EngineeringProductivity/HowTo/SignExtensions
With the new addon signing requirement, working with extensions in mozilla-central gets a little more complicated. Anytime an extension is modified, it will need to be version bumped and re-signed. Yes, even if you just want to add a dump statement to debug a try run. Yuck! This guide is intended to provide all the information you need to work with signed extensions in mozilla-central. At first, signing will largely by a manual process, but eventually tooling will improve and the process will get easier.
Prerequisites
1. Obtain the signing keys. You'll need LDAP to access them. If you do not have LDAP, unfortunately you will not be able to sign extensions in mozilla-central.
2. Install jpm by following the official instructions. Make sure you have at least version 1.0.5 by running:
$ jpm --version
Signing an Extension
You've made changes to an extension, and want to check them into the tree. But automation won't pick your changes up until you've signed the extension. Here's what you need to do step by step.
1. Bump the version number in install.rdf. It's not possible to sign the same version twice, so each change requires a version bump. If appropriate, you may want to add a new minor version number (e.g x.y.z).
2. Pack the addon into an xpi. An xpi file is simply a renamed zip file. For example, you could use:
$ zip -r my-addon.xpi .
3. Sign the addon with jpm and the credentials you obtained from step 1 of the prerequisites:
$ jpm sign --api-key <amo key> --api-secret <amo secret> --xpi <path to xpi>
4. If validation failed, open the link to see what needs to be changed. If it was successful, you should have a new .xpi file in your working directory. If appropriate, rename this file to whatever the relevant automation is expecting.