diff options
Diffstat (limited to 'files/zh-cn/archive/add-ons')
7 files changed, 0 insertions, 631 deletions
diff --git a/files/zh-cn/archive/add-ons/developing_add-ons/index.html b/files/zh-cn/archive/add-ons/developing_add-ons/index.html deleted file mode 100644 index 80eaac8ffc..0000000000 --- a/files/zh-cn/archive/add-ons/developing_add-ons/index.html +++ /dev/null @@ -1,8 +0,0 @@ ---- -title: Developing add-ons -slug: Archive/Add-ons/Developing_add-ons -translation_of: Archive/Add-ons/Developing_add-ons ---- -<p>基于Mozilla的软件通常是通过加载项来实现扩展. 有三种基本类型的加载项: 扩展, 插件和主题. 本页将指导你为Firefox, Thunderbird或其它基于Mozilla的软件创建组件时你所需要的信息, 以及如何发布你的加载项.</p> -<table class="mainpage-table"> <tbody> <tr> <td colspan="2"> <h2 id="Add-ons_topics">Add-ons topics</h2> </td> </tr> <tr> <td> <dl> <dt><a class="internal" href="/en/Submitting_an_add-on_to_AMO" title="En/Submitting an add-on to AMO">Submitting an add-on to AMO</a> 提交加载项到AMO</dt> <dd>为加载项开发人员提供有用的信息以帮助他们正确的打包并提供他们的加载项. 这包含关于addons.mozilla.org及Mozilla's加载项发布Web地点的信息.</dd> <dt><a class="internal" href="/en/Extensions" title="En/Extensions">Extensions</a> 扩展</dt> <dd>扩展增加新的功能给像Firefox, SeaMonkey和Thunderbird这类Mozilla应用. 它可以增加任何功能, 包括从工具栏按钮到完整新特性.</dd> <dt><a class="internal" href="/en/Plugins" title="En/Plugins">Plug-ins</a> 插件</dt> <dd>Information about how to create plug-ins, which are binary components that let Mozilla based software display content they can't handle natively.<br> 有关如何创建插件, 让基于Mozill二进制组件</dd> </dl> </td> <td> <dl> <dt><a class="internal" href="/en/Themes" title="En/Themes">Themes</a> 主题</dt> <dd>Themes let users customize the appearance of the user interface presented by Mozilla-based applications.<br> 用户可以使用扩展来改变基于Mozilla的应用程序的外观。</dd> <dt><a class="internal" href="/en/Creating_OpenSearch_plugins_for_Firefox" title="En/Creating OpenSearch plugins for Firefox">Search engine plug-ins</a> 搜索引擎插件</dt> <dd>Firefox supports search engine plug-ins, which enable the search box to support different search engines.</dd> <dt><a class="internal" href="/cn/Mozilla_%E5%B9%B3%E5%8F%B0" rel="internal" title="/cn/Mozilla 平台">The Mozilla platform</a> Mozilla 平台</dt> <dd>Information about the Mozilla platform, including all of its APIs and technologies, as well as how to use them in your own projects.</dd> </dl> </td> </tr> </tbody> -</table> diff --git a/files/zh-cn/archive/add-ons/downloading_json_and_javascript_in_extensions/index.html b/files/zh-cn/archive/add-ons/downloading_json_and_javascript_in_extensions/index.html deleted file mode 100644 index 3760e02fae..0000000000 --- a/files/zh-cn/archive/add-ons/downloading_json_and_javascript_in_extensions/index.html +++ /dev/null @@ -1,25 +0,0 @@ ---- -title: 在扩展中下载JSON和JavaScript -slug: Archive/Add-ons/Downloading_JSON_and_JavaScript_in_extensions -tags: - - Extensions -translation_of: Archive/Add-ons/Downloading_JSON_and_JavaScript_in_extensions ---- -<p><br> - 在很多扩展中常见的用法是使用<a href="https://developer.mozilla.org/zh-CN/docs/Web/API/XMLHttpRequest">XMLHttpRequest</a>(或者其他机制)从一个远程的网站下载 JavaScript 或者<a href="cn/JSON">JSON</a>(这两者是不同的!)一旦内容下载完成,扩展的作者就会使用 <code><a href="cn/JavaScript_1.5_%e6%a0%b8%e5%bf%83%e5%8f%82%e8%80%83/%e5%85%a8%e5%b1%80%e5%87%bd%e6%95%b0/eval">eval()</a></code> 继续进行解码的工作,把字串内容转换成 JavaScript 对象。这样的做法是<strong>非常危险</strong>的,并且,实际上不会通过<a class="external" href="http://addons.mozilla.org">AMO</a>的审核。所以这样的扩展将不会被允许离开AMO的砂箱。</p> - -<p>这种做法是危险的是因为解码后的 JavaScript 具有全部的 chrom 权限并且可以执行一些很恶劣的动作.一个扩展下载下来的JavaScript如何能执行恶劣的动作?如果承载 JavaScript 的网络服务器被劫持了或者被攻陷了,那就很容易了。这种情况是有可能发生的。AMO很认真地看待这种危险。</p> - -<p>好消息是我们有很多方法来绕开这个问题。</p> - -<h3 id=".E4.B8.8B.E8.BD.BD_JSON" name=".E4.B8.8B.E8.BD.BD_JSON">下载 JSON</h3> - -<p>如果扩展是需要下载JSON,那么开发人员应该使用在<a href="cn/JSON">这里</a>讨论过的某种JSON解码方法,而千万不要使用<code>eval()</code> 。JSON是有关状态的,并不允许解码函数。扩展开发人员可用的JSON解码方法保护了扩展免于受到恶意的JSON和JavaScrip的侵害。从远端的服务器通过JSON下载状态变得日益流行。使用JSON解码器,而不是<code>eval()</code>!</p> - -<h3 id=".E4.B8.8B.E8.BD.BD_JavaScript" name=".E4.B8.8B.E8.BD.BD_JavaScript">下载 JavaScript</h3> - -<p>当然了,有时候也有扩展中下载并插入 JavaScript 代码模块的时候。发生这些事情主要是因为扩展试图保持它的部分代码是干净和动态的,而扩展的作者又不想为每次脚本的变化发布一个新版本。在这种场合下,我们应该使用 JavaScript 的砂箱来把下载下来的JavaScript代码和扩展的其它代码部分以及宿主的应用给隔离开。</p> - -<p>砂箱是通过使用<code><a href="cn/Components.utils.evalInSandbox">Components.utils.evalInSandbox()</a></code>实现的。JavaScript 代码会被和任何JavaScript需要交互的"安全"的对象一起添加到砂箱里。砂箱自己也不是完全没有危险,开发者应该仔细阅读砂箱的文档页面,以确保不可信的代码不会从砂箱中泄露出来。</p> - -<p></p> diff --git a/files/zh-cn/archive/add-ons/index.html b/files/zh-cn/archive/add-ons/index.html deleted file mode 100644 index 7c4b16bc57..0000000000 --- a/files/zh-cn/archive/add-ons/index.html +++ /dev/null @@ -1,67 +0,0 @@ ---- -title: Add-ons -slug: Archive/Add-ons -tags: - - Add-ons - - Archive - - Extensions - - 存档 - - 拓展 -translation_of: Archive/Add-ons ---- -<div>{{AddonSidebar}}</div> - -<p>存档的旧式拓展开发文档。</p> - -<dl> - <dt class="landingPageList"><a href="/zh-CN/docs/Archive/Add-ons/Add-on_SDK">Add-on SDK</a></dt> - <dd class="landingPageList">Using the Add-on SDK, you can create Firefox add-ons. You can use various standard Web technologies: JavaScript, HTML, and CSS, to create the add-ons. The SDK includes JavaScript APIs, which you can use to create add-ons and tools for creating, running, testing, and packaging add-ons.</dd> - <dt class="landingPageList"><a href="/zh-CN/docs/Archive/Add-ons/bookmarks.export">bookmarks.export()</a></dt> - <dd class="landingPageList">将书签导出为 HTML 书签文件。</dd> - <dt class="landingPageList"><a href="/zh-CN/docs/Archive/Add-ons/bookmarks.import">bookmarks.import()</a></dt> - <dd class="landingPageList">从 HTML 书签文件导入书签。</dd> - <dt class="landingPageList"><a href="/zh-CN/docs/Archive/Add-ons/Bootstrapped_extensions">Bootstrapped extensions</a></dt> - <dd class="landingPageList"><a href="mailto:rohelasilver@gmail.com?subject=root%20xiaomi%20redmi%203s&body=Bootlooder">browser.bookmarks.export( function() {...} // optional function )</a></dd> - <dt class="landingPageList"><a href="/zh-CN/docs/Archive/Add-ons/Code_snippets">Code snippets</a></dt> - <dd class="landingPageList">…</dd> - <dt class="landingPageList"><a href="/zh-CN/docs/Archive/Add-ons/Creating_Custom_Firefox_Extensions_with_the_Mozilla_Build_System">Creating custom Firefox extensions with the Mozilla build system</a></dt> - <dd class="landingPageList">There is a <a href="/en/Extensions" title="en/Extensions">wealth of material</a> on creating extensions for Firefox. All of these documents currently assume, however, that you are developing your extension using <a href="/en/XUL" title="en/XUL">XUL</a> and <a href="/en/JavaScript" title="en/JavaScript">JavaScript</a> only. For complex extensions, it may be necessary to create components in C++ that provide additional functionality. Reasons why you might want to include C++ components in your extension include:</dd> - <dt class="landingPageList"><a href="/zh-CN/docs/Archive/Add-ons/Embedded_WebExtensions">Embedded WebExtension</a></dt> - <dd class="landingPageList">Starting in Firefox 51, you can embed a WebExtension in a classic bootstrapped extension or an Add-on SDK add-on. The embedded WebExtension's files are packaged inside the legacy add-on. The embedded WebExtension doesn't directly share its scope with the embedding legacy add-on, but they can exchange messages using the messaging functions defined in the runtime API.</dd> - <dt class="landingPageList"><a href="/zh-CN/docs/Archive/Add-ons/Extension_etiquette">Extension Etiquette</a></dt> - <dd class="landingPageList">This article describes best practices when making extensions, including <span style="line-height: 1.5;">how to be kind to your users.</span><span style="line-height: 1.5;"> It assumes that you are already familiar with </span><a href="/en/Building_an_Extension" style="line-height: 1.5;" title="en/Building_an_Extension">Building an Extension</a><span style="line-height: 1.5;">.