Package Details: firefox-extension-https-everywhere 5.2.1-1

Git Clone URL: (read-only)
Package Base: firefox-extension-https-everywhere
Description: Plugin for firefox which ensures you are using https whenever it's possible.
Upstream URL:
Licenses: GPL2
Submitter: hcartiaux
Maintainer: hcartiaux (Eschwartz)
Last Packager: Eschwartz
Votes: 42
Popularity: 0.341235
First Submitted: 2011-11-08 21:24
Last Updated: 2016-07-21 02:15

Latest Comments

Eschwartz commented on 2016-07-21 02:25

Pushed an update to 5.2.1

Also, a bit of templated code which should detect when an extension does not have signing data sufficient for Firefox to approve of, and add a warning and install script.
Which should help maintainers easily determine if their extensions have issues, and conditionally give the warning to end-users, not that I anticipate the need. Mozilla has been good about reviewing HTTPS Everywhere these days.

Since I did try to make this as generic a template as possible...

Eschwartz commented on 2016-02-19 18:27


Not sure why it was updated to 5.1.3 a month early, but updated now.
Removed the post-install warning, and hopefully this is a good omen for the future.

polyzen commented on 2016-02-19 17:51

The verified version is now up on AMO.

Eschwartz commented on 2015-12-23 18:28

Updated, with the latest still-unreviewed version, and a post-install warning.

hcartiaux commented on 2015-12-18 22:23

@Eschwartz: thanks for the help, done!

I will not use a custom firefox, I don't want to recompile it :)
For the moment, I've set xpinstall.signatures.required to false in about:config.

If we can't find a solution before the release of firefox 44, I will stop managing my extension via pacman...

Eschwartz commented on 2015-12-18 19:11

I'd be happy to co-maintain it, help keep an eye on the latest release and check when it passes AMO review...

But I'm thinking people with extensions, particularly the troublesome ones, may wish in the long term to use an AUR-built Firefox with this patch:

hcartiaux commented on 2015-12-18 17:19

> You should remove the unzip makedep and the prepare function

It's needed to recover the emid, bsdtar does not unzip correctly the xpi

@Eschwartz: I'm blocked at this point, there's a new release, 5.1.2, but it's not on AMO. If somebody wants to help, I can add co-maintainers...

Eschwartz commented on 2015-12-16 02:39

This didn't fix the signing issue, it seems the real problem is that the signing mechanism must perform some virtual `chmod 600 META-INF/*` (explains the problems I had with unzipping *other* extensions, you need to explicitly `chmod -R ugo+rX`) plus of course the signing mechanism.
Extensions don't work if the signatures are only readable by root. :rolleyes:

Yes, I am still kicking myself for not seeing that months ago. Sigh. I will just tell myself it is all Mozilla's fault for making things complicated, right? :lol:

I see NO solution short of disabling verification or praying to Mozilla that they will one day get around to reviewing it properly.
Here is the bugreport I opened to beseech the Arch devs to disable extension verification in the repo firefox:

And https-everywhere breaks when installed as a *.xpi, it doesn't appear to pick up any rulesets. (See, the developers must have known what they were talking about after all...)
I have also now found an extension which does not require unpacking, and actually breaks when unpacked, so my extensions quest is now fulfilled. :p

polyzen commented on 2015-12-14 13:51

You should remove the unzip makedep and the prepare function

hcartiaux commented on 2015-12-14 10:58

I've updated the PKGBUILD with a new install method (moving the xpi in the global extension dir)...
Unfortunately, only 5.1.0 appears to be signed on AMO, all the other releases/xpi (eff/AMO) appears non-signed.

I don't want to decrease the PKGBUILD version, so it should be fixed with the next release on AMO...

All comments