Git Product home page Git Product logo

crx-maven-plugin's Introduction

CRX Maven Plugin

Build Status

The CRX Maven Plugin is a Maven plugin that collects all the resources of a Google Chrome Extensions and packages them into a signed CRX archive.

There are two ways to use the CRX Maven Plugin:

  • Use the crx packaging type when the primary artifact produced by the project is the CRX archive
  • The crx:crx goal when the CRX archive is not the primary artifact produced by the build.

Signature

The CRX archive must be signed using the RSA algorithm with the SHA-1 hash function. The public/private key used to sign the CRX archive must be supplied as a .pem file. And it is recommended that the .pem file be secured with a password.

The location of the .pem file and password can be specified in the following ways:

Globally properties in settings.xml (recommended)

Defining crxPEMFile and crxPEMPassword as global properties in the user’s settings.xml is recommended approach for specifying the location of the .pem file and the password that was used to secure it.

<settings>
  <profiles>
    <profile>
      <id>crx</id>
      <activation>
        <activeByDefault>true</activeByDefault>
      </activation>
      <properties>
        <crxPEMFile>${user.home}/crx.pem</crxPEMFile>
        <crxPEMPassword>SparkleAndFade</crxPEMPassword>
      </properties>
    </profile>
  </profiles>
</settings>

Furthermore, it is possible to avoid storing the password in plain text in the settings.xml file. See the Password Encryption guide on the Maven site.

Project properties pom.xml (not recommended)

It is possible to define crxPEMFile and crxPEMPassword as properties of the CRX Maven Plugin. But this approach is not recommended because it means specifying the password in plain text in the pom.xml and hard-coding the dependency on the .pem file.

<project>
  <build>
    <plugins>
      <plugin>
        <groupId>com.btmatthews.maven.plugins</groupId>
        <artifactId>crx-maven-plugin</artifactId>
        <version>1.0.0</version>
        <configuration>
          <crxPEMFile>${user.home}/crx.pem</crxPEMFile>
          <crxPEMPassword>SparkleAndFade</crxPEMPassword>
        </configuration>
      </plugin>
    </plugins>
  </build>
</project>

Command line properties

Another approach is to define the crxPEMFile and crxPEMPassword properties on the Maven command line. This approach can be used to override properties defined in settings.xml.

$ mvn -DcrxPEMFile=<path> [-DcrxPEMPassword=<password>] <goals>

where:
<path> is the location of the .pem file, e.g. ~/crx.pem
<password> is the password used to secure the .pem file, e.g. SparkleAndFade
<goals> are the Maven goals being executed, e.g. install

Using the crx packaging type

The table below describes the life-cycle of the CRX Maven Plugin when using the crx packaging type:

PhaseActions
package The sources in **./src/main/chrome** are assembled in memory into a [ZIP file format](http://en.wikipedia.org/wiki/Zip_(file_format)) that is then signed and output in the [Google Chrome Extension](http://code.google.com/chrome/extensions/crx.html) format with the extension .crx. This is the CRX archive.
install The CRX archive file is deployed to the user’s local [repository](http://maven.apache.org/guides/introduction/introduction-to-repositories.html).
deploy The CRX archive file is deployed to the remote release or snapshot [repository](http://maven.apache.org/guides/introduction/introduction-to-repositories.html).

The Hello World project described in the Getting Started tutorial on the Google Chrome Extensions site is used as the basis for the following example.

The resources for the Google Chrome Extension project should be placed in the src/main/chrome sub-directory as illustrated below:

HelloWorld
+- pom.xml
+- src
|  +- main
|     +- chrome
|        +- manifest.json
|        +- icon.png
|        +- popup.html
|        +- popup.js
+- target
   +- HelloWorld-1.0.0-SNAPSHOT.crx

The pom.xml should be as follows:

<project>
    <groupId>com.btmatthews.crx</groupId>
    <artifactId>HelloWorld</artifactId>
    <version>1.0.0-SNAPSHOT</version>
    <packaging>crx</packaging>
    <build>
        <plugins>
            <plugin>
                <groupId>com.btmatthews.maven.plugins</groupId>
                <artifactId>crx-maven-plugin</artifactId>
                <version>1.0.0</version>
                <extensions>true</extensions>
            </plugin>
        </plugins>
    </build>
</project>

The <extensions>true</extensions> element is required in the POM or one of its ancestors in order to activate the crx packaging type.

