I maintain a set of add-ons for bibliography management, for use by students in my university. They are hosted outside of AMO, and the update manifest is signed to enable automatic updates.
Until recently, I was using McCoy as the signing tool. This worked well, but the retyping of passwords became a serious burden. To script the updates, I changed to uhura. This worked well at first, but began failing with an upgrade of the dev machine OS (to Ubuntu 14.04). I now get signing failures erratically, and automatic updates no longer work.
What tool should I use for update manifest signing, and how should I go about setting it up?
I could use a simple, cookbook guidance document on scripted signing of add-ons, appropriate to current Firefox releases. The deeper I’ve waded into the documents on this, the more confused I’ve become.
(Once I get the immediate update-manifest breakage fixed, I will need to study up on the upcoming signing requirement for add-ons. But that will be a separate struggle - at the moment, I just needs to gets things working again.)