[
https://issues.apache.org/jira/browse/FELIX-3610?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13422588#comment-13422588
]
Richard S. Hall commented on FELIX-3610:
----------------------------------------
I think the way it is supposed to work is like this:
1. The framework assigns signer certificates to a bundle when it is installed
or reloaded.
1.a) If the bundle is improperly signed then no certificates will be granted to
it.
2. Permissions are granted to the bundle based on its signer certificates.
2.a) Properly signed bundles will get their correct permissions assigned to
them since they have the correct certificates.
2.b) Improperly signed bundles will get default/no permissions assigned to them
since they do not have the correct certificates.
The only case that might be an issue is if you have a condition that says only
bundles signed by Foo can be installed. In this case, if the cache was messed
with, you might see bundles with no Foo certificate installed. The framework
won't delete these bundles, but it doesn't give them certificates either. In
that case, you can delete them yourself or make sure their permissions are
empty.
> Support runtime verification for signed bundles
> -----------------------------------------------
>
> Key: FELIX-3610
> URL: https://issues.apache.org/jira/browse/FELIX-3610
> Project: Felix
> Issue Type: Improvement
> Components: Framework, Framework Security
> Reporter: Guillaume Nodet
> Assignee: Karl Pauls
>
> Signed bundles are only checked when installed, but the goal of signed
> bundles is to make sure no one has changed the jar. This is not ensured
> unless bundle entries are verified when loaded.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