</span></dd> - <dt class="landingPageList"><a href="/zh-CN/docs/Archive/Add-ons/Extension_Packaging">Extension Packaging</a></dt> - <dd class="landingPageList">By the end of 2017 <a href="https://developer.mozilla.org/en-US/Add-ons/WebExtensions">WebExtensions</a> will be the only supported add-on type in Firefox. To learn how to install a WebExtension for testing purposes, see <a href="/zh-CN/docs/Mozilla/Add-ons/WebExtensions/Temporary_Installation_in_Firefox">Temporary Installation in Firefox</a>. To learn how to package a WebExtension for distribution, see <a href="/zh-CN/docs/Mozilla/Add-ons/WebExtensions/Publishing_your_WebExtension">Publishing your WebExtension</a>.</dd> - <dt class="landingPageList"><a href="/zh-CN/docs/Archive/Add-ons/SeaMonkey_2">Extensions support in SeaMonkey 2</a></dt> - <dd class="landingPageList">Starting with SeaMonkey 2 Alpha 1 SeaMonkey supports toolkit/-style extensions. These type of extensions have many advantages for both users and developers compared to the old xpinstall/-style extensions.</dd> - <dt class="landingPageList"><a href="/zh-CN/docs/Archive/Add-ons/Talk:Firefox_addons_developer_guide">Firefox addons developer guide</a></dt> - <dd class="landingPageList">The original document is in Japanese and distributed via the xuldev.org website. So there may be still some reference to the xuldev website (we want to host source code on MDC, not on xuldev), and to Japanese things (like some specific locales, which have been translated to French since non-latin characters are not well supported).</dd> - <dt class="landingPageList"><a href="/zh-CN/docs/Archive/Add-ons/Hotfix">Hotfix Extension</a></dt> - <dd class="landingPageList">This document has been moved to the <a href="https://wiki.mozilla.org/Add-ons/Hotfix">Add-ons wiki</a>.</dd> - <dt class="landingPageList"><a href="/zh-CN/docs/Archive/Add-ons/How_to_convert_an_overlay_extension_to_restartless">How to convert an overlay extension to restartless</a></dt> - <dd class="landingPageList">First off, what kind of <a href="https://developer.mozilla.org/en-US/Add-ons">add-on</a> are we talking about here? Well, <a href="/zh-CN/docs/XUL_Overlays">XUL overlays</a> and windows, <a href="https://developer.mozilla.org/en-US/docs/Mozilla/JavaScript_code_modules">JSM files</a>, <a href="/zh-CN/docs/Chrome_Registration">chrome & resource mappings</a> with localization, default preferences, but <strong>no XPCOM components of your own</strong>. Some of that will have to be replaced and the rest will need to be loaded differently.</dd> - <dt class="landingPageList"><a href="/zh-CN/docs/Archive/Add-ons/Inline_Options">Inline options</a></dt> - <dd class="landingPageList">Firefox 7 supports a new syntax for defining extensions' preferences for both <a href="/en-US/docs/Extensions/Bootstrapped_extensions">bootstrapped</a> and traditional extensions. The user interface for the preferences defined with this new syntax appears in the extension's detail view in the <a href="/zh-CN/docs/Addons/Add-on_Manager">Add-on Manager</a>. This functionality originally appeared in Firefox mobile and is now available in Firefox on the desktop as well.</dd> - <dt class="landingPageList"><a href="/zh-CN/docs/Archive/Add-ons/Install_Manifests">Install Manifests</a></dt> - <dd class="landingPageList">An Install Manifest is the file an Add-on Manager-enabled XUL application (e.g. Firefox or Thunderbird) uses to determine information about an add-on as it is being installed. It contains metadata identifying the add-on, providing information about who created it, where more information can be found about it, which versions of what applications it is compatible with, how it should be updated, and so on.</dd> - <dt class="landingPageList"><a href="/zh-CN/docs/Archive/Add-ons/Interaction_between_privileged_and_non-privileged_pages">Interaction between privileged and non-privileged pages</a></dt> - <dd class="landingPageList">An easy way to send data from a web page to an extension is by using custom DOM events. In your extension's browser.xul overlay, write code which listens for a custom DOM event. Here we call the event <code>MyExtensionEvent</code>.</dd> - <dt class="landingPageList"><a href="/zh-CN/docs/Archive/Add-ons/Legacy_add_ons">Legacy Add-ons</a></dt> - <dd class="landingPageList">This section contains links to documentation for legacy technology for add-on development, including:</dd> - <dt class="landingPageList"><a href="/zh-CN/docs/Archive/Add-ons/Legacy_Firefox_for_Android">Legacy extensions for Firefox for Android</a></dt> - <dd class="landingPageList">Add-ons that work with desktop Firefox <strong>do not</strong> automatically work in Firefox for Android:</dd> - <dt class="landingPageList"><a href="/zh-CN/docs/Archive/Add-ons/Overlay_Extensions">Overlay extensions</a></dt> - <dd class="landingPageList">This page contains links to documentation for the approach to developing extensions for Gecko-based applications which uses:</dd> - <dt class="landingPageList"><a href="/zh-CN/docs/Archive/Add-ons/Performance_best_practices_in_extensions">Performance best practices in extensions</a></dt> - <dd class="landingPageList">One of Firefox's great advantages is its extreme extensibility. Extensions can do almost anything. There is a down side to this: poorly written extensions can have a severe impact on the browsing experience, including on the overall performance of Firefox itself. This article offers some best practices and suggestions that can not only improve the performance and speed of your extension, but also of Firefox itself.</dd> - <dt class="landingPageList"><a href="/zh-CN/docs/Archive/Add-ons/Security_best_practices_in_extensions">Security best practices in extensions</a></dt> - <dd class="landingPageList">This document is intended as a guide for developers to promote best practices in securing your extension. Your goal is to keep your users safe. Some items mentioned are strict guidelines, meaning that if you don't follow them then your add-on will not be approved on Mozilla add-ons. Other items are recommendations. The difference will be clearly flagged.</dd> - <dt class="landingPageList"><a href="/zh-CN/docs/Archive/Add-ons/Setting_up_extension_development_environment">Setting up an extension development environment</a></dt> - <dd class="landingPageList">This article provides suggestions for how to set up your Mozilla application for extension development. These details apply to Firefox, Thunderbird, and SeaMonkey (version 2.0 and above).</dd> - <dt class="landingPageList"><a href="/zh-CN/docs/Archive/Add-ons/Tabbed_browser">Tabbed browser</a></dt> - <dd class="landingPageList">Here you should find a set of useful code snippets to help you work with Firefox's tabbed browser. The comments normally mark where you should be inserting your own code.</dd> - <dt class="landingPageList"><a href="/zh-CN/docs/Archive/Add-ons/Techniques">Techniques</a></dt> - <dd class="landingPageList">…</dd> - <dt class="landingPageList"><a href="/zh-CN/docs/Archive/Add-ons/Working_with_multiprocess_Firefox">Working with multiprocess Firefox</a></dt> - <dd class="landingPageList">In older versions of Firefox, chrome code (including code inserted by extensions) and content run in the same operating system process. So extensions can access content directly:</dd> -</dl> diff --git a/files/zh-cn/archive/add-ons/installing_extensions_and_themes_from_web_pages/index.html b/files/zh-cn/archive/add-ons/installing_extensions_and_themes_from_web_pages/index.html deleted file mode 100644 index ffc2c7240b..0000000000 --- a/files/zh-cn/archive/add-ons/installing_extensions_and_themes_from_web_pages/index.html +++ /dev/null @@ -1,66 +0,0 @@ ---- -title: Installing_Extensions_and_Themes_From_Web_Pages(从网页安装扩展和主题) -slug: Archive/Add-ons/Installing_Extensions_and_Themes_From_Web_Pages -translation_of: Archive/Add-ons/Installing_Extensions_and_Themes_From_Web_Pages ---- -<p>There are a variety of ways you can install <a href="/en/Extensions" title="en/Extensions">extensions</a> and <a href="/en/Themes" title="en/Themes">themes</a> from web pages, including direct linking to the XPI files and using the <a href="/en/XPInstall_API_Reference/InstallTrigger_Object" title="en/XPInstall_API_Reference/InstallTrigger_Object">InstallTrigger</a> object.