spock

A command-line tool to sign update manifests of Mozilla extensions

Download

tarball and git repo

What is this?

spock signs a Mozilla extension manifest (update.rdf) file and optionally sets a value for <version/>, <updateLink/>, and <updateHash/>.

It was hacked together as a non-interactive replacement to McCoy.

Prerequisites

  • libxml
  • libxslt
  • ruby, with bindings to libxml and libxslt
  • You should have created a key with McCoy. The key must not be protected with a password. If there is more than one key, the first one will be used.
  • spock, normalize_update_rdf.rb, nss_sign_data and rdf2nt.xsl must be in the same directory.

Additionally, on Debian Sid, I used these packages, plus their *-dev counterparts:

  • libnss3-1d
  • libnspr4-0d

These are needed on Fedora instead (thanks, Godmar!). Include files will be placed in /usr/include/nss3 and /usr/include/nspr4, requiring a Makefile change:

  • nss-devel
  • nss
  • nspr-devel
  • nspr

See Godmar's comment below for more instructions about Fedora.

Usage


Usage: spock [options] FILE
    -i, --extension-id ID            ID of the extension resource, including version if any
                                     Examples:
                                     urn:mozilla:extension:foo@bar.org:0.1
                                     urn:mozilla:extension:{eecba28f-b68b-4b3a-b501-6ce12e6b8696}
    -v, --version VERSION            Set  value in resulting update.rdf
    -u, --update-link URL            Set  value in resulting update.rdf
    -f, --file PACKAGE_FILENAME      Determine  value using PACKAGE_FILENAME
    -d, --nss-directory DIR          Directory containing key key3.db
                                     Example: ~/.mozilla/mccoy/rt7xxbxw.default/

    -h, --help                       This help text

Simple example:


$ ./spock update.rdf -i urn:mozilla:extension:{eecba28f-b68b-4b3a-b501-6ce12e6b8696} -d ~/.mozilla/mccoy/rt7xxbxw.default/ >update.rdf.signed

Advanced example:


$ ./spock update.rdf -i urn:mozilla:extension:{eecba28f-b68b-4b3a-b501-6ce12e6b8696} -d ~/.mozilla/mccoy/rt7xxbxw.default/ -v 0.1.0 -u http://my.site.com/extensions/ext.xpi -f ext.xpi  >update.rdf.signed

Limitations

  • update.rdf must be valid XML. Note that Mozilla reading the file correctly does not ensure that it will be valid for libxml. Common issues include about= and resource= attributes being unqualified (so if you have an xmlns:RDF= at the top, make sure you write RDF:about= and RDF:resource=). You might want to use include sample.update.rdf as a guide for your own.
  • Only the first key in McCoy database is used, and it must not be protected by a password.
  • Only one extension per update.rdf is supported.
  • The input update.rdf must not contain an <signature/> element already.
  • update.rdf must already contain <updateLink/> and <updateHash/> tags, even if empty. Spock won't add them.

Credits

For rtf2nt.xsl, see file.

normalize_update_rdf.rb is a direct translation (minus mistakes, mine) of Dave Townsend’s rdfserializer.js from McCoy. Much of nss_sign_data.c has been adapted from there too.

Content of the nss/ directory comes from libnss3.

A big thank-you to dafi (Davide Ficano) for helping with testing.

Important notice

This software is NOT endorsed by Mozilla.

This software is also NOT supported by the author. Use at your own risk.

On January 17th, 2008 Steve Hicks (not verified) said:

You rock. I was frustrated that McCoy would break my extension building process, but now all I have to do is make one small change to my makefile! Thank you!

On February 16th, 2008 Thomas Reitmayr (not verified) said:

Thanks for this great tool! It fits perfectly into my make environment.
One thing I had to tweak was the escaping in normalize_update_rdf.rb in order to be able to use an extended updateInfoURL, like
http://mysite/whatsnew.php?id=%ITEM_ID%&curversion=%ITEM_VERSION%&locale...

