Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Can't upload tamper proof resource pack #2844

Open
2 tasks done
MopsTMC opened this issue Oct 20, 2024 · 7 comments
Open
2 tasks done

Can't upload tamper proof resource pack #2844

MopsTMC opened this issue Oct 20, 2024 · 7 comments
Labels
bug Something isn't working

Comments

@MopsTMC
Copy link

MopsTMC commented Oct 20, 2024

Please confirm the following.

What browsers are you seeing the problem on?

Firefox

Describe the bug

I am unable to upload a new version for my resource pack due to required use of anti-tamper measures by Packsquash https://github.com/ComunidadAylas/PackSquash/wiki/Options-files#zip_spec_conformance_level.

Steps to reproduce

  1. Generate a resource pack with zip_spec_conformance_level = 'disregard'
  2. Attempt to upload it as a primary file for a new version
  3. Observer the following error on the bottom right
    Error with multipart data: No pack.mcmeta present for pack file. Tip: Make sure pack.mcmeta is in the root directory of your pack! as seen here:

    code/apps/labrinth/src/validate/resourcepack.rs

    Line 32 in 8c1c557

    "No pack.mcmeta present for pack file. Tip: Make sure pack.mcmeta is in the root directory of your pack!",

Expected behavior

This was not an issue prior to 4 months

Additional context

My resource pack is https://modrinth.com/resourcepack/c4music which in order to abide by C418's usage policy requires such methods to prevent extraction which have been implemented upon request of content moderators since July of 2023
@MopsTMC MopsTMC added the bug Something isn't working label Oct 20, 2024
@brawaru
Copy link
Contributor

brawaru commented Oct 20, 2024
edited
Loading

Not a bug. You are essentially creating a corrupted ZIP file, so it's fully expected that validators won't be able to read it. Unless there is a Rust library that can read corrupt ZIP files the same way Minecraft does, I don't think this is fixable.

@MopsTMC
Copy link
Author

MopsTMC commented Oct 20, 2024
edited
Loading

Can't disagree. I can't be the only one with this issue though.
I just don't understand the utility of this validator, it's not user friendly for edge cases like this

@Minenash
Copy link
Contributor

If a validator can't read the file, then how does mc?

@Felix14-v2
Copy link

Felix14-v2 commented Oct 22, 2024
edited
Loading

Minecraft allows you to load an extremely broken zip archives. A lot of creators use this intentionally to protect their work from stealing.

@Minenash
Copy link
Contributor

One problem I could see with this, is what happens if someone reports a project using this method for copyright infringement. This makes it a lot harder for content moderators to check the pack for stolen content

@Felix14-v2
Copy link

Felix14-v2 commented Oct 22, 2024
edited
Loading

I would disagree. In fact, even such protection can be hacked, but for obvious reasons I can only talk about these methods privately. So moderators still can do their work.

@ilyvion
Copy link

ilyvion commented Oct 26, 2024

If Minecraft can read those broken zips, then so could any other Java program, really, using the same method(s). Doesn't seem like a very sturdy protection mechanism.

I guess Modrinth could make use of this fact to examine the zips too, should they want to. 🤷

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Milestone
No milestone
Development

No branches or pull requests
5 participants
@ilyvion @brawaru @Minenash @MopsTMC @Felix14-v2