You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In order to address security concerns of some users (e.g. #57 ), we should add the option to produce signed apps. I'm not talking about Apple Code-signing - I'm talking about a cross-platform approach that would allow the user to verify the origin of all code running in an app.
How it works
The developer has the option to enable "code-signing" in the package.json file. (Would need to think of word that doesn't confuse it with Apple's code-signing).
With code-signing enabled, the "package" action would use the developer's private key to sign all bundles produced: the installer, the app bundles, and the payload that is published on npm. If they don't have a private key, it will auto-generate a key-pair and store them in a standard location on the developer's machine.
With code-signing enabled, the "package" action would download and embed the JVM directly in the installer and app bundles, and sign them.
With code-signing enabled, the "publish" action would publish the sha1, sha256, md5 hashes for the installer bundles to trusted feed locations, such Twitter, or GitHub.
When the user downloads the installer from either the developer's website, GitHub, or jDeploy.com, they can manually verify it against the hash, and the developer's public key, which could be published in a trusted location, or simply provided to the user out of band.
When the launcher downloads updates from the cloud (e.g. npm), it can compare the signature of the payload against the signature of the app launcher to ensure that they match.
No JVM downloads occur in this scenario because the JVM is embedded into the app bundle.
Draw-backs of this approach
Bundles will be much larger due to embedded JVM.
Space complexity for hosting is exponentially larger for jDeploy.com. Currently all apps use the same installer, so jDeploy.com doesn't actually need to store installer bundles for each app. It just uses the same installer and adds appropriate metadata. With this approach, each app bundle needs to be pre-built and stored somewhere. It might make sense to integrate this with github actions and bind it to the github release process so that the installer bundles are automatically uploaded as artifacts of GitHub releases.
The text was updated successfully, but these errors were encountered:
In order to address security concerns of some users (e.g. #57 ), we should add the option to produce signed apps. I'm not talking about Apple Code-signing - I'm talking about a cross-platform approach that would allow the user to verify the origin of all code running in an app.
How it works
Draw-backs of this approach
The text was updated successfully, but these errors were encountered: