Minecon724/jarupdater
1
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages 1 Wiki Activity Actions

JAR signature verification #1

New issue
Closed
opened 2024-09-22 13:13:04 +02:00 by Minecon724 · 1 comment
Minecon724 commented 2024-09-22 13:13:04 +02:00
Owner
Copy link
  • The signature should probably be hardcoded (but that would of course be abstract so up to implementation)
  • I think the JAR is first downloaded to a temp directory, so it should be verified there before moving to destination
    • or verify it in place and ask to keep
- The signature should probably be hardcoded (but that would of course be abstract so up to implementation) - I think the JAR is first downloaded to a temp directory, so it should be verified there before moving to destination - or verify it in place and ask to keep
Minecon724 commented 2024-10-27 11:09:08 +01:00
Author
Owner
Copy link

A way of changing signatures is also needed. We could sign a JAR with the old signature and add another one for future updates, but what about the future updates? We can't bundle every signature ever used.

I would say make another file with public keys and max supported versions

A way of changing signatures is also needed. We could sign a JAR with the old signature and add another one for future updates, but what about the future updates? We can't bundle every signature ever used. I would say make another file with public keys and max supported versions
Minecon724 added the
enhancement
 label 2024-10-27 16:06:18 +01:00
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
jarupdater-0.1.10
jarupdater-0.1.9
jarupdater-0.1.8
jarupdater-0.1.7
jarupdater-0.1.6
jarupdater-0.1.5
jarupdater-0.1.4
jarupdater-0.1.3
jarupdater-0.1.2
jarupdater-0.1.1
jarupdater-0.1.0
Labels
Clear labels   
bug

Something is not working

  
duplicate

This issue or pull request already exists

  
enhancement

New feature

  
help wanted

Need some help

  
invalid

Something is wrong

  
question

More information is needed

  
wontfix

This won't be fixed

No labels
bug
duplicate
enhancement
help wanted
invalid
question
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: Minecon724/jarupdater#1
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?