[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [equinox-dev] Using the org.eclipse.osgi.jar.verifier

Hi guys,

I'm interested in using the org.eclipse.osgi.jar.verifier plugin for some security related work that I'm looking into. I have followed the instructions posted at http://dev.eclipse.org/mhonarc/lists/equinox-dev/msg00470.html.

Here is my test scenario:

I'm using a simple rcp application that has two plugins (plugin A & plugin B), each contributing a view. All my plugins are signed. If I run the product initially with all plugins untampered, my rcp starts up as expected and I can see the two views contributed.

If I alter plugin A or B before I initially run the rcp for the first time, I get an exception indicating that the plugin has been tampered with, so only one view is contributed, which is expected.

But if I initially start the rcp in an untampered state, and then alter plugin A or B and start it up again, the jar verifier doesn't recognise this. In this scenario, the jar verifier will only pick up the changes if I use the -clean argument. Is there a way around this?

--
Best Regards
Andre Oosthuizen