签署基于XUL的Firefox附加组件 [英] Signing XUL-based add-on for Firefox
问题描述
是否可以签署一个基于XUL for Firefox的插件,还是只能用新的SDK进行签名?
所有扩展程序,无论是覆盖, Restartless / Bootstrapped ,附加SDK ,或新的 WebExtensions API 扩展,可以签名。
过去,个别的扩展作者可以自己选择自己的扩展名。截至前一段时间,Mozilla改变了他们的政策,即所有扩展必须提交给AMO并由Mozilla签名。 具体来说,他们说:
Mozilla将开始要求对所有扩展进行签名,才能将其安装在Firefox的发行版和Beta版中。签名将通过 addons.mozilla.org (AMO)完成,对所有分机都是强制性的,无论他们在哪里
自 Firefox 40 ,用户会收到任何未经Mozilla签名的扩展程序的警告。 Firefox 43 默认情况下是不允许未签名的扩展名被安装。但是,首选项( xpinstall.signatures.required 在 about:config 中)可以设置为 false 来允许它们被安装。
Mozilla在不止一个位置声称,自 Firefox 44 扩展名 必须签名才能安装在Firefox的发行版或测试版中 。然而,与Mozilla所说的相反,在Firefox 44.0b1(测试版1)中设置 xpinstall.signatures.required 为 false 仍然允许未经签名的扩展程序被安装和运行(在Win7x64上使用FF 44.0b1 x64进行测试)。
AMO上没有列出的开发或扩展的替代方案:
Firefox开发人员版和< href =https://nightly.mozilla.org/ =nofollow>每晚版本不需要扩展名就可以签名。
对于完全审核的附加组件,附加组件的测试版频道将为如果他们通过了自动验证,则立即签署。
$ b 对于未在AMO上列出的附加组件,Mozilla将立即对插件进行签名,只要它通过了一个没有错误的自动代码验证器(警告是确定的)。
Mozilla 已经发布了(更多细节)an 附加签名API 。此API允许您以编程方式提交附加组件( .xpi 文件或附加组件SDK代码)进行签名,并只要接收已签名的附加组件它通过自动代码验证器没有错误(警告是好的)。 Mozilla曾在不同的地方表示,Firefox(测试版和发行版)将会出现无版本的版本,允许安装未经签名的插件。但是,关于这一点没有进一步的信息。随着签名API的发布,Mozilla似乎不太可能遵循,并且实际上使这种无品牌版本可用。
Is it possible to sign an add-on based on XUL for Firefox, or signing only possible with the new SDK?
All extensions, be they Overlay, Restartless/Bootstrapped, Add-on SDK, or the new WebExtensions API based extensions, can be signed.
It used to be that individual extension authors could choose to sign their extension themselves. As of some time ago, Mozilla changed their policy to be that all extensions must be submitted to AMO and signed by Mozilla. Specifically, they say:
Mozilla will begin requiring all extensions to be signed in order for them to be installable in Release and Beta versions of Firefox. Signing will be done through addons.mozilla.org (AMO) and will be mandatory for all extensions, regardless of where they are hosted.
As of Firefox 40, the user is warned about any extension that is not signed by Mozilla.
As of Firefox 43 the default is that unsigned extensions will not be permitted to be installed. However, a preference, (xpinstall.signatures.required in about:config), can be set to false to permit them to be installed.
Mozilla has stated, in more than one location, that as of Firefox 44 extensions must be signed to be installed in the release or beta versions of Firefox. However, contrary to what Mozilla has stated, in Firefox 44.0b1 (beta 1) setting xpinstall.signatures.required to false still permits unsigned extensions to be installed and operational (tested with FF 44.0b1 x64 on Win7x64).
Alternatives for development or extensions not listed on AMO:
The Firefox Developer Edition and Nightly builds will not require extensions to be signed.
For Fully Reviewed add-ons, the add-on's beta channel will be immediately signed without any manual review if they pass automatic validation.
For add-ons not listed on AMO, Mozilla will sign the add-on immediately as long as it passes an automatic code validator with no errors (warnings are OK).
Mozilla has released (more detail) an add-on signing API. This API permits you to programmatically submit an add-on (.xpi file, or Add-on SDK code) to be signed and receive back the signed add-on as long as it passes the automatic code validator with no errors (warnings are OK).
Mozilla has stated in various places that there will be unbranded versions of Firefox (beta and release) which permit installing unsigned add-ons. However, there has been no further information on this. With the release of the signing API, it appears less likely that Mozilla will follow through and actually make such unbranded versions available.
这篇关于签署基于XUL的Firefox附加组件的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
