Fixing the updater: Difference between revisions
Content deleted Content added
imported>Hendrik Brummermann Created page with ' == Now == * use load-0.86 so that old .jar files are ignored. * sign new webstart starter with new cert * create release for 0.86.1 with new cert * only use 0.86.1 for webstart…' |
imported>Hendrik Brummermann No edit summary |
||
| (32 intermediate revisions by the same user not shown) | |||
Line 1:
== Current issues ==
* can be broken by third parties, if they provide signed jars but don't change the game name
* does not allow updates of the updater
* can break if jar files are missing in the update change (e. g. stendhal-0.90.jar with only stendhal-diff-0.92-0.93.jar) because of NullPointerExceptions on missing resources
* requires new complete download on signature expire
* version number in start is missleading
== Approaches ==
* Have only a very small signed package that requests the webstart permissions.
* do the update and startup handling in another, updatable package
* use own signing of .jar files with a certificate that does not expire in a year.
* verify signature before adding a .jar to the classpath to prevent third parties from breaking the update
* if a resource does not exist, don't return null but throw a LinkageException
| |||