It is only possible to disable addons verification in Nightlyand Developerchannel. In other words it is not possible in Beta versions and standard releases.

只能在Nightly和Developer频道中禁用插件验证。换句话说，它在 Beta 版本和标准版本中是不可能的。

1. Go to about:config(enter it into address bar)
2. Set xpinstall.signatures.requiredto false.

1. 转到about:config（在地址栏中输入）
2. 设置xpinstall.signatures.required为false。

More at https://wiki.mozilla.org/Addons/Extension_Signing

更多信息请访问https://wiki.mozilla.org/Addons/Extension_Signing

Disable add-on signing check in Release (all) versions of Firefox

在发布（所有）版本的 Firefox 中禁用附加签名检查

Firefox version 65+ (or so)

Firefox 版本 65+（左右）

The following instructions will disable signature checking on Firefox for the Firefox profile in which you install the files. You are going to be adding some files to the chromedirectory under your Firefox Profile directory.

以下说明将禁用 Firefox 上安装文件的 Firefox 配置文件的签名检查。您将在 Firefox Profile 目录下的chrome目录中添加一些文件。

This code will not work if javascript.enabledis set to Falsein about:config. That option needs to be set to True, which is the default setting.

如果javascript.enabled设置为Falsein ，则此代码将不起作用about:config。该选项需要设置为True，这是默认设置。

As of Firefox 69+, it is expected that, in addition to the instructions below, you will need to have toolkit.legacyUserProfileCustomizations.stylesheetsset to truein about:config. If it does not exist, then you will need to create it ("new" in the right-click context menu) as a Boolean option. See Bugzilla 1541233for more detail about the addition of this option.

从 Firefox 69+ 开始，除了下面的说明外，预计您还需要toolkit.legacyUserProfileCustomizations.stylesheets设置为truein about:config。如果它不存在，那么您将需要创建它（右键单击上下文菜单中的“新建”）作为布尔选项。有关添加此选项的更多详细信息，请参阅Bugzilla 1541233。

I've tested this on Firefox 66.0.3+.

我已经在 Firefox 66.0.3+ 上测试过了。

The process of upgrading versions appears to briefly run the browser code with these changes not active. Thus, the first time you run a new version of Firefox any extensions you have installed that rely on disabling add-on signing will be disabled. You can immediately re-install those extensions after the upgrade to a new Firefox version and the extensions should resume working.

升级版本的过程似乎会在这些更改未激活的情况下短暂运行浏览器代码。因此，当您第一次运行新版本的 Firefox 时，您安装的任何依赖于禁用附加签名的扩展都将被禁用。升级到新的 Firefox 版本后，您可以立即重新安装这些扩展，这些扩展应该会恢复工作。

IIRC, some slightly different code was needed for Firefox 65, I believe I left that code in disable-add-on-signing.jswhen I modified it for Firefox 66, but I'm not sure about that.

IIRC，Firefox 65 需要一些稍微不同的代码，我相信我在为 Firefox 66 修改它时将该代码留在disable-add-on-signing.js 中，但我不确定这一点。

We're going to use a technique which allows you to run arbitrary JavaScript code in the browser context from files stored in your Firefox profile directory. I found how to do this from Haggai Nuchi's GitHub repository: Firefox Quantum compatible userChrome.js.

我们将使用一种技术，它允许您从存储在 Firefox 配置文件目录中的文件在浏览器上下文中运行任意 JavaScript 代码。我从Haggai Nuchi 的 GitHub 存储库中找到了如何做到这一点：Firefox Quantum compatible userChrome.js。

On Windows, your Firefox profile directory will be %appdata%\Mozilla\Firefox\Profiles\[profileID]. If you have only one profile, the [profileID]will be the only directory in the %appdata%\Mozilla\Firefox\Profilesdirectory. If you have multiple profiles, you will need to select the one(s) you want to install this hack into.

在 Windows 上，您的 Firefox 配置文件目录将为%appdata%\Mozilla\Firefox\Profiles\[profileID]. 如果您只有一个配置文件，则[profileID]该目录将是该目录中的唯一%appdata%\Mozilla\Firefox\Profiles目录。如果您有多个配置文件，则需要选择要安装此 hack 的配置文件。

Once you get to your profile directory, your will need to create a directory called chrome, if it does not already exist. You will be adding the 3 files below to that directory:

进入您的配置文件目录后，您将需要创建一个名为 的目录（chrome如果该目录尚不存在）。您将以下 3 个文件添加到该目录中：

• userChrome.css
• userChrome.xml
• disable-add-on-signing.js

• userChrome.css
• userChrome.xml
• disable-add-on-signing.js

You will then need the following code in userChrome.css, which is available from Haggai Nuchi's GitHub repository:

