You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@felix.apache.org by "Guillaume Nodet (JIRA)" <ji...@apache.org> on 2012/07/21 13:49:35 UTC
[jira] [Commented] (FELIX-3603) Resources in META-INF/xxx/ fodlers
in a signed bundle should be checked
[ https://issues.apache.org/jira/browse/FELIX-3603?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13419801#comment-13419801 ]
Guillaume Nodet commented on FELIX-3603:
----------------------------------------
The problem is located in the following method:
https://github.com/apache/felix/blob/trunk/framework.security/src/main/java/org/apache/felix/framework/security/verifier/BundleDNParser.java#L271
The verifier ignores all META-INF/xxx entries but it should check resources located inside a subfolder of META-INF as specified in the spec.
> Resources in META-INF/xxx/ fodlers in a signed bundle should be checked
> -----------------------------------------------------------------------
>
> Key: FELIX-3603
> URL: https://issues.apache.org/jira/browse/FELIX-3603
> Project: Felix
> Issue Type: Bug
> Components: Framework Security
> Reporter: Guillaume Nodet
>
> See section 2.3.2 of the OSGi Core spec,
> Bundles do not support partially signed bundles. The manifest must contain name sections for all resources but should not have entries for resources in the META-INF directory. Signed entries in the META-INF directory must be verified. Sub directories of META-INF must be treated like any other JAR directory.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira