So far moji is fully untested on Firefox 3 (at least on my end). I don't
know what they require for the xpi to install. The message sounds like
it complains about the update url in the install.rdf which points to
moji.mozdev.org. However, without knowing the exact wording of the error
message it is a little difficult to find out about the meaning of the error.
Gerald
Have you tried just fetching the upgrade files and executing
this directly. This might get you past the secure updates
but it may not play on firefox 3.
Use wget to download these then load each into the browser
using the "open file" file option.
http://downloads.mozdev.org/moji/moji-0.9.1.xpi
http://mirror.csclub.uwaterloo.ca/mozdev/moji/mojien-0.5.20071013.xpi
http://ftp.osuosl.org/pub/mozdev/moji/mojiken-0.4.20071013.xpi
Steve S.
The quick way is to download the moji.xpi and extract/edit the
install.rdf file to remove the <updateURL> line, put this file
back into the XPI and then drag and drop this modified version
on to a browser window.
Another method is to open the about:config window and create
a boolean pref:
extensions.checkUpdateSecurity = false
The third method is for Gerald to sign both the install.rdf
in the XPI and the update.rdf file on the website with the
McCoy application.
See: <http://developer.mozilla.org/en/docs/McCoy>
You will also heed to create a cryptographic hash for each
XPI defined in the update.rdf. I use the md5hashcheck
extension: <http://www2.md5hashcheck.com/>.
The procedure is error prone and it took me a bazillion
attempts before I managed to get it right. :(
Phil
That of course would remove the update notifications. You'll have to
check manually on the website.
> The third method is for Gerald to sign both the install.rdf
> in the XPI and the update.rdf file on the website with the
> McCoy application.
That is very bad. I now have everything set up for automated xpi
creations and updates if moji and dictionaries. A single "make install"
will do everything including versioning etc. It seems a huge step back
if we now have to sign each individual install.rdf with mccoy. I have
looked at the source code of mccoy. It should be possible to use openssl
for the basic cryptographic functions with RSA keys, DER and base-64
conversions. The difficulty at the moment is in the way the RDF is
signed: mccoy reads the whole thing into a datasource and serializes it
using the RDFSerializer class. The latter is the dead end at the moment.
I don't see a easy way how to get a command line tool for the
signing... :-(
> See: <http://developer.mozilla.org/en/docs/McCoy>
>
> You will also heed to create a cryptographic hash for each
> XPI defined in the update.rdf. I use the md5hashcheck
> extension: <http://www2.md5hashcheck.com/>.
>
> The procedure is error prone and it took me a bazillion
> attempts before I managed to get it right. :(
Well, so far it seems to me as this is an extremely time consuming
process. We currently have 14 dictionaries and one moji xpi. Manually
signing all XPIs and manually creating the update.rdf hashes looks to me
like a couple of hours of work...
Firefox 3 could become a major nuisance in this regard...
Gerald
No. It was not imprecise. I just got a little bit sidetracked. The
update security of course does not work (see my last message). However,
in addition, maxVersion of moji and all dictionaries is 2.0.0.* at the
moment. The compatibility checks fail for that reason. Thus you have to
turn those off, too.
I don't know whether you can reset the checkCompatibility property after
the update. I would not leave it disabled for a longer time. Otherwise
you may end up with some updated add-ons which may not be backward
compatible with the browser version which you are still running...
Anyway, I'll see when I get to test moji on FF 3.0. It would also be
great if you could give me as much feedback as possible on how it is
working for you (people tend to post when something does not work but
not as long as everything is working correctly, the latter would be so
helpful though to know...). Just e-mail me, German or English.
Thx, Gerald