Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [tycho-user] Block unsigned jar in eclipse RCP

Look for the option "".
Enable the following option in the config.ini of your RCP application:
Note this will have some impact on the performance of class loading.  This is not enabled by default because it is assumed the JARs are verified by the agent that is installing the bundles (i.e. p2 does this verification before allowing the bundle to be installed).  I only see a reason to enable this if you have a scenario where you are allowing completely unverified content to be installed into your application.  Something that should be viewed as extremely dangerous and I would never recommend allowing that.

----- Original message -----
From: Guillaume Dufour <guillaume.duff@xxxxxxxxx>
Sent by: tycho-user-bounces@xxxxxxxxxxx
To: tycho-user@xxxxxxxxxxx
Subject: [EXTERNAL] [tycho-user] Block unsigned jar in eclipse RCP
Date: Thu, Oct 22, 2020 6:01 AM

I want to block overwrite of some classes in an Eclipse RCP (OSGI) application. I sign all my jars but when i modify the SHA-256 in the manifest, the application start without problem.


As i see it's normal because OSGI don't check signature by default here :


Is it possible to force signature check on class loading in an Eclipse RCP on all jars or on some specific jars ?

If not, how could I protect on code overwrite in java eclipse RCP world ?

For information all my code is already obfuscated and jars are signed.

I already post this on stackoverflow but without any reply :
tycho-user mailing list
To unsubscribe from this list, visit

Back to the top