I haven't succeeded yet in signing an XPI file. So far, the following has failed for me:
1. The 'Manual Zip' Method ========================== Reference: http://www.mail-archive.com/[EMAIL PROTECTED]/msg01096.html The basic gist is that you do... signtool -d ./certs -kdougt test cd test zip test.xpi META-INF/zigbert.rsa zip -r -D test.xpi * -x META-INF/zigbert.rsa mv test.xpi ../ cd .. Of course I put my own cert location in properly, the above is Doug's example verbatim! When I drag and drop the resulting xpi file (temporarily available at http://www.swiftview.com/svinstall_p.exe.xpi - download it and try it yourself) onto Firefox version 1.0 preview release, it says: "A website is requesting permission to install the following item" and our company name is visible. After a slow countdown, the Install Now button becomes clickable. Clicking on it results in the message: "Firefox could not download the file at file://I:/www/sv_710/temp/svinstall_p.exe.xpi because: Signing could not be verified." Note that my signtool is able to sign .exe files properly, so it isn't broken in general. What could be going wrong? So after banging my head against that a while, I started... 2. Trying to download the new signtool program which supports XPI ================================================================= Reference: https://bugzilla.mozilla.org/show_bug.cgi?id=248751 The above bug says that there is a new version of signtool that accepts a -X parameter for signing XPI. If that is true, I cannot seem to get it. I downloaded the following new signtool: ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_9_2_RTM/Linux2.4_x86_glibc_PTH_OPT.OBJ/ There are a few things that are odd about that. a) My old version of signtool 1.3 is 725752 bytes and... b) this new signtool is 1071549 bytes but... c) when I run it, it still says it is version 1.3 and... d) it does not accept the -X parameter Did the signtool version number not get rolled? ***Does anybody out there have the signtool that accepts the -X parameter?*** Can I get a copy? I am on Red Hat Enterprise Linux ES release 3 (Taroon Update 1). 3. Trying to compile my own signtool. ===================================== I downloaded the sources from ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_9_RTM/src/nss-3.9.tar.gz and tried to compile my own signtool. My OS is above. I had a developer here try to help me with this and although it seemed to compile some tools, he was not able to make signtool. How can this be so difficult?! _______________________________________________ Mozilla-xpinstall mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-xpinstall
