Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Check JAR signature after download #418

Open
kgilpin opened this issue Sep 12, 2023 · 2 comments
Open

Check JAR signature after download #418

kgilpin opened this issue Sep 12, 2023 · 2 comments
Assignees
@jansorg
Labels
enhancement New feature or request security well-defined

Comments

@kgilpin
Copy link
Contributor

kgilpin commented Sep 12, 2023

After downloading the appmap jar file, verify the signature before making the symlink.
@jansorg
Copy link
Collaborator

jansorg commented Sep 13, 2023

@kgilpin Which signature are you referring to?
The AppMap agent JAR is currently not signed, AFAIK:

$ jarsigner -verify appmap-1.21.0.jar 

jar is unsigned.

@kgilpin
Copy link
Contributor Author

kgilpin commented Sep 13, 2023

I mean the .jar.asc file in https://github.com/getappmap/appmap-java/releases which I assume is a checksum of the binary or something?

@brikelly brikelly assigned jansorg and unassigned brikelly Sep 20, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jansorg jansorg

Labels
enhancement New feature or request security well-defined
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@kgilpin @brikelly @jansorg