... is forbidden magic that keeps your mods updated.
The keywords "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119.
mods
folder. Still, you SHOULD use sufficiently new Minecraft and Forge
versions (i.e. those in active development or LTS).remote_sync.json
.RemoteSync works in the following way:
mods
directory for technical
reason.remote_sync.json
(under your gameDir
) and load public key rings from the path
specified in the config file.remote_sync.json
(under your gameDir
). RemoteSync
caches the mod list file and uses the cached version if remote does
not have updates.RemoteSync uses PGP to verify if a mod file is trustworthy. Naturally, it means that the trust model of RemoteSync is the Web of Trust.
Put it simple, users establish trusts by trusting third parties' public key(s) and thus public keys that those third parties trust. Example:
RemoteSync uses detached signatures, so that mod files themselves are verbatim.
remote_sync.json
RemoteSync intentionally does not create this file. It is upon modpack creators to create and properly configure this file.
The following is explanation of this file:
{
"modDir": "remote_synced_mods",
"keyRingPath": "public_keys.asc",
"keyServers": [],
"keyIds": [],
"modList": "http://example.com/",
"timeout": 15000
}
modDir
is the path to the directory where RemoteSync stores downloaded
mods. It is relative to your game directory (a.k.a. the .minecraft
directory).keyRingPath
is the path to the PGP key ring files whose contents are
public keys that users trust. It also functions as the storage for keys
received from designated key servers.
It is also relative to your game directory.keyServers
is a list of key server URLs to receive keys from.keyIds
is a list of keys to search on key servers specified above.
Usually, keys are described as a 16-digit-long hexadecimal number
(i.e. the long format in GPG), without the 0x
prefix.modList
is the URL to the mod list. The format of mod list is in next
section.timeout
is the number of milliseconds for all remote connections to wait
before giving up.The mod list is a JSON file containing exactly one JSON Array that looks like:
[
{
"name": "mod-a-1.0.jar",
"file": "http://example.invalid/mod-a-1.0.jar",
"sig": "http://example.invalid/mod-b-1.0.jar.sig"
},
{
"name": "mod-b-1.0.jar",
"file": "http://example.invalid/mod-b-1.0.jar",
"sig": "http://example.invalid/mod-b-1.0.jar.sig"
}
]
name
is the file name to use for the local cache.file
is the URL to the mod file itself.
URL must be direct and publicly accessible.sig
is the URL to the signature for the mod file.
Again, URL must be direct publicly accessible.cpw's serverpackloactor is a good candidate to consider if you feel uncomfortable about setting up PGP keys.
If you accept using launch arguments, you can try the --fml.mavenRoots
option. Do note that there is also --fml.modLists
option which lets
you use several list files instead of stuffing everything in the arguments.
These list files MUST have extension of list
(i.e. foo.list
, bar.list
),
and their contents are simply maven coordinates, one per line.
Older versions of Forge (for Minecraft 1.12.2 or older) has two options with
similar functionalities: --mods
and --modListFile
.
There is currently no alternatives if you are from Fabric ecosystem. I have started looking into it, but it is very tricky...
Directly import this project as a Gradle Project to your IDE, no special configuration needed.
It is worth noting that this project does not depend on Minecraft itself, only ForgeSPI and ModLauncher. One implication is that you cannot test it directly in your IDE unless you manually set it up.