A library to handle the manipulations of signing XPIs at Mozilla.

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for glasserc from gravatar.com glasserc

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Mozilla Public License 2.0 (MPL 2.0) (MPL)
  • Author: Ethan Glasser-Camp
  • Tags sign_xpi
Classifiers
Report project as malware

Project description

sign-xpi-lib

https://img.shields.io/pypi/v/sign_xpi_lib.svg https://img.shields.io/travis/mozilla-services/sign-xpi-lib.svg Documentation Status Updates

A library to handle the manipulations of signing XPIs at Mozilla.

Overview

Information about how XPI signing works in Firefox can be found at the Mozilla wiki.

A tool that generates PKCS7 signatures in the correct format is autograph, which see for more information.

This library is used by the sign-xpi lambda, but can be used by other clients too.

Usage:

from sign_xpi_lib import XPIFile

x = XPIFile('hypothetical-addon-unsigned.xpi')

# this is the mozilla.sf file computed by hashing mozilla.rsa
signed_manifest = x.signed_manifest
print(signed_manifest)

# This probably talks to Autograph or an HSM or whatever
signature = 'generate-a-signature somehow'

x.make_signed('hypothetical-addon-signed.xpi', 'mozilla.rsa',
              signed_manifest, signature)

See the tests for more details.

Credits

This package was created with Cookiecutter and the audreyr/cookiecutter-pypackage project template.

History

0.1.0 (2017-07-07)

  • First release on PyPI.

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for glasserc from gravatar.com glasserc

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Mozilla Public License 2.0 (MPL 2.0) (MPL)
  • Author: Ethan Glasser-Camp
  • Tags sign_xpi
Classifiers

Release history Release notifications | RSS feed

This version

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

sign-xpi-lib-0.1.0.tar.gz (24.3 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

sign_xpi_lib-0.1.0-py2.py3-none-any.whl (7.8 kB view details)

Uploaded Python 2Python 3

File details

Details for the file sign-xpi-lib-0.1.0.tar.gz.

File metadata

  • Download URL: sign-xpi-lib-0.1.0.tar.gz
  • Upload date:
  • Size: 24.3 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No

File hashes

Hashes for sign-xpi-lib-0.1.0.tar.gz
Algorithm Hash digest
SHA256 22ec00d91327085762089db0a6aeec941cf54428b7f4f996a068911807416d98
MD5 39bb94705ec6f50633a7be8ba7dc75ef
BLAKE2b-256 2a9c7958274a43073f2fa4589cce478194ed456c07a625b43a5afc2d4bbc341e

See more details on using hashes here.

File details

Details for the file sign_xpi_lib-0.1.0-py2.py3-none-any.whl.

File metadata

File hashes

Hashes for sign_xpi_lib-0.1.0-py2.py3-none-any.whl
Algorithm Hash digest
SHA256 00e16b22385e60e1b7253e090670254f455fe5012b986c964ff4ed5e4b57b640
MD5 2ec92114e5042b36078b25b6c71706ba
BLAKE2b-256 0310dc8507bab0debbd199c8739b83e1d26821bef879d61b2acd8f6b8ff5e647

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page