Signed XPI cannot be installed in Firefox because of hash mismatch #532
Comments
|
Just wondering, if you call jpm anyway, why not generating the xpi directly with it? |
|
It's a XUL addon, which its packing is not supported by jpm |
|
The signing has been outfactored into https://www.npmjs.com/package/sign-addon (not sure jpm uses that, but that's where the fixes are afaik). Further the XPI you upload should not matter, as AMO will re-pack as far as I know. So unless you're getting back an "xpi" that's actually a JSON error it should work. |
|
@freaktechnik Thanks, I'm trying it now |
Check Tools > Web Developer > Browser Console for the real error. That should help you diagnose it. |
|
Interesting, didn't knew this console, I was looking in the developers one. I get: I've tried looking around but couldn't find that specific error. There are other variations of the signed state (with 0 or 1), and I guess Maybe some of you know that error? |
|
That warning is unnecessarily cryptic but I think it's linking to this: https://dxr.mozilla.org/mozilla-central/source/toolkit/mozapps/extensions/AddonManager.jsm#3100 which expands to "The downloaded file did not match the provided hash" This is different from a signing problem. This means the file hash reported from the server did not match the real hash. We've actually seen this before in mozilla/addons#1723 (although it may not be this exact issue). What is the extension ID? If you can provide |
|
Thanks for the help on all the platforms @kumar303 ! I've also asked a week ago on the discourse community, and I'm not sure if to continue here or there, since there's no point in double investigations in different locations. |
|
If it's a jpm bug we should discuss it here. What is the extension ID? Can provide |
|
https://gist.github.com/arieljannai/2e264e8f4a2d043495cfeaf37c4012db |
|
oops, I misunderstood before. I thought you were installing the file from AMO. You are installing this file by going to File > Open in Firefox, right? |
|
Yep, I just take my latest xpi and drag it into firefox, and then the popup suggests me to install it (and then restart) |
|
Could you attach the source code (before signing) so I can try to reproduce the issue? |
kumar303
changed the title
|
Apperantly GitHub don't like my zip.. I've added a docx extension to the zip so it will let me upload it. |
|
ok, thanks. Weird. I changed the ID, made an XPI, signed it, and installed it without any trouble. This was on Mac and I don't have access to a Windows machine. Maybe it's Windows related. I created the zip like |
|
Indeed weird. That's why I thought that maybe there's something wrong with how I'm creating the zip with JSZip (though I took the example of JSZip's parameters from jpm's code). |
Hi,
I know it's not exactly related, but maybe you could still have an idea.
I'm using nodejs to create an xpi with JSZip and then I spawn the jpm process in order to sign it.
Everything looks like it's passing just fine, except that after I install it on firefox and restart it, the addon disappears (not verified I guess)
From my understanding, I believe that there's something wrong with the xpi creation.
I've looked in your code and saw that you also use jszip to create the xpi, and I've also tried using the same parameters as seen in your code.
Maybe some of you know if there's specific settings that needs to be applied on the archive? (Method, attributes etc..)
I've also tried asking about it in SO
Thanks in advance!
The text was updated successfully, but these errors were encountered: