Skip to main content

A library to handle the manipulations of signing XPIs at Mozilla.

Project description

sign-xpi-lib Documentation Status Updates

A library to handle the manipulations of signing XPIs at Mozilla.


Information about how XPI signing works in Firefox can be found at the Mozilla wiki.

A tool that generates PKCS7 signatures in the correct format is autograph, which see for more information.

This library is used by the sign-xpi lambda, but can be used by other clients too.


from sign_xpi_lib import XPIFile

x = XPIFile('hypothetical-addon-unsigned.xpi')

# this is the mozilla.sf file computed by hashing mozilla.rsa
signed_manifest = x.signed_manifest

# This probably talks to Autograph or an HSM or whatever
signature = 'generate-a-signature somehow'

x.make_signed('hypothetical-addon-signed.xpi', 'mozilla.rsa',
              signed_manifest, signature)

See the tests for more details.


This package was created with Cookiecutter and the audreyr/cookiecutter-pypackage project template.


0.1.0 (2017-07-07)

  • First release on PyPI.

Project details

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Files for sign-xpi-lib, version 0.1.0
Filename, size File type Python version Upload date Hashes
Filename, size sign_xpi_lib-0.1.0-py2.py3-none-any.whl (7.8 kB) File type Wheel Python version py2.py3 Upload date Hashes View
Filename, size sign-xpi-lib-0.1.0.tar.gz (24.3 kB) File type Source Python version None Upload date Hashes View

Supported by

AWS AWS Cloud computing Datadog Datadog Monitoring Facebook / Instagram Facebook / Instagram PSF Sponsor Fastly Fastly CDN Google Google Object Storage and Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Salesforce Salesforce PSF Sponsor Sentry Sentry Error logging StatusPage StatusPage Status page