[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [equinox-dev] Signed content support in Equinox

The authorization support in Equinox was provisional and got removed as part of the Luna (Equinox 4.3) release.  It seems the documentation did not make it clear that this was provisional and also did not remove the authorization option from the docs.

With that said, you should be able to implement your own support for this by implementing a system bundle fragment that checks for authorization of the bundle signers and then forces the bundles to be unresolved if they are not authorized by using a ResolverHook.

Another option is to open a bug against Equinox and we can look to contributing back support for the authorization engine into Equinox.  At the time it was removed was when the framework was being rewritten to no longer use our internal resolve and instead use a standard OSGi Resolver service.  Our internal resolver implementation had a straight forward way to disable bundles and provide useful resolution error messages for why it was disabled.  The authorization support used this resolver API to disabled unauthorized bundles.  The same can be accomplished with the OSGi resolver through the use of resolver hooks, but there is not a good way to provide a nice error message.  We would have to look at how to make that work nicely.

Tom





From:        Achim Finke <achim.finke@xxxxxxxxxxxxxx>
To:        equinox-dev@xxxxxxxxxxx
Date:        06/30/2015 09:05 AM
Subject:        [equinox-dev] Signed content support in Equinox
Sent by:        equinox-dev-bounces@xxxxxxxxxxx




Hi all,

In Equinox 3.9 (Eclipse 4.3) it was possible to configure the following properties in eclipse.ini to enable Authorization.
osgi.signedcontent.support=all
osgi.signedcontent.authorization.engine.policy=trusted
osgi.framework.keystore=file:truststore.jks


Setting up the same properties in Equinox 3.10 (Eclipse 4.4) seems to have no effect. I can start the application regardless wether my bundles are signed with the right key or not.

I already asked this question on Stackoverflow but the use case seems not to be that common as I thought so I didn't get an answer. Hope you can help :-).

Thanks,
Achim_______________________________________________
equinox-dev mailing list
equinox-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/equinox-dev