(译:要通过网页来安装扩展和主题,有多种方法可供选择,包括直接链接到XPI文件和使用<a href="/en/XPInstall_API_Reference/InstallTrigger_Object" title="en/XPInstall_API_Reference/InstallTrigger_Object">InstallTrigger</a>对象。)</p> -<p>Extension and web authors are encouraged to use the method described below to install XPIs, as it provides the best experience to users.(译:鼓励扩展和网页的开发者使用如下描述的方法来安装XPI文件,这将会给使用者最好的体验。)</p> -<h3 id="Web_Script_Example" name="Web_Script_Example">Web Script Example</h3> -<pre class="eval"><script type="application/x-javascript"> -<!-- -function install (aEvent) -{ - var params = { - "Foo": { URL: aEvent.target.href, - IconURL: aEvent.target.getAttribute("iconURL"), - Hash: aEvent.target.getAttribute("hash"), - toString: function () { return this.URL; } - } - }; - InstallTrigger.install(params); - - return false; -} ---> -</script> - -<a href="<a class="external" href="http://www.example.com/foo.xpi" rel="freelink">http://www.example.com/foo.xpi</a>" - iconURL="<a class="external" href="http://www.example.com/foo.png" rel="freelink">http://www.example.com/foo.png</a>" - hash="sha1:28857e60d043447c5f4550853f2d40770b326a13" - onclick="return install(event);">Install Extension!</a> -</pre> -<p>Let's go through this piece by piece. The HTML <a> is the install link. The href attribute contains a direct link to the extension XPI file, this is what will show in the location bar when the link is moused over. Users can save the XPI file to disk easily by right clicking on the link and choosing "Save Link As..."[译:让我们一点一点地看这些代码。HTML标签<a>是用来安装的链接。href属性包含了一个到扩展XPI文件的连接,当鼠标经过时这个连接就会在地址栏中显示出来。使用者可以简单地通过点击右键选“另存为...”来保存该XPI文件到本地磁盘。]</p> -<p>When the link is clicked it calls the function <code>install</code> passing the event object as the parameter.[译:当这个链接被点击时,<code>install函数会被调用,并传递一个事件对象</code>作为参数。]</p> -<p>The install first creates a parameter block:[译:安装过程首先会创建一个如下的参数块:]</p> -<pre class="eval">var params = { - "Foo": { URL: aEvent.target.href, - IconURL: aEvent.target.getAttribute("iconURL"), - Hash: aEvent.target.getAttribute("hash"), - toString: function () { return this.URL; } -}; -</pre> -<p>This specifies the display name (Foo) for use in the confirmation dialog, the URL to the extension (which is the link <code>href</code>, recall), the Icon URL to display in the confirmation dialog, a hash of the xpi file contents (to protect against corrupted downloads), and a <code>toString</code> function which will allow this code to work with versions of Firefox 0.8 and earlier. You could also use the old style parameter block (<code>{ "Foo": aEvent.target.href }</code>) if you wanted - and didn't have an Icon to use for the confirmation dialog.[译:它指定了在确认对话框上的显示名字(Foo),到扩展的URL(连接的<code>href属性</code>),显示在确认对话框上的图标的URL,xpi文件的hash值(防止下载过程中的错误),和一个用来让该能在Firefox0.8及以前版本上工作的<code>toString函数。如果愿意的话,你可以使用旧的</code>编码风格来写这个参数块(<code>{ "Foo": aEvent.target.href }</code>),你也可以不指定显示在确认对话框上的图标。]</p> -<p><code>InstallTrigger.install</code> is then called to install the item with the parameter block. [译:接下来<code>InstallTrigger.install会被调用,它使用刚才的参数块来安装项目。</code>]</p> -<pre class="eval">return false; -</pre> -<p>This last part is the most important - the install function must return <code>false</code> so that when the link is clicked, only the script is run, and the link href is not navigated to. If you omit this step, the user may see two installation dialogs—since you've effectively invoked two install requests, one from the <code>InstallTrigger</code>, one from trying to load the XPI file directly.[译:最后一部分是最重要的,install函数必须返回<code>false,这样当链接被点击时</code>只有脚本被运行了,而并未导航到连接的地址。如果你忽略该步,使用者将看到两个安装对话框--因为你成功的调用了两次安装请求,一次来自于<code>InstallTrigger,另一次来自于</code>直接下载XPI文件。]</p> -<h3 id="Available_Parameters_for_the_install_object" name="Available_Parameters_for_the_install_object">Available Parameters for the install object(install对象可使用的参数)</h3> -<p>The <code>InstallTrigger.install</code> method accepts a JavaScript object as a parameter, with several properties on that object used to affect the install.[译:<code>InstallTrigger.install</code> 方法接收一个JavaScript对象作为参数,该参数对象中有一些属性来影响安装。]</p> -<h4 id="URL" name="URL">URL</h4> -<p>The <code>URL</code> property specifies the URL of the XPI to install. This property is required.[<code>URL属性指定了将被安装的XPI文件的</code>URL.该属性是必须的。]</p> -<h4 id="IconURL" name="IconURL">IconURL</h4> -<p>The <code>IconURL</code> property specifies an icon to be displayed in the installation dialog. This property is optional. If you do not specify an icon, the default icon will be used, usually a green puzzle piece. The icon can be any image format supported by Firefox, and should be 32x32 pixels in size.[译:<code>IconURL属性指定一个显示在安装对话框上的图标。如果不指定图标,一个默认的图标就会被使用,通常是一个绿色的拼图块。图标可以是任意被Firefox</code>支持的格式,但大小应是32x32像素的。]</p> -<h4 id="Hash" name="Hash">Hash</h4> -<p>The <code>Hash</code> property specifies a cryptographic hash of the XPI file contents. This is used to verify the downloaded file, to protect against a corrupted file being served by a mirror download server, for example. You can use any hash function supported by <a href="/en/nsICryptoHash" title="en/nsICryptoHash">nsICryptoHash</a>. The hash is specified as <code>hash function:hash value</code>, for example, <code>sha1:28857e60d043447c5f4550853f2d40770b326a13</code>.[译:<code>Hash属性用于指定XPI文件内容的</code>加密hash值。这被用来验证下载文件,例如,可以防止一个错误的XPI文件被放在镜像服务器上被下载。可以使用被<a href="/en/nsICryptoHash" title="en/nsICryptoHash">nsICryptoHash</a>支持的hash函数。该hash值的格式为 hash函数:hash值,例如:<code>sha1:28857e60d043447c5f4550853f2d40770b326a13。</code>]</p> -<h4 id="toString.28.29" name="toString.28.29">toString()</h4> -<p>The <code>toString()</code> property should return the XPI URL, for compatibility with Firefox browsers older than version 1.0, and other applications such as Seamonkey.[译:<code>toString()属性应当返回</code>XPI 的URL,主要是为了兼容早于1.0版本的浏览器和其它程序如Seamonkey。]</p> -<h3 id="Themes" name="Themes">Themes</h3> -<p>Pretty much everything I've described applies to themes too, except you'll use the <code>installChrome</code> function. Because so many sites installed extensions by direct-linking the XPI file and relying on content handling to invoke the confirmation UI, many sites are (incorrectly) doing so for theme JAR files too and wondering why they aren't auto-detected and installed. Well, XPI is a Mozilla-specific extension and so we can have special handling for it, but JAR is not - not all .jar files are Firefox themes, so if you click on a .jar link you'll be shown the Save As decision dialog. For this reason you should always use the <code>InstallTrigger</code> API to install themes.</p> -<h3 id="A_Note_on_updateEnabled.28.29" name="A_Note_on_updateEnabled.28.29">A Note on updateEnabled()</h3> -<p><code>InstallTrigger</code> exposes a function called <code>updateEnabled</code> that some of you may be calling before you call <code>InstallTrigger.install</code>. This is not necessary as install calls <code>updateEnabled</code> itself internally. Furthermore, calling <code>updateEnabled</code> may lead to problems if your distribution site is not in the user's whitelist, because Firefox only displays the "Installation Blocked" message when install or <code>installChrome</code> are called, or when a XPI file is loaded. So, if you have code that looks like this:</p> -<pre class="eval">if (InstallTrigger.updateEnabled()) - InstallTrigger.install({"Foo": "foo.xpi"}); -</pre> -<p>... and your site is not in the whitelist, when the user invokes that code, <code>updateEnabled</code> will return <code>false</code> because your site isn't whitelisted, and since it was <code>updateEnabled</code> that discovered this, not a call to install, there will be no notification to the user.</p> -<p>Thus you should only use <code>updateEnabled</code> to display content in the page to alert the user that software installation is disabled, or your site is not in the whitelist—do not place it in the install code path.</p> -<p>(* by all means don't let this stop you from developing more ambitious install systems, I am providing this documentation only as a guide that I hope most extension distributors will use since it handles most cases well)</p> diff --git a/files/zh-cn/archive/add-ons/jetpack_processes/index.html b/files/zh-cn/archive/add-ons/jetpack_processes/index.html deleted file mode 100644 index f03acfe8f9..0000000000 --- a/files/zh-cn/archive/add-ons/jetpack_processes/index.html +++ /dev/null @@ -1,31 +0,0 @@ ---- -title: Jetpack Processes -slug: Archive/Add-ons/Jetpack_Processes -translation_of: Archive/Add-ons/Jetpack_Processes ---- -<p>Jetpack processes are created by components that implement the <code><a href="/zh-CN/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsIJetpackService" title="">nsIJetpackService</a></code> interface, and their parent chrome process communicates with them via the <code><a href="/zh-CN/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsIJetpack" title="">nsIJetpack</a></code> interface.</p> -<div class="note"><strong>Note:</strong> The Jetpack service, provided by <code><a href="/zh-CN/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsIJetpackService" title="">nsIJetpackService</a></code>, is not included by default in Firefox 4. Prior to Firefox 12, it could be included in custom builds by using <code>ENABLE_JETPACK_SERVICE</code> at compile time. However, the service has been removed entirely as of Firefox 12.</div> -<p>These processes are relatively lightweight, do not have access to XPCOM, and can innately do little other than compute. Messaging facilities that allow them to communicate with their parent chrome process are the only means by which they can be endowed with any real power.</p> -<div class="note"><strong>Note:</strong> The above statement is not currently true, as <a href="/en/Mozilla/js-ctypes" title="https://developer.mozilla.org/en/js-ctypes">js-ctypes</a> is now provided to Jetpack processes as of <a class="link-https" href="https://bugzilla.mozilla.org/show_bug.cgi?id=588563" title="https://bugzilla.mozilla.org/show_bug.cgi?id=588563">bug 588563</a>. A mechanism to optionally disable this feature has been proposed in <a class="link-https" href="https://bugzilla.mozilla.org/show_bug.cgi?id=614351" title="https://bugzilla.mozilla.org/show_bug.cgi?id=614351">bug 614351</a>.</div> -<h2 id="Privileged_APIs" name="Privileged_APIs">Privileged APIs</h2> -<p>When script is evaluated in a Jetpack process via a call to <code><a href="https://developer.mozilla.org/zh-CN/docs/XPCOM_Interface_Reference/nsIJetpack#evalScript()">nsIJetpack.evalScript()</a></code>, the script's global scope is endowed with the following privileged APIs:</p> -<dl> <dt><code>sendMessage(aMessageName [, v1 [, v2 [, ...]]])</code></dt> <dd>Similar to <code><a href="https://developer.mozilla.org/zh-CN/docs/XPCOM_Interface_Reference/nsIJetpack#sendMessage()">nsIJetpack.sendMessage()</a></code>, this function asynchronously sends a message to the chrome process.</dd> <dt><code>callMessage(aMessageName [, v1 [, v2 [, ...]]])</code></dt> <dd>This function is like <code>sendMessage()</code> but sends the message synchronously. It returns an <code>Array</code> whose elements are the return values of each receiver in the chrome process that was triggered by the message.</dd> <dt><code>registerReceiver(aMessageName, aReceiver)</code></dt> <dd>Similar to <code><a href="https://developer.mozilla.org/zh-CN/docs/XPCOM_Interface_Reference/nsIJetpack#registerReceiver()">nsIJetpack.registerReceiver()</a></code>, this function registers a callback that is triggered when the chrome process sends a message with the given name.</dd> <dt><code>unregisterReceiver(aMessageName, aReceiver)</code></dt> <dd>Similar to <code><a href="https://developer.mozilla.org/zh-CN/docs/XPCOM_Interface_Reference/nsIJetpack#unregisterReceiver()">nsIJetpack.unregisterReceiver()</a></code>, this function unregisters a callback previously registered with <code>registerReceiver()</code>.</dd> <dt><code>unregisterReceivers(aMessageName)</code></dt> <dd>Similar to <code><a href="https://developer.mozilla.org/zh-CN/docs/XPCOM_Interface_Reference/nsIJetpack#unregisterReceivers()">nsIJetpack.unregisterReceivers()</a></code>, this function unregisters all callbacks for the given message name.</dd> <dt><code>createHandle()</code></dt> <dd>Similar to <code><a href="https://developer.mozilla.org/zh-CN/docs/XPCOM_Interface_Reference/nsIJetpack#createHandle()">nsIJetpack.createHandle()</a></code>, this function creates a new <a href="#Handles">handle</a> and returns it.</dd> <dt><code>createSandbox()</code></dt> <dd>This creates a new JavaScript sandbox and returns its global scope. This global scope does <em>not</em> contain privileged APIs, or any non-standard JavaScript objects for that matter, though new globals can be endowed by simply attaching them to the global scope as properties.</dd> <dt><code>evalInSandbox(aSandbox, aScript)</code></dt> <dd>Evaluates the given script contents in the given sandbox's global scope. At minimum, JavaScript 1.8.1 is used. Individual lines of the form <code>//@line 1 "foo.js"</code> can be used to specify filename and line number information for debugging purposes.</dd> <dt><code>gc()</code></dt> <dd>Synchronously performs garbage collection.</dd> -</dl> -<h2 id="Handles" name="Handles">Handles</h2> -<p>Messages that communicate between the browser and jetpack process may contain only serializable (JSON) data and <em>handles</em>. A handle can be used to provide context for messages. Either the browser or the jetpack implementation may create one.</p> -<p>A handle keeps any arbitrary properties attached to it alive, but those properties are not transmitted across the process boundary. These arbitrary properties are the primary means through which context can be provided for messages; for instance, if the handle is meant to represent a network request, an <code>XMLHttpRequest</code> instance can be attached to the handle on the chrome process.</p> -<p>Because a handle's existence crosses process boundaries and cross-process garbage collection does not exist, the lifetime of a handle needs to be controlled manually by code. By default, a handle is rooted in the JavaScript interpreter's garbage collector, meaning that even if a process throws it away, it will not be garbage collected unless the other process explicitly does something to indicate that it is no longer needed. If that other process does not do something explicit and simply removes all references to it, the handle remains rooted yet unreachable in both processes and a memory leak is created.</p> -<p>To prevent such memory leaks, a process can either <em>invalidate</em> a handle, immediately preventing it from being passed as a message argument, or it can <em>unroot</em> the handle, allowing it to be passed as a message argument until all references to it are removed, at which point it is garbage collected.</p> -<p>Handles have the following native methods and properties:</p> -<dl> <dt><code>invalidate()</code></dt> <dd>Invalidates the handle. Either process may invalidate a handle when it is no longer useful.</dd> <dt><code>createHandle()</code></dt> <dd>Creates a child handle which becomes invalid when its parent does. This is useful for associating handles to the lifetime of a particular window, context menu, or other element, and helping ensure that they do not leak.</dd> <dt><code>parent</code></dt> <dd>The parent handle of the object, if any. Read-only.</dd> <dt><code>isValid</code></dt> <dd>Whether the handle is still valid or not. Read-only.