Confirmed users
1,158
edits
EngineeringProductivity/HowTo/SignExtensions: Difference between revisions
EngineeringProductivity/HowTo/SignExtensions (view source)
Revision as of 23:33, 25 February 2016
, 25 February 2016no edit summary
mNo edit summary |
No edit summary |
||
| Line 6: | Line 6: | ||
2. Install jpm by following the [https://developer.mozilla.org/en-US/Add-ons/SDK/Tools/jpm official instructions]. Make sure you have at least version 1.0.5 by running: | 2. Install jpm by following the [https://developer.mozilla.org/en-US/Add-ons/SDK/Tools/jpm official instructions]. Make sure you have at least version 1.0.5 by running: | ||
$ jpm --version | $ jpm --version | ||
Note: jpm is one way to sign add-ons, there is also a [http://addons-server.readthedocs.org/en/latest/topics/api/signing.html REST API interface] for this, it uses the same keys. | |||
== Signing an Addon == | == Signing an Addon == | ||
| Line 20: | Line 22: | ||
$ jpm sign --api-key <amo key> --api-secret <amo secret> --xpi <path to xpi> | $ jpm sign --api-key <amo key> --api-secret <amo secret> --xpi <path to xpi> | ||
5. If validation failed, open the link to see what needs to be changed. If it was successful, you should have a new .xpi file in your working directory. If appropriate, move and/or rename this file to whatever the relevant automation is expecting. | 5. If validation failed, open the link to see what needs to be changed. If it was successful, you should have a new .xpi file in your working directory. If appropriate, move and/or rename this file to whatever the relevant automation is expecting. If it's not obvious why signing failed, please contact the Add-ons team (usually #amo works). The signing through addons.mozilla.org is a bit stricter about what it accepts than might be needed for mozilla-central. | ||
6. Add the signed addon to your commit: | 6. Add the signed addon to your commit: | ||
| Line 32: | Line 34: | ||
* If you or someone else previously bumped an addon's version number to test changes on try, but never actually committed the changes, then simply incrementing that addon's version number by one won't work. You'll need the last signed version, which is not necessarily the last checked in version. | * If you or someone else previously bumped an addon's version number to test changes on try, but never actually committed the changes, then simply incrementing that addon's version number by one won't work. You'll need the last signed version, which is not necessarily the last checked in version. | ||
* After an addon is signed by one key, it can't later be signed by a second. So it's important to use the shared automation account. | * After an addon is signed by one key, it can't later be signed by a second. So it's important to use the shared automation account. | ||
* Addons with an application id of "toolkit@mozilla.org" don't currently get signed. | * If you have accidentally signed an add-on yourself, AMO allows an add-on to be shared by multiple owners. Go to addons.mozilla.org > Tools > Manage My Submissions > [Your add-on] > Manage Authors and add "release+signaddons@mozilla.com" as an owner. | ||
* Addons with an application id of "toolkit@mozilla.org" don't currently [https://github.com/mozilla/addons-server/issues/1740 get signed by design on AMO]. jpm won't warn you of this, change the application id to Firefox's uuid. | |||