Add sha256 support for library verification to the launcher and a flag to disable it.

chunky-dev / chunky

A path tracer to create realistic images of your Minecraft worlds.

https://chunky-dev.github.io/docs

GNU General Public License v3.0

637 stars 76 forks source link

Add sha256 support for library verification to the launcher and a flag to disable it. #1656

Closed leMaik closed 9 months ago

leMaik commented 9 months ago

It's 2023 and md5 is basically broken. This PR adds sha256 verification support. The latest.json for Chunky 2.4.5 on my server already contains the sha256 hashes.

Using --dangerouslyDisableLibraryValidation, checksum validation of libraries can now be disabled. This is a potential security issue and thus not recommended. It does help with local debugging and sharing custom Chunky versions though. Closes #1509

leMaik commented 9 months ago

Having that flag as system property means that the checksum validation could be disabled by environment variables (ie. JAVA_TOOL_OPTIONS. I'll change this to a command line flag.