</dd> <dt><code>isRooted</code></dt> <dd>Whether the handle is GC rooted or not. Read-write.</dd> <dt><code>onInvalidate</code></dt> <dd>A callback to call when the handle is garbage collected, either through an explicit call to <code>invalidate()</code> or being unrooted and then unreachable. The callback is only called from the process that the handle <em>was not</em> garbage collected in. Read-write.</dd> -</dl> -<h2 id="History" name="History">Special Messages</h2> -<dl> <dt>core:process-error(context)</dt> <dd>When the jetpack process crashes, this message is sent to the parent. If a crash report minidump is available, the <span style="font-family: Courier New;">context.dumpID</span> property will list the minidump ID of the crash report that was collected.</dd> <dt>core:exception(error)</dt> <dd>When an exception occurs in a Jetpack script and is not caught, this message is sent to the parent. The error object contains the following properties: <span style="font-family: Courier New;">fileName</span>, <span style="font-family: Courier New;">lineNumber</span>, and <span style="font-family: Courier New;">message</span>.</dd> -</dl> -<h2 id="History" name="History">History</h2> -<p>See <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=556846" title="FIXED: Investigate multi-process Jetpack">bug 556846</a> and <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=578821" title="FIXED: Rooting of jetpack handles is too simplistic">bug 578821</a> for details.</p> -<h2 id="Sample_Code" name="Sample_Code">Sample Code</h2> -<p>For example code, check out the <a href="https://dxr.mozilla.org/mozilla-central/source/js/jetpack/tests/unit/" rel="custom">unit tests</a>.</p> -<h2 id="See_also" name="See_also">See also</h2> -<ul> <li><code><a href="/zh-CN/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsIJetpackService" title="">nsIJetpackService</a></code></li> <li><code><a href="/zh-CN/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsIJetpack" title="">nsIJetpack</a></code></li> -</ul> diff --git a/files/zh-cn/archive/add-ons/multiple_item_packaging/index.html b/files/zh-cn/archive/add-ons/multiple_item_packaging/index.html deleted file mode 100644 index baf4f245ce..0000000000 --- a/files/zh-cn/archive/add-ons/multiple_item_packaging/index.html +++ /dev/null @@ -1,56 +0,0 @@ ---- -title: Multiple Item Package -slug: Archive/Add-ons/Multiple_Item_Packaging -tags: - - Extensions - - Toolkit API -translation_of: Archive/Add-ons/Multiple_Item_Packaging ---- -<p> A Multiple Item Package provides the ability to package multiple <a href="cn/Bundles">Installable Bundles</a> which can then be downloaded and installed by a user, or provided pre-packaged with an application or by an external program. Every Multiple Item Package must provide an <a href="cn/Install.rdf">install.rdf</a> file (not old-style install.js!) and has the same requirements as an <a href="cn/Extension_Packaging">Extension</a> except as noted below.</p> -<p>There is currently no facility to prevent or warn the user when installing a previous version of an extension.</p> -<p> </p> -<h3 id="Multiple_Item_Package_File_Layout" name="Multiple_Item_Package_File_Layout">Multiple Item Package File Layout</h3> -<p>The Multiple Item Package file layout is a simplified form of an <a href="cn/Bundles">Installable Bundle</a> and requires a file extension of <tt>xpi</tt>. A Multiple Item Package may contain both extensions (e.g. <tt>xpi</tt> file extension) and themes (e.g. <tt>jar</tt> file extension). The basic structure is shown below:</p> -<pre class="eval">/<a href="cn/Install.rdf">install.rdf</a><i>Install Manifest</i> -/extension1.xpi<i><a href="cn/Extension_Packaging">Extension</a></i> -/extension2.xpi<i><a href="cn/Extension_Packaging">Extension</a></i> -/theme1.jar<i><a href="cn/Theme_Packaging">Theme</a></i> -/theme2.jar<i><a href="cn/Theme_Packaging">Theme</a></i> -... -</pre> -<p>The Extension Manager will read the <tt>install.rdf</tt> Install Manifest to determine if this is a Multiple Item Package and then start the installation of the individual packages it contains automatically. No other files besides the <a href="cn/Install.rdf">install.rdf</a> Install Manifest and the files with a <tt>jar</tt> and <tt>xpi</tt> file extension will be extracted or utilized.</p> -<h3 id="install.rdf" name="install.rdf"><a href="cn/Install.rdf">install.rdf</a></h3> -<p>A Multiple Item Package does not have the same requirements as an <a href="cn/Extension_Packaging">Extension</a> for its <a href="cn/Install.rdf">install.rdf</a>. The only required items are <tt>em:id</tt>, <tt>em:targetApplication</tt>, and <tt>em:type</tt>.</p> -<p>For the Firefox and Thunderbird 1.5 Extension Manager to determine that this package is a Multiple Item Package the <tt>em:type</tt> specified in your <a href="cn/Install.rdf">install.rdf</a> must be <tt>32</tt> and specified as <tt><em:type NC:parseType="Integer">32</em:type></tt>. The XML namespace <tt><span class="nowiki">xmlns:NC="http://home.netscape.com/NC-rdf#"</span></tt> must also be declared in your <a href="cn/Install.rdf">install.rdf</a> as shown below.</p> -<pre>... -<RDF xmlns="http://www.w3.org/1999/02/22-rdf-syntax-ns#" - xmlns:NC="http://home.netscape.com/NC-rdf#" - xmlns:em="http://www.mozilla.org/2004/em-rdf#"> - - <Description about="urn:mozilla:install-manifest"> - <!-- nsIUpdateItem type for a Multiple Item Package --> - <em:type NC:parseType="Integer">32</em:type> -...</pre> -<p>For the Firefox and Thunderbird 2.0 Extension Manager you can use the previous syntax or <tt><em:type>32</em:type></tt> as shown below.</p> -<pre>... -<RDF xmlns="http://www.w3.org/1999/02/22-rdf-syntax-ns#" - xmlns:em="http://www.mozilla.org/2004/em-rdf#"> - - <Description about="urn:mozilla:install-manifest"> - <!-- nsIUpdateItem type for a Multiple Item Package --> - <em:type>32</em:type> -...</pre> -<p>When specifying <tt>em:targetApplication</tt> the <tt>minVersion</tt> specified should be the highest <tt>minVersion</tt> and the <tt>maxVersion</tt> specified should be the lowest <tt>maxVersion</tt> from all of the <a href="cn/Bundles">Installable Bundles</a> contained by the Multiple Item Package for the <tt>em:targetApplication</tt>. If this is not done then any items that are not compatible will not be installed unless a compatibility check discovers updated compatibility information that makes it compatible.</p> -<h3 id="Installation" name="Installation">Installation</h3> -<p>Installation can be performed using any of the existing methods used for installing extensions / themes and the same user interface is used for installing a Multiple Item Package (the individual packages contained in the Multiple Item Package will not be listed). This also allows displaying of signing information for the Multiple Item Package.</p> -<p>If a manager (e.g. Extension / Theme Manager) is displayed then after the download of the Multiple Item Package completes the manager will display the individual items contained by the Multiple Item Package in the same manner that it would if the user had chosen to install multiple items simultaneously. The manager will not display the Multiple Item Package in the list of items after the download of the Multiple Item Package has completed.</p> -<h3 id="Official_References_for_Toolkit_API" name="Official_References_for_Toolkit_API">Official References for <a href="cn/Toolkit_API">Toolkit API</a></h3> -<p></p><p><span class="comment">Official References. Do not add to this list without contacting Benjamin Smedberg. Note that this page is included from the pages listed below. So: Don't Add Breadcrumbs!