With Firefox releasing version 3.0.1 yesterday, I spent a chunk of last night trying to update the noodle extension. I decided it would probably be a good idea to enable automatic updates so keen users would be able to take advantage of the latest features immediately (or some such marketing gubbins).

Basic extension building itself is unnecessarily complicated in my opinion. For a start, XUL is an extremely clever and powerful tool but has abysmal documentation. I've now done two sizeable projects using it and I still don't have a clue how it works. Once you've got that bit sorted, however, you then need to package up your extension in a very particular way taking care not to forget updating all of the required versioning bits.

If you want to enable automatic updating, you now need to digitally sign it. Not a bad idea, really. It just makes the whole process even more complicated.

My process roughly goes as follows:


  • Update Extension

  • Update install.rdf with the new version number

  • On the terminal, run './build.sh' (automatic shell script to package, zip, remove hidden files, copy, paste, resequence, etc)

  • Upload noodle.xpi to this server

  • On the terminal, run 'md5 noodle.xpi' (to calculate one of the application hashes)

  • copy key to noodle extension post for in-browser installation

  • update update.rdf with the new version number

  • run 'openssl sha1 noodle.xpi' to generate another application hash)

  • update update.rdf with new update hash

  • resign update.rdf with McCoy (embeds another application hash)

  • upload update.rdf to server

  • cross fingers

This process is somewhat more complicated the first time you do it as you also have to use McCoy to digitally sign the install.rdf before you build your extension. McCoy itself is also password-protected.

In total, you have 1 password to run McCoy, 1 extension signature, 1 md5 hash to allow in-browser installation, 1 sha1 hash to allow add-ons menu automatic updating and 1 signed update.rdf. I'm sure I've missed one.