From 8827801ae6e319c14c192abbc968bc71ae9fbadb Mon Sep 17 00:00:00 2001 From: szymonsztuka Date: Tue, 20 Nov 2018 13:53:11 +0100 Subject: [PATCH] CORDA-1915 Release notes for build system signing CorDapp JARs. (#4185) --- docs/source/changelog.rst | 6 ++++++ docs/source/release-notes.rst | 7 +++++++ docs/source/upgrade-notes.rst | 19 +++++++++++++++++++ 3 files changed, 32 insertions(+) diff --git a/docs/source/changelog.rst b/docs/source/changelog.rst index 2b965c6969..ed3a45b4da 100644 --- a/docs/source/changelog.rst +++ b/docs/source/changelog.rst @@ -282,6 +282,12 @@ and there is no reason for a CorDapp developer to use it. It is just an internal * `issuer_ref` column in `FungibleStateSchema` was updated to be nullable to support the introduction of the `FungibleState` interface. The `vault_fungible_states` table can hold both `FungibleAssets` and `FungibleStates`. +* CorDapps built by ``corda-gradle-plugins`` are now signed and sealed JAR files. + Signing can be configured or disabled, and it defaults to using the Corda development certificate. + +* Finance CorDapp is now build as a sealed and signed JAR file. + Custom classes can no longer be placed in the packages defined in Finance Cordapp or access it's non-public members. + Version 3.3 ----------- diff --git a/docs/source/release-notes.rst b/docs/source/release-notes.rst index 71033c1c65..df0fed56e2 100644 --- a/docs/source/release-notes.rst +++ b/docs/source/release-notes.rst @@ -25,6 +25,13 @@ Significant Changes in 4.0 Added auto-accepting for a subset of network parameters, negating the need for a node operator to manually run an accept command on every parameter update. This behaviour can be turned off via the node configuration. +* **CorDapp JAR Signing and Sealing**: + + CorDapps built by corda-gradle-plugins are now signed and sealed JAR files. + Signing can be configured or disabled, and it defaults to using the Corda development certificate. + Signed CorDapps facilitate signature constraints checks. + Sealed JARs require a unique package to be shipped within a single CorDapp JAR. Sealing can be disabled. + << MORE TO COME >> .. _release_notes_v3_3: diff --git a/docs/source/upgrade-notes.rst b/docs/source/upgrade-notes.rst index a7592b3097..af5138c25d 100644 --- a/docs/source/upgrade-notes.rst +++ b/docs/source/upgrade-notes.rst @@ -192,6 +192,25 @@ For H2: * MockNetwork: ``MockNodeParameters`` and functions creating it no longer use a lambda expecting a ``NodeConfiguration`` object. Use a ``MockNetworkConfigOverrides`` object instead. +* Finance CorDapp (*corda-finance-XXX.jar*) is now build as a sealed and signed JAR file. + This means classes in your CorDapps cannot be placed under the following packages: + + .. sourcecode:: java + + net.corda.finance + net.corda.finance.contracts + net.corda.finance.contracts.asset.cash.selection + net.corda.finance.contracts.asset + net.corda.finance.contracts.math + net.corda.finance.flows + net.corda.finance.internal + net.corda.finance.plugin + net.corda.finance.schemas + net.corda.finance.utils + + Refactor any classes by moving them into a new package, e.g. *net/corda/finance/flows.MyClass.java* can be moved to *net/corda/finance/flows/company/MyClass.java*. + Also your classes are no longer able to access non-public members of Finance CorDapp classes. + V3.2 to v3.3 ------------