[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
Re: [equinox-dev] Using the org.eclipse.osgi.jar.verifier
|
Hi guys,
I'm interested in using the org.eclipse.osgi.jar.verifier plugin for
some security related work that I'm looking into. I have followed the
instructions posted at
http://dev.eclipse.org/mhonarc/lists/equinox-dev/msg00470.html.
Here is my test scenario:
I'm using a simple rcp application that has two plugins (plugin A &
plugin B), each contributing a view. All my plugins are signed. If I run
the product initially with all plugins untampered, my rcp starts up as
expected and I can see the two views contributed.
If I alter plugin A or B before I initially run the rcp for the first
time, I get an exception indicating that the plugin has been tampered
with, so only one view is contributed, which is expected.
But if I initially start the rcp in an untampered state, and then alter
plugin A or B and start it up again, the jar verifier doesn't recognise
this. In this scenario, the jar verifier will only pick up the changes
if I use the -clean argument. Is there a way around this?
--
Best Regards
Andre Oosthuizen