Unable to sign non-SDK extension

mozilla-jetpack / jpm

Jetpack Manager for Node.js

https://www.npmjs.org/package/jpm

Mozilla Public License 2.0

164 stars 75 forks source link

Unable to sign non-SDK extension #575

Closed oooookk7 closed 8 years ago

oooookk7 commented 8 years ago

When signing a non-SDK .xpi addon extension using the jpm sign command, I received this error message which prevents me from successfully signing the extension:

JPM [error] FAIL Error: Could not detect this XPI's ID and/or version

Troubleshooting:

Are you in the right directory? If not, try --addon-dir

Are you really in a directory of SDK add-on source? If not, try signing with the --xpi option

Additional Details:

These are the commands used:

npm install jpm --global
jpm sign --api-key user:xxxxxxxx:xxx --api-secret xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx --xpi extension.xpi

The extension.xpi file contains install.rdf and bootstrap.js files.
I've tried 1.0.5 JPM version and it works. Seems like this fix prevents the signing to work. Is it that non-SDK extensions are no longer supported for unlisted signing?

kumar303 commented 8 years ago

Does this bug happen with the latest version of jpm? Also, could you upload an XPI file that we could use to reproduce this bug?

oooookk7 commented 8 years ago

Yes it does happens with the latest version of jpm. Version used was 1.1.4. As for the XPI file, may I privately email you?

kumar303 commented 8 years ago

Yes, if it's ok to share it with me personally, please do so: kmcmillan@mozilla.com I won't post the source anywhere. This bug is unexpected so I'm just not sure how to reproduce it.

oooookk7 commented 8 years ago

Alright @kumar303, I have sent that to you via email.

kumar303 commented 8 years ago

Thanks for that. It looks like the package.json in your XPI is causing the problem because it has an invalid ID. This shouldn't cause a problem though (this is a bug in jpm).

Do you need the package.json file? You could either remove it or make the ID valid by putting an @ (at sign) in it.

I'm a little confused though because the XPI you sent does indeed look like a SDK add-on. If that's the case, you should be able to just run jpm sign within your source directory without having to create an XPI first. Actually, the same bug happens when I try that, d'oh.

The fix for this is to make jpm tell you "the extension ID is invalid in package.json"

kumar303 commented 8 years ago

I added a fix to jpm that shows a better error message about the invalid ID. It's not ideal but there are major problems with this part of the code that would be too hard to fix.