The following command line will produce the HelloWord-1.0.0-SNAPSHOT.crx artifact in the target sub-directory:

$ mvn -DcrxPEMFile=~/crx.pem -DcrxPEMPassword=SparkleAndFade package

Using the crx:crx goal

As with the previous example the resources for the Google Chrome Extension project should be placed in the src/main/chrome sub-directory as illustrated below:

HelloWorld
+- pom.xml
+- src
|  +- main
|     +- chrome
|     |  +- manifest.json
|     |  +- icon.png
|     |  +- popup.html
|     |  +- popup.js
|     +- java
|     |  +- ...
|     +- webapp
|        +- ...
+- target
   +- HelloWorld-1.0.0-SNAPSHOT.crx
   +- HelloWorld-1.0.0-SNAPSHOT.war

The pom.xml should be similar to the following:

<project>
    <groupId>com.btmatthews.crx</groupId>
    <artifactId>HelloWorld</artifactId>
    <version>1.0.0-SNAPSHOT</version>
    <packaging>crx</packaging>
    <build>
        <plugins>
            <plugin>
                <groupId>com.btmatthews.maven.plugins</groupId>
                <artifactId>crx-maven-plugin</artifactId>
                <version>1.0.0</version>
                <extensions>true</extensions>
            </plugin>
        </plugins>
    </build>
</project>

The following command line will produce the HelloWord-1.0.0-SNAPSHOT.crx artifact in the target sub-directory:

$ mvn -DcrxPEMFile=~/crx.pem -DcrxPEMPassword=SparkleAndFade crx:crx

Maven Central Coordinates

The CRX Maven Plugin has been published in Maven Central at the following coordinates:

<plugin>
    <groupId>com.btmatthews.maven.plugins</groupId>
    <artifactId>crx-maven-plugin</artifactId>
    <version>1.2.1</version>
</plugin

License & Source Code

The CRX Maven Plugin is made available under the Apache License and the source code is hosted on GitHub at https://github.com/bmatthews68/crx-maven-plugin.

crx-maven-plugin's People

Contributors

bmatthews68 avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar

Forkers

sankooc yoannguion spyhunter99 cromoose

crx-maven-plugin's Issues

Change Since Chrome 73, only CRX3 format is supported

CRX_HEADER_INVALID while dropping .crx into chrom://extensions tab

Failure to load since Chrome V73 is not considered an failure, but working as intended.

Seems that current format known as CRX2 used sha1,
CRX3 has hash upgrade to sha2 (haven't found detail on which sha2...)

Starting with Chrome 75, all force-installed extensions will need to be packaged in the CRX3 format. Privately hosted extensions that were packaged using a custom script or a version of Chrome prior to Chrome 64.0.3242.0 must be repackaged.If your organization is force-installing privately hosted extensions packaged in CRX2 format and you don’t repackage them, they’ll stop updating in Chrome 75. New installations of the extension will fail.Why is this change happening?

CRX2 uses SHA1 to secure updates to the extension. Breaking SHA1 is technically possible. So, an attacker might intercept the extension update and inject arbitrary code into it. CRX3 uses a stronger algorithm, avoiding this risk.

Feature request

  • Support CRX3
  • Support multiple formats (CRX2 might go, but CRX4 may come eventually...)
  • For our users using old chrome version we might need to support building a CRX2 and CRX3.
    Would be nice to be able to do so in the same build, so would be helpful to be able to specify executions for multiple outputs, but default build of latest version seems reasonable.

ClassCastException Using Chrome-Generated PEM 

Caused by: java.lang.ClassCastException: org.bouncycastle.jcajce.provider.asymmetric.rsa.BCRSAPrivateCrtKey cannot be cast to java.security.KeyPair
    at com.btmatthews.maven.plugins.crx.CRXArchiverImpl.getKeyPair(CRXArchiverImpl.java:161)
    at com.btmatthews.maven.plugins.crx.CRXArchiverImpl.execute(CRXArchiverImpl.java:129)
    at org.codehaus.plexus.archiver.AbstractArchiver.createArchive(AbstractArchiver.java:904)
    at com.btmatthews.maven.plugins.crx.CRXMojo.execute(CRXMojo.java:137)
    at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo(DefaultBuildPluginManager.java:101)
    ... 20 more

Empty extension using a .pem file generated by Chrome as per the steps here. This happens both when omitting the <pemPassword> tag and leaving it blank.

