![]() ![]() Here is an example from my test instance log. If your file is listed in the valid signatures list you did it right! If it’s not, then you may have to back track. After all mods have been constructed, it will print out all of the mod signature data. The second verification that you can do, is load the mod up in game and look at the fml-client-latest.log file. These files are used to verify the integrity of your jar. The MANIFEST.MF file should also have SHA256 digest info for every single file in your mod’s jar. Inside your jar file, there should now be a MINECRAF.SF and MINECRAF.RSA file inside the META-INF folder. ![]() To ensure that you did everything right, there are a few things you can look at. In some of my earlier tests I was initializing the logger in preInit, so make sure you check for that too! Final verification Because this event is fired before preInit, it’s important that you only access things that have been initialized, or else it will throw a crash. Something to remember, is that this event is only fired if the verification failed, and it’s fired BEFORE preInit has happened. Task signJar ( type: SignJar, dependsOn: reobfJar ) Take note of the alias, keystore pass, key pass, and the location of the keystore.jks file as these will all be needed later. You also need an alias, which is basically the name of the key. After running the command, you will be asked to provide a password for the key, and then another password for the keystore. If the Java Dev Kit has been installed properly on the system building the mod you can run the following command. The first is a key to sign your files, and a keystore to hold your keys. To sign your jar, several things are needed. Other mods can still be signed, and I would encourage everyone to try this. Currently the only mods that need to be signed, as of Forge’s latest policy update, are core mods. ![]() While this aproach is by no means full proof, it’s definetly a step in the right direction for improving the security within the community. When a jar is signed, it allows things like Forge to verify that the jar file was actually created by you. Jar signing is a process that allows you to put your signature on jar files. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |