Re: [equinox-dev] a java tool for signing OSGi bundles

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [equinox-dev] a java tool for signing OSGi bundles

From: Jeff McAffer <Jeff_McAffer@xxxxxxxxxx>
Date: Wed, 21 Feb 2007 12:12:23 -0500
Delivered-to: equinox-dev@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/listinfo/equinox-dev>
List-help: <mailto:equinox-dev-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/equinox-dev>, <mailto:equinox-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/listinfo/equinox-dev>, <mailto:equinox-dev-request@eclipse.org?subject=unsubscribe>

thanks for the pointer Pierre. Unfortunately we are not able to use/look at GPL code or related code as that license is incompatible with EPL. You might be interested note that PDE/Update include a tool that recurses through nested JARs and signs them as well as packs/unpacks (using Pack 200). No GUI but for the most part this function needs to be embedded in other things like the build process or update manager.

Jeff

Pierre Parrend <pierre.parrend@xxxxxxxxxxxx>
Sent by: equinox-dev-bounces@xxxxxxxxxxx

02/21/2007 07:32 AM

Please respond to
Equinox development mailing list <equinox-dev@xxxxxxxxxxx>

To	equinox-dev@xxxxxxxxxxx
cc
Subject	[equinox-dev] a java tool for signing OSGi bundles

Hello, as is said on the Equinox Security web page, the only tool that is currently available for signing OSGi bundles is the command line 'jarsigner' (http://www.eclipse.org/equinox/incubator/security/Signing.html). The INRIA has just released a convenient GUI-based (and bundelized) tool, 'SF-Jarsigner', that can be used with any of the open source OSGi implementations (and most probably other, but we did not test them). The SF-Jarsigner has two main features: - sign and verifies bundles (according to the OSGi specs, not the less strict jar specs) - publish bundles into a bundle repository (OBR2 is the current supported format, but it could well be extended to support Eclipse plugins) it is published under the Cecill License, which is a french-law license compatible with the GPL. you will find the code (in a beta version), and necessary documentation at the following address: http://sf-jarsigner.gforge.inria.fr/ to have a look at the tool: http://sf-jarsigner.gforge.inria.fr/example.html Pierre Parrend -- Pierre Parrend Ph.D. Student, Teaching Assistant INRIA-INSA Lyon, France pierre.parrend@insa-lyon web : www.rzo.free.fr _______________________________________________ equinox-dev mailing list equinox-dev@xxxxxxxxxxx https://dev.eclipse.org/mailman/listinfo/equinox-dev

References:
- [equinox-dev] a java tool for signing OSGi bundles
  - From: Pierre Parrend

Prev by Date: Re: [equinox-dev] context class loader of EDT using webstart
Next by Date: [equinox-dev] Problem specifying osgi.config.area using symbolic location (@user.home)
Previous by thread: [equinox-dev] a java tool for signing OSGi bundles
Next by thread: [equinox-dev] Problem specifying osgi.config.area using symbolic location (@user.home)
Index(es):
- Date
- Thread

Breadcrumbs