A library to handle the manipulations of signing XPIs at Mozilla.
Project description
sign-xpi-lib
A library to handle the manipulations of signing XPIs at Mozilla.
Free software: MIT license
Documentation: https://sign-xpi-lib.readthedocs.io.
Overview
Information about how XPI signing works in Firefox can be found at the Mozilla wiki.
A tool that generates PKCS7 signatures in the correct format is autograph, which see for more information.
This library is used by the sign-xpi lambda, but can be used by other clients too.
Usage:
from sign_xpi_lib import XPIFile
x = XPIFile('hypothetical-addon-unsigned.xpi')
# this is the mozilla.sf file computed by hashing mozilla.rsa
signed_manifest = x.signed_manifest
print(signed_manifest)
# This probably talks to Autograph or an HSM or whatever
signature = 'generate-a-signature somehow'
x.make_signed('hypothetical-addon-signed.xpi', 'mozilla.rsa',
signed_manifest, signature)
See the tests for more details.
Credits
This package was created with Cookiecutter and the audreyr/cookiecutter-pypackage project template.
History
0.1.0 (2017-07-07)
First release on PyPI.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for sign_xpi_lib-0.1.0-py2.py3-none-any.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 00e16b22385e60e1b7253e090670254f455fe5012b986c964ff4ed5e4b57b640 |
|
| MD5 | 2ec92114e5042b36078b25b6c71706ba |
|
| BLAKE2b-256 | 0310dc8507bab0debbd199c8739b83e1d26821bef879d61b2acd8f6b8ff5e647 |
