an updateHash must be specified.? - Mozilla

This is a discussion on an updateHash must be specified.? - Mozilla ; When I try to update I get: RDFItemUpdater:_parseV20Update: Update for firebug@software.joehewitt.com at http://getfirebug.com/releases/fireb...-1.2.0a11X.xpi ignored because it is insecure. updateLink must be a https url or an updateHash must be specified. Does anyone know what an "updateHash" is? (Also much to ...

+ Reply to Thread
Results 1 to 7 of 7

Thread: an updateHash must be specified.?

  1. an updateHash must be specified.?

    When I try to update I get:

    RDFItemUpdater:_parseV20Update: Update for
    firebug@software.joehewitt.com at
    http://getfirebug.com/releases/fireb...-1.2.0a11X.xpi ignored
    because it is insecure. updateLink must be a https url or an updateHash
    must be specified.

    Does anyone know what an "updateHash" is?

    (Also much to my surprise, the public keys generated by McCoy can have
    long common sequences at the beginning and end. In addition to surprise
    its extremely annoying: you have to carefully compare characters in the
    middle of a very long string to see deltas).

  2. Re: an updateHash must be specified.?

    John J Barton wrote:
    > When I try to update I get:
    >
    > RDFItemUpdater:_parseV20Update: Update for
    > firebug@software.joehewitt.com at
    > http://getfirebug.com/releases/fireb...-1.2.0a11X.xpi ignored
    > because it is insecure. updateLink must be a https url or an updateHash
    > must be specified.
    >
    > Does anyone know what an "updateHash" is?
    >
    > (Also much to my surprise, the public keys generated by McCoy can have
    > long common sequences at the beginning and end. In addition to surprise
    > its extremely annoying: you have to carefully compare characters in the
    > middle of a very long string to see deltas).


    The updateHash, part of the update.rdf item, is a hash of the XPI.
    It ensures that the final xpi you download actually is the one the
    author indented (i.e. it was not corrupted/compromised).

    http://developer.mozilla.org/en/docs...#Update_Hashes

    Nils

  3. Re: an updateHash must be specified.?

    John J Barton wrote the following on 04/01/2008 07:16 PM:

    > When I try to update I get:
    >
    > RDFItemUpdater:_parseV20Update: Update for
    > firebug@software.joehewitt.com at
    > http://getfirebug.com/releases/fireb...-1.2.0a11X.xpi ignored
    > because it is insecure. updateLink must be a https url or an updateHash
    > must be specified.
    >
    > Does anyone know what an "updateHash" is?
    >
    > (Also much to my surprise, the public keys generated by McCoy can have
    > long common sequences at the beginning and end. In addition to surprise
    > its extremely annoying: you have to carefully compare characters in the
    > middle of a very long string to see deltas).


    After you read the info at the link Nils posted, HashCalc is a nice
    little freeware program that will calculate this for you. I'm using
    SHA-1 with no problems.

    http://www.slavasoft.com/hashcalc/index.htm

    --
    Regards, CatThief

    To reply privately, please PM me at MozillaZine...
    http://forums.mozillazine.org/profil...rofile&u=25774

  4. Re: an updateHash must be specified.?

    CatThief wrote the following on 04/01/2008 10:14 PM:

    > John J Barton wrote the following on 04/01/2008 07:16 PM:
    >
    >> When I try to update I get:
    >>
    >> RDFItemUpdater:_parseV20Update: Update for
    >> firebug@software.joehewitt.com at
    >> http://getfirebug.com/releases/fireb...-1.2.0a11X.xpi
    >> ignored because it is insecure. updateLink must be a https url or an
    >> updateHash must be specified.
    >>
    >> Does anyone know what an "updateHash" is?
    >>
    >> (Also much to my surprise, the public keys generated by McCoy can have
    >> long common sequences at the beginning and end. In addition to
    >> surprise its extremely annoying: you have to carefully compare
    >> characters in the middle of a very long string to see deltas).

    >
    > After you read the info at the link Nils posted, HashCalc is a nice
    > little freeware program that will calculate this for you. I'm using
    > SHA-1 with no problems.
    >
    > http://www.slavasoft.com/hashcalc/index.htm
    >


    Oops, forgot to mention that HashCalc is not for Linux.

    I once heard someone suggest ReHash for Linux, but I personally never
    tried it.

    http://sourceforge.net/projects/rehash/

    --
    Regards, CatThief

    To reply privately, please PM me at MozillaZine...
    http://forums.mozillazine.org/profil...rofile&u=25774

  5. Re: an updateHash must be specified.?

    Hi,
    I have recently added the signing of "update manifest" in my XPI signing
    tool which is part of KeyManager add-on :
    https://addons.mozilla.org/en-US/firefox/addon/4471.
    It can only be installed on Firefox3 beta. Earlier version for FF2 does
    not support this capability.

    This tool provides a XUL based GUI and uses cert a from browser's
    certificate DB for keys and signing.
    Any comments and feedback are welcome.
    Thanks.
    --
    Subrata Mazumdar


    But, the add-on works only on FF3 beta. The earlier version

    John J Barton wrote:
    > When I try to update I get:
    >
    > RDFItemUpdater:_parseV20Update: Update for
    > firebug@software.joehewitt.com at
    > http://getfirebug.com/releases/fireb...-1.2.0a11X.xpi
    > ignored because it is insecure. updateLink must be a https url or an
    > updateHash must be specified.
    >
    > Does anyone know what an "updateHash" is?
    >
    > (Also much to my surprise, the public keys generated by McCoy can have
    > long common sequences at the beginning and end. In addition to
    > surprise its extremely annoying: you have to carefully compare
    > characters in the middle of a very long string to see deltas).


  6. Re: an updateHash must be specified.?

    Subrata Mazumdar wrote:
    > Hi,
    > I have recently added the signing of "update manifest" in my XPI signing
    > tool which is part of KeyManager add-on :
    > https://addons.mozilla.org/en-US/firefox/addon/4471.
    > It can only be installed on Firefox3 beta. Earlier version for FF2 does
    > not support this capability.
    >
    > This tool provides a XUL based GUI and uses cert a from browser's
    > certificate DB for keys and signing.
    > Any comments and feedback are welcome.
    > Thanks.
    > --
    > Subrata Mazumdar
    >

    Sight-unseen I would ask about a command line version. I wouldn't be
    able to use a GUI only tool.

    Also I wonder if anyone has an update.rdf generating tool. It would take
    info from the install.rdf + XPI to create the update.rdf with all the
    funky RDF and key mumbo-jumbo so we didn't need to discuss it any more.

    John.

  7. Re: an updateHash must be specified.?

    > Sight-unseen I would ask about a command line version. I wouldn't be
    > able to use a GUI only tool.
    >
    > Also I wonder if anyone has an update.rdf generating tool. It would take
    > info from the install.rdf + XPI to create the update.rdf with all the
    > funky RDF and key mumbo-jumbo so we didn't need to discuss it any more.
    >
    > John.


    I've been working on such a tool lately. I'm not sure it is ready to be made
    public,
    but you can try it out. Note, it has undergone very limited testing and
    there isn't
    much documentation. Any feedback is welcome.

    http://www.softlights.net/projects/mexumgen/

    It's a Perl script and it does not use NSS or Mozilla key store. To do the
    cryptographic part of the job it uses OpenSSL, which must be available
    on the PATH. Other requirements are 'unzip' command line tool and a few
    Perl modules (see the source for the complete list).
    --
    Sergei.



+ Reply to Thread