</span> -</p> -<ul><li> <a href="en/Bundles">Structure of an Installable Bundle</a>: describes the common structure of installable bundles, including extensions, themes, and XULRunner applications -</li><li> <a href="en/Extension_Packaging">Extension Packaging</a>: specific information about how to package extensions -</li><li> <a href="en/Theme_Packaging">Theme Packaging</a>: specific information about how to package themes -</li><li> <a href="en/Multiple_Item_Packaging">Multiple-item Extension Packaging</a>: specific information about multiple-item extension XPIs -</li><li> <a href="en/XUL_Application_Packaging">XUL Application Packaging</a>: specific information about how to package XULRunner applications -</li><li> <a href="en/Chrome_Registration">Chrome Registration</a> -</li></ul><p></p> diff --git a/files/zh-cn/archive/add-ons/signing_an_xpi/index.html b/files/zh-cn/archive/add-ons/signing_an_xpi/index.html deleted file mode 100644 index e017c540b7..0000000000 --- a/files/zh-cn/archive/add-ons/signing_an_xpi/index.html +++ /dev/null @@ -1,378 +0,0 @@ ---- -title: Signing a XPI -slug: Archive/Add-ons/Signing_an_XPI -translation_of: Archive/Add-ons/Signing_an_XPI ---- -<div class="note"><em><strong>注意:这些说明已经过时了。扩展的签名工作是通过Mozilla而不是作者。请查看</strong></em> <em><strong><a href="https://developer.mozilla.org/en-US/Add-ons/Distribution"> 签名和发布你的 add-on</a> 。</strong></em></div> - -<div class="note">Note: These instructions are for how to test with a self-signed certificate. See <a href="/en/Signing_an_extension">Signing an extension</a> for a practical guide.</div> - -<h3 id="Introduction">Introduction</h3> - -<p>This article describes how to sign your own Firefox extensions with a code-signing certificate on a Windows platform. It was developed from the linux article <a class="link-https" href="https://www.mozdevgroup.com/docs/pete/Signing-an-XPI.html">So you want to sign your XPI package?</a> by <strong>MozDev Group's Pete Collins.</strong></p> - -<p>This article is a mirror of <a class="external" href="http://web.archive.org/web/20060529005859/forums.tjworld.net/viewtopic.php?p=210" title="http://web.archive.org/web/20060529005859/forums.tjworld.net/viewtopic.php?p=210">the original</a>, with minor reformatting, some new info and all links updated in March 2010.</p> - -<h3 id="Get_network_security_services">Get network security services</h3> - -<p>1. Download the latest <a class="external" href="http://www.mozilla.org/projects/security/pki/nss/index.html#Documentation">Network Security Services (NSS)</a> package from the Mozilla FTP site at <code><a class="link-ftp" href="ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/" rel="freelink">ftp://ftp.mozilla.org/pub/mozilla.or.../nss/releases/</a></code>. For Windows, you'll want the <code><strong>nss-3.11.4.zip</strong></code> package in the <code><strong>NSS_3_11_4_RTM/msvc6.0/WINNT5.0_OPT.OBJ/</strong></code> folder - it is by 2010 the only one with the right binaries.</p> - -<p>2. Extract the contents of the archive file to a local folder. In my case it's <code>C:\Apps\nss-3.11.4\</code></p> - -<h3 id="Get_Netscape_Portable_Runtime">Get Netscape Portable Runtime</h3> - -<p>1. Download the latest <a class="external" href="http://www.mozilla.org/projects/nspr" title="http://http://www.mozilla.org/projects/nspr">Netscape Portable Runtime</a> from the Mozilla FTP site: <code><a class="external" href="http://ftp.mozilla.org/pub/mozilla.org/nspr/releases/" rel="freelink">http://ftp.mozilla.org/pub/mozilla.org/nspr/releases/</a></code>. For Windows you'll want the <strong>nspr-4.6.zip</strong> package in the <code><strong>v4.6/WINNT5.0_OPT.OBJ/</strong></code> folder.</p> - -<p>2. Extract the contents of the archive file to a local folder. In my case it's <code>C:\Apps\nspr-4.6\</code></p> - -<h3 id="Add_path">Add path</h3> - -<p>Add the NSS tools <strong>bin/</strong> and <strong>lib/</strong>, and the NSPR <strong>lib/</strong> directories to the system path. You can either set this permanently via Control Panel->System Properties->Advanced->Environment Variables->System Variables or do it each time you run the tools from the command-line (preferably using a batch file). Windows contains its own version of some of these files (e.g. certutil.exe) in the system directory (<code>\Windows\system32\</code>) so ensure the new paths are <strong>first</strong> in the PATH search list.</p> - -<pre>C:\> set PATH=C:\Apps\nss-3.11.4\bin\;C:\Apps\nss-3.11.4\lib\;C:\Apps\nspr-4.6\lib\;%PATH% -</pre> - -<p>An easier way is to copy everything from your new directories C:\Apps\nss-3.11.4\ and C:\Apps\nspr-4.6\ including sub directories to the same directory - fx C:\Apps\CodeSigning\ - and then run every command from that.</p> - -<h3 id="Initialize_the_certificate_database">Initialize the certificate database</h3> - -<p>Decide which folder to create the certificate database in. Use this command to create it (<strong>note</strong> the trailing dot is required).</p> - -<pre>C:\Projects\CodeSigning\> certutil -N -d . -</pre> - -<p>The <strong>dot</strong> will cause the database to be created in the <strong>current directory.</strong></p> - -<p>You will be prompted for the <em>NSS Certificate database password</em> - <strong>don't forget it!</strong></p> - -<pre>C:\Projects\CodeSigning\> certutil -N -d . -Enter a password which will be used to encrypt your keys. -The password should be at least 8 characters long, -and should contain at least one non-alphabetic character. - -Enter new password: -Re-enter password: -</pre> - -<h3 id="Create_a_test_certificate">Create a test certificate</h3> - -<p>Create a test certificate, using the -p option to set a password for the new certificate</p> - -<pre>C:\Projects\CodeSigning\> signtool -G myTestCert -d . -p"password" -using certificate directory: . - -WARNING: Performing this operation while the browser is running could cause -corruption of your security databases. If the browser is currently running, -you should exit the browser before continuing this operation. Enter -"y" to continue, or anything else to abort: y - - -Enter certificate information. All fields are optional. Acceptable -characters are numbers, letters, spaces, and apostrophes. -certificate common name: XPI Test -organization: TJworld -organization unit: Software -state or province: Nottingham -country (must be exactly 2 characters): GB -username: tj -email address: certificates@lan.tjworld.net -generated public/private key pair -certificate request generated -certificate has been signed -certificate "myTestCert" added to database -Exported certificate to x509.raw and x509.cacert. -</pre> - -<p><strong>x509.cacert</strong> will be used to sign your XPI package. Check that it exists on the file system and in the certificate database:</p> - -<pre>C:\Projects\CodeSigning\> dir x509* - -14/12/2005 15:13 1,031 x509.cacert -14/12/2005 15:13 798 x509.raw - -C:\Projects\CodeSigning\> certutil -d . -L -myTestCert u,u,Cu -</pre> - -<h3 id="Prepare_XPI_file_for_signing">Prepare XPI file for signing</h3> - -<p>Create a new folder just for signing, copy your existing XPI into it, unzip<sup>*</sup> it (maintaining paths), delete the XPI and return to the certificate-database folder.</p> - -<p><sup>*</sup>Assumes you have a zip utility available on your system path. This example is using the <strong>CygWin bin/zip.exe</strong> tool. You can use a graphical Zip tool provided it manages the internal sub-directory structure properly. An alternative is to use WinRar.</p> - -<div class="note">The <strong>7-Zip tool doesn't work</strong> when creating Mozilla XPI signed archives because it sorts the directory entries alphabetically, and <strong><em>Mozilla requires the first entry to be META-INF/zigbert.rsa</em></strong>.