A library to handle the manipulations of signing XPIs at Mozilla.

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for glasserc from gravatar.com glasserc

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Mozilla Public License 2.0 (MPL 2.0) (MPL)
  • Author: Ethan Glasser-Camp
  • Tags sign_xpi
Classifiers

Project description

sign-xpi-lib

https://img.shields.io/pypi/v/sign_xpi_lib.svg https://img.shields.io/travis/mozilla-services/sign-xpi-lib.svg Documentation Status Updates

A library to handle the manipulations of signing XPIs at Mozilla.

Overview

Information about how XPI signing works in Firefox can be found at the Mozilla wiki.

A tool that generates PKCS7 signatures in the correct format is autograph, which see for more information.

This library is used by the sign-xpi lambda, but can be used by other clients too.

Usage:

from sign_xpi_lib import XPIFile

x = XPIFile('hypothetical-addon-unsigned.xpi')

# this is the mozilla.sf file computed by hashing mozilla.rsa
signed_manifest = x.signed_manifest
print(signed_manifest)

# This probably talks to Autograph or an HSM or whatever
signature = 'generate-a-signature somehow'

x.make_signed('hypothetical-addon-signed.xpi', 'mozilla.rsa',
              signed_manifest, signature)

See the tests for more details.

Credits

This package was created with Cookiecutter and the audreyr/cookiecutter-pypackage project template.

History

0.1.0 (2017-07-07)

  • First release on PyPI.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page