Note: mexumgen is not maintained any longer. It has been superseded by Uhura


mexumgen - Mozilla Extension Update Manifest Generator, version 1.2


menumgen [-h | -k key.pem] [-w] [-o out.rdf] etc...



Calculate SHA1 hash of every installation package and include it in the update manifest. If -k option is present this is implied.

-k key.pem

The private key to sign the update manifest with. Typically it is 1024-bit RSA key in PEM format. If this parameter is omitted the update manifest will not be signed.


Indicates that updateInfoURL (a.k.a ``What's new'') should be included in the generated update manifest. This changes the meaning of the tail of the command line (see etc below).

-o out.rdf

The output update manifest file (generated and signed). This can be the same file as specified with -i option. If this parameter is omitted the resulting update manifest will be written to the standard output.


The remaining command line arguments specify the installation packages to be used and the corresponding URLs.

If -w option is present, the number of remaining arguments must be multiple of 3. Each group of 3 arguments specifies (in that order): the path to the installation package in the local file system, the URL where that package is going to be available, the URL of the ``What's new'' page for the package.

If -w option is not present, the number of remaining arguments must be multiple of 2. Each pair of arguments specifies the path to the installation package in the local file system and the URL where that package is going to be available.

In other words, the -w option indicates whether ``What's new'' URLs must be present in the list of the installation packages.


The install.rdf file found in each installation package specified in the command line is parsed to retrieve the information about the extension (id, version) and about the target application(s) (id, minVersion, maxVersion). Also, if the update manifest is to be signed or if -h command line option is present, the SHA1 hash of each installation package (xpi file) is calculated. That information is used to construct a new update manifest.

A key to sign the update manifest can be generated with OpenSSL:

openssl genrsa -out keyfile.pem 1024

This produces a new private key that can be used to sign update manifests. In order to have the signature successfully verified the corresponding public key must be specified as the updateKey in the installation manifest of the previous version(s) of the extension(s). To obtain the public key the following command can be used:

openssl rsa -in keyfile.pem -pubout -out

The content of (excluding the lines designating begin/end of the public key) can be copied to the installation manifests of all extensions the key is going to be used with. Obviously, this has to be done before creating the installation packages and attempting to generate an update manifest.


menumgen -k key.pem -w -o update.rdf extension.xpi


The targetPlatform from the installation packages is not taken into account.

If the key is encrypted the password must be entered interactively, there is no way to specify it on the command line.

Signing an existing update manifest is not supported in the current version.


Convert::ASN1, XML::Parser, RDF::Core, OpenSSL, unzip



Copyright (C) 2008 Sergei Zhirikov (