Making ANY changes to an existing addon makes it read as corrupt

MagicJinn · May 24, 2021, 11:12am

I recently found an extension that monitors the price of Dogecoin and displays it in a badge on the extension. After discovering that it only worked for dollars (I am European) I contacted the developer to ask for a Euro version. He sent me a (.zip) file, but after trying to add it, it read as corrupt. I did some experimenting. I took the original .xpi file and extracted it, and tried simply changing a value to a different value. It immediately read as corrupt again. Changing an image? Also corrupt.

Why do any changes made to this addon immediately make it read as corrupt? Even changes as simple as a value change from 60000 to 60001?

alfredb · May 24, 2021, 10:40am

I think, this is by design, AFAIK. Usually an xpi file is signed. By an modification, this state get lost, so firefox refuses to install it.

MagicJinn · May 24, 2021, 10:46am

Is there any way to work around this? I do not intend to publish this version of the extension because I did not create it, and I checked every file for malicious code, so I don’t see any reason why I would not want to install it.

Also as a side note, unpacking the original extension and then re-zipping it into either a zip or xpi doesn’t give me this error. Only when anything in the extension is changed (even as much as a single black pixel on an image) it blocks it.

freaktechnik · May 24, 2021, 11:06am

You can sign an extension for self-distribution on AMO: https://extensionworkshop.com/documentation/publish/#get-your-extension-signed

alfredb · May 24, 2021, 11:31am

@freaktechnik But in this case, the OP is not the owner or author of the add-on. Will there be any problem, signing someone elses add-on, even for self-distribution?

freaktechnik · May 24, 2021, 11:35am

If modifying it in the first place is not a problem, so shouldn’t signing be.

caitlin · May 24, 2021, 3:07pm

+1 to what @freaktechnik said. Go ahead and sign it as a self-distributed add-on to permanently install it for yourself.

jscher2000 · May 25, 2021, 4:32am

According to its listing on AMO, the extension is distributed under the Mozilla Public License (MPL) which allows modification and, if desired, redistribution of the modified version. For non-lawyers, this site has a convenient summary:

https://tldrlegal.com/license/mozilla-public-license-2.0-(mpl-2)