headers
Tom Huybrechts | 5 Jan 21:37
Picon
Gravatar

bundle starting twice

Hi all,

I have a client application in which I added a bundle ('loginscreen')
at start level 1 to display a login screen.
While this screen is presented to the user, the framework startup
continues as usually, with org.eclipse.update.configurator at level 3.
Now when modifications have occurred to the set of available bundles,
Package Admin will always stop my loginscreen bundle, and restart it.
In this case that means there will be two login screens...

The loginscreen bundle only depends on the framework, and no other
bundles depend on it, so I don't see why it would need to be
restarted.

Can I avoid this behaviour somehow ? I don't want to start the bundle
after org.eclipse.update.configurator.

Tom
Permalink | Reply | 2 comments |
headers
Thomas Watson | 5 Jan 21:51
Picon
Favicon

Re: bundle starting twice

Are you updating the loginscreen bundle when you see the bundle get started twice or do you have multiple versions of the loginscreen bundle? If a new version of the loginscreen bundle is being provisioned then this is expected behavior. I would have expected the loginsreen bundle to bring down the first login screen when it is stopped and then a new loginscreen be displayed when it is started again.

If you are not updating the loginscreen bundle and you are sure you do not depend on anything outside of the OSGi Framework then this is unexpected. If that is the case, can you open a bug against Equinox->Framework and provide a testcase to reproduce?

Tom



"Tom Huybrechts" ---01/05/2009 02:38:13 PM---Hi all,


From:
"Tom Huybrechts" <tom.huybrechts-Re5JQEeQqe8@public.gmane.orgm>

To:
"Equinox development mailing list" <equinox-dev-j9T/66MeVpFAfugRpC6u6w@public.gmane.org>

Date:
01/05/2009 02:38 PM

Subject:
[equinox-dev] bundle starting twice



Hi all,

I have a client application in which I added a bundle ('loginscreen')
at start level 1 to display a login screen.
While this screen is presented to the user, the framework startup
continues as usually, with org.eclipse.update.configurator at level 3.
Now when modifications have occurred to the set of available bundles,
Package Admin will always stop my loginscreen bundle, and restart it.
In this case that means there will be two login screens...

The loginscreen bundle only depends on the framework, and no other
bundles depend on it, so I don't see why it would need to be
restarted.

Can I avoid this behaviour somehow ? I don't want to start the bundle
after org.eclipse.update.configurator.

Tom
_______________________________________________
equinox-dev mailing list
equinox-dev-j9T/66MeVpFAfugRpC6u6w@public.gmane.org
https://dev.eclipse.org/mailman/listinfo/equinox-dev


Permalink | Reply | 1 comment |
headers
Thomas Watson | 6 Jan 00:06
Picon
Favicon

Equinox tagged for the next integration build.

The map file has been updated for the following Bug changes:
+ Bug 253243. [osgi] Keep API up to date with latest OSGi R4.2 specification (ASSIGNED)
+ Bug 254021. Implement new LinkBundleFactory service (rfc 138) (ASSIGNED)
+ Bug 258659. Must not hold bundle state lock while firing STARTED or LAZY_ACTIVATION events (FIXED)
+ Bug 258697. [DS] A component will activate despite throw an exception by activate the reference (FIXED)
+ Bug 258843. Mac X86_64 port (FIXED)
+ Bug 258910. API problems in HEAD (FIXED)
+ Bug 259135. [ds] deadlock in Component Resolve Thread when processing LAZY_ACTIVATION events (FIXED)
+ Bug 259326. Echo console listening port (rather than just port configured to listen) (FIXED)
+ Bug 259399. Refreshing after uninstalling a fragment does not close the fragment file (FIXED)
+ Bug 259789. [app] Failures in the N20081229-2000 build (NEW)

The following projects have changed:
org.eclipse.equinox.ds
org.eclipse.equinox.security.macosx
org.eclipse.osgi.tests
org.eclipse.osgi

Tom

Permalink | Reply | 0 comments |
headers
Tom Huybrechts | 6 Jan 10:23
Picon
Gravatar

Re: bundle starting twice

I was preparing a detailed bug report, when I noticed that I do have a
non-framework import, namely org.osgi.service.event. Didn't realize
that this was a separate bundle before. If I add this to the initial
bundles set, my problem disappears.

Sorry for the false alarm.

