I want Eclipse RCP product to verify signatures of all it's bundles on startup. So I added these arguments to eclipse.ini:
-Dosgi.signedcontent.support=all
-Declipse.p2.unsignedPolicy=fail
I randomly changed signatures in several system and mine modules in plugins, but RCP app still loads and works without any prompt. So, seems verification does not take place.
How can I make equinox verify all bundles? Am I limited to use security manager for that (I don't want to turn it on, because of performance issues)?
Where can I find any documentation about equinox's bundle verification and security manager?
I made some changes to eclipse.ini and got verification working. I haven't figured out which exact setting helped, so (for now) I use these:
...
-vmargs
-Dorg.osgi.framework.security=osgi
-Djava.security.policy=/test.policy
-Dosgi.signedcontent.support=all
-Dosgi.support.signature.verify=true
-Declipse.p2.unsignedPolicy=fail
-Dosgi.signedcontent.trust.engine=BundleTrustEngine
test.policy is allow all jaas policy:
grant {
permission java.security.AllPermission;
};