Eclipse Community Forums
Forum Search:

Search      Help    Register    Login    Home
Home » Eclipse Projects » Equinox » Eclipse feature/plugin integrity validation
Eclipse feature/plugin integrity validation [message #512175] Thu, 04 February 2010 10:05 Go to next message
Igor Jacy Lino Campista is currently offline Igor Jacy Lino Campista
Messages: 34
Registered: July 2009
Member

I was wondering if there is any way or functionality, headless to verify that all the bundles/plugins/features of a given Eclipse installation are valid.

The definition of valid is:
-Contains all the files that are expected to be there.
-The files have not been tampered or modified in any matter.
-The content as a whole has a checksum that is verified against.


So for example if by some situation, a file is deleted by an antivirus or other process or mistake, running a simple command like "eclipse -verifyIntegrity" will give a very good diagnostic of corrupted features/plugins, registry and so on.

It goes in the direction of diagnostics and perhaps self-repair.
So maybe Eclipse can repair itself on that level.

Any thoughts on that?

Cheers,
Igor
Re: Eclipse feature/plugin integrity validation [message #512280 is a reply to message #512175] Thu, 04 February 2010 14:59 Go to previous messageGo to next message
Thomas Watson is currently offline Thomas Watson
Messages: 427
Registered: July 2009
Senior Member
p2 (and old update) do verify the content of signed features and bundles as they are being installed into the platform. But there is no built in tool to check the validity of an install.

The facilities are there to check the integrity/validity of the installed features and bundles so a tool like that should not be hard to implement. It could use the service org.eclipse.osgi.signedcontent.SignedContentFactory and check get the SignedContent for each bundle and feature File. It could then use the SignedContent to check the validity of each signed bundle/feature File.

There is also an option to verify bundle content as it is loaded at runtime. This is similar to how secure class loaders in java verify signed jars at runtime. See the runtime osgi.signedcontent.support=runtime option in help. This only checks that the signed resources you are loading are not corrupted as they are loaded. It does not cause a full scan of every resource in your installation.

HTH

Tom.
Re: Eclipse feature/plugin integrity validation [message #512464 is a reply to message #512280] Fri, 05 February 2010 09:04 Go to previous message
Igor Jacy Lino Campista is currently offline Igor Jacy Lino Campista
Messages: 34
Registered: July 2009
Member
Hi Thomas,

Thanks for the reply, very informative indeed, I will mention that to another project which may be interested.

I have created a feature request in the equinox project. Hopefully it was the correct place (please tell me if it was not the correct place):
https://bugs.eclipse.org/bugs/show_bug.cgi?id=301874

The request is about integrity, validation, diagnosis and self-repair.

Cheers,
Igor
Previous Topic:Headless 'Install new Software'
Next Topic:Equinox director application--->against--->legacy update site
Goto Forum:
  


Current Time: Sat Sep 20 06:18:07 GMT 2014

Powered by FUDForum. Page generated in 0.03135 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software