Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [equinox-dev] Signing of exploded jars


Assuming you have the certificate verification code fragment then, yes this should "just work".

Thomas Watson
Pervasive Development
Phone: 512-838-4533 Tie: 678-4533
tjwatson@xxxxxxxxxx



Jeff McAffer <Jeff_McAffer@xxxxxxxxxx>
Sent by: equinox-dev-bounces@xxxxxxxxxxx

10/06/2005 11:05 AM

Please respond to
Equinox development mailing list

To
Equinox development mailing list <equinox-dev@xxxxxxxxxxx>
cc
Subject
Re: [equinox-dev] Signing of exploded jars






The model I had was that the bundles come signed and in JARs.  When they are installed, some are exploded.  This would explode the signature files etc as well.  Then the verification of directory bundles should kick in.


Summary:  Does this all just work today?


Jeff



Thomas Watson <tjwatson@xxxxxxxxxx>
Sent by: equinox-dev-bounces@xxxxxxxxxxx

10/06/2005 09:08 AM

Please respond to
Equinox development mailing list

To
Equinox development mailing list <equinox-dev@xxxxxxxxxxx>
cc
Subject
Re: [equinox-dev] Signing of exploded jars








It should be possible for the signature verification in equinox to read signed directory bundles.  The problem is how to sign such a bundle.  One possibility is to zip the contents of the bundle and then sign that zip file using jarsigner (or any other way of signing jars) then you can explode that signed zip back out to disk.  This should update the manifest with all the digests of the files contained in the bundle.  It will also add /META-INF/*.sf and /META-INF/*.rsa files to the bundle.  Now it is true that the filesystem could be tampered with, which would corrupt the bundle.  But this is true for jars as well.  You can just as easily modify the content of a jar file.  The end result for both types of tempering is that the signature verification code in equinox should fail to valid the digests and signatures of the content of the bundle and errors will be thrown.


Tom


Pascal Rapicault <Pascal_Rapicault@xxxxxxxxxx>
Sent by: equinox-dev-bounces@xxxxxxxxxxx

10/05/2005 05:01 PM

Please respond to
Equinox development mailing list


To
Equinox development mailing list <equinox-dev@xxxxxxxxxxx>
cc
Subject
Re: [equinox-dev] Signing of exploded jars










Yes the best practice is to have plug-ins jar'ed however there are cases where this can't be achieved (see the help plugins or pde build). This is why it is necessary to have a solution for this type of problem which includes in the signature files all the files contained in the plug-in.

For example, maybe a signature jar (containing all the signature for all the files from the plugin) needs to be injected at the root of the plug-in and it needs to be checked by the verifier available from equinox.

Ted would you have some cycle to investigate that?


PaScaL

Ted Habeck <habeck@xxxxxxxxxx>
Sent by: equinox-dev-bounces@xxxxxxxxxxx

10/05/2005 02:52 PM

Please respond to
Equinox development mailing list


To
Equinox development mailing list <equinox-dev@xxxxxxxxxxx>
cc
Subject
Re: [equinox-dev] Signing of exploded jars












The challenge is ensuring that configuration files such as plugin.xml,   META-INF/MANFIEST.MF, and  OSGI-INF/PERMISSIONS.PERM have not been altered since installation.   If this file is not part of a JAR, then there is no obvious way of ensuring that it has not been tampered with or altered to change package export/access rules, and required permission assignments etc.  

Certainly, the code of pdebuild.jar can be signed via an ant script using the <signjar> tag, but we'll loose some integrity if the rest of the plug-in configuration files are not immutable.


As I recall, it is also a 3.1 best practice to leave plug-ins JAR'd rather than expanding during installation.


- Ted
Pascal Rapicault <Pascal_Rapicault@xxxxxxxxxx>
Sent by: equinox-dev-bounces@xxxxxxxxxxx

10/05/2005 14:22

Please respond to
Equinox development mailing list <equinox-dev@xxxxxxxxxxx>


To
equinox-dev@xxxxxxxxxxx
cc
Subject
[equinox-dev] Signing of exploded jars














Hello,

Do you think it is somehow possible to sign plug-ins that are not jar'ed (for example org.eclipse.pde.build in eclipse 3.1).


Thanks,

PaScaL
_______________________________________________
equinox-dev mailing list
equinox-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/equinox-dev
_______________________________________________
equinox-dev mailing list
equinox-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/equinox-dev
_______________________________________________
equinox-dev mailing list
equinox-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/equinox-dev
_______________________________________________
equinox-dev mailing list
equinox-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/equinox-dev

_______________________________________________
equinox-dev mailing list
equinox-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/equinox-dev


Back to the top