You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@felix.apache.org by Pierre Parrend <pi...@insa-lyon.fr> on 2007/07/09 14:12:35 UTC
bundle digital signature validation for Felix
Hello all,
I have posted my implementation of the security layer for Felix on the jira:
http://issues.apache.org/jira/browse/FELIX-22
do you (mostly Karl and Richard) want to have a look at the patch, or should I
integrate the patch directly in the subversion 'trunk' ?
let me know what do you prefer,
best regards,
Pierre
--
Pierre Parrend
doctorant, moniteur
laboratoire CITI, 21, Av. Jean Capelle
69621 Villeurbanne Cedex
pierre.parrend@insa-lyon.fr
www.rzo.free.fr
Re: bundle digital signature validation for Felix
Posted by stephane frenot <st...@insa-lyon.fr>.
Hello all,
I can explain the patch a bit more,
The patch modifies
framework/src/main/java/org/apache/felix/framework/cache/BundleArchive.java
It gets a general property "private static final String SFELIX_PROP="
fr.inria.ares.sfelix";" to know if we are in a secured environment.
If yes, we call a private function checkSecurity in BundleArchive. The call
is made at the end of each BundleArchive constructor.
The checkSecurity, mainly tries to build an
fr.inria.ares.sfelix.BundleSignatureChecker instance which verifies the
signature in its construction phase.
The framework/pom.xml is modified, since we need bundlesignaturechecker
artifact
To test the patch, just follow the README instructions
**************
We need to converge on two elements :
- The name of the property we should use to trigger the verification :
smthing like : org.osgi.sfelix ?
- Possibly the name and the way we access class we use to check signature.
We can use a property and something like a forName(property) and have a
generic call.
Regards
/stephane
2007/7/9, Pierre Parrend <pi...@insa-lyon.fr>:
>
>
> Hello all,
>
> I have posted my implementation of the security layer for Felix on the
> jira:
> http://issues.apache.org/jira/browse/FELIX-22
>
> do you (mostly Karl and Richard) want to have a look at the patch, or
> should I
> integrate the patch directly in the subversion 'trunk' ?
>
> let me know what do you prefer,
>
> best regards,
>
> Pierre
>
>
> --
> Pierre Parrend
> doctorant, moniteur
> laboratoire CITI, 21, Av. Jean Capelle
> 69621 Villeurbanne Cedex
> pierre.parrend@insa-lyon.fr
> www.rzo.free.fr
>
--
Stephane Frenot |
ARES INRIA / CITI, INSA-Lyon|mailto:stephane.frenot@insa-lyon.fr
Bat. LĂ©onard de Vinci |http://ares.insa-lyon.fr/~sfrenot/
21 av Jean Capelle | ICQ:643346 (et oui !)
F-69621 Villeurbanne Cedex |+33 472 436 422/+33 617 671 714
--------------------------------------------------------------------------
Re: bundle digital signature validation for Felix
Posted by Pierre Parrend <pi...@insa-lyon.fr>.
> As I said previously, I'm going to look into the patch and write a
> proposal how to integrate it as soon as I find the time. Right now,
> I'd first want the 1.0 release out of the door - hence, please be
> patient for a little longer.
no problem, as long as I known I am waiting for somebody
> p.s.: As Rick suggests, it can't hurt to get an ICLA on file until I
> can look into your patch (and no, you can not "commit this via
> Stephan" - you wrote it, so we need an ICLA and probably a grant from
> you).
the ICLA request is on the road, and has already been faxed to the foundation.
best regards,
Pierre
>
> On 7/9/07, Richard S. Hall <he...@ungoverned.org> wrote:
> > Pierre Parrend wrote:
> > >> Pierre, do you have an ICLA on file at Apache?
> > >>
> > >
> > > not yet. I can make one if necessary, or simply commit my code through
> > > Stephane.
> > >
> >
> > I think Karl will need to look into the patch to see how to incorporate
> > it into the trunk, no matter what. However, it would probably be
> > worthwhile for you to submit an ICLA, since it declares that you are
> > willing and able to contribute to Apache projects. Karl will have to
> > follow up with any specifics regarding merging this into the trunk.
