[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [equinox-dev] Using the org.eclipse.osgi.jar.verifier

Hmm. This seems like a caching problem (ie. bug). The jar verifier has to 
verify the jar each time it is loaded. This could just be verifying that 
the JAR has not been altered since the last full verification.

BJ Hargrave
Senior Technical Staff Member, IBM
OSGi Fellow and CTO of the OSGi Alliance
Office: +1 407 849 9117 Mobile: +1 386 848 3788

Andre Oosthuizen <andreo@xxxxxxxx> 
Sent by: equinox-dev-bounces@xxxxxxxxxxx
2005-11-21 03:27 AM
Please respond to
Equinox development mailing list

Equinox development mailing list <equinox-dev@xxxxxxxxxxx>

Re: [equinox-dev] Using the org.eclipse.osgi.jar.verifier

Hi guys,

I'm interested in using the org.eclipse.osgi.jar.verifier plugin for 
some security related work that I'm looking into. I have followed the 
instructions posted at 

Here is my test scenario:

I'm using a simple rcp application that has two plugins (plugin A & 
plugin B), each contributing a view. All my plugins are signed. If I run 
the product initially with all plugins untampered, my rcp starts up as 
expected and I can see the two views contributed.

If I alter plugin A or B before I initially run the rcp for the first 
time, I get an exception indicating that the plugin has been tampered 
with, so only one view is contributed, which is expected.

But if I initially start the rcp in an untampered state, and then alter 
plugin A or B and start it up again, the jar verifier doesn't recognise 
this. In this scenario, the jar verifier will only pick up the changes 
if I use the -clean argument. Is there a way around this?

Best Regards
Andre Oosthuizen

equinox-dev mailing list