Please note, this is a STATIC archive of website developer.mozilla.org from 03 Nov 2016, cach3.com does not collect or store any user information, there is no "phishing" involved.

签名和分发你的扩展

这篇翻译不完整。请帮忙从英语翻译这篇文章

在构建了你的扩展之后,你肯定会想将它分发给你的朋友试试。无论您是公开还是私下分发您的附加组件,通过 addons.mozilla.org (AMO) 或者别的方式,你都应该对你的附加组件进行签名。

签名你的附加组件

从 Firefox 43 开始,附加组件的分发开始有一些限制了。支持 Firefox 的扩展和多成分安装包需要经由 Mozilla 签名才能在 Firefox 的正式版和公开测试版上安装。注意,这只针对类型为 2 和 32 的附加组件;其他类型的附加组件(例如主题和语言包)不需签名。只支持其他应用程序的附加组件(例如支持 Thunderbird 或 SeaMonkey)目前也无需签名。未签名的附加组件仍然可以在 Firefox 的 开发者版本、Nightly(每夜版)和 ESR 版本中安装,只需切换一个首选项。

只有 Mozilla 可以签名您的附加组件,这样才能使默认的 Firefox 可以安装它。附加组件将在 提交到 AMO 并且通过自动或者手动代码审查后被签名。请注意,您在 AMO 上列出和分发您的附加组件是可选操作。如果您打算自行分发您的附加组件,您可以选择“不上架”的选项,那么 AMO 就只会为您提供签名后的包。

提交到 AMO

通过这个提交表单上传新的附加组件到 AMO。第一个步骤是阅读和接受我们的开发者协议

Next, you'll need to decide if you want to distribute and list your add-on through AMO or not. Here are some things you should consider to make this decision:

  • AMO is a very popular distribution platform, with millions of monthly visitors and installations. It is integrated into the Firefox Add-ons Manager, allowing easy installation of published AMO add-ons directly from the Firefox UI.
  • All add-ons listed on AMO are code-reviewed and tested by a team of employees and volunteers. They need to meet various technical and content policies in order to be accepted. Because of this, review times can range between a few hours to a number of weeks, depending on add-on complexity and other factors.
  • Unlisted add-ons are for the most part automatically reviewed and signed. If an add-on doesn't pass automatic review, you have the option to move it to a review queue where it should be reviewed within a couple of days. If an unlisted add-on requires side-loading (bundling with an application installer rather than the usual web install), then it needs to be code-reviewed, which may take up to a couple of weeks to be completed.
  • When you make updates to your add-on to add features or fix bugs, you'll want any previously installed versions of the add-on to update themselves to the new version.
    • If you list your add-on on AMO, then all you have to do here is submit the new version to AMO: add-ons default to checking AMO for new versions of themselves.
    • If you do not list your add-on on AMO, you need to tell the host application (e.g. Firefox) where it can find new versions of your add-on. To do this, include a URL in the add-on's manifest called the updateURL: the host application will go here to get information about updates. At the updateURL you host a file in the update RDF format: among other things, this file includes another URL called updateLink which points to the updated XPI itself. If you're using the Add-on SDK, see Supporting updates for self-hosted add-ons.

You should make this decision carefully, as it isn't easy to switch between Listed and Unlisted at present. Due to some platform limitations, in order to make the switch you'll need to delete your add-on entry and then contact the AMO Admins list in order to enable your add-on ID so you can submit it again. You should also know that if you switch from Listed to Unlisted, your current users won't be automatically migrated to the unlisted versions of your add-on. Switching from Unlisted to Listed is easier because Firefox will check for updates on AMO if an add-on doesn't have an updateURL in its install manifest.

不上架(公开)的附加组件

在接受开发者协议后,您将被询问是否想要在 AMO 上公开上架(列出)您的附加组件。您可以选择不上架。

You'll then be asked if you want your add-on to be side-loaded or not. Side-loading is when your add-on XPI isn't installed directly by users but instead it is bundled in an application installer. An example of this would be an antivirus software package that includes a companion security extension. If your add-on XPI will be installed directly from the web or downloaded and installed manually by your users, then you don't need this option.

Internally, AMO labels unlisted add-on submissions that require side-loading as Full Review submissions, and all the rest as Preliminary Review submissions. You may find these labels when looking at your add-on review status. Note that there's no difference between full and preliminary review for unlisted add-ons, other than the ability to side-load the add-on.