然后，您将需要 中的以下代码userChrome.css，该代码可从 Haggai Nuchi 的 GitHub 存储库获得：

/*Enable userChrome.js */
/* Copyright (c) 2017 Haggai Nuchi
Available for use under the MIT License:
https://opensource.org/licenses/MIT
*/

@namespace url(http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul);

toolbarbutton#alltabs-button {
    -moz-binding: url("userChrome.xml#js");
}

/*Enable userChrome.js */
/* Copyright (c) 2017 Haggai Nuchi
Available for use under the MIT License:
https://opensource.org/licenses/MIT
*/

@namespace url(http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul);

toolbarbutton#alltabs-button {
    -moz-binding: url("userChrome.xml#js");
}

You will need userChrome.xml(slightly modified from the version available in Haggai Nuchi's GitHub repository):

您将需要userChrome.xml（从Haggai Nuchi 的 GitHub 存储库中可用的版本稍作修改）：

<?xml version="1.0"?>
<!-- Copyright (c) 2017 Haggai Nuchi
Available for use under the MIT License:
https://opensource.org/licenses/MIT
 -->
<!-- This has been slightly modified from the version available from
https://github.com/nuchi/firefox-quantum-userchromejs/blob/master/userChrome.xml
by Makyen. The modified version is released under both the MIT and CC BY-SA 3.0 licenses.
 -->

<bindings id="generalBindings"
   xmlns="http://www.mozilla.org/xbl"
   xmlns:xul="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"
   xmlns:xbl="http://www.mozilla.org/xbl">

  <binding id="js" extends="chrome://global/content/bindings/toolbarbutton.xml#toolbarbutton-badged">
    <implementation>
        <constructor><![CDATA[
            function makeRelativePathURI(name) {
              let absolutePath = Components.stack.filename;
              return absolutePath.substring(0, absolutePath.lastIndexOf("/") + 1) + name;
            }
            // The following code executes in the browser context,
            // i.e. chrome://browser/content/browser.xul
            try {
                Services.scriptloader.loadSubScript(makeRelativePathURI("disable-add-on-signing.js"), window);
            } catch(e) {
                console.error(e);
            }
        ]]></constructor>
    </implementation>
  </binding>
</bindings>

You will also need disable-add-on-signing.js:

您还需要disable-add-on-signing.js：

//This should be installed as the file disable-add-on-signing.js in
//  your profile's "chrome" directory.

//Earlier versions of Firefox
try {
    Components.utils.import("resource://gre/modules/addons/XPIProvider.jsm", {}).eval("SIGNED_TYPES.clear()");
} catch(ex) {}
try {
    Components.utils.import("resource://gre/modules/addons/XPIInstall.jsm", {}).eval("SIGNED_TYPES.clear()");
} catch(ex) {}
try {
    Components.utils.import("resource://gre/modules/addons/XPIDatabase.jsm", {}).eval("SIGNED_TYPES.clear()");
} catch(ex) {}

//Tested on Firefox 66
const {XPCOMUtils} = ChromeUtils.import("resource://gre/modules/XPCOMUtils.jsm");
XPCOMUtils.defineLazyModuleGetters(this, {
    XPIDatabase: "resource://gre/modules/addons/XPIDatabase.jsm",
});
XPIDatabase.SIGNED_TYPES.clear();

console.log('Add-on signing disabled.');

After adding these files in your profile's chromedirectory, you will need to restart Firefox. You can verify that the code is running by looking for "Add-on signing disabled." in the Browser Console.

在您的配置文件的chrome目录中添加这些文件后，您需要重新启动 Firefox。您可以通过查找“附加签名已禁用”来验证代码是否正在运行。在浏览器控制台中。

Add-ons which were disabled or removed by Firefox will not be automatically enabled. You will need to re-install them. You can install them by draging-and-droping the *.xpi file onto a Firefox window and confirming that you want to install.

被 Firefox 禁用或删除的附加组件不会自动启用。您将需要重新安装它们。您可以通过将 *.xpi 文件拖放到 Firefox 窗口并确认您要安装来安装它们。

If you are wanting to get the *.xpi file for any particular extension from Mozilla Add-onsyou can download it by right clicking on the "install" button and selecting "Save As", or "Remove".

