Fixing the updater

From Arianne
Jump to navigation Jump to search

Current issues

  • can be broken by third parties, if they provide signed jars but don't change the game name
  • does not allow updates of the updater
  • can break if jar files are missing in the update change (e. g. stendhal-0.90.jar with only stendhal-diff-0.92-0.93.jar) because of NullPointerExceptions on missing resources
  • requires new complete download on signature expire
  • version number in start is missleading


  • Have only a very small signed package that requests the webstart permissions.
  • do the update and startup handling in another, updatable package
  • use own signing of .jar files with a certificate that does not expire in a year.
  • verify signature before adding a .jar to the classpath to prevent third parties from breaking the update
  • if a resource does not exist, don't return null but throw a LinkageException