[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [equinox-dev] a java tool for signing OSGi bundles

thanks for the pointer Pierre. Unfortunately we are not able to use/look at GPL code or related code as that license is incompatible with EPL. You might be interested note that PDE/Update include a tool that recurses through nested JARs and signs them as well as packs/unpacks (using Pack 200).  No GUI but for the most part this function needs to be embedded in other things like the build process or update manager.


Pierre Parrend <pierre.parrend@xxxxxxxxxxxx>
Sent by: equinox-dev-bounces@xxxxxxxxxxx

02/21/2007 07:32 AM

Please respond to
Equinox development mailing list <equinox-dev@xxxxxxxxxxx>

[equinox-dev] a java tool for signing OSGi bundles


as is said on the Equinox Security web page, the only tool that is currently
available for signing OSGi bundles is the command line 'jarsigner'
(http://www.eclipse.org/equinox/incubator/security/Signing.html). The INRIA has
just released a convenient GUI-based (and bundelized) tool, 'SF-Jarsigner', that
can be used with any of the open source OSGi implementations (and most probably
other, but we did not test them).

The SF-Jarsigner has two main features:
- sign and verifies bundles (according to the OSGi specs, not the less strict
jar specs)
- publish bundles into a bundle repository (OBR2 is the current supported
format, but it could well be extended to support Eclipse plugins)

it is published under the Cecill License, which is a french-law license
compatible with the GPL.

you will find the code (in a beta version), and necessary documentation at the
following address:


to have a look at the tool:

Pierre Parrend

Pierre Parrend
Ph.D. Student, Teaching Assistant
INRIA-INSA Lyon, France
web : www.rzo.free.fr
equinox-dev mailing list