This can be used to completely override the appbase via the installer in
situations where you want to build a deployment once, but then potentially
serve it from some other webserver.
In that file we have:
filename = hex_encoded_hash
The hex_encoded_hash will never contain = but the filename could
conceivably contain =, so for that file we split on the last = instead
of the first.
Everywhere else we continue to split on the first = because that makes
more sense.
Since we're upping the protocol version, we can do all this too at the
same time. So v2 digest will use SHA256, sign using SHA256withRSA and
will include the contents of META-INF in the digests. Upgrades++!
This also includes the code from pull request #73 to allow a .crt file
to be included with the app to allow for signature verification of
standalone apps (we already did this for applets via the applet
parameters).
Right now there's only two versions of the digester protocol, so I just
always generate both of them. If we evolve the protocol further, we
could conceivably allow you to specify a "minimum" protocol version,
once you were confident that all of your clients had upgraded to a
version of Getdown that used that minimum version.
The one major change here is that Getdown.isUpdateAvailable/install()
are no longer static.
GetdownApp has a start() method that you can call if you want to get the
Getdown reference back. You can call isUpdateAvailable() on that. It was
super weird that you would call GetdownApp.main() and then just call
some static methods after that.
Whenever 'use_code_cache' is set to 'true' the application's code
resources are copied to a cache directory prior to launching the
application. This is done in order to support multiple open application
instances of different versions.
The "Trusted-Library" manifest attribute is required for Applets and
Java Web Start. Otherwise classes from the Getdown package might be
silently ignored (ClassNotFoundException).
1) Download resources first into a temporary file
2) Perform verification and digest comparison with the downloaded
temporary file instead of the original if temporary file exist
3) Only when verification completes successfully rename all the
temporary files to override the original. This step can be done
automatically or manually by calling GetDown.install() which is useful
for those who want to download in background and install upon program
exit.