如果您想从Mozilla 附加组件获取任何特定扩展名的 *.xpi 文件，您可以通过右键单击“安装”按钮并选择“另存为”或“删除”来下载它。

Firefox version 57 or earlier (or so)

Firefox 57 或更早版本（左右）

Unfortunately, I don't recall with which version of Firefox this this method stopped working. I know I was using it on Firefox 54, 55, 52ESR and FF56.*.

不幸的是，我不记得这个方法在哪个版本的 Firefox 中停止工作了。我知道我在 Firefox 54、55、52ESR 和 FF56.* 上使用它。

I initially found this solution for disabling forced add-on signature checking in this blog post, which is the original source for the (somewhat modified) code in this answer. Making these changes will allow you to install unsigned add-ons into profiles using the Firefox distribution you modify. For most people, this will be your main Firefox installation. However, if you have installed multiple versions, you will need to make this modification in each installation. However, once you make the modifications, they will remain through normal Firefox updates.

我最初在这篇博文中找到了禁用强制附加签名检查的解决方案，这是此答案中（稍作修改）代码的原始来源。进行这些更改将允许您使用您修改的 Firefox 发行版将未签名的附加组件安装到配置文件中。对于大多数人来说，这将是您的主要 Firefox 安装。但是，如果您安装了多个版本，则需要在每次安装时进行此修改。但是，一旦您进行修改，它们将通过正常的 Firefox 更新保留。

You will need to add a couple of files within the Firefox installation directory. You can find a list of installation directory examples for Windows, Linux, and Mac OS on mozillaZine. The most common install directories are:

您需要在 Firefox 安装目录中添加几个文件。您可以在 mozillaZine 上找到 Windows、Linux 和 Mac OS 的安装目录示例列表。最常见的安装目录是：

• Windows
  • C:\Program Files\Mozilla Firefox\
  • C:\Program Files (x86)\Mozilla Firefox\
• Linux
  • /usr/lib/firefox-<version>
• OSX
  • /Applications/Firefox.app

• 视窗
  • C:\Program Files\Mozilla Firefox\
  • C:\Program Files (x86)\Mozilla Firefox\
• Linux
  • /usr/lib/firefox-<版本>
• 操作系统
  • /应用程序/Firefox.app

Add first file

添加第一个文件

You then need to add code below as the file <Install directory>/defaults/pref/disable-add-on-signing-prefs.js(Windows: <Install directory>\defaults\pref\disable-add-on-signing-prefs.js):

然后，您需要添加以下代码作为文件<Install directory>/defaults/pref/disable-add-on-signing-prefs.js(Windows:) <Install directory>\defaults\pref\disable-add-on-signing-prefs.js：

//This file should be placed in the defaults/pref directory (folder)
//within the Firefox installation directory with the with the name:
//  disable-add-on-signing-prefs.js
pref("general.config.obscure_value", 0);
pref("general.config.filename", "disable-add-on-signing.js");

Add second file

添加第二个文件

You also need to add the code below as the file <Install directory>/disable-add-on-signing.js(Windows: <Install directory>\disable-add-on-signing.js):¹

您还需要添加以下代码作为文件<Install directory>/disable-add-on-signing.js(Windows:) <Install directory>\disable-add-on-signing.js：¹

//This file should be placed in the Firefox installation directory
//(folder) with the with the name:
//  disable-add-on-signing.js
try {
    Components.utils.import("resource://gre/modules/addons/XPIProvider.jsm", {})
              .eval("SIGNED_TYPES.clear()");
} catch(ex) {}
try {
    Components.utils.import("resource://gre/modules/addons/XPIInstall.jsm", {})
              .eval("SIGNED_TYPES.clear()");
} catch(ex) {}

Results

结果

I've been using these solutions for years now to have a few extensions I built for my own use installed and to test new versions of extensions I'm working on (when I want to test in the Release versioninstead of Firefox Developer Editionor Nightly).

我多年来一直在使用这些解决方案来安装一些我为自己使用而构建的扩展并测试我正在开发的新版本的扩展（当我想在Release 版本而不是Firefox Developer Edition或每晚）。

NOTE:In about:addonsFirefox mayshow (under some conditions) the add-on as enabled (not greyed-out), but have text stating that the add-on "could not be verified and has been disabled". The text is not accurate! The add-on is enabled and functioning.

注意：在about:addonsFirefox 中可能会显示（在某些情况下）加载项已启用（未变灰），但有文字说明加载项“无法验证并已被禁用”。文字不准确！附加组件已启用并正常运行。

How it works

这个怎么运作

Within resource://gre/modules/addons/XPIProvider.jsmthe const SIGNED_TYPESis defined as a Set. In order for an add-on to require signing, its type must be a member of that Set. The Set.prototype.clear()method is used to clear all entries from the Set. This results in no add-on types which require signing (code 1, code 2).

