|How would I update the JSch supplied with Eclipse [message #671390]
||Tue, 17 May 2011 13:45
| Tom Quarendon
Registered: July 2009
We've got a customer problem with SSH connections and I believe that the issue might be solved with a later JSch (0.1.44 rather than 0.1.41 as shipped with Eclipse).|
In order to test this out I need to bundle a 0.44 version of JSch with the eclipse we ship.
However my naive attempts at doing this fail. If I just download Jsch 0.1.44 and create an eclipse plugin from it and replace them delete the com.jcraft.jsch version 0.1.41 plugin and put in my 0.1.44 plugin instead, then eclipse fails to load properly and if I look in the About dialog at the installed plugins I get no Jsch.
My suspicion is that this is a jar signing problem -- there are no messages of any kind in the .metadata/.log file to indicate class not found of the kind I'd normally expect.
Should I expect to be able to just drop an updated Jsch plugin in like this? Do I have to worry about jar signing at all if I do (in a way one wonders why the plugins are signed if I can just do this, anyway).
Thanks for any help.
|Re: How would I update the JSch supplied with Eclipse [message #671397 is a reply to message #671390]
||Tue, 17 May 2011 14:08
| David Williams
Registered: July 2009
On 05/17/2011 01:45 PM, Tom Quarendon wrote:|
> However my naive attempts at doing this fail. If I just
> download Jsch 0.1.44 and create an eclipse plugin from it
> and replace them delete the com.jcraft.jsch version 0.1.41
> plugin and put in my 0.1.44 plugin instead,
You'll need to create a feature patch, and install your new plugin by
installing the patched feature.
Not sure which feature com.jcraft.jsch is shipiped in, but your patch
feature needs to refer to it, and to its exact version.
Eclipse Help covers patch features pretty well.
> Do I have to worry about jar signing
> at all if I do (in a way one wonders why the plugins are
> signed if I can just do this, anyway).
No ... you don't need to worry about signing (well, not to get it to
Jars are signed basically for one reason ... it is a good guarantee the
jar has not been tampered with by anyone, after being signed. So at
Eclipse, we sign jars in a controlled, secure way, so if a jar says it
was "signed by Eclipse" you can pretty much bet it really is the code
exactly as distributed by Eclipse. You could not, for example, go in and
change "by hand" the original com.jcraft.jsch bundle without Eclipse
(Java) complaining that its signature was invalid.
So, you customers might prefer a jar, signed by you, so they'd know
where it came from :) but if you don't, they'll just get a warning "you
are about to install unsigned jars, is that really want you want to do".
Powered by FUDForum
. Page generated in 0.02836 seconds