| [equinox-dev] keystores and signature recognition |
Hi, I’ve been trying Equinox’s Conditional Permission Admin and can’t get it to run with signed bundles. I’ve seen past threads in this ML but it seems a lot has changed, as most of the properties now have different names or accepted values. Looking at the Eclipse Runtime Options page was helpful but not enough.
-Declipse.security="osgi" -Dosgi.signedcontent.support="runtime" -Dosgi.framework.keystore=file:/C:/DEV/SEC/myKeystore – note the keystore is password protected. I have a bunch of bundles in my p2 managed /plugins folder that are signed. I also have a simple bundle that registers a conditional ALL permission to every bundle that is signed with my keystore. Here is the string I used: Allow { [org.osgi.service.condpermadmin.BundleSignerCondition "o=TEST" ] ( java.security.AllPermission “*” “*” ) } The problem is that after my permissions bundle commits the changes everyone loses any permission. That’s probably because my bundle populates the conditional policy table so now it doesn’t default to <<all permission>> but obviously my signature isn’t recognized so all bundles lose their current permissions. Can you help me? I must be missing something or doing it wrong… Thank you, Borislav |