XUL extensions are constructed very simply. Documentation on how they are constructed is excellent.
At Mozdev.org we have been focused recently on helping users find projects more easily as well as preparing for the upcoming Firefox 3 release by creating tools for our projects to perform secure installs and updates more easily. In order to do this we needed information about the extensions hosted at Mozdev.org.
Getting information about an extension is fairly straightforward. I created several classes for opening XPI files and parsing the install manifest. I also created classes to interface with extensions, extension types, applications, and application versions. These all get used when someone adds a new download file to their project (backend sql and data).
The process for adding a new file goes like this:
- Our CVS download file update script will call MD_ProjectDownloadFile::add()
- This function determines if the file is an extension. If it is, it:
- Parses the install manifest to get guid, name, description, and supported application information
- adds the extension if its new
- associates the extension with the project
- saves supported applications and versions for that specific file (supported applications can change over time)
- The project owner can then login and publically release the file (this allows the project owner to have test releases as well as give the mirrors time to propagate the file) as well as verify the hash of the file (for secure installs and updates)
- A project owner also has the option of using Mozdev's update.rdf file to provide secure updates; these are generated/updated when the extension is updated with a new release.
Since Mozdev.org doesn't want to modify our user's files we provide project owners a link to their update.rdf file for each extension so they can include it in their install.rdf when packaging their extension. For new extensions we provide a tool that allows them to upload their install manifest to get the path for the install manifest (or a sample install manifest that has it included)
So while there's a lot of little pieces to providing extension browsing by application or secure installs/updates, the code can be easily broken up in order to make the process easier.