1

Extensions to Mozilla applications like Firefox or Thunderbird are distributed in XPI format, which is basically a ZIP archive. As such, the unzip utility can extract it. bsdtar is able to do so, as well.

But if the archive contains a META-INF directory, where signature files are usually stored, the file contents are not unpacked correctly. Only when unpacked with unzip, the extension correctly shows up as signed in Firefox.

If you want to recreate my test case, download and unpack with both tools any signed extension, for example Hide Tab Bar With One Tab. If you click this link in Firefox, it will propose to install the extension, so you may want to use curl or wget instead.

$ curl -LO 'https://addons.mozilla.org/firefox/downloads/latest/429664/addon-429664-latest.xpi'
$ mkdir bsdtar unzip
$ bsdtar -C bsdtar -xf addon-429664-latest.xpi
$ unzip -d unzip addon-429664-latest.xpi
$ diff -r bsdtar unzip
Files bsdtar/META-INF/manifest.mf and unzip/META-INF/manifest.mf differ
Files bsdtar/META-INF/mozilla.rsa and unzip/META-INF/mozilla.rsa differ
Files bsdtar/META-INF/mozilla.sf and unzip/META-INF/mozilla.sf differ

What does bsdtar do differently than unzip? Is this a bug?

XZS
  • 2,374
  • 2
  • 19
  • 38
  • I am unsure whether this question may perhaps be better suited for [the Unix StackExchange site](http://unix.stackexchange.com/), so feel free to migrate it. – XZS Dec 25 '15 at 23:11
  • http://stackoverflow.com/a/39856780/10558 talks about the requirements of the XPI file, maybe bsdtar trips up on that type – bmm6o Dec 06 '16 at 19:46

0 Answers0