Re: [equinox-dev] Using the org.eclipse.osgi.jar.verifier

[Jeff McAffer <Jeff_McAffer@xxxxxxxxxx>]

For fun I put this on the Equinox web
site at
        http://dev.eclipse.org/viewcvs/indextech.cgi/~checkout~/equinox-home/security/verifier.html

After the transition we should have
a Wiki on the site and that will make things much easier.

Jeff

Thomas Watson <tjwatson@xxxxxxxxxx>
Sent by: equinox-dev-bounces@xxxxxxxxxxx

09/22/2005 10:37 AM

Please respond to
Equinox development mailing list

To	Equinox development mailing list <equinox-dev@xxxxxxxxxxx>
cc
Subject	Re: [equinox-dev] Using the org.eclipse.osgi.jar.verifier

The org.eclipse.osgi.jarverifier project is a fragment to the OSGi Framework
implementation (org.eclipse.osgi).  This fragment supplies the support
for verifying the signitures of bundles.  The verification code is
needed by the framework adaptor very early when the framework is loading
the bundles at startup.  This requires the jarverifier to be specified
as a framework extension in the config.ini.  Here are the steps to
use the jarverifier: 

1) Extract and build the jarverifier project from the equinox repository
at org.eclipse.equinox/phase2/org.eclipse.osgi.jarverifier.  This
should produce a org.eclipse.osgi.jarverifier_1.0.0.jar file.
2) Place this file into the plugins directory of your eclipse target.  This
needs to be the same directory where the org.eclipse.osgi_3.1.0.jar file
is located. 
3) Add the following lines to the config.ini or pass these as VM property
arguments: 
        osgi.framework.extensions=org.eclipse.osgi.jarverifier
        eclipse.security=org.eclipse.osgi.framework.internal.core.FrameworkSecurityManager

If you want to selfhost with the org.eclipse.osgi.jarverifier in your workspace
then you must also have the org.eclipse.osgi project in your workspace.
 When self-hosting it is easiest to set the osgi.framework.extensions
and eclipse.securty properties as -D VM arguments 

The jarverifier will search for keystores in 3 standard locations:
1) "file:" + System.getProperty("java.home") + "/lib/security/cacerts"
2) "file:" + System.getProperty("user.home") + "/.keystore"
3) Look in any java policy files which are configured in the Security properties.
 This is done by setting the policy.uri.<number> properties
in the security/java.security file of your installed JRE these properties
are used to set the default java.policy files that should be used by the
JRE.  A java.policy may specify a keystore to use.

In addition to these 3 standard java locations the jarverifier will also
look for a keystore at the URL specified by the "osgi.framework.keystore"
system property.  If you sign bundles with a private key for which
no public key exists in one of the standard keystores then you must import
your personal public key into one of the supported keystores.

Tom

Pascal Rapicault <Pascal_Rapicault@xxxxxxxxxx>
Sent by: equinox-dev-bounces@xxxxxxxxxxx

09/21/2005 09:04 PM

Please respond to
Equinox development mailing list

To	equinox-dev@xxxxxxxxxxx
cc
Subject	[equinox-dev] Using the org.eclipse.osgi.jar.verifier

Hello, 

Could someone post an example on how is the org.eclipse.osgi.jarverifier
bundle supposed to be used? 
I'm looking for something that wiill contain all the details about keystore
and other painful details like that. 

ThX 

PaScaL _______________________________________________
equinox-dev mailing list
equinox-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/equinox-dev
_______________________________________________
equinox-dev mailing list
equinox-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/equinox-dev