============================================================
 RockyGuard Library - Customer Package (Linux x64)
============================================================

This zip contains the Linux x86_64 build of RockyGuard. For the
Windows x64 build, download rockyguard-vX.Y.Z-windows-x64-customer.zip.
Both packages share the same C++ API and license-file format;
see docs/Customer_Documentation.txt for cross-platform coverage.

PLATFORM REQUIREMENTS:

  x86_64 Linux with glibc >= 2.34. Supported distributions:
    - Ubuntu 22.04 LTS (glibc 2.35), Ubuntu 24.04 LTS (glibc 2.39)
    - Debian 12 "Bookworm" (glibc 2.36)
    - RHEL 9 / CentOS Stream 9 / Rocky Linux 9 / AlmaLinux 9 (glibc 2.34)
    - Amazon Linux 2023 (glibc 2.34)
    - Any other x86_64 Linux distribution with glibc 2.34+

  NOT supported in this release (planned for v1.3):
    - glibc < 2.34 distros (RHEL 8, Amazon Linux 2, Debian 10,
      Ubuntu 20.04). A manylinux_2_28 build is planned for v1.3.
    - macOS (arm64 / x86_64). Planned for v1.3.

  To check your glibc version:
    ldd --version | head -1

CONTENTS:

  include/rockyguard/       Public headers (verification only)
    rockyguard.h              Single-include convenience header
    version.h                 Library version macros (auto-generated)
    types.h                   Enums and result types
    license.h                 License data model
    license_verifier.h        License verification
    hardware_fingerprint.h    Machine hardware fingerprinting
    floating_client.h         Floating license client (Premium)
    export.h                  Shared-library export macros

  lib/static/
    librockyguard.a         Static library (OpenSSL bundled inside)

  lib/shared/
    librockyguard.so        Shared library (OpenSSL statically linked)
    librockyguard.sig       Integrity signature (ship next to the .so)

  tools/
    license_keygen              Generate your Ed25519/RSA keypair
    license_create              Create end-user licenses
    license_verify              Verify and inspect license files
    rg_fingerprint              Print machine hardware fingerprint
    floating_server_example     Floating license server (Premium tier only)
    floating_server_config.yaml Sample server config file
    floating_client_example     Floating license client (Premium tier only)

  deps/
    include/openssl/            Bundled OpenSSL headers (statically
                                linked into librockyguard.a on Linux)
    lib/libcrypto.a             Provided for reference; Linux users
                                typically do not need to link it
                                separately.

  examples/
    CMakeLists.txt                  Build script for the examples
    node_locked_example.cpp         Node-locked license verification example
    floating_client_example.cpp     Floating license client example (Premium)

  docs/
    Customer_Documentation.txt/pdf          Library documentation
    Customer_API_Reference.txt/pdf          API reference
    RockyGuard_License_Agreement.txt/pdf    Software License Agreement

QUICK START:

  1. (Optional) Make the tools executable if your unzip didn't
     preserve the x bit:
       chmod +x tools/*

  2. Generate your keypair (once):
       tools/license_keygen --private private.pem --public public.pem

  3. Create end-user licenses (vendor license required, CLI tool):
       tools/license_create \
         --vendor-license vendor_license.json \
         --key private.pem --id "LIC-001" \
         --licensee "User" --product "App" \
         --fingerprint-value "<end user's fingerprint>" \
         --expires "2027-12-31T23:59:59Z"

  4. In your end-user application (NO vendor license needed):
       LicenseVerifier verifier(PUBLIC_KEY);
       auto result = verifier.load("license.json");
       result = verifier.check_node_locked();

LINKING:

  Static (recommended):
    In your CMakeLists.txt:
      target_include_directories(your_app PRIVATE
          path/to/include
          path/to/deps/include)
      target_link_libraries(your_app PRIVATE
          path/to/lib/static/librockyguard.a
          path/to/deps/lib/libssl.a
          path/to/deps/lib/libcrypto.a
          pthread dl)
    The shipped librockyguard.a contains the RockyGuard code only;
    OpenSSL is bundled in the deps/ directory and must be linked
    explicitly. pthread + dl are required by OpenSSL on Linux.

  Shared (.so):
    In your CMakeLists.txt:
      target_compile_definitions(your_app PRIVATE ROCKYGUARD_SHARED_LIB)
      target_include_directories(your_app PRIVATE path/to/include)
      target_link_libraries(your_app PRIVATE
          path/to/lib/shared/librockyguard.so)
      # Either set RPATH so your_app finds the .so at runtime without
      # LD_LIBRARY_PATH:
      set_target_properties(your_app PROPERTIES
          INSTALL_RPATH "$ORIGIN/../lib/shared")
      # ...or ship your_app next to librockyguard.so and set
      # RPATH=$ORIGIN.

    Ship with your application:
      - librockyguard.so
      - librockyguard.sig  (integrity signature; must be next to the .so)
      OpenSSL is statically linked into librockyguard.so; no separate
      libcrypto/libssl runtime to ship.

DIFFERENCES FROM THE WINDOWS BUILD:

  - Extension: .so instead of .dll, no extension on tools (not .exe)
  - No .lib import library (Linux links .so directly)
  - No libcrypto/libssl runtime files to ship (statically linked)
  - No registry-based time anchor (Linux uses file anchors under
    $HOME/.local/share/rockyguard/ and $HOME/.lck_svc_<tag>)
  - Hardware fingerprint fields: MAC from /sys/class/net, CPU ID
    from /proc/cpuinfo, disk serial from /sys/class/block, motherboard
    UUID from /sys/class/dmi/id/product_uuid (root not required on
    most distros; an empty field is hashed as the empty string and
    skipped in match scoring, so missing fields just reduce the
    hardware-match score rather than breaking verification)
