开发者

how to provide signature in jar files in eclipse-plugins development?

Can anybody tell me how to add signature in jar file.

I have developed a plugin, but when i a开发者_如何学运维m installing it, it is showing some warnings that it is not a signatured jar file.

Can anyone give me guidance on how to do that?


You can follow instructions given in the Eclipse wiki Jar Signing page

It is part of a protection policy against malicious code

How is signing done?

Signing is performed using the JDK's jarsigner.
This tool signs JARs by producing a separate signature for every file in the JAR.
The signatures are put in the MANIFEST.MF file and in a separate signature file in the META-INF directory.
For optimization purposes, the signature of the MANIFEST.MF with all embedded signatures is also computed and placed in the signature file.

Projects who wish to sign their JAR's with the Eclipse Foundation Signature need to name a person which applies for "signer" privilege with the Webmaster. The Webmaster will grant required permissions on the signing server and send an E-Mail with exact instructions how signing is done.

Now if the warning appears because your plugin, even signed, is not signed with the "Eclipse Foundation Signature" (if your plugin runs within an Eclipse instance), that warning is likely to remain.


See also this thread if you want to use your own keystore:

java
-Djava.security.manager=""
-Djava.security.policy=policy
-Dosgi.framework.keystore=file:keystore
-Dosgi.signedcontent.support=true 
-jar org.eclipse.osgi_3.4.0.<qualifier>.jar
-console
-consoleLog

Finally, you can try out this jarsigner/keytool integration (integration to the jar exporter) which can facilitate the process.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