How to build a Safari Extension using the command line

Aleem Mawani
Jan 17, 2013 · 3 min read

While building the Streak Safari extension, I was finding it difficult to integrate the building of the extension into our build process. Building Streak and its associated extensions is all done using various shell scripts but Apple’s instructions for building Safari extensions requires you to startup Safari and build the extension in the GUI.

I was unable to find a complete step-by-step instruction on how to programmatically build Safari extensions, so I’m writing this post so others can see. This guide is for people running OS X.

1. Install latest version of Safari

2. Download a patched version of the eXtensible ARchiver (xar) utility

3. Download this shell script and run it in the directory you download the xar archive in. The first argument to the script is the directory you want to install the xar bin to (you’ll use this directory later).

Now we need to generate our signing certificates

4. Register with Apple’s developer program

5. Create and download your Safari Extension Certificate

6. Create and sign your Safari extension manually with the built-in Safari Extension builder

7. In the command line where you just created the safariextz file type:

mkdir certs
path/to/xar -f filename.safariextz — extract-certs certs

8. Copy [cert01, cert02] files from the certs directory into the location where your build script will be running

9. Go to Keychain Access and right-click on your certificate and choose Export.

10. Export your certificate in p12 format, just put in blank when it asks for the password

11. In the command line in the directory where the p12 file exists, input these commands:

openssl pkcs12 -in Certificates.p12 -nodes | openssl x509 -outform der -out cert.der

openssl pkcs12 -in Certificates.p12 -nodes | openssl rsa -out key.pem

12. Copy the cert.der and key.pem files into the location where your build script will be running

13. Your directory should now have the following files:

  • cert.der
  • cert01
  • cert02
  • key.pem

14. In that directory type

openssl dgst -sign key.pem -binary < key.pem | wc -c size.txt

15. Now for the build script itself, each project will be different, but the first part of your build script should get all the files necessary for the Safari extension into a folder with a .safariextension (ours is Streak.safariextension). Don’t include your certificate files in the safariextension folder, they should exist outside of the folder.

16. Copy and modify this gist to get the part of the script that will generate and sign the compressed Safari extension file.

17. Profit! You should now be able to build your Safari extension from the command line.

The great thing too is that you can checkin your cert files into your source control and other developers will be able to compile the extension as well — without generating their own certs. Just make sure they have the xar utility installed.

Special thanks goes to mackyle for patching the xar utility to make this all possible!

Streak Engineering Blog

A blog documenting the technical journey of Streak

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store