New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Reviewers can't install unsigned add-ons that don't have an ID #3350
Comments
I think this comes down to: "Cannot install an unsigned webextension if it doesn't have an ID"? |
Andreas is right. Modifying the unsigned XPI manifest.json by adding the id does the trick. For example : "applications": { |
Yeah that's going to be a problem. I can see two options:
The first one is a little inconvenient for reviewers though. |
I suppose a third option that might be better than the second option (using a different cert):
|
Another option would be to add a random ID right after upload instead of after it has been signed. |
I just came across another add-on that is affected by this and decided to give this option a try. Unfortunately Firefox fails to load this add-on as well. Tested on release (48) and Nightly (51). For the record, the error in Nightly is: |
Please note that bug 1298060 is now closed, so this should be good. |
Thanks Andy! |
Verified on FF51.0a1(2016-09-18)- Win7 with xpinstall.signatures.required on false and no ID add-ons, obtained the following results:
Are the results from point 1, expected? |
Results from point 1 are expected. It fails with this error:
Loading an add-on with no ID at all is only supported in about:debugging. |
Thanks Andy! |
I had issues reviewing 17 WebExtensions add-ons this morning. All of those facing the same issue.
Let's take this add-on as an example :
https://addons.mozilla.org/en-US/editors/review/xorapl-czytnik version 2.0.0.
Installation of XPI xorapl_czytnik-2.0.0-fx+an.xpi (at the time when it was non signed) failed:
Firefox console shows :
Error: Cannot find id for add-on tmp-g35.xpi (resource://gre/modules/addons/XPIProvider.jsm:5676:17).
To what I remember from what Andy said at London is that id for web extensions are not mandatory anymore. Not sure what's going on here. TheOne and EvilJeff had some talks about this on #amo-editors.
I have saved a non-signed version of this xpi that can be downloaded here :
xorapl_czytnik-2.0.0-fx+an.zip . This is the exact XPI that AMO were giving me before I went ahead and approved the add-on.
Note that once approved and signed, the proper extension ID get added inside META-INF/mozilla.rsa. This seems good. To what I understand, those 17 "pushed to public" web extensions that had this issue before reviewing are good for the end users. They can install them without any problems and the proper ID got assigned (in this example @xora-czytnik is the ID).
A list of those 17 add-ons can be found in our "Add-on Review Log" on Jul 27, 2016. They all have " xora.pl," in their addon's names.
The text was updated successfully, but these errors were encountered: