[addons.mozilla.org] Information about v2.6.2 #285

Closed
opened 2021-02-26 06:31:34 +00:00 by nobody · 16 comments

Maybe some of you have already noticed, version 2.6.2 has been released here, but you can't see it on addons.mozilla.org yet. This is caused by the fact that Mozilla has rejected the version. The reason is that I am supposed to give the original source of all 158 resources. Links to CDNs are not allowed 😒

Your add-on includes third-party libraries. Please provide the origin of the exact library version you were using and make sure you are using an exact copy of the original maintainers release version. For more information, refer to https://extensionworkshop.com/documentation/publish/third-party-library-usage/ .

Unfortunately this is difficult because e.g. Babel does not provide precompiled JavaScript files. In the case of Google Material Icons and Bootstrap, I have edited or renamed files to allow replacement or version upgrade without problems.

I'll wait and see what I get as a response and update this issue immediately...

Maybe some of you have already noticed, version 2.6.2 has been released [here](https://codeberg.org/nobody/LocalCDN/releases/tag/v2.6.2), but you can't see it on addons.mozilla.org yet. This is caused by the fact that Mozilla has rejected the version. The reason is that I am supposed to give the original source of all 158 resources. Links to CDNs are not allowed :unamused: > Your add-on includes third-party libraries. Please provide the origin of the exact library version you were using and make sure you are using an exact copy of the original maintainers release version. For more information, refer to https://extensionworkshop.com/documentation/publish/third-party-library-usage/ . Unfortunately this is difficult because e.g. [Babel](https://codeberg.org/nobody/LocalCDN/src/branch/main/resources/babel-polyfill/7.12.1) does not provide precompiled JavaScript files. In the case of [Google Material Icons](https://codeberg.org/nobody/LocalCDN/src/branch/main/resources/google-material-design-icons/google-material-design-icons.css#L6) and [Bootstrap](https://codeberg.org/nobody/LocalCDN/src/branch/main/resources/twitter-bootstrap/4.6.0), I have edited or renamed files to allow replacement or version upgrade without problems. I'll wait and see what I get as a response and update this issue immediately...
nobody changed title from Information about v2.6.2 in addons.mozilla.org to [addons.mozilla.org] Information about v2.6.2 2021-02-26 06:36:16 +00:00

You had us hope for a "recommended" badge there :) But we are behind you.

You had us hope for a "recommended" badge there :) But we are behind you.
nobody added this to the v2.6.3 milestone 2021-02-28 17:23:58 +00:00
Poster
Owner

Unfortunately I still have no feedback from Mozilla. The last answer from the reviewer was on 2021-02-26 😒

Screenshot AMO Developer Hub

Unfortunately I still have no feedback from Mozilla. The last answer from the reviewer was on 2021-02-26 😒 ![Screenshot AMO Developer Hub](https://codeberg.org/attachments/93fd1c8b-3dad-4e73-8550-15447260a90d)
Collaborator

can we as users vote for it somehow :D ?

can we as users vote for it somehow :D ?
Poster
Owner

That would be nice, but I don't think so.

At worst, Mozilla will disable the extension because it violates the policy. 😞

That would be nice, but I don't think so. At worst, Mozilla will disable the extension because it violates the policy. :disappointed:
Collaborator

why is Decentraleyes allowed to do the same ?!?

why is Decentraleyes allowed to do the same ?!?
Poster
Owner

I don't know. Looks like something changed in the validation process in Feb 2021 (see screenshot). The last update of Decentraleyes was in November last year. Maybe Thomas (developer of Decentraleyes) has already been contacted by Mozilla and is also affected.

The test/beta versions are also affected. 😒

I don't know. Looks like something changed in the validation process in Feb 2021 (see screenshot). The last update of Decentraleyes was in November last year. Maybe Thomas (developer of Decentraleyes) has already been contacted by Mozilla and is also affected. The test/beta versions are also affected. 😒

This is sad. LocalCDN is one of my must-haves.

This is sad. LocalCDN is one of my must-haves.
Poster
Owner

Good news. I have received a reply from Mozilla:

Please create a script that would download the files from the servers and compare them to the files inside the XPI. Please remember that established libraries must be included in their original format without any modification (changing the file name does not matter)

Good news. I have received a reply from Mozilla: > Please create a script that would download the files from the servers and compare them to the files inside the XPI. Please remember that established libraries must be included in their original format without any modification (changing the file name does not matter)
nobody referenced this issue from a commit 2021-03-09 05:04:28 +00:00

That's really great to hear.

That's really great to hear.
Collaborator

@nobody sorry but I tryed your ./audit.sh and had to do chmod +x audit.sh first (should be set & commited ... but this is only a nit)

then I only got No connection: ../resources ... for USE_TOR=false

@nobody sorry but I tryed your `./audit.sh` and had to do `chmod +x audit.sh` first (should be set & commited ... but this is only a nit) then I only got `No connection: ../resources ...` for USE_TOR=false
Poster
Owner

Thanks for testing 👍

I've implemented a few checks, because maybe something is missing on this OS.

