[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [equinox-dev] Using the org.eclipse.osgi.jar.verifier

The org.eclipse.osgi.jarverifier project is a fragment to the OSGi Framework implementation (org.eclipse.osgi).  This fragment supplies the support for verifying the signitures of bundles.  The verification code is needed by the framework adaptor very early when the framework is loading the bundles at startup.  This requires the jarverifier to be specified as a framework extension in the config.ini.  Here are the steps to use the jarverifier:

1) Extract and build the jarverifier project from the equinox repository at org.eclipse.equinox/phase2/org.eclipse.osgi.jarverifier.  This should produce a org.eclipse.osgi.jarverifier_1.0.0.jar file.
2) Place this file into the plugins directory of your eclipse target.  This needs to be the same directory where the org.eclipse.osgi_3.1.0.jar file is located.
3) Add the following lines to the config.ini or pass these as VM property arguments:

If you want to selfhost with the org.eclipse.osgi.jarverifier in your workspace then you must also have the org.eclipse.osgi project in your workspace.  When self-hosting it is easiest to set the osgi.framework.extensions and eclipse.securty properties as -D VM arguments

The jarverifier will search for keystores in 3 standard locations:
1) "file:" + System.getProperty("java.home") + "/lib/security/cacerts"
2) "file:" + System.getProperty("user.home") + "/.keystore"
3) Look in any java policy files which are configured in the Security properties.  This is done by setting the policy.uri.<number> properties in the security/java.security file of your installed JRE these properties are used to set the default java.policy files that should be used by the JRE.  A java.policy may specify a keystore to use.

In addition to these 3 standard java locations the jarverifier will also look for a keystore at the URL specified by the "osgi.framework.keystore" system property.  If you sign bundles with a private key for which no public key exists in one of the standard keystores then you must import your personal public key into one of the supported keystores.


Pascal Rapicault <Pascal_Rapicault@xxxxxxxxxx>
Sent by: equinox-dev-bounces@xxxxxxxxxxx

09/21/2005 09:04 PM

Please respond to
Equinox development mailing list

[equinox-dev] Using the org.eclipse.osgi.jar.verifier


Could someone post an example on how is the org.eclipse.osgi.jarverifier bundle supposed to be used?

I'm looking for something that wiill contain all the details about keystore and other painful details like that.


equinox-dev mailing list