Marcel,
Seem that we keep giving you the wrong options!!!
java
-Djava.security.manager=""
-Djava.security.policy=policy
-Dosgi.framework.keystore=file:keystore
-Dosgi.signedcontent.support=true
-jar org.eclipse.osgi_3.4.0.<qualifier>.jar
-console
-consoleLog
Please try this on the latest I-Build of 3.4. The v20071207 version of
org.eclipse.osgi was before we released some of the new signed bundle
support.
Tom
From: Marcel Offermans <[EMAIL PROTECTED]>
To: Equinox development mailing list <[email protected]>
Date: 02/07/2008 07:05 AM
Subject: Re: [equinox-dev] Signed bundles
Hello Thomas,
I'm trying your suggestions:
java -Dosgi.signedcontent.support=true -Djava.security.policy="" -jar
org.eclipse.osgi_3.4.0.v20071207.jar -console
>From what I understand that should give me a framework with security and
signed bundle support, but when I try that and type "services" from the
equinox console, I don't get a (Conditional)PermissionAdmin service.
Greetings, Marcel
On Feb 6, 2008, at 15:43 , Thomas Watson wrote:
The option to enable signed bundles in 3.3 is
osgi.support.signature.verify (notice "support" and "signature" are
reversed). In 3.4 we are introducing a more general option called
osgi.signedcontent.support which does not have simple true|false
options, but we will continue to recognize the old 3.3. option. Matt
is documenting the security options in
https://bugs.eclipse.org/bugs/show_bug.cgi?id=217765
The internal security manager class is needed to fully support
postponed conditions in ConditionalPermissionAdmin. If postponed
conditions are not needed then simply enabling the security manager
with -Djava.security.policy="" will enable the built-in security
manager which will satisfy most needs.
There is an option called eclipse.security. This option is used by
the launcher jar to setup a policy to grant the framework and the
launcher AllPermissions and specify the security manager to use.
Unfortunately this still requires a reference to an internal class if
you want to load a security manager to support postponed conditions.
I've opened a bug to investigate making this easier. Perhaps
eclipse.security manager can have a value that indicates the
framework should load its internal security manager. See
https://bugs.eclipse.org/bugs/show_bug.cgi?id=218001.
Tom
<graycol.gif>Jeff McAffer ---02/06/2008 07:47:10 AM---Marcel
Offermans wrote:
<ecblank.gif> <ecblank.gif>
From: Jeff McAffer <[EMAIL PROTECTED]>
<ecblank.gif> <ecblank.gif>
To: Equinox development mailing list <[email protected]>
<ecblank.gif> <ecblank.gif>
Date: 02/06/2008 07:47 AM
<ecblank.gif> <ecblank.gif>
Subject: Re: [equinox-dev] Signed bundles
Marcel Offermans wrote:
> So, reiterating, if I want to run Equinox with OSGi security
enabled
> and have it use my own keystore, I have to start it like this
> (formatted a bit for clarity, but typed as one big line):
>
> java
>
-Djava.security.manager=org.eclipse.osgi.framework.internal.core.FrameworkSecurityManager
> -Djava.security.policy=policy
> -Dosgi.framework.keystore=keystore
> -Dosgi.signature.support.verify=true
> -jar org.eclipse.osgi_3.4.0.v20071207.jar
> -console
> -consoleLog
>
> Basically, I'm asking how Equinox is being run to be compliant with
> OSGi security.
Is the above line accurate? Seems complicated and requires people to
reference internal classes etc. Could be wrong but I remember it
being
simipler
Jeff
_______________________________________________
equinox-dev mailing list
[email protected]
https://dev.eclipse.org/mailman/listinfo/equinox-dev
_______________________________________________
equinox-dev mailing list
[email protected]
https://dev.eclipse.org/mailman/listinfo/equinox-dev
_______________________________________________
equinox-dev mailing list
[email protected]
https://dev.eclipse.org/mailman/listinfo/equinox-dev
<<inline: graycol.gif>>
<<inline: ecblank.gif>>
_______________________________________________ equinox-dev mailing list [email protected] https://dev.eclipse.org/mailman/listinfo/equinox-dev
