[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [equinox-dev] Using the org.eclipse.osgi.jar.verifier
- From: Andre Oosthuizen <andreo@xxxxxxxx>
- Date: Mon, 21 Nov 2005 10:27:31 +0200
- Delivered-to: email@example.com
- Organization: Jigsaw Interactive cc
- User-agent: Mozilla Thunderbird 1.0.6 (Windows/20050716)
I'm interested in using the org.eclipse.osgi.jar.verifier plugin for
some security related work that I'm looking into. I have followed the
instructions posted at
Here is my test scenario:
I'm using a simple rcp application that has two plugins (plugin A &
plugin B), each contributing a view. All my plugins are signed. If I run
the product initially with all plugins untampered, my rcp starts up as
expected and I can see the two views contributed.
If I alter plugin A or B before I initially run the rcp for the first
time, I get an exception indicating that the plugin has been tampered
with, so only one view is contributed, which is expected.
But if I initially start the rcp in an untampered state, and then alter
plugin A or B and start it up again, the jar verifier doesn't recognise
this. In this scenario, the jar verifier will only pick up the changes
if I use the -clean argument. Is there a way around this?