在resource://gre/modules/addons/XPIProvider.jsm将const SIGNED_TYPES被定义为一个Set。为了使附加组件需要签名，其类型必须是 that 的成员Set。该Set.prototype.clear()方法用于清除Set. 这导致没有需要签名的附加类型（代码 1，代码 2）。

If you wanted to, you could individually disable the signature check for any of the types: "webextension", "extension", "experiment", or "apiextension".

如果你愿意，你可以单独为任何类型的禁用签名检查"webextension"，"extension"，"experiment"，或"apiextension"。

Remove the META-INFdirectory from any modified extension

从任何修改后的扩展中删除META-INF目录

The additional files in the sections above turn off the requirementthat extensions mustbe signed. If the signature files exist, the signature will still be verified. Thus, if you have modified an extension from one that was singed and have not removed the signature files, the extension will fail signature verification. In other words, actually checking any existing signatures is a separate step from the requirement that the signature must exist.

上述部分中的附加文件关闭了扩展必须签名的要求。如果签名文件存在，仍然会验证签名。因此，如果您修改了已签名的扩展名并且未删除签名文件，则该扩展名将无法通过签名验证。换句话说，实际检查任何现有签名与签名必须存在的要求是不同的步骤。

If you have modified an extension which had been signed (you can tell that it had been signed by the existence of a META-INFdirectory in the extension's root directory), then you will need to remove the signature files. You can do this by removing the META-INFdirectory and all files contained in that directory.

如果您修改了已签名的扩展（您可以通过扩展根目录中存在META-INF目录来判断它已被签名），那么您将需要删除签名文件。您可以通过删除META-INF目录和该目录中包含的所有文件来执行此操作。

^{1. The code in the blog puts this call in a try{}catch(){}block. There's really no need to do so. The only effective thing that doing so does is prevent any error from being reported in the Browser Console(Ctrl-Shift-J, or Cmd-Shift-Jon OSX). There's no additional code that is desired to be run if this fails. In addition, I would prefer to be able to see the error in the Browser Console if this fails in order to know that it has, in fact, failed. Not having the try{}catch(){}doesn't have any negative effects and permits tracking down the problem if, on some future version of Firefox, add-ons start being disabled because of not being signed.}

^{1.博客中的代码把这个调用放在了一个try{}catch(){}block中。真的没有必要这样做。这样做的唯一有效方法是防止在浏览器控制台（OSX 上的Ctrl- Shift-J或Cmd- Shift- J）中报告任何错误。如果失败，则不需要运行额外的代码。此外，如果失败，我希望能够在浏览器控制台中看到错误，以便知道它实际上已经失败。try{}catch(){}如果在某些未来版本的 Firefox 上，附加组件由于未签名而开始被禁用，则没有任何负面影响并允许跟踪问题。}

To complete the above answer, i discover firefox-autoconfig, that consists of installing an autoconfig.jsfile in <FIREFOX INSTALLATION DIR>/default/prefsand a ci.clgfile in <FIREFOX INSTALLATION DIR>that's a way to disable xpinstall.signatures.required(and other options too) definitively and automatically when Firefox is opened (tested with Firefox 45.0.1)

为了完成上述答案，我发现了firefox-autoconfig，它包括安装一个autoconfig.js文件<FIREFOX INSTALLATION DIR>/default/prefs和一个ci.clg文件，<FIREFOX INSTALLATION DIR>这是一种xpinstall.signatures.required在打开 Firefox 时明确和自动禁用（以及其他选项）的方法（使用 Firefox 45.0.1 测试）

You will see those contents in autoconfig.js:

您将在autoconfig.js以下位置看到这些内容：

//
pref("general.config.filename", "ci.cfg");
pref("general.config.obscure_value", 0);

And those contents in ci.cfg:

和那些内容ci.cfg：

// Disable checking if firefox is default browser
lockPref('browser.shell.checkDefaultBrowser', false);

// Disable restoring session
lockPref('browser.sessionstore.resume_from_crash', false);

// Disable extension signature check
lockPref('xpinstall.signatures.required', false);

// Allow extensions to be installed without user prompt
pref("extensions.autoDisableScopes", 0);
pref("extensions.enabledScopes", 15);

// Disable updater
lockPref("app.update.enabled", false);
// make absolutely sure it is really off
lockPref("app.update.auto", false);
lockPref("app.update.mode", 0);
lockPref("app.update.service.enabled", false);

