Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [equinox-dev] Signing of exploded jars


It should be possible for the signature verification in equinox to read signed directory bundles.  The problem is how to sign such a bundle.  One possibility is to zip the contents of the bundle and then sign that zip file using jarsigner (or any other way of signing jars) then you can explode that signed zip back out to disk.  This should update the manifest with all the digests of the files contained in the bundle.  It will also add /META-INF/*.sf and /META-INF/*.rsa files to the bundle.  Now it is true that the filesystem could be tampered with, which would corrupt the bundle.  But this is true for jars as well.  You can just as easily modify the content of a jar file.  The end result for both types of tempering is that the signature verification code in equinox should fail to valid the digests and signatures of the content of the bundle and errors will be thrown.

Tom



Pascal Rapicault <Pascal_Rapicault@xxxxxxxxxx>
Sent by: equinox-dev-bounces@xxxxxxxxxxx

10/05/2005 05:01 PM

Please respond to
Equinox development mailing list

To
Equinox development mailing list <equinox-dev@xxxxxxxxxxx>
cc
Subject
Re: [equinox-dev] Signing of exploded jars






Yes the best practice is to have plug-ins jar'ed however there are cases where this can't be achieved (see the help plugins or pde build). This is why it is necessary to have a solution for this type of problem which includes in the signature files all the files contained in the plug-in.

For example, maybe a signature jar (containing all the signature for all the files from the plugin) needs to be injected at the root of the plug-in and it needs to be checked by the verifier available from equinox.

Ted would you have some cycle to investigate that?


PaScaL



Ted Habeck <habeck@xxxxxxxxxx>
Sent by: equinox-dev-bounces@xxxxxxxxxxx

10/05/2005 02:52 PM

Please respond to
Equinox development mailing list

To
Equinox development mailing list <equinox-dev@xxxxxxxxxxx>
cc
Subject
Re: [equinox-dev] Signing of exploded jars








The challenge is ensuring that configuration files such as plugin.xml,   META-INF/MANFIEST.MF, and  OSGI-INF/PERMISSIONS.PERM have not been altered since installation.   If this file is not part of a JAR, then there is no obvious way of ensuring that it has not been tampered with or altered to change package export/access rules, and required permission assignments etc.  

Certainly, the code of pdebuild.jar can be signed via an ant script using the <signjar> tag, but we'll loose some integrity if the rest of the plug-in configuration files are not immutable.


As I recall, it is also a 3.1 best practice to leave plug-ins JAR'd rather than expanding during installation.


- Ted


Pascal Rapicault <Pascal_Rapicault@xxxxxxxxxx>
Sent by: equinox-dev-bounces@xxxxxxxxxxx

10/05/2005 14:22

Please respond to
Equinox development mailing list <equinox-dev@xxxxxxxxxxx>


To
equinox-dev@xxxxxxxxxxx
cc
Subject
[equinox-dev] Signing of exploded jars










Hello,

Do you think it is somehow possible to sign plug-ins that are not jar'ed (for example org.eclipse.pde.build in eclipse 3.1).


Thanks,

PaScaL
_______________________________________________
equinox-dev mailing list
equinox-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/equinox-dev
_______________________________________________
equinox-dev mailing list
equinox-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/equinox-dev

_______________________________________________
equinox-dev mailing list
equinox-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/equinox-dev


Back to the top