Self-hosted addon unsigned

Add-ons Add-on Support
#1

We are attempting to self-host updates to our previously AMO-hosted addon.

We’ve uploaded a new version to the developer hub for self-hosting. It shows as approved, but when we attempt to install the addon, it is disabled due to being unverified.

Our addon is here: https://addons.mozilla.org/en-US/developers/addon/classlink-oneclick-extension/versions/2173606

#2

please offer the file on a public server. I cannot see your addon and cannot troubleshoot.

#3

https://s3.amazonaws.com/files.classlink.com/CLBrowserExtn/Firefox/classlink_oneclick_extension-4.18.xpi

#4

Thank you for any help you can provide, Andrei. Let me know if you need anything else.

#5

Sorry for the late reply.

I hope you don’t mind, I signed it and uploaded it. I guess if you uploaded here where it is public I could also upload my signed version. I will take it down after you downloaded it yourself for inspection :slight_smile:

First of all your addon is not signed. You can see this if you unzip my version and look at the contents. Mine has META-INF folder with 3 files. That is the signature. Yours does not have it.

Mine has something different in manifest.json. I removed strict_min_version. That thing is the minimum Firefox version and I guess it should be the minimum depending on what APIs you are using. I think it’s best to leave it out :smiley: Remove it from your aws update.json also. I also added a new GUUID since I do not own your addon and you can only sign your own addons. AMO sees new GUUID and it thinks it is different :slight_smile:

To recap, what you need to do:

  1. remove strict_min_version from manifest.json and from update.json
  2. Upload your addon to this URL. You need you AMO accont. No account, no signing.
  3. After your addon gets uploaded and there are no errors, select at the bottom “all platforms” so it will appear in AMO regardless of the user OS (I’m guessing there is nothing OS specific inside)
  4. Press sign, wait a little and the download your addon. Obviously your version that you uploaded is not signed, the downloaded one is singed.
  5. Publish it on some web site that “Content-Type” header to “application/x-xpinstall” if you wish your users to install it with one click. Github does this by default for XPI files in the release section

Hope it works out for you!
Cheers,
Andrei

XPI file appears to be corrupt, sideloading from a website download
#6

Excellent, thank you so much!

1 Like
#7

Glad to help :slight_smile:

What is the reason you choose to go with an Unlited addon rather than one Listed in AMO? I trust addons in AMO more than unlisted ones for obvious reasons :smiley:

I also have a unlisted adon of my own but that doesn’t mean I don’t trust the AMO reviews :stuck_out_tongue:

#8

It wasn’t by choice, but I understand the reasoning.

An update to our addon was rejected because it “Requires payment to use core add-on features (upfront or after trial)”. This is true, as the extension is a supplemental component to a subscription based product offered to K-12 schools in the US.

There are similar addons on AMO that have the same restriction (e.g. webPass, Netiq Basic SSO). Those addons have not been updated in some time, so I imagine that they would be similarly denied if they tried to update.

1 Like