Add-ons/Extension Signing
< Add-ons
Jump to navigation
Jump to search
Mozilla now requires all extensions to be signed by Mozilla in order for them to be installable in Release and Beta versions of Firefox. Signing will be done through addons.mozilla.org (AMO) and will be mandatory for all extensions, regardless of where they are hosted.
Documentation
- Introducing Extension Signing, Add-ons Blog.
- The Case for Extension Signing, Add-ons Blog.
- Main tracking bug.
Timeline
Check the Firefox Release Calendar for specific dates. The following timelines are for Desktop:
- Firefox 40-42: Firefox warns about signatures but doesn't enforce them.
- Firefox 43: Firefox enforces the use of signatures by default, but has a preference that allows signature enforcement to be disabled (xpinstall.signatures.required in about:config).
- Firefox 48: (Pushed from Firefox 46). Release and Beta versions of Firefox for Desktop will not allow unsigned extensions to be installed, with no override. Firefox for Android will enforce add-on signing, and will retain a preference — which will be removed in a future release — to allow the user to disable signing enforcement.
The first ESR version to include signing support will be the Firefox ESR 52 release.
All Firefox extensions - for Desktop and Android - on AMO that have passed review are now signed.
For unlisted (non-AMO) add-ons, submission and signing is active through AMO, and there is a Signing API available for automated submission and retrieval of unlisted addons.
Unbranded Builds
Unbranded builds are available from the continuous integration builds on archive.mozilla.org. Links to the latest beta and release builds, as well as the root directories for those treeherder builds are below, and subdirectories are named from the epoch timestamp of when the build was generated.
Latest Builds
Release builds
Latest release (Firefox 49.0 - changeset 416dc3163a1f) builds:
- Linux Installer (build directory)
- Mac OSX Installer (build directory)
- Windows 32-bit Installer (build directory)
- Windows 64-bit Installer (build directory)
Beta builds
Latest beta (49.0b10 - changeset 77a60bbacb97) builds:
- Linux Installer (build directory)
- Mac OSX Installer (build directory)
- Windows 32-bit Installer (build directory)
- Windows 64-bit Installer (build directory)
Treeherder Root Directories
Release
Beta
FAQ
- Which add-on types will need to be signed?
- Only extensions (type 2 in install.rdf)--this includes WebExtensions. Themes, dictionaries, language packs, and plugins don't need to be signed.
- Will other applications like Thunderbird, Seamonkey, Palemoon, etc. require extensions to be signed?
- The leaders of each of those projects will decide if they want to enforce signing, keep it as a setting, or deactivate it by default. We haven't heard about any other applications planning to support this.
- Will signed extensions work on other applications or older versions of Firefox?
- Yes, the signature system is built on top of the existing add-on signing feature, which has been supported in Firefox and other applications.
- Will there be a setting or other overrides to disable signature checks?
- Firefox Release and Beta versions will not have any way to disable signature checks. Signature checks can be disabled in other versions, as described in detail below.
- What are my options if I want to install unsigned extensions in Firefox?
- The Developer Edition and Nightly versions of Firefox will have a setting to disable signature enforcement. There are also be special unbranded versions of Release and Beta that will have this setting (see , so that add-on developers can work on their add-ons without having to sign every build. To disable signature checks, you will need to set the
xpinstall.signatures.requiredpreference to "false".- type
about:configinto the URL bar in Firefox - in the Search box type
xpinstall.signatures.required - double-click the preference, or right-click and selected "Toggle", to set it to
false.
- type
- The Developer Edition and Nightly versions of Firefox will have a setting to disable signature enforcement. There are also be special unbranded versions of Release and Beta that will have this setting (see , so that add-on developers can work on their add-ons without having to sign every build. To disable signature checks, you will need to set the
- How will the unbranded versions of Firefox work?
- They work just like Firefox, with two differences: they will have a setting to disable mandatory signature checks, and they will not have the Firefox name and logo (instead using a generic name and logo). These builds are available in the en-US locale only.
- What about private add-ons used in enterprise environments?
- The ESR release will support signing starting with version 45-based releases. Signing enforcement will be enabled by default in these releases, and enforcement can be disabled using the
xpinstall.signatures.requiredpreference.
- The ESR release will support signing starting with version 45-based releases. Signing enforcement will be enabled by default in these releases, and enforcement can be disabled using the
- How do I get my add-ons signed if they are hosted on addons.mozilla.org (AMO)?
- No action is required. We automatically signed reviewed versions of all add-ons currently hosted on AMO. All new versions will be signed automatically after they pass review.
- How do I get my add-ons signed if they are not hosted on addons.mozilla.org (AMO)?
- You will need to create an AMO account and submit your add-on. There will be an option where you indicate the add-on won't be listed on AMO, and you'll be able to submit your add-on files without having them published on the site. Please read the Distribution Policy for more details.
- You can also use the jpm sign command to generate a signed XPI that can be self-hosted.
- There is an API you can use for signing.
- How does the signing process work for unlisted add-ons?
- For unlisted add-ons, files submitted for signing will go through an automated review process. If they pass this review, they are automatically signed and a download link is sent back to the developer. This process should normally take seconds. If the file doesn't pass review, the developer will have the option to request a manual review, which should take less than two days. This is not the same process that currently applies to AMO add-ons, which has been typically slower.
- There is an API you can use for signing.
- What about Beta versions on AMO? Will they be reviewed and signed?
- Yes. Beta versions will be treated like non-AMO add-ons. They will be automatically validated and signed if they pass validation.
- Will I need to sign the custom version of an existing add-on I created with my own code changes, locale additions, etc.?
- If you use it on Release or Beta, yes. You will also need to change the add-on ID in order to submit it for signing.
- Is this a way for Mozilla to censor add-ons they don't like, enforce copyright, government demands, etc.?
- No, the purpose of this is to protect users from malicious add-ons. We have clear guidelines for when it is appropriate to blocklist an add-on and have refused multiple times to block for other reasons.
- Will there be an upload and signing API so I don't have to manually upload each new version of the add-on?
- Yes. The signing API is documented here.
- Will this protect users against all forms of add-on malware?
- No, there is no perfect solution for this. Fighting malware requires defenses on many levels: operating system,, application, user, and even industry. Extension signing is a big step in protecting Firefox against malicious add-ons, but there is much more to do in other fronts to ensure the best experience for our users.
Further discussion
The main discussion channel is the mozilla.addons.user-experience newsgroup.