Comments (14)
According to documentation, Chrome does not allow installing CRX from outside of their store, unless in developer mode or through enterprise policy: https://developer.chrome.com/extensions/hosting_changes, or on Linux (it's mentioned at the beginning of linux_hosting i linked in my previous comment).
So that may be a reason, because in their source, that "proof missing" error is returned only if either public key is missing, or "required key" is missing:
https://github.com/chromium/chromium/blob/c48c9b176af94f7ec65e20f21594524526d2a830/components/crx_file/crx_verifier.cc#L178
"required key" seems to be their predefined key:
https://github.com/chromium/chromium/blob/c48c9b176af94f7ec65e20f21594524526d2a830/components/crx_file/crx_verifier.cc#L134
and
https://github.com/chromium/chromium/blob/c48c9b176af94f7ec65e20f21594524526d2a830/components/crx_file/crx_verifier.cc#L42
I'm guessing that's the public part of Chrome Web Store key? There's no easy or even "practical" way to create signature that will match their key.
So, either it's the missing Chrome Web Signature key, or something is wrong with how we create signature using developer's key.
from crx.
When i drag&dropped tiny test CRX onto Chrome's window (onto default new tab) i got the same error.
When i drag&dropped it onto a tab opened on chrome://extensions/
(with "Developer mode" enabled) it worked OK. Without "Developer mode" switch enabled, i got the same error.
@eladnava @realjax can you check that too?
from crx.
Hi @ahwayakchih,
Thanks for your help.
Chrome used to allow downloading CRX files via HTTP file download (using application/x-chrome-extension
mime-type), even outside Chrome Web Store.
Chrome 75 broke that, but .crx
files can still be downloaded, just the Content-type
header needs to be changed by the server sending the .crx
file:
Content-type: application/x-chrome-extension
This is the workaround we used, we can close this issue.
from crx.
Found a workaround, sending a different Content-type
but still saving the file with the .crx
extension:
Content-type: application/octet-stream
Content-disposition: attachment; filename=something.crx
<-- crx file -->
from crx.
Not sure about Windows 10 , but on my Work pc ( MacOs Mojave) I still get this:
from crx.
@realjax Are you trying to generate a new extension here?
https://applicationize.me/now
It works for me now on Chrome 75 using the workaround above.
from crx.
@eladnava, @realjax according to documentation about linux hosting, extension has to specify update_url
in its manifest.json
file. That URL has to respond with XML file/data: https://developer.chrome.com/extensions/linux_hosting#update_url
from crx.
Hey guys, I'm receiving this issue with the same version of chrome but not when downloading a CRX file. I pack my extension via Chrome's "Pack Extension" button on the extensions page. When I double click the crx file I just create, it gives me the error CRX_REQUIRED_PROOF_MISSING.
I'm in developer mode, and could use some advice. The end goal is to load the extension into a Selenium automated browser. Even though I'm loading the extension into Selenium, it's not appearing and I believe this is the cause. Any thoughts?
from crx.
@stephenarifin According to documentation, Chrome on Windows blocks installing CRX if it's not from their web store. But you may still work around that using policies (look for "chrome policy force_install") and webserver that serves both CRX and XML files.
Or test using data from ZIP file instead of full CRX file (look for "Testing Chrome Extensions with Selenium" article from 28th of January 2019) - but i did not test that, so i don't know if that works with latest Chrome.
Or test on Linux - documentation mentions that it's allowed to install CRX on Linux (or maybe on Windows too, but using Chromium instead of Chrome?), if it is served with proper headers.
from crx.
@ahwayakchih, thanks for the response. To be clear, I'm actually using MacOS and not installing the extension from a web server. This is a local dev copy of an extension i'm developing.
from crx.
@stephenarifin what happens when you go to chrome://extensions page, switch developer mode on and drag and drop CRX file into the window?
Here, on Linux with Chromium, i get confirmation dialog, click "Add extension" and it installs OK.
But when i drag & drop CRX file on some other page, it shows CRX_REQUIRED_PROOF_MISSING
error, even after i click "continue" on warning dialog.
But it should be possible to force_install it through policy file created in correct directory. After starting the browser, extension should already be installed.
Check this for Mac:
- https://support.google.com/chrome/a/answer/7517624?hl=en&ref_topic=9023246
- https://www.chromium.org/administrators/mac-quick-start
from crx.
@ahwayakchih, if I drag and drop the CRX file into the extension window, I get the confirmation dialog and installs correctly. However, if I double click the CRX file, I get the CRX_REQUIRED_PROOF_MISSING
error. If I drag and drop the CRX on another page that isn't extensions, nothing happens.
from crx.
@stephenarifin OK, so for checking manually if CRX file works, you can still install it through extensions window. CRX_REQUIRED_PROOF_MISSING
error is about missing signature from Chrome's web store AFAIK, so if it installs through extensions window, file is valid, just unsigned.
To test if extension works after it's installed, you may try using ZIP file or a path to extension's directory (the one with sources, manifest.json
file, etc...). It works with Puppeteer, so maybe it will also work with Selenium (sorry, i don't use Selenium, so i can't be sure).
To automate testing if CRX file is valid, without emulating user interaction, use policy file - it won't install CRX file that is somehow invalid. I'm currently working on setting that up with Docker and Alpine Linux.
As for allowing end-users to install it... i don't know. If you can control environment, e.g., you work in corporate IT, you can use policy files and internal web server. Otherwise, if you do not want to distribute extension through Google's web store... AFAIK the only way is to ask users to go to extensions page and install CRX there (unless you find Google's private key).
from crx.
@stephenarifin check these:
- Configuring policy files on Mac: https://www.chromium.org/administrators/configuring-policy-for-extensions#TOC-Mac
- Enabling installing CRX from custom URLs: https://www.chromium.org/administrators/policy-list-3#ExtensionInstallSources
So, for Mac, to enable installing local CRX files, plist
file could be like (not tested!):
<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.google.Chrome.ExtensionInstallSources</key>
<array>
<string>file:///*</string>
</array>
</dict>
</plist>
I just tested that on Linux (using JSON policy file at /etc/chromium/policies/managed/test_policy.json
), and it worked OK: i got confirmation dialog, just like the one on the extensions page in developer mode, clicked "Add extension" and got extension installed.
from crx.
Related Issues (20)
- Do not write PEM inside extension's directory
- CRX3 inconsistent extension URL HOT 3
- Upgrade vulnerable lodash (again) HOT 1
- cli: crx command not found HOT 2
- how solveing to Callback must be a function ? HOT 3
- I have a problem. The generated file is incomplete HOT 2
- Why are the hash of crx files different using the same private key HOT 1
- use crx pack failed HOT 1
- Is there any plan to support rollup plugins ? HOT 1
- Reduce CRX size by setting zlib compression level HOT 1
- Some extensions need to include .crx files HOT 1
- Pack an extension without .pem key. HOT 1
- Calculate ID from path HOT 4
- Incorrect id calculation based on path HOT 10
- TypeScript HOT 4
- API for public PKCS PEM string HOT 7
- Lodash Security Vulnerability HOT 2
- Packed & signed .crx does not work in Chrome HOT 29
- Allow supplying our own `fs` HOT 10
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from crx.