summaryrefslogtreecommitdiffstats
path: root/src/java/com/jogamp/common/jvm
diff options
context:
space:
mode:
authorSven Gothel <[email protected]>2019-04-03 06:04:52 +0200
committerSven Gothel <[email protected]>2019-04-03 06:04:52 +0200
commit00ad70b3bd7f8859c710039857aa7da17a29b3d7 (patch)
tree6f3652dff1a1db7272b4f3e83ec98eeecf86ad87 /src/java/com/jogamp/common/jvm
parent1157b913a068167062c853b4b525954b223a5509 (diff)
Bug 1369: Source Certification Contract (SCC): Initial SHA256 fingerprint & runtime validation
This change implements a strong SHA256 signature over: 1) source tree inclusive make recipe (SHA256-Source) 2) all class files (SHA256-Classes) 3) all native libraries (SHA256-Natives) 4) the class files as deployed in the jar (SHA256-Classes-this) 5) the native libraries as deployed in the jar (SHA256-Natives-this) and drops all of these in the deployed Jar file. This allows SHA256 validation of (4) + (5) at runtime and further complete validation (1), (2) and (3) offline. Full SCC would now required (1) - (3) to be placed on a server for further validation. Optionally we may use GPG <https://gnupg.org/> or PGP to validate the build entity to implement the chain of trust <https://en.wikipedia.org/wiki/Chain_of_trust> The SHA256 runtime validation is tested via: com.jogamp.common.util.TestVersionInfo
Diffstat (limited to 'src/java/com/jogamp/common/jvm')
0 files changed, 0 insertions, 0 deletions