[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [equinox-dev] Using the org.eclipse.osgi.jar.verifier


Are you sure you are running with the following VM properties set

osgi.framework.extensions=org.eclipse.osgi.jarverifier
eclipse.security=org.eclipse.osgi.framework.internal.core.FrameworkSecurityManager


Start Eclipse with the -console option and run the "ss" and "props" commands at the osgi> prompt:

osgi> ss
osgi> props

Please open a bug against Equinox->Incubator and post the output of these two commands in your environment.

BJ, according to the OSGi spec is the Framework required to verify to whole jar each time the Framework is started?  The current implementation verifies each entry of the bundle as it is loaded on demand (e.g. when a class/resource is loaded).  We do not aggressively verify the complete jar at startup.  This would effect startup time in an unacceptable way.  Imagine verifying 1000 jar files at startup.  It would take over 10 minutes just to startup!!

Andre, you may want to try running Eclipse with the property osgi.checkConfiguration=true set.  This should cause any bundles which get modified to be reinstalled.  Similar to -clean except only for the bundles which got modified.

Tom





BJ Hargrave/Austin/IBM@IBMUS
Sent by: equinox-dev-bounces@xxxxxxxxxxx

11/21/2005 07:22 AM

Please respond to
Equinox development mailing list

To
Equinox development mailing list <equinox-dev@xxxxxxxxxxx>
cc
Subject
Re: [equinox-dev] Using the org.eclipse.osgi.jar.verifier





Hmm. This seems like a caching problem (ie. bug). The jar verifier has to
verify the jar each time it is loaded. This could just be verifying that
the JAR has not been altered since the last full verification.

BJ Hargrave
Senior Technical Staff Member, IBM
OSGi Fellow and CTO of the OSGi Alliance
hargrave@xxxxxxxxxx
Office: +1 407 849 9117 Mobile: +1 386 848 3788



Andre Oosthuizen <andreo@xxxxxxxx>
Sent by: equinox-dev-bounces@xxxxxxxxxxx
2005-11-21 03:27 AM
Please respond to
Equinox development mailing list


To
Equinox development mailing list <equinox-dev@xxxxxxxxxxx>
cc

Subject
Re: [equinox-dev] Using the org.eclipse.osgi.jar.verifier






Hi guys,

I'm interested in using the org.eclipse.osgi.jar.verifier plugin for
some security related work that I'm looking into. I have followed the
instructions posted at
http://dev.eclipse.org/mhonarc/lists/equinox-dev/msg00470.html.

Here is my test scenario:

I'm using a simple rcp application that has two plugins (plugin A &
plugin B), each contributing a view. All my plugins are signed. If I run
the product initially with all plugins untampered, my rcp starts up as
expected and I can see the two views contributed.

If I alter plugin A or B before I initially run the rcp for the first
time, I get an exception indicating that the plugin has been tampered
with, so only one view is contributed, which is expected.

But if I initially start the rcp in an untampered state, and then alter
plugin A or B and start it up again, the jar verifier doesn't recognise
this. In this scenario, the jar verifier will only pick up the changes
if I use the -clean argument. Is there a way around this?

--
Best Regards
Andre Oosthuizen


_______________________________________________
equinox-dev mailing list
equinox-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/equinox-dev


_______________________________________________
equinox-dev mailing list
equinox-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/equinox-dev