From 00ad70b3bd7f8859c710039857aa7da17a29b3d7 Mon Sep 17 00:00:00 2001 From: Sven Gothel Date: Wed, 3 Apr 2019 06:04:52 +0200 Subject: Bug 1369: Source Certification Contract (SCC): Initial SHA256 fingerprint & runtime validation This change implements a strong SHA256 signature over: 1) source tree inclusive make recipe (SHA256-Source) 2) all class files (SHA256-Classes) 3) all native libraries (SHA256-Natives) 4) the class files as deployed in the jar (SHA256-Classes-this) 5) the native libraries as deployed in the jar (SHA256-Natives-this) and drops all of these in the deployed Jar file. This allows SHA256 validation of (4) + (5) at runtime and further complete validation (1), (2) and (3) offline. Full SCC would now required (1) - (3) to be placed on a server for further validation. Optionally we may use GPG or PGP to validate the build entity to implement the chain of trust The SHA256 runtime validation is tested via: com.jogamp.common.util.TestVersionInfo --- make/scripts/runtest.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'make/scripts/runtest.sh') diff --git a/make/scripts/runtest.sh b/make/scripts/runtest.sh index 5ba9b73..0ce33bd 100755 --- a/make/scripts/runtest.sh +++ b/make/scripts/runtest.sh @@ -63,7 +63,7 @@ X_ARGS="-Drootrel.build=$ROOTREL_BUILD -Dgluegen.root=$GLUEGEN_ROOT" #D_ARGS="-Djogamp.debug.IOUtil -Djogamp.debug.IOUtil.Exe -Djogamp.debug.IOUtil.Exe.NoStream" #D_ARGS="-Djogamp.debug.IOUtil -Djogamp.debug.TempFileCache -Djogamp.debug.TempJarCache -Djogamp.debug.IOUtil.Exe" #D_ARGS="-Djogamp.debug.IOUtil -Djogamp.debug.TempFileCache -Djogamp.debug.TempJarCache -Djava.io.tmpdir=/run/501" -D_ARGS="-Djogamp.debug.IOUtil -Djogamp.debug.TempFileCache -Djogamp.debug.TempJarCache" +#D_ARGS="-Djogamp.debug.IOUtil -Djogamp.debug.TempFileCache -Djogamp.debug.TempJarCache" #D_ARGS="-Djogamp.debug.ByteBufferInputStream" #D_ARGS="-Djogamp.debug.Buffers" #D_ARGS="-Djogamp.debug.Bitstream" -- cgit v1.2.3