| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
| |
Implementation currently uses 256 bit Secure Hash (SHA) algorithm, but this may change in the future.
Hence only use 'SHA' in the names, not 'SHA256'.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
runtime validation
This change implements a strong SHA256 signature over:
1) source tree inclusive make recipe (SHA256-Source)
2) all class files (SHA256-Classes)
3) all native libraries (SHA256-Natives)
4) the class files as deployed in the jar (SHA256-Classes-this)
5) the native libraries as deployed in the jar (SHA256-Natives-this)
and drops all of these in the deployed Jar file.
This allows SHA256 validation of (4) + (5) at runtime
and further complete validation (1), (2) and (3) offline.
Full SCC would now required (1) - (3) to be placed on a server for further validation.
Optionally we may use GPG <https://gnupg.org/> or PGP to validate the build entity to implement the chain of trust <https://en.wikipedia.org/wiki/Chain_of_trust>
The SHA256 runtime validation is tested via: com.jogamp.common.util.TestVersionInfo
|
|
|
|
| |
subsequent entries are not recognized
|
|
|
|
| |
duh), add 'Application-Library-Allowable-Codebase: *'
|
| |
|
|
|
|
| |
producing Java6 bytecode ; Apply JAR Manifest tags: Sealed, Permissions and Codebase
|
|
|
|
|
|
|
|
|
|
|
|
| |
Manifest ; Common jogamp_int_version for Android.
Until 2.0.2 gets released, the version string is 2.0.2-rc-<TIMESTAMP>
and used in the Manifest for IMPLEMENTATION_VERSION.
The previous build version name of IMPLEMENTATION_VERSION
goes into the new tag IMPLEMENTATION_BUILD.
Further more, we use a common jogamp_int_version for Android, to make life more easy.
|
|
|