The patch is trivial, so I just post a short version of it here:

def escape_entities(s)
- s # XXX todo
+ s.gsub(/&/, '&') # XXX todo
end

-Thomas

On March 20th, 2008 Godmar (not verified) said:

Instructions how to get it work on FC8. The xslt binding for Ruby does not appear to be available as a rpm. (At least I wasn't able to find it, even after yum install '*ruby*')

You have to download http://gregoire.lejeune.free.fr/ruby-xslt_0.9.3.tar.gz
Follow instructions there (ruby extconf.rb; make; make doc; make install)
This will leave xslt.rb in /usr/lib/ruby/site_ruby/1.8/xml/xslt.rb

Apparently, Ruby needs libxslt.rb there, so do:
sudo mv /usr/lib/ruby/site_ruby/1.8/xml/xslt.rb /usr/lib/ruby/site_ruby/1.8/xml/libxslt.rb

Subsequently, spock runs.

On June 23rd, 2008 Anonymous (not verified) said:

I can't seem to get this to run under Cygwin. I get the following error:

./normalize_update_rdf.rb:22:in `require': no such file to load -- xml/libxslt (
LoadError)
from ./normalize_update_rdf.rb:22
from ./spock:52:in `require'
from ./spock:52

anyone have any ideas?

On June 24th, 2008 dave (not verified) said:

I keep getting the following error when I run on a Windows XP Cygwin environment:

./normalize_update_rdf.rb:22:in `require': no such file to load -- xml/libxslt (
LoadError)
from ./normalize_update_rdf.rb:22
from ./spock:52:in `require'
from ./spock:52

can anyone help?

On July 8th, 2008 Godmar (not verified) said:

Dave, this error looks as though your Ruby installation is missing the libxslt upon which Spock relies. You have to download and install it separately. See my post regarding libxslt.

On October 23rd, 2008 srini (not verified) said:

I have downloaded and compiled code. But it is not having the command line mentioned above. and generating message digest from the stdin.

I tried to send full update.rdf as input stream to the binary but the generated message digest doesnt match with that of McCoy.

Please correct me, how to use this tool. or provide link to updated source code or binaries.

On October 24th, 2008 bard said:

srini,

what do you mean by "it is not having the command line mentioned above"?

The code is up to date and I'm using to maintain my extensions.

On October 27th, 2008 srini (not verified) said:

Sorry, I thought I have built spock.exe but actually I have built nss_sign_data.exe which is generating message disgest for the stdin.

Now I have placed nss_sign_data.exe, rdf2nt.xsl, normalize_update_rdf.rb, spock, sample.update.rdf in the same folder.

--- spock.bat ---
c:\ruby\bin\ruby spock -h

c:\ruby\bin\ruby spock -i "urn:mozilla:extension:{E3D366DF-0FCF-4b1e-B93A-B6B80D1D7673}:1.0.0.1" -f "D:\XPCOM\TokenNP\Packaging\Install\TokenNP.xpi" -d "C:\nss-3.10\bin\certdir" "D:\XPCOM\TokenNP\Packaging\Install\update.rdf"
--- spock.bat ---

I have installed ruby from one click installer "ruby186-27_rc1.exe".
gem install libxml-ruby-0.8.3-x86-mswin32-60.gem
gem install libxslt-ruby-0.8.2-x86-mswin32-60.gem

I could not properly install libxml and libxslt gems.

any one have ruby with libxml and libxslt installed. Please send me the install ruby installed folders zipped to vsrinu26f@gmail.com
I am new to ruby. Please help.

On October 27th, 2008 srini (not verified) said:

Some one who have ruby with libxml and libxslt installed on windows. Please zip and send me to vsrinu26f@gmail.com

Thank you for the help.

I am very new to Ruby.

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

More information about formatting options

Captcha
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
Syndicate content