Sign the add-on before uploading it to amazon.

mozilla · Aug 2, 2017 · ad9d97e · ad9d97e
1 parent 4fe24d0
commit ad9d97e
Show file tree

Hide file tree

Showing 2 changed files with 52 additions and 0 deletions.
diff --git a/Makefile b/Makefile
@@ -37,6 +37,7 @@ clean:
 	rm -f update.rdf install.rdf
 
 define release
+  ./sign.sh $(XPI_NAME)-$1.xpi
   echo "releasing $1"
 	aws s3 cp $(XPI_NAME)-$1.xpi $(S3_BASE_URL)$1/$(XPI_NAME)-$1.xpi
   # Update the "latest" symbolic link with a copy inside s3

diff --git a/sign.sh b/sign.sh
@@ -0,0 +1,51 @@
+#!/bin/bash
+
+# Help signing the add-on as "Mozilla Extension" to make it work with Firefox 57+
+# More info on:
+# https://mana.mozilla.org/wiki/display/SVCOPS/Sign+a+Mozilla+Internal+Extension
+
+set -e
+
+export MOZENV="prod"
+
+if [ $MOZENV == "prod" ]; then
+  export AWS_DEFAULT_REGION=us-west-2
+else
+  export AWS_DEFAULT_REGION=us-east-1
+fi
+
+if [ -z $SIGN_AWS_ACCESS_KEY_ID ]; then
+  echo "You should set SIGN_AWS_ACCESS_KEY_ID variable"
+  exit
+fi
+
+if [ -z $SIGN_AWS_SECRET_ACCESS_KEY ]; then
+  echo "You should set SIGN_AWS_SECRET_ACCESS_KEY variable"
+  exit
+fi
+
+if [ -z $1 ] || [ ! -f $1 ]; then
+  echo "$0 expects path to xpi file as first argument"
+  exit
+fi
+XPI=$1
+
+if ! [ -x "$(command -v aws)" ]; then
+  echo "You should setup 'aws' in your environment"
+  exit
+fi
+if ! [ -x "$(command -v sign-xpi)" ]; then
+  echo "You should setup 'sign-xpi' in your environment"
+  echo "See: https://mana.mozilla.org/wiki/display/SVCOPS/Sign+a+Mozilla+Internal+Extension"
+  exit
+fi
+
+echo "Signing $XPI"
+OLD_AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID
+OLD_AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY
+export AWS_ACCESS_KEY_ID=$SIGN_AWS_ACCESS_KEY_ID
+export AWS_SECRET_ACCESS_KEY=$SIGN_AWS_SECRET_ACCESS_KEY
+sign-xpi -t mozillaextension -e $MOZENV -s net-mozaws-$MOZENV-addons-signxpi-input $XPI
+aws s3 cp s3://net-mozaws-$MOZENV-addons-signxpi-output/$XPI .
+export AWS_ACCESS_KEY_ID=$OLD_AWS_ACCESS_KEY_ID
+export AWS_SECRET_ACCESS_KEY=$OLD_AWS_SECRET_ACCESS_KEY