Firefox does not generate these hashes at all. It is the Add-on SDK which does. The Firefox extension manager does not care about harness-options.json
at all. The SDK loader in turn, does care about harness-options.json
a bit, but doesn't do anything with jsSHA256
or docsSHA256
at the moment. Other tools, such as the validator that runs when you upload something to addons.mozilla.org, do care about jsSHA256
at least.
It should be noted that add-ons not using the SDK do not (normally) contain a harness-options.json
file at all.
There will be one jsSHA256
per module lib/
, e.g. one for main.js
and so on.
docsSHA256
for main.js
will be generated from README.md
when the SDK builds the XPI. Apparantly, README.md
is not packed into the XPI. For all other modules it appears docsSHA256
appears to be null.
The code in question lives in manifest.py
.
In the end you shouldn't mess with the XPI (other than repacking an unpacked extension) and/or extensions.sqlite
at all. Especially the latter isn't meant to be modified externally.
Just drop the your XPIs files in the corresponding extensions/
folder of the profile and the Add-on manager will automatically pick them up the next time you start the browser.