While building the Streak Safari extension, I was finding it difficult to integrate the building of the extension into our build process. Building Streak and its associated extensions is all done using various shell scripts but Apple’s instructions for building Safari extensions requires you to startup Safari and build the extension in the GUI.
I was unable to find a complete step-by-step instruction on how to programmatically build Safari extensions, so I’m writing this post so others can see. This guide is for people running OS X.
1. Install latest version of Safari
2. Download a patched version of the eXtensible ARchiver (xar) utility
3. Download this shell script and run it in the directory you download the xar archive in. The first argument to the script is the directory you want to install the xar bin to (you’ll use this directory later).
Now we need to generate our signing certificates
4. Register with Apple’s developer program
5. Create and download your Safari Extension Certificate
6. Create and sign your Safari extension manually with the built-in Safari Extension builder
7. In the command line where you just created the safariextz file type:
path/to/xar -f filename.safariextz — extract-certs certs
8. Copy [cert01, cert02] files from the certs directory into the location where your build script will be running
9. Go to Keychain Access and right-click on your certificate and choose Export.
10. Export your certificate in p12 format, just put in blank when it asks for the password
11. In the command line in the directory where the p12 file exists, input these commands:
openssl pkcs12 -in Certificates.p12 -nodes | openssl x509 -outform der -out cert.der
openssl pkcs12 -in Certificates.p12 -nodes | openssl rsa -out key.pem
12. Copy the cert.der and key.pem files into the location where your build script will be running
13. Your directory should now have the following files:
14. In that directory type
openssl dgst -sign key.pem -binary < key.pem | wc -c size.txt
15. Now for the build script itself, each project will be different, but the first part of your build script should get all the files necessary for the Safari extension into a folder with a .safariextension (ours is Streak.safariextension). Don’t include your certificate files in the safariextension folder, they should exist outside of the folder.
16. Copy and modify this gist to get the part of the script that will generate and sign the compressed Safari extension file.
17. Profit! You should now be able to build your Safari extension from the command line.
The great thing too is that you can checkin your cert files into your source control and other developers will be able to compile the extension as well — without generating their own certs. Just make sure they have the xar utility installed.
Special thanks goes to mackyle for patching the xar utility to make this all possible!