views:

48

answers:

1

Hi to all, Can anybody tell me how to add signature in jar file. I have developed a plugin but when i am installing it ..it is showing some warning in it is not signatured jar file??? Can anyone give me a guidance in this how to do that???

A: 

You can follow instructions given in the Eclipse wiki Jar Signing page

It is part of a protection policy against malicious code

How is signing done?

Signing is performed using the JDK's jarsigner.
This tool signs JARs by producing a separate signature for every file in the JAR.
The signatures are put in the MANIFEST.MF file and in a separate signature file in the META-INF directory.
For optimization purposes, the signature of the MANIFEST.MF with all embedded signatures is also computed and placed in the signature file.

Projects who wish to sign their JAR's with the Eclipse Foundation Signature need to name a person which applies for "signer" privilege with the Webmaster. The Webmaster will grant required permissions on the signing server and send an E-Mail with exact instructions how signing is done.

Now if the warning appears because your plugin, even signed, is not signed with the "Eclipse Foundation Signature" (if your plugin runs within an Eclipse instance), that warning is likely to remain.


See also this thread if you want to use your own keystore:

java
-Djava.security.manager=""
-Djava.security.policy=policy
-Dosgi.framework.keystore=file:keystore
-Dosgi.signedcontent.support=true 
-jar org.eclipse.osgi_3.4.0.<qualifier>.jar
-console
-consoleLog

Finally, you can try out this jarsigner/keytool integration (integration to the jar exporter) which can facilitate the process.

VonC