5

I am creating a website that have a link to download my chrome CRX app to install it on chrome, the problem is whenever I try to download it it's give me an error that says: " Package is invalid: 'CRX_REQUESTED_PROOF_MISSING' ". How can I fix this problem?

NOTE: my app is working when I install it using developer tools.

My manifest.json:

    {"name":"MY_APP_NAME",
"version":"0.0.1",
"manifest_version":2,
"minimum_chrome_version":"37.0.0.0",
"permissions":["webview","power","storage","videoCapture","geolocation","pointerLock","system.display",{"fileSystem":["write","retainEntries","directory"]},"accessibilityFeatures.read","accessibilityFeatures.modify"],"app":{"background":{"scripts":["js/foam.js","js/cab.js","config.js","background_main.js"]}},
"default_locale":"en",
"icons":{"128":"img/128.png"}}
AdelSbeh20192
  • 61
  • 1
  • 3

1 Answers1

3

I'm also currently having this issue and trying to find workarounds for it. Unfortunately it seems that due to Chrome's security policy, plugins needs to go through their webstore in order to have the multiple levels of "proof" before chrome will accept it as a legit extension. So far it seems the only way to get it to work is to load it as an unpacked extension, go through the webstore, or force install it via group policy.

Links and refs:

https://developer.chrome.com/apps/external_extensions

https://support.google.com/chrome/a/answer/6306504?hl=en

https://github.com/oncletom/crx/issues/109

According to documentation, Chrome does not allow installing CRX from outside of their store, unless in developer mode or through enterprise policy: https://developer.chrome.com/extensions/hosting_changes, or on Linux (it's mentioned at the beginning of linux_hosting i linked in my previous comment). So that may be a reason, because in their source, that "proof missing" error is returned only if either public key is missing, or "required key" is missing: https://github.com/chromium/chromium/blob/c48c9b176af94f7ec65e20f21594524526d2a830/components/crx_file/crx_verifier.cc#L178 "required key" seems to be their predefined key: https://github.com/chromium/chromium/blob/c48c9b176af94f7ec65e20f21594524526d2a830/components/crx_file/crx_verifier.cc#L134 and https://github.com/chromium/chromium/blob/c48c9b176af94f7ec65e20f21594524526d2a830/components/crx_file/crx_verifier.cc#L42 I'm guessing that's the public part of Chrome Web Store key? There's no easy or even "practical" way to create signature that will match their key. So, either it's the missing Chrome Web Signature key, or something is wrong with how we create signature using developer's key.

How can I distribute my extension if I cannot upload it to the Chrome Web Store for policy reasons?

These changes are effective only on Windows stable and beta channel. Users who want to get extensions that are not hosted on the Chrome Web Store can do so on Chrome dev/canary channels in Windows or on all Chrome channels in other operating systems.

What are the supported deployment options for extensions after this change?

Apart from users installing extensions from the Chrome Web Store, the following deployment options will be supported:

For OSX and Linux, extensions can be installed via a preferences JSON file. For Windows, extensions can be installed via the Windows registry. In the Windows registry, ensure that the update_url registry key points to the following URL: https://clients2.google.com/service/update2/crx. Local .crx installs via the path registry key are deprecated. Note that this deployment option works only for Chrome Web Store hosted extensions, and update_url cannot point to any other host other than https://clients2.google.com/service/update2/crx. For Enterprises, we’ll continue to support group policy to install extensions, irrespective of where the extensions are hosted. Note that the user's machine has to join a domain for GPO policy pushes to be effective.

KriyenKP
  • 121
  • 1
  • 7