Re: where to find signtool.exe?

[Jeff Klawiter]

My extension (http://www.j-maxx.net/abtrans/abextension.php) is reported as 
signed on FF 1.0. I signed it with the new signtool 3.10. It was compiled 
in november with whatever code was current at the time. I'd compile some 
new versions if I had the time but alas I've only got time for this email. 
Started a new job as a .NET and PHP developer  (what a lovely combo) and 
have been working and then driving an hour home in time to go to bed :D. 
Maybe this weekend I'll try to take a shot at compiling the current code.

Jeff Klawiter
Nelson B wrote:
One more bit of followup info.
In a typical signed JAR file, the first 3 files are (in order)
META-INF/manifest.mf
META-INF/zigbert.sf
META-INF/zigbert.rsa
(names of the .sf and .rsa files may be other than "zigbert").
Order of the files in the jar is not supposed to matter.
A mozilla XPI file is a signed JAR file with one additional requirement:
the first file MUST be the .rsa file.
The order produced by signtool 3.10 with the -X option is:
META-INF/zigbert.rsa
META-INF/manifest.mf
META-INF/zigbert.sf
Finally one caveat: there are bug reports stating that FF 1.0 fails
to validate properly signed XPI files.  E.g.
https://bugzilla.mozilla.org/show_bug.cgi?id=273406
If this report is true, we may have to wait for FF 1.1 for signed
XPIs to work right.  <sigh>
_______________________________________________
mozilla-crypto mailing list
mozilla-crypto@mozilla.org
http://mail.mozilla.org/listinfo/mozilla-crypto