// Prevent closing dialogs
lockPref("browser.showQuitWarning", false);
lockPref("browser.warnOnQuit", false);
lockPref("browser.tabs.warnOnClose", false);
lockPref("browser.tabs.warnOnCloseOtherTabs", false);

// Disable Add-ons compatibility checking
clearPref("extensions.lastAppVersion");

// Don't show 'know your rights' on first run
pref("browser.rights.3.shown", true);

//Disable plugin checking
lockPref("plugins.hide_infobar_for_outdated_plugin", true);
clearPref("plugins.update.url");

// Disable health reporter
lockPref("datareporting.healthreport.service.enabled", false);

// Disable all data upload (Telemetry and FHR)
lockPref("datareporting.policy.dataSubmissionEnabled", false);

// Disable crash reporter
lockPref("toolkit.crashreporter.enabled", false);
Components.classes["@mozilla.org/toolkit/crash-reporter;1"].getService(Components.interfaces.nsICrashReporter).submitReports = false;

// Browser Console command line
pref("devtools.chrome.enabled", true);

As of Firefox 47: release and Beta versions of Firefox for Desktop will not allow unsigned extensions to be installed, with no override.

从 Firefox 47 开始：桌面版 Firefox 的发行版和 Beta 版将不允许安装未签名的扩展，没有覆盖。

For more info see the Mozilla Wiki page on Extension Signing.

有关更多信息，请参阅有关扩展签名的Mozilla Wiki 页面。

@Makyen's solution works but will disable signature checking completely:

@Makyen 的解决方案有效，但会完全禁用签名检查：

Components.utils.import("resource://gre/modules/addons/XPIProvider.jsm", {})
      .eval("SIGNED_TYPES.clear()");

You will nothave the information of whether the addon is signed.

您将不知道插件是否已签名。

Instead I'd suggest this:

相反，我建议这样做：

/* Let unsigned addons live! */
Components.utils.import("resource://gre/modules/addons/XPIProvider.jsm", {})
          .eval("function mustSign(aType) { return false; }");
Components.utils.import("resource://gre/modules/addons/XPIProvider.jsm", {})
        .eval("XPIProvider.verifySignatures = function() {}");

It will still warn you when you try to install an unsigned addon but it will work anyway. The addon is flagged as disabled in about:addonsbut is in fact active (you can disable/enable it manually like a normal addon).

当您尝试安装未签名的插件时，它仍会警告您，但无论如何它都会工作。该插件被标记为禁用，about:addons但实际上处于活动状态（您可以像普通插件一样手动禁用/启用它）。

How it works:

这个怎么运作：

• mustSign()checks whether signature is required for this type of addon.

• verifySignatures()is a callback used to check signatures every XPI_SIGNATURE_CHECK_PERIODseconds (i.e. once per day)

• mustSign()检查此类插件是否需要签名。

• verifySignatures()是用于XPI_SIGNATURE_CHECK_PERIOD每秒检查签名的回调（即每天一次）

This is the code which I found in the thread on HackerNewsregarding add-on signing apocalypse. It works in Firefox 56and older versions without restarting.

这是我在 HackerNews 上关于附加签名启示录的线程中找到的代码。它适用于Firefox 56及更早版本，无需重新启动。

  // For FF < v57 >...?
  async function set_addons_as_signed() {
      Components.utils.import("resource://gre/modules/addons/XPIProvider.jsm");
      Components.utils.import("resource://gre/modules/AddonManager.jsm");
      let XPIDatabase = this.XPIInternal.XPIDatabase;

      let addons = await XPIDatabase.getAddonList(a => true);

      for (let addon of addons) {
          // The add-on might have vanished, we'll catch that on the next startup
          if (!addon._sourceBundle.exists())
              continue;

          if( addon.signedState != AddonManager.SIGNEDSTATE_UNKNOWN )
              continue;

          addon.signedState = AddonManager.SIGNEDSTATE_NOT_REQUIRED;
          AddonManagerPrivate.callAddonListeners("onPropertyChanged",
                                                  addon.wrapper,
                                                  ["signedState"]);

          await XPIProvider.updateAddonDisabledState(addon);

      }
      XPIDatabase.saveChanges();
  }

  set_addons_as_signed();

This code needs to be executed in the browser console (notweb console) which can be accessed via the shortcut Ctrl+Shift+J. It instantly reenables all addons which failed verification.

此代码需要在浏览器控制台（要被执行不能够通过快捷被访问网络控制台）Ctrl+ Shift+ J。它会立即重新启用所有未通过验证的插件。