gluegen.git - GLUEGEN repository on http://jogamp.org/ ;

	Commit message (Collapse)	Author	Age	Files	Lines
*	Bug 1369: SCC: Hide SHA Algorithm bit size in literals of Specification	Sven Gothel	2019-04-03	1	-5/+5
\| \| \| \| \|	Implementation currently uses 256 bit Secure Hash (SHA) algorithm, but this may change in the future. Hence only use 'SHA' in the names, not 'SHA256'.
*	Bug 1369: Source Certification Contract (SCC): Initial SHA256 fingerprint & ↵	Sven Gothel	2019-04-03	1	-0/+5
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	runtime validation This change implements a strong SHA256 signature over: 1) source tree inclusive make recipe (SHA256-Source) 2) all class files (SHA256-Classes) 3) all native libraries (SHA256-Natives) 4) the class files as deployed in the jar (SHA256-Classes-this) 5) the native libraries as deployed in the jar (SHA256-Natives-this) and drops all of these in the deployed Jar file. This allows SHA256 validation of (4) + (5) at runtime and further complete validation (1), (2) and (3) offline. Full SCC would now required (1) - (3) to be placed on a server for further validation. Optionally we may use GPG <https://gnupg.org/> or PGP to validate the build entity to implement the chain of trust <https://en.wikipedia.org/wiki/Chain_of_trust> The SHA256 runtime validation is tested via: com.jogamp.common.util.TestVersionInfo
*	Bug 1024: Add fallback for native-jar-file location via classpath	Sven Gothel	2014-07-11	1	-1/+1
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	In situations, where the native-jar file is not located within the same parent URI as it's java-jar file, our location mechanism fails. This patch adds a classloader based native-jar file location mechanism as a fallback, requiring the native jar file to be included in the users CLASSPATH. Classloader based location algorithm in JNILibLoaderBase.addNativeJarLibsImpl(..): - Extract the 'module-name' from the given classFromJavaJar's package name, i.e. the last package-part: 'jogamp.common.Debug' -> 'common' Hence it is important to pass a 'classFromJavaJar', which last package segment reflects the module-name! - <os.and.arch> -> <os_and_arch_dot>, e.g. linux-amd64 -> linux.amd64 (linux/amd64) - Locate class 'jogamp.nativetag.<module-name>.<os_and_arch_dot>.TAG', e.g. 'jogamp.nativetag.common.linux.amd64.TAG' - Use located class's JarFile URI .. continue as usual Injection of above mentioned TAG class via gluegen-cpptasks-base.xml macro 'native.tag.jar': - Creates dummy TAG.java code - Compiles TAG.java - Creates the native-jar file Example: <native.tag.jar objdir="${build}/obj" nativejarfile="${build}/gluegen-rt-natives-${os.and.arch}.jar" manifestfile="${build}/Manifest-rt-natives.temp" module="common" includelibs="*gluegen-rt.${native.library.suffix}" /> Note that the manifest file uses a matching Extension-Name: Extension-Name: jogamp.nativetag.common
*	Jar Manifest: Add empty line before EOF (otherwise last line is cut-off - ↵	Sven Gothel	2014-01-22	1	-0/+2
\| \| \| \|	duh), add 'Application-Library-Allowable-Codebase: *'
*	Bug 881 - Add 'Application-Name' in Jar's manifest to avoid Java6 NPEs ..	Sven Gothel	2013-11-01	1	-0/+1
\|
*	Bug 758: Fix scripts and ant build files to work w/ Java7 (default now) ↵	Sven Gothel	2013-06-20	1	-0/+16
	producing Java6 bytecode ; Apply JAR Manifest tags: Sealed, Permissions and Codebase