This makes it *way* easier to view and edit the translation files and avoids
the danger of accidentally slipping UTF-8 encoded characters into existing
files during editing.
- remove hardcoded 60 seconds timeout during verify, as with pack200
this may fail on slow systems
- introduce new config "timeout_verify" with 60 seconds default
- handle timeout with aborting the launch
This also makes the use of a Proxy instance explicit in the Getdown code,
rather than trying to thread things through the proxy-related system
properties.
It introduces a ProxyAuth SPI which allows an app installation to save proxy
credentials in whatever way it deems fit. Otherwise the credentials are unsaved
and the user effectively has to enter them every time Getdown attempts to
access the internet.
This is obviously a terrible design, but there's no good (cross-platform) way
to securely store a username and password. So anyone using this feature is
likely going to need to provide an implementation of ProxyAuth that does
whatever auth storage they deem appropriate.
Adapted from PR from @ThomasG-AI, thanks!
Typical use case is a security patch, were a new java patch
(java_windows.jar) is put on server side and java_min_version updated
accordingly in getdown.txt
Currently the new virtual machine will be downloaded only after
a second getdown launch. This pull request fixes this.
- Max concurrent downloads is controlled by a config in getdown.txt:
max_concurrent_downloads. It defaults to two.
- A bunch of thread-safety problems were fixed.
- While in there, I revamped the downloader to be less crufty from years of
ad-hoc requirements accretion.
- I disabled the Channel.transferFrom based download change because it prevents
fine-grained feedback (and abort checking) from taking place, and it doesn't
handle failure cases. Maybe we'll clean it up and re-enable it in the future.
The new code is more careful about how it obtains config info, and issues
warnings when sources of info conflict. It does not abort in such circumstances
as Getdown's prime directive is to do the best it can to get the app updated
and launched. But the warnings will hopefully allow accidental conflicts to be
detected and avoided before being deployed to customers.
We also now allow bootstrap.properties to provide an appid; that matches what
was possible via system properties and command line arguments. We also avoid
"communicating" environment configuration through the Java system properties
mechanism. We now read from sysprops but do not write back to them.
Lastly, this includes some name tidying (like appdir -> appDir and
getAppdir -> getAppDir).
When a constructor calls an overridable function, it may allow an attacker to access the "this" reference prior to the object being fully initialized, which can in turn lead to a vulnerability.
Application -> getLocalPath
ProxyPanel -> get
AbortPanel -> get
RotatingBackgrounds -> makeEmpty
(Triggered by internal security audit and Fortify analysis.)
This method was apparently deprecated 12 years ago, when GetdownApp.main( ) was added. The immediate motivation is to eliminate some of the security noise around this method being a source of untrusted data, but in a more general sense it also probably makes sense to clean it up after not being used for so long.
(Triggered by internal security audit and Fortify analysis.)