search

modrinth / code

The Modrinth monorepo containing all code which powers Modrinth!
https://modrinth.com
Other
985 stars 187 forks source link

Can't upload tamper proof resource pack #2844

Open MopsTMC opened 1 month ago

MopsTMC commented 1 month ago

Please confirm the following.

What browsers are you seeing the problem on?

Firefox

Describe the bug

I am unable to upload a new version for my resource pack due to required use of anti-tamper measures by Packsquash https://github.com/ComunidadAylas/PackSquash/wiki/Options-files#zip_spec_conformance_level.

Steps to reproduce

  1. Generate a resource pack with zip_spec_conformance_level = 'disregard'
  2. Attempt to upload it as a primary file for a new version
  3. Observer the following error on the bottom right Error with multipart data: No pack.mcmeta present for pack file. Tip: Make sure pack.mcmeta is in the root directory of your pack! as seen here: https://github.com/modrinth/code/blob/8c1c5572c08f9191edaa513aa18859acc651e3e4/apps/labrinth/src/validate/resourcepack.rs#L32

Expected behavior

This was not an issue prior to 4 months

Additional context

My resource pack is https://modrinth.com/resourcepack/c4music which in order to abide by C418's usage policy requires such methods to prevent extraction which have been implemented upon request of content moderators since July of 2023

brawaru commented 1 month ago

Not a bug. You are essentially creating a corrupted ZIP file, so it's fully expected that validators won't be able to read it. Unless there is a Rust library that can read corrupt ZIP files the same way Minecraft does, I don't think this is fixable.

MopsTMC commented 1 month ago

Can't disagree. I can't be the only one with this issue though. I just don't understand the utility of this validator, it's not user friendly for edge cases like this

Minenash commented 1 month ago

If a validator can't read the file, then how does mc?

Felix14-v2 commented 1 month ago

Minecraft allows you to load an extremely broken zip archives. A lot of creators use this intentionally to protect their work from stealing.

Minenash commented 1 month ago

One problem I could see with this, is what happens if someone reports a project using this method for copyright infringement. This makes it a lot harder for content moderators to check the pack for stolen content

Felix14-v2 commented 1 month ago

I would disagree. In fact, even such protection can be hacked, but for obvious reasons I can only talk about these methods privately. So moderators still can do their work.

ilyvion commented 3 weeks ago

If Minecraft can read those broken zips, then so could any other Java program, really, using the same method(s). Doesn't seem like a very sturdy protection mechanism.

I guess Modrinth could make use of this fact to examine the zips too, should they want to. 🤷