> >
> > -> richard
> >
> > > pierre
> > >
> > >
> > >
> > >> -> richard
> > >>
> > >> Pierre Parrend wrote:
> > >>
> > >>> Hello all,
> > >>>
> > >>> I have posted my implementation of the security layer for Felix on
> the
> > >>>
> > >> jira:
> > >>
> > >>> http://issues.apache.org/jira/browse/FELIX-22
> > >>>
> > >>> do you (mostly Karl and Richard) want to have a look at the patch, or
> > >>>
> > >> should I
> > >>
> > >>> integrate the patch directly in the subversion 'trunk' ?
> > >>>
> > >>> let me know what do you prefer,
> > >>>
> > >>> best regards,
> > >>>
> > >>> Pierre
> > >>>
> > >>>
> > >>>
> > >>>
> > >
> > >
> > >
> >
>
>
> --
> Karl Pauls
> karlpauls@gmail.com
>
--
Pierre Parrend
doctorant, moniteur
laboratoire CITI, 21, Av. Jean Capelle
69621 Villeurbanne Cedex
pierre.parrend@insa-lyon.fr
www.rzo.free.fr
Re: bundle digital signature validation for Felix
Posted by Marcel Offermans <ma...@luminis.nl>.
On Jul 9, 2007, at 19:56 , Richard S. Hall wrote:
> However, for this particular contribution, Karl will need to figure
> out how best to merge it.
A little while ago, Karl indicated he would distribute the
implementation he is working on as an extension bundle. That seems to
be a nice way to integrate features like this into the framework, so
my suggestion would be that this contribution is reworked in the same
way. Like Karl said, that way we end up having two implementations
and people can choose the one they want.
Just out of interest, has anybody validated this implementation
against the TCK?
Greetings, Marcel
Re: bundle digital signature validation for Felix
Posted by "Richard S. Hall" <he...@ungoverned.org>.
Karl Pauls wrote:
> As I said previously, I'm going to look into the patch and write a
> proposal how to integrate it as soon as I find the time. Right now,
> I'd first want the 1.0 release out of the door - hence, please be
> patient for a little longer.
>
> regards,
>
> Karl
>
> p.s.: As Rick suggests, it can't hurt to get an ICLA on file until I
> can look into your patch (and no, you can not "commit this via
> Stephan" - you wrote it, so we need an ICLA and probably a grant from
> you).
Stephane tells me the Pierre was listed on the initial CCLA and that
Pierre will also send an ICLA shortly...so, I think we are in good shape
now. With these two things on file, then it will be possible for
Stephane to commit things for Pierre, but it should probably be done via
JIRA, much like I did for Clement and iPOJO.
However, for this particular contribution, Karl will need to figure out
how best to merge it.
Thanks, Stephane and Pierre.
-> richard
>
> On 7/9/07, Richard S. Hall <he...@ungoverned.org> wrote:
>> Pierre Parrend wrote:
>> >> Pierre, do you have an ICLA on file at Apache?
>> >>
>> >
>> > not yet. I can make one if necessary, or simply commit my code through
>> > Stephane.
>> >
>>
>> I think Karl will need to look into the patch to see how to incorporate
>> it into the trunk, no matter what. However, it would probably be
>> worthwhile for you to submit an ICLA, since it declares that you are
>> willing and able to contribute to Apache projects. Karl will have to
>> follow up with any specifics regarding merging this into the trunk.
>>
>> -> richard
>>
>> > pierre
>> >
>> >
>> >
>> >> -> richard
>> >>
>> >> Pierre Parrend wrote:
>> >>
>> >>> Hello all,
>> >>>
>> >>> I have posted my implementation of the security layer for Felix
>> on the
>> >>>
>> >> jira:
>> >>
>> >>> http://issues.apache.org/jira/browse/FELIX-22
>> >>>
>> >>> do you (mostly Karl and Richard) want to have a look at the
>> patch, or
>> >>>
>> >> should I
>> >>
>> >>> integrate the patch directly in the subversion 'trunk' ?
>> >>>
>> >>> let me know what do you prefer,
>> >>>
>> >>> best regards,
>> >>>
>> >>> Pierre
>> >>>
>> >>>
>> >>>
>> >>>
>> >
>> >
>> >
>>
>
>
Re: bundle digital signature validation for Felix
Posted by Karl Pauls <ka...@gmail.com>.
As I said previously, I'm going to look into the patch and write a
proposal how to integrate it as soon as I find the time. Right now,
I'd first want the 1.0 release out of the door - hence, please be
patient for a little longer.
regards,
Karl
p.s.: As Rick suggests, it can't hurt to get an ICLA on file until I
can look into your patch (and no, you can not "commit this via
Stephan" - you wrote it, so we need an ICLA and probably a grant from
you).
