how to provide signature in jar files in eclipse-plugins development?
Can anybody tell me how to add signature in jar file.
I have developed a plugin, but when i a开发者_如何学运维m installing it, it is showing some warnings that it is not a signatured jar file.
Can anyone give me guidance on how to do that?
You can follow instructions given in the Eclipse wiki Jar Signing page
It is part of a protection policy against malicious code
How is signing done?
Signing is performed using the JDK's jarsigner.
This tool signs JARs by producing a separate signature for every file in the JAR.
The signatures are put in theMANIFEST.MF
file and in a separate signature file in theMETA-INF
directory.
For optimization purposes, the signature of theMANIFEST.MF
with all embedded signatures is also computed and placed in the signature file.Projects who wish to sign their JAR's with the Eclipse Foundation Signature need to name a person which applies for "signer" privilege with the Webmaster. The Webmaster will grant required permissions on the signing server and send an E-Mail with exact instructions how signing is done.
Now if the warning appears because your plugin, even signed, is not signed with the "Eclipse Foundation Signature" (if your plugin runs within an Eclipse instance), that warning is likely to remain.
See also this thread if you want to use your own keystore:
java
-Djava.security.manager=""
-Djava.security.policy=policy
-Dosgi.framework.keystore=file:keystore
-Dosgi.signedcontent.support=true
-jar org.eclipse.osgi_3.4.0.<qualifier>.jar
-console
-consoleLog
Finally, you can try out this jarsigner/keytool integration (integration to the jar exporter) which can facilitate the process.
精彩评论