This happens on both v1.0.0 and v1.1.0.

realm =    plugin>com.btmatthews.maven.plugins:crx-maven-plugin:1.1.0
strategy = org.codehaus.plexus.classworlds.strategy.SelfFirstStrategy
urls[0] = file:/Users/jw/.m2/repository/com/btmatthews/maven/plugins/crx-maven-plugin/1.1.0/crx-maven-plugin-1.1.0.jar
urls[1] = file:/Users/jw/.m2/repository/org/bouncycastle/bcprov-jdk15on/1.47/bcprov-jdk15on-1.47.jar
urls[2] = file:/Users/jw/.m2/repository/org/bouncycastle/bcpkix-jdk15on/1.47/bcpkix-jdk15on-1.47.jar
urls[3] = file:/Users/jw/.m2/repository/org/apache/maven/plugin-tools/maven-plugin-annotations/3.1/maven-plugin-annotations-3.1.jar
urls[4] = file:/Users/jw/.m2/repository/org/sonatype/sisu/sisu-inject-bean/2.3.0/sisu-inject-bean-2.3.0.jar
urls[5] = file:/Users/jw/.m2/repository/org/sonatype/sisu/sisu-guice/3.1.0/sisu-guice-3.1.0-no_aop.jar
urls[6] = file:/Users/jw/.m2/repository/org/sonatype/sisu/sisu-guava/0.9.9/sisu-guava-0.9.9.jar
urls[7] = file:/Users/jw/.m2/repository/org/sonatype/aether/aether-util/1.13.1/aether-util-1.13.1.jar
urls[8] = file:/Users/jw/.m2/repository/org/codehaus/plexus/plexus-interpolation/1.14/plexus-interpolation-1.14.jar
urls[9] = file:/Users/jw/.m2/repository/org/codehaus/plexus/plexus-component-annotations/1.5.5/plexus-component-annotations-1.5.5.jar
urls[10] = file:/Users/jw/.m2/repository/org/sonatype/plexus/plexus-sec-dispatcher/1.3/plexus-sec-dispatcher-1.3.jar
urls[11] = file:/Users/jw/.m2/repository/org/sonatype/plexus/plexus-cipher/1.4/plexus-cipher-1.4.jar
urls[12] = file:/Users/jw/.m2/repository/org/codehaus/plexus/plexus-utils/3.0.3/plexus-utils-3.0.3.jar
urls[13] = file:/Users/jw/.m2/repository/org/codehaus/plexus/plexus-archiver/2.1.2/plexus-archiver-2.1.2.jar
urls[14] = file:/Users/jw/.m2/repository/junit/junit/3.8.1/junit-3.8.1.jar
urls[15] = file:/Users/jw/.m2/repository/org/codehaus/plexus/plexus-io/2.0.4/plexus-io-2.0.4.jar

no such algorithm: RSA for provider BC

I'm not sure why but I"m getting this when in a multi-module reactor.

It might be one of the other modules screwing things up but I''m not sure why this could happen.

If I run mvn package on the specific sub-module, it works just fine.

Chrome complains about signature

I'm having problem using the maven plugin.
The maven build completes, but the signature of the produced CRX file seems to be invalid.

Running mvn crx:crx-verify reports java.security.InvalidKeyException: RSA keys must be at least 512 bits long
And trying to load it into Chrome causes an error: CRX_SIGNATURE_VERIFICATION_INITIALIZATION_FAILED

The .pem file was created with Chrome and the CRX produced by Chrome works fine.

pom.xml:

<project>
   ...
   <packaging>crx</packaging>
   ...
   <build>
        <plugins>
            <plugin>
                <groupId>com.btmatthews.maven.plugins</groupId>
                <artifactId>crx-maven-plugin</artifactId>
                <version>1.1.1</version>
                <extensions>true</extensions>

                <configuration>
                    <pemFile>src/main/chrome.pem</pemFile>
                </configuration>
            </plugin>
        </plugins>
    </build>
</project>

I'd be happy to provide more information but I'm not sure what :)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.