Signing extensions is failing

kmq · August 17, 2021, 10:01am

Mozilla is forcing me to have my extensions signed by them, so, teeth clenched I did the dance:

$ web-ext lint -s src 
$ web-ext build -s src
$ web-ext --api-key <removed> --api-secret <removed> sign -s src

This validated my addon, gave me a URL to the validation results which were all green checkmarks, and then hung at:

"Signing add-on"

for several minutes. I don’t have that kind of time, so I cancelled the process and tried again. Result:
$ web-ext --api-key --api-secret sign -s src
“Server response: Version already exists. Latest version is: 1.0.0. (status: 409)”

(So ? I am asking you to sign it, not re-upload it? The just sign the version you already have?)
I logged into my account and deleted version 1.0.0 of this extension. and tried again with:

$ web-ext --api-key <removed> --api-secret <removed> sign -s src
Building web extension from /home/kmq/projects/youtube-mpd-ext/src

Error: Received bad response from the server while requesting https://addons.mozilla.org/api/v4/addons/youtube-mpd%40projects.omfa.de/versions/1.0.0/

status: 500
response: {"detail":"Internal Server Error"}

How can I get my extension signed? I

111129 · August 17, 2021, 10:25am

لطفا انجام دادن امضای برانامه را به من یاد بدهید. با تشکر🤳

freaktechnik · August 17, 2021, 11:12am

Deleting a version doesn’t make the version number usable again.

You will most likely have to submit an updated version number (so 1.0.0.0 or 1.0.1 etc.). Then you will have to be patient. Signing is not instantaneous and as some other threads show, can currently take quite a while due to spam/malicious extension detection mechanisms, where a human has to step in. So to “how” I would mostly reply with “patience”.

kmq · August 17, 2021, 11:30am

Thank you for your help.

So my version number is now dependent on an intransparent and buggy process.
It could just tell me “It looks like you are trying to re-sign an extension. Please read bla at how this process works” instead of “Internal Server Error”

That is entirely insane. I understand the motivation behind not having a version be signed twice - but why is this process designed in a way that it can fail this way because I cancelled the process before it was finished.

These are computers. They should do what I instruct them to, not make me have to work more.

These stupid walled systems are so frustrating. I’ve successfully avoided them so far… thank you mozilla.

kmq · August 17, 2021, 11:51am

Patience is not key here. I tried again with a higher version number and now I received:

Error: Signing took too long to complete; last status:

Then I try again and received a “500 internal server once more”

Dear Mozilla, if you are reading this: please make the basics function. Signing software is useless if it makes th software not work at all

I don’t want to distribute through amo, I just want to use my extension.

freaktechnik · August 17, 2021, 12:02pm

You will still get an email once signing actually completes. You can then download the file from the addons.mozilla.org portal.

caitlin · August 17, 2021, 2:30pm

Hi @kmq, sorry to hear you’re having problems. What’s the name (or preferably the ID) of your add-on? Happy to look into it.

kmq · August 17, 2021, 3:04pm

Thanks @caitlin,

The id is youtube-mpd@projects.omfa.de

caitlin · August 17, 2021, 4:36pm

Thanks @kmq. This is going to require some more investigation on our end. Can you please file an issue and include your .xpi so we can try to reproduce the issue?

kmq · August 17, 2021, 5:03pm

github.com/mozilla/addons

Unable to sign extension

opened 05:01PM - 17 Aug 21 UTC

closed 11:03AM - 22 Aug 21 UTC

kmq

### Describe the problem and steps to reproduce it: I want to sign an extensi…on. I want the extension to be unlisted. To this end I am using the "web-ext" tool in version 6.2.0 ( the lasted to be available on archlinux) ### What happened? The signing process took too long. So I manually cancelled it. Ths resulted in me being unable to sign my extension. Updating the version number led to the signing process timing out, without my intervention. When I try to sign my extension, I receive an error 500 from some mozilla server. ### What did you expect to happen? I expected my extension to be signed. ### Anything else we should know? I have attached an edited version of my terminal session that shows the problem: [mozilla_report.txt](https://github.com/mozilla/addons/files/7001729/mozilla_report.txt) I have attachd the extension that i wish to be signed: [youtube-mpd-1.0.0.zip](https://github.com/mozilla/addons/files/7001734/youtube-mpd-1.0.0.zip) [youtube-mpd-1.0.1.zip](https://github.com/mozilla/addons/files/7001795/youtube-mpd-1.0.1.zip) I tried to get support at the mozilla forum, and was directed to file an issue here. https://discourse.mozilla.org/t/signing-extensions-is-failing/84637/7 And I am sorry but since you asked: you should know that this golden cage approach to software distribution is atrocious, you are making yourself the arbiter of which code may run on *my* machine. You should let me sign my own software with my own certificates.

Now I just wait ?
To run my own code on my own machine ?
Because of some bug at the central bureaucracy ?

The future is stupid.

caitlin · August 17, 2021, 6:45pm

Yes, it will take time to debug.

In the meantime, you can load your unsigned file as a temporary add-on or set the xpinstall.signatures.required pref to false on a Nightly or Beta build.