-
Notifications
You must be signed in to change notification settings - Fork 0
/
buildcrx.sh
executable file
·66 lines (56 loc) · 1.59 KB
/
buildcrx.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
#!/bin/bash
if test $# -ne 1; then
echo "Usage: buildcrx.sh <pem path>"
exit 1
fi
FILE_KEY="$1"
BASENAME="productionclock"
VERSION="$(jq -r .version < manifest.json)"
FILE_CRX="$BASENAME-v$VERSION.crx"
FILE_PUB="$BASENAME.pub"
FILE_SIG="$BASENAME.sig"
FILE_ZIP="$BASENAME.zip"
FILE_TOSIGN="$BASENAME.presig"
FILE_CRX_ID="$BASENAME.crxid"
trap 'rm -f "$FILE_PUB" "$FILE_SIG" "$FILE_ZIP" "$FILE_TOSIGN" "$FILE_CRX_ID"' EXIT
set -ex
# Zip up extension data
zip -qr -9 -X "$FILE_ZIP" \
lib \
styles \
clock.png \
manifest.json \
*.js \
*.html
# Extract CRX ID
openssl rsa -in "$FILE_KEY" -pubout -outform der | openssl dgst -sha256 -binary -out "$FILE_CRX_ID"
truncate -s 16 "$FILE_CRX_ID"
# Generate file to sign
(
printf "CRX3 SignedData"
echo "00 12 00 00 00 0A 10" | xxd -r -p
cat "$FILE_CRX_ID" "$FILE_ZIP"
) > "$FILE_TOSIGN"
# Generate signature
openssl dgst -sha256 -binary -sign "$FILE_KEY" < "$FILE_TOSIGN" > "$FILE_SIG"
# Extract public key
openssl rsa -pubout -outform DER < "$FILE_KEY" > "$FILE_PUB" 2>/dev/null
CRMAGIC_HEX="43 72 32 34" # Cr24
VERSION_HEX="03 00 00 00" # 3
HEADER_LENGTH="45 02 00 00"
HEADER_CHUNK_1="12 AC 04 0A A6 02"
HEADER_CHUNK_2="12 80 02"
HEADER_CHUNK_3="82 F1 04 12 0A 10"
# Or for a future 4096-bit key:
# HEADER_LENGTH="45 04 00 00"
# HEADER_CHUNK_1="12 AC 08 0A A6 04"
# HEADER_CHUNK_2="12 80 04"
(
echo "$CRMAGIC_HEX $VERSION_HEX $HEADER_LENGTH $HEADER_CHUNK_1" | xxd -r -p
cat "$FILE_PUB"
echo "$HEADER_CHUNK_2" | xxd -r -p
cat "$FILE_SIG"
echo "$HEADER_CHUNK_3" | xxd -r -p
cat "$FILE_CRX_ID" "$FILE_ZIP"
) > "$FILE_CRX"
echo "Wrote $FILE_CRX"