The META-INF/ECLIPSE.RSA seems to be the Certificate used to sign the jar. The checksums can be found in the MANIFEST.MF and the ECLIPSE.SF files.
Regards, Pierre-Arnaud On Jan 15, 2008 11:21 PM, Felix Knecht <[EMAIL PROTECTED]> wrote: > Pierre-Arnaud Marcelot schrieb: > > On Jan 15, 2008 12:09 PM, Felix Knecht <[EMAIL PROTECTED] > > <mailto:[EMAIL PROTECTED]>> wrote: > > > > 3°/ We can remove the sha and md5 checksum files from the > repository, > > but this works only if eclipse doesn't has any internal checksums. > > > > > > Unfortunaltely, the SHA1 checksum we are talking about is inside the > > jar... In the manifest and other files... > > Are we talking about i.e. org.eclipse.search_3.3.1.r331_v20070831_0800.jar > META-INF/ECLIPSE.RSA ? > > Looks to me as created with a Verisign Certificate (which we hardly have): > > cat META-INF/ECLIPSE.RSA > 10 H÷ > 0*H÷ > *H÷ > 0_1<0¥pº*H÷4¶8Ê{̺¿0 > 0 UUS10U > VeriSign, Inc.1705U > 280801235959Z0_1 .Class 3 Public Primary Certification Authority0 > 0 UUS10U > VeriSign, Inc.1705U > [EMAIL PROTECTED]@ .Class 3 Public Primary Certification Authority00 > > Ñ3ÙÙÏîX%÷*¨Dªìx¹ª#}Ö¬¢cEÇr'ÌôLÆuqÒ9ïOBðuß > »L+Ï,&OݦûüÉç± ËS¥ç=¾}þ$E3Üví¢qdLe.hE§0 > 0_10( > A¡*H÷ßÏIef8LuÂ0SðNÖ&ÀvW^!ñѱÿçÐ!XÍiãDD9\ÜVí¢EL令=ð2ñÎøèÉQæbæÀ}·rÉ6:kN¨ÿd > 0 UUS10U > VeriSign, Inc.1705U > 140715235959Z0´1 .Class 3 Public Primary Certification Authority0 > 0 UUS10U > VeriSign, Inc.10U > VeriSign Trust Network1;09U > 0 *H÷ 2Terms of use at > https://www.verisign.com/rpa (c)041.0,U%VeriSign Class 3 > Code Signing 2004 CA0"0 > > <snip /> > > Felix >