Choose the platforms your add-on supports and upload your XPI. The file will be scanned by an automatic code validator which will show a number or warnings or errors depending on what it detects. If no errors are found and you didn't choose the side-loading option, your add-on listing will be created and your file will be immediately signed. You'll receive an email with instructions on how to download the signed file. If your add-on doesn't pass validation or you chose the side-loading option, you'll have the choice of submitting your add-on for manual code review. Once the add-on is reviewed by a member of our team, you'll receive an email explaining if it passed and was signed, or if it didn't, including the reasons why.

Note that failing automatic validation doesn't mean your add-on is unsafe or unfit for signing. Many of the tests the validator does are broad and can lead to false positives, which is why there's a manual code review fallback. However, you should carefully read the validator output and see if there are any alternative APIs or coding patterns you can use to avoid errors and warnings. This doesn't mean that you should obfuscate your code to bypass validation. That practice can lead to your add-on being rejected and potentially blocklisted.

All new versions of your add-ons will also need to signed. Once your first version has been submitted, you can upload new versions in the developer page for your add-on. The process is the same, starting with automatic validation and potentially a manual code review.

上架的附加组件

After accepting the Developer Agreement, you'll be asked if you want to list your add-on on AMO. Listing it should be the default option.

Choose the platforms your add-on supports and upload your XPI. The file will be scanned by an automatic code validator which will show a number of warnings or errors depending on what it detects. Errors only show up for listed add-ons if there's something wrong in the package that needs to be fixed before it can be accepted. Warnings can vary in importance and severity; you should read through all of them carefully and see if there's anything you can fix in your add-on in order to avoid them showing up. This doesn't mean that you should obfuscate your code to bypass validation warnings. That practice can lead to your add-on being rejected and potentially blocklisted.

Once you finish your listed add-on submission, it will be placed in a review queue, where one member of our review team will eventually give it a look. This can take between a couple of hours to a number of weeks, depending on add-on complexity and other factors. It also takes longer for the first submission, since all of the code needs to be reviewed. Updates are reviewed based on a diff, so they are quicker. Once your add-on passes review, the file is signed and published on AMO.

Listed add-ons can be submitted for Preliminary Review or Full Review.  Preliminary Review consists of security and content checks, focused on the add-on's code. Full Review is a higher standard, and reviews include feature testing and performance checks. Add-ons with Full Review have more prominence on the site and can be nominated to be featured. Add-ons that are nominated for Full Review and don't meet that standard may receive Preliminary Review approval instead.

测试版本(Beta)

测试通道仅适用于通过完全审核的附加组件。

To create a beta channel, upload a file with a unique version string that contains any of the following strings: a,b,alpha,beta,pre,rc, with an optional number at the end. This text must come at the end of the version string. If you understand regex format, here's what we look for in the version number: "(a|alpha|b|beta|pre|rc)\d*$".

Once a file meeting this criteria is uploaded to AMO, it will automatically be detected as a beta version. Users of add-ons with these unique version numbers will automatically be served the newest beta updates.

Beta versions are treated like unlisted add-on versions, in that they will be accepted and signed immediately only if they pass automatic validation. If they don't, there will be an option available to submit it for manual review.

While we call these "Beta versions", you can use this channel for nightlies, or alphas, or prerelease versions as you wish. Please note that there is only one channel for this purpose and all of your users on this channel will receive the latest add-ons submitted. For instance, if you upload 1.0beta1 to the release channel and then upload 1.1alpha1, all users of 1.0beta1 will be offered an upgrade to 1.1alpha1. Updates are pushed by submission date and not version number, so users will always get the most recent channel update regardless of any kind of alphabetical sorting.

所有权

可以为多个用户赋予更新和管理附加组件的权限。附加组件的现有作者可以通过我们提供的开发者工具转移所有权和和添加其他开发者到附加组件的管理清单。转移所有权不需要与 Mozilla 代表进行确认。

代码纠纷

许多附加组件允许其源代码被公开查看。这并不意味着源代码是开源的,或者可在另一个附加组件中使用。一个附加组件的原作者默认保留其工作成果的版权,除非在其许可协议中另有说明。

在我们收到违反版权或者许可协议的事件通知时,我们将按照 DMCA 采取措施,其中可能包括从列表中下架一个附加组件。有关此流程的详细信息,以及如何报告商标或许可协议相关问题,参见这里

如果你不确定一个附加组件目前的版权状况,你必须联系原作者并在得到明确许可之后才能使用相应的源代码。

文档标签和贡献者

 此页面的贡献者: yfdyh000
 最后编辑者: yfdyh000,