| | 1 | == Introduction == |
| | 2 | |
| | 3 | This page aims to describe the verification process mods undergo before being made readily available on [https://0ad.mod.io/ mod.io]. Because we make those mods official by signing them, we have to ensure they are not broken, that they do not contain malicious code, whether they are indeed OOS compatible, and whether we are not needlessly stealing bandwith for big mods. |
| | 4 | |
| | 5 | == Steps == |
| | 6 | |
| | 7 | === Mod is downloaded === |
| | 8 | |
| | 9 | In general this step should go well, since that's [https://0ad.mod.io/ mod.io]'s responsibility. |
| | 10 | |
| | 11 | === Mod is extracted === |
| | 12 | |
| | 13 | ==== Directory Structure ==== |
| | 14 | |
| | 15 | We need to make sure that the mod as the correct directory structure. E.g. it should be as follows |
| | 16 | {{{ |
| | 17 | └───sky_ships.zip |
| | 18 | │ mod.json |
| | 19 | │ readme.md |
| | 20 | │ |
| | 21 | ├───art |
| | 22 | │ ├───actors |
| | 23 | │ │ └───structures |
| | 24 | │ │ argestesion.xml |
| | 25 | │ │ |
| | 26 | │ └───meshes |
| | 27 | │ └───structural |
| | 28 | │ argestesion.dae |
| | 29 | │ |
| | 30 | └───simulation |
| | 31 | └───templates |
| | 32 | └───structures |
| | 33 | argestesion.xml |
| | 34 | |
| | 35 | }}} |
| | 36 | |
| | 37 | and not like this: |
| | 38 | {{{ |
| | 39 | └───sky_ships.zip |
| | 40 | └───sky_ships |
| | 41 | │ mod.json |
| | 42 | │ readme.md |
| | 43 | │ |
| | 44 | ├───art |
| | 45 | │ ├───actors |
| | 46 | │ │ └───structures |
| | 47 | │ │ argestesion.xml |
| | 48 | │ │ |
| | 49 | │ └───meshes |
| | 50 | │ └───structural |
| | 51 | │ argestesion.dae |
| | 52 | │ |
| | 53 | └───simulation |
| | 54 | └───templates |
| | 55 | └───structures |
| | 56 | argestesion.xml |
| | 57 | }}} |
| | 58 | |
| | 59 | Else it will not work and the game will be confused. On Windows it usually means you generated the zip from outside the folder instead of from inside the folder. |
| | 60 | |
| | 61 | ==== mod.json ==== |
| | 62 | |
| | 63 | The `mod.json` file is an important part of the verification process. For the sake of the demonstration let's assume we have a mod called `Sky Ships` with a mod.io url `https://0ad.mod.io/sky-ships` and a directory structure like the correct one above. |
| | 64 | |
| | 65 | Now let's assume the `mod.json` file looks like this: |
| | 66 | |
| | 67 | {{{#!json |
| | 68 | { |
| | 69 | "name": "sky_ships", |
| | 70 | "version": "1.0.0", |
| | 71 | "label": "New stuff, new things, and new bugs", |
| | 72 | "description": "New stuff, new things, and new bugs + more stuff", |
| | 73 | "dependencies": [ |
| | 74 | "0ad=0.0.25" |
| | 75 | ] |
| | 76 | } |
| | 77 | }}} |
| | 78 | |
| | 79 | A few things are wrong with this `mod.json` |
| | 80 | |
| | 81 | 1. `"name"` should be the same as the `mod.io` url so in this case `sky-ships` and not `sky_ships |
| | 82 | 2. `"label"` should be `Sky Ships` not `"New stuff, new things, and new bugs"` |
| | 83 | |
| | 84 | |
| | 85 | **Note**: If you want to be facetious, you'll notice that we reference the `0ad` mod which is in a `public` folder. It should technically be `empires_ascendant` in an `empires_ascendant` folder. |
| | 86 | |
| | 87 | ==== OOS Compatibility ==== |
| | 88 | |
| | 89 | Since A25 a new flag `"ignoreInCompatibilityChecks"` was introduced. As the name suggests it allows to avoid compatibility checks when playing with other people. However Wildfire Games must make sur it is safe and it won't put other people out of sync. |
| | 90 | |
| | 91 | To do so one might try replaying a match with the mod on, try playing multiplayer, try to rejoin a game to make sure it doesn't affect simulation. If it does, mod will be rejected. |
| | 92 | |
| | 93 | ==== Analyzing files ==== |
| | 94 | |
| | 95 | It's important to browse the mod to look for suspect JavaScript code and suspect files. You must look at every single file to make sure no malicious code gets through. |
| | 96 | |
| | 97 | You can also compare to vanilla versions files using `git`. |
| | 98 | |
| | 99 | {{{#!sh |
| | 100 | # -d is to generate a patch file |
| | 101 | # -u is to ignore whitespace changes |
| | 102 | $ git diff -du |
| | 103 | }}} |
| | 104 | |
| | 105 | If a new file contains `Engine.****` calls you need to make sure there is no foul play, it can also be for big random map scripts. |
| | 106 | |
| | 107 | When checking big mods, it might be wiser to diff mods you already checked using the previous version as reference. Even if they have a git repository it's better to check locally, in case files were added manually. |
| | 108 | |
| | 109 | When having mods with lots of texture, it's good to suggest using the archive builder (to turn png/tga files into dds, dae files into psa or pmd and XML files to XMB) This will reduce the download size greatly and increase the performance. |
| | 110 | |
| | 111 | |
| | 112 | ==== Signing ==== |
| | 113 | |
| | 114 | Once the mod is deemed `safe` we use [https://github.com/jedisct1/minisign Minisign] to sign files. For security reasons only one person can sign mods because it's not good to share that private key around given that it works for an entire alpha. |
| | 115 | |
| | 116 | ==== Adding Metadata ==== |
| | 117 | |
| | 118 | Using the signature file we replace all newlines by `\n` an the tab of the third line by a `\t`. |
| | 119 | We then add curly braces, and we copy paste the `"depenencies"` tag from the `mod.json`. Then we add "minisigs": [""] around the signature ; and we put everything the metadata field of mod.io. |
| | 120 | |
| | 121 | ==== Sending the signature ==== |
| | 122 | |
| | 123 | Once all is done we send the signature for completeness or in case the person wants to share the mod through other means. |
| | 124 | |
| | 125 | |
| | 126 | |
