Pack Chrome extension on server with only command-line interface

Question

Is it possible to pack chrome extension with key (*.pem) on server only with CLI (Ubuntu-server)?

Answer 1

Update: chrome now uses Version 3 and the scripts released by google only worked for Version 2

There were official packaging scripts for Version 2 listed at https://developer.chrome.com/extensions/crx#scripts - one in Bash and one in Ruby. Google now wants apps to be packaged by them for the webstore.

However, here's a modified script that works for packaging CRX3 packages:

# Purpose: Pack a Chromium extension directory into crx format

if test $# -ne 2; then
  echo "Usage: crxmake.sh <extension dir> <pem path>"
  exit 1
fi

dir=$1
key=$2
name=$(basename "$dir")
crx="$name.crx"
pub="$name.pub"
sig="$name.sig"
zip="$name.zip"
tosign="$name.presig"
binary_crx_id="$name.crxid"
trap 'rm -f "$pub" "$sig" "$zip" "$tosign" "$binary_crx_id"' EXIT


# zip up the crx dir
cwd=$(pwd -P)
(cd "$dir" && zip -qr -9 -X "$cwd/$zip" .)


#extract crx id
openssl rsa -in "$key" -pubout -outform der | openssl dgst -sha256 -binary -out "$binary_crx_id"
truncate -s 16 "$binary_crx_id"

#generate file to sign
(
  # echo "$crmagic_hex $version_hex $header_length $pub_len_hex $sig_len_hex"
  printf "CRX3 SignedData"
  echo "00 12 00 00 00 0A 10" | xxd -r -p
  cat "$binary_crx_id" "$zip"
) > "$tosign"

# signature
openssl dgst -sha256 -binary -sign "$key" < "$tosign" > "$sig"

# public key
openssl rsa -pubout -outform DER < "$key" > "$pub" 2>/dev/null


crmagic_hex="43 72 32 34" # Cr24
version_hex="03 00 00 00" # 3
header_length="45 02 00 00"
header_chunk_1="12 AC 04 0A A6 02"
header_chunk_2="12 80 02"
header_chunk_3="82 F1 04 12 0A 10"
(
  echo "$crmagic_hex $version_hex $header_length $header_chunk_1" | xxd -r -p
  cat "$pub"
  echo "$header_chunk_2" | xxd -r -p
  cat "$sig"
  echo "$header_chunk_3" | xxd -r -p
  cat "$binary_crx_id" "$zip"
) > "$crx"
echo "Wrote $crx"

This script was revised based on information from the source code:

Create Function Header Description

As well as the serialization documentation for the header.

This script can easily be used in a docker container for automation:

FROM alpine:3.9
RUN apk add --no-cache git openssl zip vim
COPY scripts/crxmake.sh /usr/local/bin/crxmake

Answer 2

You can use the application switches --pack-extension and --pack-extension-key as described in the documentation.

Basically, on Windows, you'd run the following in a terminal:

chrome.exe --pack-extension=c:\myext --pack-extension-key=c:\myext.pem

It works on Mac as well with:

/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --pack-extension=./myext --pack-extension-key=./myext.pem

It should be similar on Ubuntu.

Leaving out --pack-extension-key will automatically create a key for you.