On 7/9/07, Richard S. Hall <he...@ungoverned.org> wrote:
> Pierre Parrend wrote:
> >> Pierre, do you have an ICLA on file at Apache?
> >>
> >
> > not yet. I can make one if necessary, or simply commit my code through
> > Stephane.
> >
>
> I think Karl will need to look into the patch to see how to incorporate
> it into the trunk, no matter what. However, it would probably be
> worthwhile for you to submit an ICLA, since it declares that you are
> willing and able to contribute to Apache projects. Karl will have to
> follow up with any specifics regarding merging this into the trunk.
>
> -> richard
>
> > pierre
> >
> >
> >
> >> -> richard
> >>
> >> Pierre Parrend wrote:
> >>
> >>> Hello all,
> >>>
> >>> I have posted my implementation of the security layer for Felix on the
> >>>
> >> jira:
> >>
> >>> http://issues.apache.org/jira/browse/FELIX-22
> >>>
> >>> do you (mostly Karl and Richard) want to have a look at the patch, or
> >>>
> >> should I
> >>
> >>> integrate the patch directly in the subversion 'trunk' ?
> >>>
> >>> let me know what do you prefer,
> >>>
> >>> best regards,
> >>>
> >>> Pierre
> >>>
> >>>
> >>>
> >>>
> >
> >
> >
>
--
Karl Pauls
karlpauls@gmail.com
Re: bundle digital signature validation for Felix
Posted by "Richard S. Hall" <he...@ungoverned.org>.
Pierre Parrend wrote:
>> Pierre, do you have an ICLA on file at Apache?
>>
>
> not yet. I can make one if necessary, or simply commit my code through
> Stephane.
>
I think Karl will need to look into the patch to see how to incorporate
it into the trunk, no matter what. However, it would probably be
worthwhile for you to submit an ICLA, since it declares that you are
willing and able to contribute to Apache projects. Karl will have to
follow up with any specifics regarding merging this into the trunk.
-> richard
> pierre
>
>
>
>> -> richard
>>
>> Pierre Parrend wrote:
>>
>>> Hello all,
>>>
>>> I have posted my implementation of the security layer for Felix on the
>>>
>> jira:
>>
>>> http://issues.apache.org/jira/browse/FELIX-22
>>>
>>> do you (mostly Karl and Richard) want to have a look at the patch, or
>>>
>> should I
>>
>>> integrate the patch directly in the subversion 'trunk' ?
>>>
>>> let me know what do you prefer,
>>>
>>> best regards,
>>>
>>> Pierre
>>>
>>>
>>>
>>>
>
>
>
Re: bundle digital signature validation for Felix
Posted by Pierre Parrend <pi...@insa-lyon.fr>.
> Pierre, do you have an ICLA on file at Apache?
not yet. I can make one if necessary, or simply commit my code through
Stephane.
pierre
>
> -> richard
>
> Pierre Parrend wrote:
> > Hello all,
> >
> > I have posted my implementation of the security layer for Felix on the
> jira:
> > http://issues.apache.org/jira/browse/FELIX-22
> >
> > do you (mostly Karl and Richard) want to have a look at the patch, or
> should I
> > integrate the patch directly in the subversion 'trunk' ?
> >
> > let me know what do you prefer,
> >
> > best regards,
> >
> > Pierre
> >
> >
> >
>
--
Pierre Parrend
doctorant, moniteur
laboratoire CITI, 21, Av. Jean Capelle
69621 Villeurbanne Cedex
pierre.parrend@insa-lyon.fr
www.rzo.free.fr
Re: bundle digital signature validation for Felix
Posted by "Richard S. Hall" <he...@ungoverned.org>.
I will let Karl answer that...
Pierre, do you have an ICLA on file at Apache?
-> richard
Pierre Parrend wrote:
> Hello all,
>
> I have posted my implementation of the security layer for Felix on the jira:
> http://issues.apache.org/jira/browse/FELIX-22
>
> do you (mostly Karl and Richard) want to have a look at the patch, or should I
> integrate the patch directly in the subversion 'trunk' ?
>
> let me know what do you prefer,
>
> best regards,
>
> Pierre
>
>
>