[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [equinox-dev] Using the org.eclipse.osgi.jar.verifier

Hmm. This seems like a caching problem (ie. bug). The jar verifier has to 
verify the jar each time it is loaded. This could just be verifying that 
the JAR has not been altered since the last full verification.

BJ Hargrave
Senior Technical Staff Member, IBM
OSGi Fellow and CTO of the OSGi Alliance
hargrave@xxxxxxxxxx
Office: +1 407 849 9117 Mobile: +1 386 848 3788



Andre Oosthuizen <andreo@xxxxxxxx> 
Sent by: equinox-dev-bounces@xxxxxxxxxxx
2005-11-21 03:27 AM
Please respond to
Equinox development mailing list


To
Equinox development mailing list <equinox-dev@xxxxxxxxxxx>
cc

Subject
Re: [equinox-dev] Using the org.eclipse.osgi.jar.verifier






Hi guys,

I'm interested in using the org.eclipse.osgi.jar.verifier plugin for 
some security related work that I'm looking into. I have followed the 
instructions posted at 
http://dev.eclipse.org/mhonarc/lists/equinox-dev/msg00470.html.

Here is my test scenario:

I'm using a simple rcp application that has two plugins (plugin A & 
plugin B), each contributing a view. All my plugins are signed. If I run 
the product initially with all plugins untampered, my rcp starts up as 
expected and I can see the two views contributed.

If I alter plugin A or B before I initially run the rcp for the first 
time, I get an exception indicating that the plugin has been tampered 
with, so only one view is contributed, which is expected.

But if I initially start the rcp in an untampered state, and then alter 
plugin A or B and start it up again, the jar verifier doesn't recognise 
this. In this scenario, the jar verifier will only pick up the changes 
if I use the -clean argument. Is there a way around this?

-- 
Best Regards
Andre Oosthuizen


_______________________________________________
equinox-dev mailing list
equinox-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/equinox-dev