[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
Re: [equinox-dev] Using the org.eclipse.osgi.jar.verifier
|
Hmm. This seems like a caching problem (ie. bug). The jar verifier has to
verify the jar each time it is loaded. This could just be verifying that
the JAR has not been altered since the last full verification.
BJ Hargrave
Senior Technical Staff Member, IBM
OSGi Fellow and CTO of the OSGi Alliance
hargrave@xxxxxxxxxx
Office: +1 407 849 9117 Mobile: +1 386 848 3788
Andre Oosthuizen <andreo@xxxxxxxx>
Sent by: equinox-dev-bounces@xxxxxxxxxxx
2005-11-21 03:27 AM
Please respond to
Equinox development mailing list
To
Equinox development mailing list <equinox-dev@xxxxxxxxxxx>
cc
Subject
Re: [equinox-dev] Using the org.eclipse.osgi.jar.verifier
Hi guys,
I'm interested in using the org.eclipse.osgi.jar.verifier plugin for
some security related work that I'm looking into. I have followed the
instructions posted at
http://dev.eclipse.org/mhonarc/lists/equinox-dev/msg00470.html.
Here is my test scenario:
I'm using a simple rcp application that has two plugins (plugin A &
plugin B), each contributing a view. All my plugins are signed. If I run
the product initially with all plugins untampered, my rcp starts up as
expected and I can see the two views contributed.
If I alter plugin A or B before I initially run the rcp for the first
time, I get an exception indicating that the plugin has been tampered
with, so only one view is contributed, which is expected.
But if I initially start the rcp in an untampered state, and then alter
plugin A or B and start it up again, the jar verifier doesn't recognise
this. In this scenario, the jar verifier will only pick up the changes
if I use the -clean argument. Is there a way around this?
--
Best Regards
Andre Oosthuizen
_______________________________________________
equinox-dev mailing list
equinox-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/equinox-dev