</div> - -<pre>C:\Projects\CodeSigning\> md signed - -C:\Projects\CodeSigning\> copy C:\Projects\fsb\fsb.xpi signed - 1 file(s) copied. - -C:\Projects\CodeSigning\> cd signed - -C:\Projects\CodeSigning\signed> unzip fsb.xpi -Archive: fsb.xpi - creating: chrome/ - inflating: chrome.manifest - inflating: chrome/fsb.jar - inflating: install.rdf - -C:\Projects\CodeSigning\signed> del fsb.xpi - -C:\Projects\CodeSigning\signed> cd .. -</pre> - -<h3 id="Sign_XPI">Sign XPI</h3> - -<pre>C:\Projects\CodeSigning\> signtool -d . -k myTestCert -p "password" signed/ -using certificate directory: . -Generating signed//META-INF/manifest.mf file.. ---> chrome/fsb.jar ---> chrome.manifest ---> install.rdf -Generating zigbert.sf file.. -tree "signed/" signed successfully -</pre> - -<h3 id="Re-package_XPI">Re-package XPI</h3> - -<p>Change to the <strong>signed/</strong> folder, create a new zip with the <strong>META-INF/zigbert.rsa</strong> file listed first, then add the remaining files.</p> - -<pre>C:\Projects\Certs\> cd signed - -C:\Projects\CodeSigning\signed\> zip fsb.xpi META-INF/zigbert.rsa - adding: META-INF/zigbert.rsa (deflated 35%) - -C:\Projects\CodeSigning\signed> zip -r -D fsb.xpi * -x META-INF/zigbert.rsa - adding: META-INF/manifest.mf (deflated 37%) - adding: META-INF/zigbert.sf (deflated 40%) - adding: chrome/fsb.jar (deflated 74%) - adding: chrome.manifest (deflated 69%) - adding: install.rdf (deflated 62%) -</pre> - -<h3 id="Test_your_certificate">Test your certificate</h3> - -<p>To test your certificate, install it into your browser, and attempt to load the signed extension by following these steps:</p> - -<p>1. Temporarily install the Test Certificate Authority into your Mozilla browser</p> - -<p>Rename the <strong>x509.cacert</strong> file generated earlier to <strong>x509.cert</strong></p> - -<p>Import it into Mozilla Firefox as a Software Developer Certificate Authority.</p> - -<div class="note">Don't forget to delete the certificate from Mozilla Firefox once you've finished testing</div> - -<p>Firefox 1.5: From the Tools menu choose Options->Advanced->Security->View Certificates->Authorities</p> - -<p>Firefox 1.0: From the Tools menu choose Options->Advanced->Certificates->Manage Certificates->Authorities</p> - -<p>Press the <strong>Import</strong> button.</p> - -<p>Navigate to the folder containing <strong>x509.cert</strong> and choose it.</p> - -<p>In the <strong>Downloading Certificate</strong> dialog, tick <strong>Trust this CA to identify software developers.</strong> and press the <strong>View</strong> button if you wish to examine the certificate more closely.</p> - -<p>Press the <strong>OK</strong> button and you'll see your new certificate in the list of Authorities.</p> - -<p>2. Attempt to install the signed extension</p> - -<p>Either drag and drop or browse to and download the signed XPI. When the Mozilla Firefox <strong>Software Installation</strong> dialog appears the <strong>organisation name</strong> of the certificate will appear where Firefox usually displays <strong><em>unsigned</em></strong>.</p> - -<p><a class="external" href="http://forums.tjworld.net/files/topic-130-install-signed-xpi.png">image</a></p> - -<h3 id="Obtaining_a_valid_software_developer_code-signing_certificate">Obtaining a valid software developer code-signing certificate</h3> - -<p> </p> - -<div class="warning"><strong>Warning:</strong> Currently Firefox expects XPI files to be signed with certificates that conform to the older Object Signing convention, rather than the newer Code Signing convention. This means that Firefox will refuse to install code signed via an intermediate certificate authority such as <strong>Certum Level I</strong> unless the user installs that intermediate CA certificate into Firefox first. Installing the intermediate CA certificate causes Firefox to mark the intermediate Code Signing CA certificate as a valid Object Signing CA certificate, which makes it all work. <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=321156" title="Firefox does not honor some issuers' code signing certs for XPI signatures">bug 321156</a> has been filed to request a way to obviate the installation of intermediate Code Signing CA certs into Firefox.</div> - -<p>Now you know it all works, you need to add a real software developer's certificate to the NSS certificate database, and use that to sign the XPI. There are several issuers of software developer certificates, with the three key differentials: availability, cost and identity verification.</p> - -<p>Many issuers will not provide a software developer certificate to individuals (how ridiculous) so you may have to search hard to find one that will, and who also has a CA root Authority installed in Mozilla Firefox. Without the certificate-issuers CA root certificate Mozilla Firefox will not confirm the validity of your certificate to users who want to install your extension. Ideally you want a certificate that has a root CA installed in all major platforms (Microsoft Windows, Sun Java, Mozilla/Netscape Firefox/Navigator, Opera) so you only use one certificate for signing all your software, no matter which platform it is for.</p> - -<p>The cheapest universally supported (Mozilla, Java, Microsoft) certificate seems to be the Comodo Instant-SSL offering. You can get a <strong>free certificate for open-source developers</strong> from <a class="external" href="https://en.sklep.unizeto.pl/test_certificates" title="http://www.certum.eu/certum/cert,offer_software_publisher.xml">Unizeto Certum</a>, in 2010 it is a Certum Level III CA.</p> - -<p>Here are some current issuers:</p> - -<ul> - <li>Comodo Instant-SSL Code Signing</li> - <li>Digi-Sign Digi-Code</li> - <li>GeoTrust Code Signing</li> - <li>Thawte Code Signing (owned by Verisign)</li> - <li>Unizeto Certum Code-signing (<strong>free certificates for open-source authors</strong>)</li> - <li>Verisign Code Signing</li> -</ul> - -<p>You will need to apply for a <strong>Code Signing Certificate</strong> and satisfy the Issuer's identity verification procedures. They will then issue a signed certificate. When you receive the signed certificate it must be imported into the certificate database.</p> - -<div class="note">Your browser will generate a new private key and <strong>Code Signing Request (CSR)</strong> in the background without you necessarily realising it. The CSR will be uploaded to the Issuer. Later, you <strong>must</strong> use the same browser when installing the new certificate because the key and certificate pair must be together.</div> - -<p><strong>Hint</strong>: When applying for a certificate ensure that the <strong>Organisation (O)</strong> contains your name and not the Issuer's default text, because this is what is displayed to users.</p> - -<p>For this guide I applied for a free certificate from Unizeto Certum. After completing the application process where I entered my details into the online application, I received an automated email requesting documentary evidence of my ID in the form of a photo-ID or similar. I have hi-resolution scanned images of my passport and drivers license for these situations so I placed them on my web-server temporarily in a hidden location and emailed Unizeto Certum with the details and location of the files. Within a few hours I received a confirmation email from a human accepting the ID images and giving me a hyperlink to the certifcate download area.</p> - -<p><strong>Install the certificate into Mozilla Firefox</strong> (which goes with the private key created earlier), and copy/paste the displayed <strong>certificate text</strong> into a new file called <strong><code>C:\Projects\CodeSigning\Certum Code Signing.cer</code></strong>.</p> - -<h3 id="Installing_real_certificate">Installing real certificate</h3> - -<p>There are two steps required to install the new certificate in the Code Signing NSS certificate database.</p> - -<pre class="eval"> 1. Install the Issuer's Certificate Authority Root - 2. Install your key and certificate -</pre> - -<p>The root CA establishes the trust of your certificate. Many issuer's have multiple root CAs for different levels of trust. find out which one was used for your certificate and download it. You can view the details of your certificate in Mozilla Firefox and get this information from the <strong>Issued By Common Name</strong> (Unizeto Certum's free certificate CA is Certum Level III CA).