Agree, we should take the same approach. It should not be part of lib and more "startup" bundles (as we have eventadmin and others).
I will create a Jira about that. Regards JB On 02/02/2020 17:43, Romain Manni-Bucau wrote: > This is a one way choice so then bouncycastle becomes a jre provided lib > (as jaxb was) for consumers and bundles are no more working or use other > actual instances making it potentially corrupted if bundles and part of the > boot - potentially not just karaf jars -must share bc. Also note it would > prevent some osgi manifest feature (capabilities) to work if bc gets it at > some point. > > So guess the boot logic using it must be moved to early bundles too. Can be > part of the jaxb work since it is exactly the same issue. > > Wdyt? > > Le dim. 2 févr. 2020 à 16:53, Benjamin Graf <benjamin.g...@gmx.net> a > écrit : > >> Hi together, >> >> how going on with this topic. Actually bouncastle is the defacto >> standard security library for karaf and bundled by default. So taking >> the approach explained by Robert sounds reasonable to upstream to Karaf >> itself and moving libs to from system to boot and maybe even register >> org.apache.karaf.security.providers = >> org.bouncycastle.jce.provider.BouncyCastleProvider. Something to be >> solved before 4.3RC2? >> >> Regards, >> >> Benjamin >> >> On 15.01.2020 17:00, Robert Varga wrote: >>> On 15/01/2020 16:25, Benjamin Graf wrote: >>>> Hi, >>>> >>>> I'm actually playing around with the latest 4.3.0-SNAPSHOT. I recognize >>>> that the ssh bundle is using bouncycastle for reading pem files right >>>> now (KARAF-6383). The "issue" I'm facing is that if I like to set >>>> bouncycastle as the security provider via >>>> "org.apache.karaf.security.providers = >>>> org.bouncycastle.jce.provider.BouncyCastleProvider" I have to distribute >>>> the same bundle twice or otherwise have to remove it from system and add >>>> needed packages to "org.osgi.framework.bootdelegation". >>>> >>>> Anybody seeing a better solution? >>> Not sure, but in OpenDaylight we have two fragment bundles which attach >>> to framework bundle and expose all of BouncyCastle to OSGi: >>> >>> >> https://github.com/opendaylight/odlparent/tree/master/karaf/bcpkix-framework-ext >>> >> https://github.com/opendaylight/odlparent/tree/master/karaf/bcprov-framework-ext >>> >>> perhaps these should be upstreamed (but then we upgrade BC much more >>> quickly than we upgrade Karaf). >>> >>> Regards, >>> Robert >>> >> >> > -- Jean-Baptiste Onofré jbono...@apache.org http://blog.nanthrax.net Talend - http://www.talend.com
