Labs/Sigma
Sigma is a platform to automatically install Labs approved add-ons and keep them up-to-date. The user-facing name of this add-on is Labs Pack.
A manifest is hosted on https://sigma.mozillalabs.com/ that controls the add-on behavior such as installing/uninstalling add-ons and showing informational pages. The manifest is only followed if a number of security checks pass such as a signature check. Some state is stored locally on each client that affects the add-on behavior.
Manifest Structure
The manifest is a JSON file with file extension .json where the top level JS object has the following properties:
| infoUrl | string | Information url to open in a tab if different from the previous infoUrl |
|---|---|---|
| install | [objects] | Array of add-on objects to install (see below) |
| timestamp | Date (string) | Time when the manifest was created |
| uninstall | [strings] | Array of add-on id strings to uninstall |
Install Add-on Object
The install array contains add-on objects with the following structure:
| hash | string | Expected hash of the downloaded xpi structured as "<hash algorithm>:<hex hash value>" e.g., "sha256:a1b2c3..." |
|---|---|---|
| id | string | Add-on id to check if it's already installed locally |
| url | string | URL to fetch the .xpi to install the add-on |
| version | string | Version of the add-on to check if the local version is already current |
Manifest Signature
At the same level as the .json file, there must be a .sig file that contains the expected signature of the plain-text JSON manifest that is verified by the public key corresponding to the private key used to sign the manifest.