change this value across versions. | # '''package-identifer''': A UUID string to uniquely identify this package. The identifier will be considered as a part of the origin. So please be careful to change this value across versions. | ||
# moz-package-origin: The origin where the package is going to be hosted. This prevents the package from being downloaded and hosted by other people. | # '''moz-package-origin''': The origin where the package is going to be hosted. This prevents the package from being downloaded and hosted by other people. | ||
Note that the packaging/signing tool would automatically add | Note that the packaging/signing tool would automatically add additional attributes to the manifest like "moz-resources". | ||
For example, your manifest file may look like the following: | |||
<pre> | |||
{ | |||
// Regular manifest attributes. | |||
..., | |||
..., | |||
..., | |||
// New attributes introduced by NSec. | |||
"package-identifier": "3bd9a32f-8fd6-404f-bfbe-b883d2e93646", | |||
"moz-package-origin": "http://people.mozilla.org" | |||
} | |||
</pre> | |||
After packaging and signing, it becomes: | |||
<pre> | |||
{ | |||
// Regular manifest attributes. | |||
..., | |||
..., | |||
..., | |||
// New attributes introduced by NSec. | |||
"package-identifier": "3bd9a32f-8fd6-404f-bfbe-b883d2e93646", | |||
"moz-package-origin": "http://people.mozilla.org", | |||
// | |||
// Auto-generated part. | |||
"moz-resources": [...], | |||
} | |||
</pre> | |||
=== 3. Create and Sign Your Package === | === 3. Create and Sign Your Package === | ||
| Line 40: | Line 73: | ||
** The package is served from the location specified in the manifest (moz-package-origin) | ** The package is served from the location specified in the manifest (moz-package-origin) | ||
Now you can use [URL-of-the-package]!//[resource-path-relative-to-the-package] to access the packaged web content via browser. For example, if you host your package in http://foo.com/app.pak, the path to "index.html" inside the package would be http://foo.com/app.pak!//index.html. | |||
<br> | <br> | ||
| Line 54: | Line 87: | ||
adb push developercert.der /data/local/developercert.der | adb push developercert.der /data/local/developercert.der | ||
* Configure a number of preferences as follows: | * Configure a number of preferences as follows: | ||
** Enables web packages support: network.http.enable-packaged-apps = true | ** Enables web packages support: '''network.http.enable-packaged-apps''' = true | ||
** Enables Signed Package support: network.http.signed-packages.enabled = true | ** Enables Signed Package support: '''network.http.signed-packages.enabled''' = true | ||
** Create a signed-packages.developer-root preference using the path you created in the previous step: network.http.signed-packages.developer-root = /data/local/developercert.der | ** Create a '''network.http.signed-packages.developer-root''' preference using the path you created in the previous step: network.http.signed-packages.developer-root = /data/local/developercert.der | ||
* Restart b2g or restart the device. | * Restart b2g or restart the device. | ||
=== Limitations === | === Limitations === | ||
System Messages is not supported yet. Any function related to System Message cannot be used for now. | System Messages is not supported yet. Any function related to System Message cannot be used for now. | ||