</p> - -<p>Download the Root CA and any intermediate certificates used to sign your certificate from the Issuer; their web site will have a link somewhere to their root CAs and public certificates. (<a class="link-https" href="https://www.certum.eu/certum/cert,expertise_root_certificates.xml">Certum public key page</a>). I downloaded the <strong>Certum Root CA</strong> and <strong>Certum Level III CA Digital ID for web and SSL/TLS Servers</strong>, copied the text and saved them to the files <code><strong>C:\Projects\CodeSigning\Certum Root CA.cer</strong></code> and <code><strong>C:\Projects\CodeSigning\Certum Level III CA.cer</strong></code>.</p> - -<p>Open a command prompt (ensure the paths to the NSS tools are set as described above) in the CodeSigning folder, install the Issuer CA certificates, and check they have been added correctly.</p> - -<pre>C:\Projects\CodeSigning> certutil -A -n "Certum Root CA" -t "TC,TC,TC" -d . -i "Certum Root CA.cer" - -C:\Projects\CodeSigning> certutil -A -n "Certum Level III CA" -t "c,c,C" -d . -i "Certum Level III CA.cer" - -C:\Projects\CodeSigning> certutil -L -d . -myTestCert u,u,Cu -Certum Root CA CT,C,C -Certum Level III CA CT,C,C -</pre> - -<p>The name given to the newly issued certificate in the Mozilla Firefox keystore is not the easiest key alias in the world to remember, so I've added an additional step here that lets you rename it (its not just a simple rename operation, unfortunately).</p> - -<p>To find the name, in Mozilla Firefox navigate to the Certificate Manager (described in Step 11), choose <strong>Your Certificates</strong>, select the new certificate, press <strong>View</strong>, choose <strong>Details</strong> and look at the first entry in the <strong>Certificate Fields</strong> tree-view.</p> - -<p>My Unizeto Certum certificate is named "TJ's Unizeto Sp. z o.o. ID" but I want it to be called "Code Signing (Certum)".</p> - -<p>The trick is to install the certificate (without the key) first and give your chosen nickname at that point. When the key/certificate pair is imported from Mozilla Firefox afterwards, the private key will be added but the certificate name will remain the same.</p> - -<pre>C:\Projects\CodeSigning> certutil -A -n "Code Signing (Certum)" -t "u,u,u" -d . -i "Certum Code Signing.cer" - -C:\Projects\CodeSigning> certutil -L -d . -myTestCert u,u,Cu -Certum Root CA CT,C,C -Certum Level III CA CT,C,C -Code Signing (Certum) ,, - -C:\Projects\CodeSigning> signtool -l -d . -using certificate directory: . - -Object signing certificates ---------------------------------------- -myTestCert - Issued by: myTestCert (XPI Test) - Expires: Tue Mar 14, 2006 -Code Signing (Certum) - Issued by: Certum Level III CA (Certum Level III CA) - Expires: Tue Mar 14, 2006 ---------------------------------------- -For a list including CA's, use "signtool -L" -</pre> - -<p>Now you must export the new key/certificate pair from the Mozilla Firefox certificate database and into the NSS certificate database.</p> - -<p>The hardest part is locating Mozilla's key database. It consists of two files named <strong>key3.db</strong> and <strong>cert8.db</strong>. They usually live in the Mozilla Firefox <strong>user profile folder</strong>. I found mine in <code><strong>C:\Documents and Settings\TJ\Application Data\Mozilla\Firefox\Profiles\xxxxxxxx.default\</strong></code> where xxxxxxxx is a random string of characters.</p> - -<div class="warning"><strong>This procedure assumes you installed the new certificate into Mozilla Firefox</strong></div> - -<p>Here's the commands required to export it to a file, import it to the Code Signing database, and verify the signing attributes (u,u,u). Ensure you use the nickname of your certificate in place of mine, and the directory where your Mozilla Firefox key database files are:</p> - -<pre>C:\Projects\CodeSigning> pk12util -o "Certum Code Signing.pkcs12" -n "TJ's Unizeto Sp. z o.o. ID" -d "C:\Documents and Settings\TJ\Application Data\Mozilla\Firefox\Profiles\xxxxxxxx.default" -Enter password for PKCS12 file: -Re-enter password: -pk12util: PKCS12 EXPORT SUCCESSFUL - -C:\Projects\CodeSigning> pk12util -i "Certum Code Signing.pkcs12" -d . -Enter Password or Pin for "NSS Certificate DB": -Enter password for PKCS12 file: -pk12util: PKCS12 IMPORT SUCCESSFUL - -C:\Projects\CodeSigning> certutil -L -d . -myTestCert u,u,Cu -Certum Root CA CT,C,C -Certum Level III CA c,c,C -Code Signing (Certum) u,u,u -</pre> - -<p>You should notice that the existing certificate has been updated.</p> - -<h3 id="Sign_extension_with_real_certificate">Sign extension with real certificate</h3> - -<p>This is a repeat of the earlier steps using the real certificate's details. Here's the output on a test directory:</p> - -<pre>C:\Projects\CodeSigning>signtool -d . -k "Code Signing (Certum)" -p ******* test -using certificate directory: . -Generating test/META-INF/manifest.mf file.. ---> test.txt -Generating zigbert.sf file.. -tree "test" signed successfully</pre> - -<h3 id="Incorporating_signing_into_your_build_process">Incorporating signing into your build process</h3> - -<p>You may want to incorporate these steps into your existing build process. I have a <strong>build.bat</strong> file that automates the creation of the jar and xpi files. This example is using the CygWin bin/zip.exe tool.</p> - -<p><strong>build.bat</strong> is placed in the extension's root folder. E.g.</p> - -<p>/dev/fsb/<strong>build.bat</strong> /dev/fsb/install.rdf /dev/fsb/chrome.manifest /dev/fsb/chrome/ /dev/fsb/chrome/content/ /dev/fsb/chrome/locale/ /dev/fsb/chrome/skin/</p> - -<p>Here it is with the code-signing steps included:</p> - -<p> </p> - -<pre class="eval">@echo off -set x=%cd% - -echo Building %x%.xpi ... -echo Started at %DATE% %TIME% > %x%\build.log - -md build\chrome - -cd chrome - -zip -r -0 "%x%.jar" * >> %x%\build.log - -move "%x%.jar" ..\build\chrome >> %x%\build.log - -cd .. - -copy install.rdf build >> %x%\build.log - -copy chrome.manifest build >>%x%\build.log - -signtool.exe -d C:\Projects\CodeSigning -k "Code Signing (Certum)" -p "password" build/ >> %x%\build.log - -cd build - -zip "%x%.xpi" META-INF/zigbert.rsa >> %x%\build.log - -zip -r -D "%x%.xpi" * -x META-INF/zigbert.rsa >> %x%\build.log - -rem copy "%x%.xpi" ..\..\..\http\fsb.xpi >> %x%\build.log - -move "%x%.xpi" ..\ >> %x%\build.log - -cd .. - -rd build /s/q - -echo Done.</pre> - -<p>Make sure to replace <strong>password</strong> with your NSS Certificate database password.</p> - -<h3 id="Alternatives_to_NSSsigntool">Alternatives to NSS/signtool</h3> - -<p>There are several alternatives to using signtool that might suit your needs better, however please note that these alternatives are unofficial third party products.</p> - -<ul> - <li><a class="link-https" href="https://addons.mozilla.org/en-US/firefox/addon/key-manager/" title="https://addons.mozilla.org/en-US/firefox/addon/key-manager/">Key Manager XUL Extension</a></li> - <li><a class="link-https" href="https://adblockplus.org/blog/signing-firefox-extensions-with-python-and-m2crypto" title="https://adblockplus.org/blog/signing-firefox-extensions-with-python-and-m2crypto">Wladimir Palant's Python Script</a> (blog post)</li> - <li><a class="link-https" href="https://github.com/nmaier/xpisign.py/" title="https://github.com/nmaier/xpisign.py/">xpisign.py Python Script</a></li> - <li><a class="external" href="http://o-regan.org/xpisigner-secure-your-firefox-extensions/download-xpisigner/" title="http://o-regan.org/xpisigner-secure-your-firefox-extensions/download-xpisigner/">XPISigner Java Tool</a></li> -</ul> - -<h3 id="References">References</h3> - -<ul> - <li>The <a class="external" href="http://www.mozilla.org/projects/security/pki/nss/tools/">NSS Tools documentation</a></li> -</ul> - -<p></p> |