Which OS are you using?

Thanks for testing :+1: I've implemented a few checks, because maybe something is missing on this OS. Which OS are you using?
Collaborator

I use latest artix (linux 5.11.4 x64)

with your patches if i start it with: USE_TOR=false ./audit.sh I get this:

...
REMOTE HASH: -
STATUS:      NO CONNECTION https://cdnjs.cloudflare.com/ajax/libs/Swiper/4.5.1/js/swiper.min.js
=============================================================================================================================================
SCANNED:     9/1071
PATH:        ../resources/Swiper/5.4.5/css/swiper.min.css
1615568271 ERROR torsocks[14691]: [socks5] Resolve destination buffer too small (in socks5_recv_resolve_reply() at socks5.c:701)
LOCAL HASH:  -
REMOTE HASH: -
STATUS:      NO CONNECTION https://cdnjs.cloudflare.com/ajax/libs/Swiper/5.4.5/css/swiper.min.css
=====================================================
...
I use latest artix (linux 5.11.4 x64) with your patches if i start it with: `USE_TOR=false ./audit.sh` I get this: ```sh ... REMOTE HASH: - STATUS: NO CONNECTION https://cdnjs.cloudflare.com/ajax/libs/Swiper/4.5.1/js/swiper.min.js ============================================================================================================================================= SCANNED: 9/1071 PATH: ../resources/Swiper/5.4.5/css/swiper.min.css 1615568271 ERROR torsocks[14691]: [socks5] Resolve destination buffer too small (in socks5_recv_resolve_reply() at socks5.c:701) LOCAL HASH: - REMOTE HASH: - STATUS: NO CONNECTION https://cdnjs.cloudflare.com/ajax/libs/Swiper/5.4.5/css/swiper.min.css ===================================================== ... ```
Poster
Owner

You have to manually edit that option inside the script and then run the script.

...
# ============================================================================= 
# SETTINGS:
#
# Use local Tor Proxy
USE_TOR=false   #fast (~ 5 minutes)
# USE_TOR=true    #slow (~ 15 minutes)
#
...

I'll add this in the README.md 👍

You have to manually edit that option [**inside** the script](https://codeberg.org/nobody/LocalCDN/src/branch/develop/audit/audit.sh#L26) and then run the script. ```sh ... # ============================================================================= # SETTINGS: # # Use local Tor Proxy USE_TOR=false #fast (~ 5 minutes) # USE_TOR=true #slow (~ 15 minutes) # ... ``` I'll add this in the README.md 👍
Collaborator

I should have looked more into the script ... but I just asumed it handle things as normal linux scripts do ...

I should have looked more into the script ... but I just asumed it handle things as normal linux scripts do ...
Poster
Owner

Which variant you use doesn't make a big difference. The only problem with your variant is that the variable is set to true inside the script.

Normally we start bash scripts with bash script or bash script.sh, if we follow the conventions of Google. After the script name there are arguments, e.g. bash script -h or bash script.sh -h. In this case I've added the .sh extension so Windows users will immediately know what it is when WSL is configured.

The variant VARIABLE=true script.sh I've seen very rarely.


I've added a small help, which can be called with bash audit.sh -h.

Which variant you use doesn't make a big difference. The only problem with your variant is that the variable is set to true inside the script. Normally we start bash scripts with `bash script` or `bash script.sh`, if we follow the [conventions of Google](https://google.github.io/styleguide/shellguide.html#s1.1-which-shell-to-use). After the script name there are arguments, e.g. `bash script -h` or `bash script.sh -h`. In this case I've added the `.sh` extension so Windows users will immediately know what it is when WSL is configured. The variant `VARIABLE=true script.sh` I've seen very rarely. --- I've added a small help, which can be called with `bash audit.sh -h`.
Poster
Owner

What a bummer!
Now Mozilla's validator doesn't work. It works without the resources.

https://github.com/mozilla/addons/issues/1302

The version v2.6.3 cannot be published/signed at the moment.

This was probably only a temporary problem 🥳 🥳 🥳

I think we can close here now because version v2.6.2 was not released and now v2.6.3 is waiting for release.

Char errors

~~What a bummer!~~ ~~Now Mozilla's validator doesn't work. It works without the resources.~~ ~~https://github.com/mozilla/addons/issues/1302~~ ~~The version v2.6.3 cannot be published/signed at the moment.~~ This was probably only a temporary problem 🥳 🥳 🥳 I think we can close here now because version v2.6.2 was not released and now v2.6.3 is waiting for release. [<img src="https://codeberg.org/attachments/818ac654-9bd3-4467-99e7-95572433db34" alt="Char errors" width="400"/>](https://codeberg.org/attachments/818ac654-9bd3-4467-99e7-95572433db34)
Sign in to join this conversation.
No Milestone
No Assignees
3 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: nobody/LocalCDN#285
There is no content yet.