Re: [Tails-dev] Testing the ISO Verification Extension

Delete this message

Reply to this message
Autore: Giorgio Maone
Data:  
To: tails-dev
Oggetto: Re: [Tails-dev] Testing the ISO Verification Extension
On 19/11/2015 17:46, Spencer wrote:
>
>> sajolida:
>> You can see it live on https://tails.boum.org/install/download.
>>
>
> Is there a way to verify the extension?



As soon as it's on AMO, it's gonna be signed by Mozilla.
Also, in a near future, installing extensions which have not been signed
by Mozilla will automatically fail.
Finally, if we want hash-based verification right now, rather than
providing a raw link we can use Firefox's proprietary
window.InstallTrigger method like this:

<script>
InstallTrigger.install(
  "Download and Verify Extension 0.2.6": {
       URL: "dave.xpi",
       Hash:
"sha256:c750017b572ebc6417324196f216a13216e5f65de6abd8b1a5a1ce07618ccfdc"
   }
);
</script>


--
Giorgio Maone
https://maone.net