Fixing the updater: Difference between revisions

← Older edit

Content deleted Content added

VisualWikitext

Revision as of 09:26, 27 July 2010 view source imported>Hendrik Brummermann →0.87 ← Older edit		Latest revision as of 22:00, 18 April 2012 view source imported>Hendrik Brummermann No edit summary
(20 intermediate revisions by the same user not shown)
Line 1: == Current issues == * can be broken by third parties, if they provide signed jars but don't change the game name ~~== Now ==~~ * does not allow updates of the updater * can break if jar files are missing in the update change (e. g. stendhal-0.90.jar with only stendhal-diff-0.92-0.93.jar) because of NullPointerExceptions on missing resources * requires new complete download on signature expire * version number in start is missleading == Approaches == * use load-0.86 so that old .jar files are ignored. * sign new webstart starter with new cert * create release for 0.86.1 with new cert * only use 0.86.1 for webstart * Have only a very small signed package that requests the webstart permissions. ~~== Live ==~~ * do the update and startup handling in another, updatable package * use own signing of .jar files with a certificate that does not expire in a year. * update webstart starter * verify signature before adding a .jar to the classpath to prevent third parties from breaking the update * update-0.86.properties * if a resource does not exist, don't return null but throw a LinkageException * provide 0.86.1 files with new cert in updater location. ~~== Later ==~~ * provide 0.86.1 download signed with new key ~~== 0.87 ==~~ * make sure that games.stendhal.client.update is not included in the diff files for the old updater * make sure that META-INF * provide two update diffs (one with the old cert and one with the new cert) * update.properties pointing to the ones with the old cert * update-0.86.properties pointing to the ones with the new cert