sign-xpi-lib

https://img.shields.io/pypi/v/sign_xpi_lib.svg https://img.shields.io/travis/glasserc/sign_xpi_lib.svg Documentation Status Updates

A library to handle the manipulations of signing XPIs at Mozilla.

Overview

Information about how XPI signing works in Firefox can be found at the Mozilla wiki.

A tool that generates PKCS7 signatures in the correct format is autograph, which see for more information.

This library is used by the sign-xpi lambda, but can be used by other clients too.

Usage:

from sign_xpi_lib import XPIFile

x = XPIFile('hypothetical-addon-unsigned.xpi')

# this is the mozilla.sf file computed by hashing mozilla.rsa
signed_manifest = x.signed_manifest
print(signed_manifest)

# This probably talks to Autograph or an HSM or whatever
signature = 'generate-a-signature somehow'

x.make_signed('hypothetical-addon-signed.xpi', 'mozilla.rsa',
              signed_manifest, signature)

See the tests for more details.

Credits

This package was created with Cookiecutter and the audreyr/cookiecutter-pypackage project template.