diff options
author | Sven Gothel <[email protected]> | 2019-04-03 06:04:52 +0200 |
---|---|---|
committer | Sven Gothel <[email protected]> | 2019-04-03 06:04:52 +0200 |
commit | 00ad70b3bd7f8859c710039857aa7da17a29b3d7 (patch) | |
tree | 6f3652dff1a1db7272b4f3e83ec98eeecf86ad87 /make/Manifest-rt | |
parent | 1157b913a068167062c853b4b525954b223a5509 (diff) |
Bug 1369: Source Certification Contract (SCC): Initial SHA256 fingerprint & runtime validation
This change implements a strong SHA256 signature over:
1) source tree inclusive make recipe (SHA256-Source)
2) all class files (SHA256-Classes)
3) all native libraries (SHA256-Natives)
4) the class files as deployed in the jar (SHA256-Classes-this)
5) the native libraries as deployed in the jar (SHA256-Natives-this)
and drops all of these in the deployed Jar file.
This allows SHA256 validation of (4) + (5) at runtime
and further complete validation (1), (2) and (3) offline.
Full SCC would now required (1) - (3) to be placed on a server for further validation.
Optionally we may use GPG <https://gnupg.org/> or PGP to validate the build entity to implement the chain of trust <https://en.wikipedia.org/wiki/Chain_of_trust>
The SHA256 runtime validation is tested via: com.jogamp.common.util.TestVersionInfo
Diffstat (limited to 'make/Manifest-rt')
-rwxr-xr-x | make/Manifest-rt | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/make/Manifest-rt b/make/Manifest-rt index 4a76c0c..98f0e3f 100755 --- a/make/Manifest-rt +++ b/make/Manifest-rt @@ -8,6 +8,11 @@ Implementation-Version: @VERSION@ Implementation-Build: @BUILD_VERSION@ Implementation-Branch: @SCM_BRANCH@ Implementation-Commit: @SCM_COMMIT@ +Implementation-SHA256-Sources: @SHA256_SOURCES@ +Implementation-SHA256-Classes: @SHA256_CLASSES@ +Implementation-SHA256-Classes-this: @SHA256_CLASSES_THIS@ +Implementation-SHA256-Natives: @SHA256_NATIVES@ +Implementation-SHA256-Natives-this: @SHA256_NATIVES_THIS@ Implementation-Vendor: JogAmp Community Implementation-Vendor-Id: com.jogamp Implementation-URL: http://jogamp.org/ |