编辑后如何在Firefox插件上签名? [英] How to sign Firefox addon after editing it?
问题描述
所以故事就是这样.我调试了一个引发很多警告的网站:
So the story is like this. I debug a site which throws a lot of warnings:
严格的运输安全性:与站点的连接是 不可信,因此忽略了指定的标头.
Strict-Transport-Security: The connection to the site is untrustworthy, so the specified header was ignored.
那是因为没有适用于本地主机的证书.但这很烦人,我无法找到滤除Firebug控制台的选项.所以我决定进入代码.我发现firebug位于~/.mozilla/firefox/blablabla.bla/extensions/firebug@software.joehewitt.com.xpi内,这是一个zip文件,可以用Vim打开并转到content/firebug/console/errrors.js,在那里找到一个变量pointlessErrors并将其消息附加到该文件中.
That is because there is no proper certificate for localhost. But that is very annoying and I was not able to find option to filter out firebug console. So I decided to go into code. I found that firebug is inside ~/.mozilla/firefox/blablabla.bla/extensions/firebug@software.joehewitt.com.xpi and that is zip which I could open with Vim and got to content/firebug/console/errrors.js, find there a variable pointlessErrors and append my message to it.
Firefox会忽略更改,但是重新启动后,它会提示我萤火虫未经验证且已被禁用.我可能很好,因为它可以保护我免受很多风险的影响,但是我敢肯定自己的改变.
Firefox ignores changes but after I restart it, it gives me message that firebug was not verified and was disabled. I's probably good, because it will protect me from lot's of risks, but I'm sure in my changes.
如何告诉Firefox?还是如何正确更改插件?
How to tell firefox that? Or how to properly make changes to plugins?
或者Firefox是否可以关闭Strict-Transport-Security? (我知道一个问题中有太多问题,但是我想找到最佳解决方案.)
Or is there some option for Firefox to shut up about Strict-Transport-Security? (I know, I know, too many questions in one question, but I want to find best solution).
推荐答案
问题标题的答案可以是在Mozilla Wiki中找到:
上面写着:
如果我的加载项未托管在addons.mozilla.org(AMO)上,该如何签名?
How do I get my add-ons signed if they are not hosted on addons.mozilla.org (AMO)?
- 您将需要创建一个AMO帐户并提交附件.您将有一个选项,其中您指出该加载项不会列出 在AMO上,您无需提交附加文件即可 他们发布在网站上.请阅读分发政策以了解 更多细节.
- 您还可以使用 jpm标志命令以生成可以自托管的签名XPI.
- 有一个您可以使用的API 进行签名.
- You will need to create an AMO account and submit your add-on. There will be an option where you indicate the add-on won't be listed on AMO, and you'll be able to submit your add-on files without having them published on the site. Please read the Distribution Policy for more details.
- You can also use the jpm sign command to generate a signed XPI that can be self-hosted.
- There is an API you can use for signing.
话虽如此,但对扩展名进行签名有更简单的选择:
Having said that, there are easier alternatives to signing the extension:
- 转到
about:config并将xpinstall.signatures.required设置为false. - 立即安装晚上,
- Go to
about:configand setxpinstall.signatures.requiredtofalse. - Install the Nightly, Developer Edition or unbranded version of Firefox
以下是来自维基的相关答案:
Here's the related answer from the wiki:
如果我想在Firefox中安装未签名的扩展名,我有哪些选择?
What are my options if I want to install unsigned extensions in Firefox?
- 开发人员版和
在Firefox的URL栏中
- 键入
about:config- 在搜索"框中,键入
xpinstall.signatures.required- 双击首选项,或右键单击并选择切换",将其设置为
false. - 键入
- The Developer Edition and Nightly versions of Firefox will have a setting to disable signature enforcement. There will also be
special unbranded versions of Release and Beta that will have this
setting, so that add-on developers can work on their add-ons without
having to sign every build. To disable signature checks, you will need
to set the
xpinstall.signatures.requiredpreference to "false".- type
about:configinto the URL bar in Firefox - in the Search box type
xpinstall.signatures.required - double-click the preference, or right-click and selected "Toggle", to set it to
false.
关于摆脱有关严格运输安全的警告的问题,我看到了其他一些可能的解决方案:
Regarding the question about getting rid of the warning regarding Strict Transport Security I see a few other possible solutions:
- 通过HTTP而不是HTTPS访问您的本地主机.
- 禁止在本地主机上发送
Strict-Transport-Security标头. - 安装适当的证书.
- Access your localhost via HTTP instead of HTTPS.
- Suppress sending the
Strict-Transport-Securityheader on localhost. - Install a proper certificate.
请注意,此警告是出于安全目的显示的,因此一般将其禁用会存在一定的风险.
这篇关于编辑后如何在Firefox插件上签名?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
- type
