[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
Re: [equinox-dev] Signed content support in Equinox
|
The authorization support in Equinox was
provisional and got removed as part of the Luna (Equinox 4.3) release.
It seems the documentation did not make it clear that this was provisional
and also did not remove the authorization option from the docs.
With that said, you should be able to
implement your own support for this by implementing a system bundle fragment
that checks for authorization of the bundle signers and then forces the
bundles to be unresolved if they are not authorized by using a ResolverHook.
Another option is to open a bug against
Equinox and we can look to contributing back support for the authorization
engine into Equinox. At the time it was removed was when the framework
was being rewritten to no longer use our internal resolve and instead use
a standard OSGi Resolver service. Our internal resolver implementation
had a straight forward way to disable bundles and provide useful resolution
error messages for why it was disabled. The authorization support
used this resolver API to disabled unauthorized bundles. The same
can be accomplished with the OSGi resolver through the use of resolver
hooks, but there is not a good way to provide a nice error message. We
would have to look at how to make that work nicely.
Tom
From:
Achim Finke <achim.finke@xxxxxxxxxxxxxx>
To:
equinox-dev@xxxxxxxxxxx
Date:
06/30/2015 09:05 AM
Subject:
[equinox-dev]
Signed content support in Equinox
Sent by:
equinox-dev-bounces@xxxxxxxxxxx
Hi all,
In Equinox 3.9 (Eclipse 4.3) it was possible
to configure the following properties in eclipse.ini to
enable Authorization.
osgi.signedcontent.support=all
osgi.signedcontent.authorization.engine.policy=trusted
osgi.framework.keystore=file:truststore.jks
Setting up the same properties in Equinox
3.10 (Eclipse 4.4) seems to have no effect. I can start the application
regardless wether my bundles are signed with the right key or not.
I already asked this question on Stackoverflow but
the use case seems not to be that common as I thought so I didn't get an
answer. Hope you can help :-).
Thanks,
Achim_______________________________________________
equinox-dev mailing list
equinox-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe
from this list, visit
https://dev.eclipse.org/mailman/listinfo/equinox-dev