Tom

On Mon, Jan 5, 2009 at 9:51 PM, Thomas Watson <tjwatson@...> wrote:
> Are you updating the loginscreen bundle when you see the bundle get started
> twice or do you have multiple versions of the loginscreen bundle? If a new
> version of the loginscreen bundle is being provisioned then this is expected
> behavior. I would have expected the loginsreen bundle to bring down the
> first login screen when it is stopped and then a new loginscreen be
> displayed when it is started again.
>
> If you are not updating the loginscreen bundle and you are sure you do not
> depend on anything outside of the OSGi Framework then this is unexpected. If
> that is the case, can you open a bug against Equinox->Framework and provide
> a testcase to reproduce?
>
> Tom
>
>
>
> "Tom Huybrechts" ---01/05/2009 02:38:13 PM---Hi all,
>
>
> From:
> "Tom Huybrechts" <tom.huybrechts@...>
> To:
> "Equinox development mailing list" <equinox-dev@...>
> Date:
> 01/05/2009 02:38 PM
> Subject:
> [equinox-dev] bundle starting twice
> ________________________________
>
>
> Hi all,
>
> I have a client application in which I added a bundle ('loginscreen')
> at start level 1 to display a login screen.
> While this screen is presented to the user, the framework startup
> continues as usually, with org.eclipse.update.configurator at level 3.
> Now when modifications have occurred to the set of available bundles,
> Package Admin will always stop my loginscreen bundle, and restart it.
> In this case that means there will be two login screens...
>
> The loginscreen bundle only depends on the framework, and no other
> bundles depend on it, so I don't see why it would need to be
> restarted.
>
> Can I avoid this behaviour somehow ? I don't want to start the bundle
> after org.eclipse.update.configurator.
>
> Tom
> _______________________________________________
> equinox-dev mailing list
> equinox-dev@...
> https://dev.eclipse.org/mailman/listinfo/equinox-dev
>
>
>
> _______________________________________________
> equinox-dev mailing list
> equinox-dev@...
> https://dev.eclipse.org/mailman/listinfo/equinox-dev
>
>
Permalink | Reply | 0 comments |
headers
Andy Wilkinson | 6 Jan 16:40
Favicon

Verification of signed jars during bundle installation

Hi,

I've been looking into Equinox's support for dealing with signed jars and have a couple of queries with
which I'd be grateful for some pointers.

I've figured out that I can enable SignedBundleHook by starting Equinox with
-Dosgi.signedcontent.support=true. With the hook enabled I've then run the debugger through the
installation of a bundle. This bundle is packaged in a Jar that's been signed but has since been modified
such that the signatures are now wrong. I've observed SignedBundleHook.wrapBundleFile being invoked
and a GeneralSecurityException being thrown, caught, and swallowed, when the tampering is discovered.
Ideally I'd like the installation to fail at this point as the bundle's signatures are out of sync with its contents.

With this goal in mind I also looked at
org.eclipse.osgi.internal.signedcontent.BundleInstallListener and experimented with enabling
its policing of signed jars. I figured out that I can enable signed jar policing by starting Equinox with
-Dosgi.signedcontent.authorization.engine.policy=signed but this appears to make things too
restrictive as it requires every bundle that's installed to be signed, rather than just checking that
those that are signed are signed correctly.

Is there any way to configure Equinox for the middle ground that I'm looking for? I'd like unsigned jars to be
accepted, and signed jars to be accepted *unless* the signatures are incorrect in which case I'd like the
attempt to install the bundle to fail.

Thanks,
Andy
Permalink | Reply | 2 comments |
headers
Thomas Watson | 6 Jan 17:24
Picon
Favicon

Re: Verification of signed jars during bundle installation

Hi Andy,

During 3.4 we had a team working on building an authorization engine into the framework to do the signature validation and content validation at install time (i.e. when calling BundleContext.install(). Unfortunately we ran out of time and found that it was rather limiting to bake policies directly into the framework (your case is a perfect example!!).

As a result the authorization engine became internal/provisional and is not promoted as the way to do install time verification of signed content. Instead, install time verification should be performed by the install agent (p2 in Eclipse). In Equinox, p2 is using the SignedContentFactory service to interrogate the bundle content to determine if a bundle is signed, trusted, or tampered with before installing the bundle into the framework. This allows for more customized policies to be implemented outside of the framework and allows for UIs to do things like ask the user if they would like to allow an untrusted signed bundle to be installed.

Tom



Andy Wilkinson ---01/06/2009 09:42:10 AM---Hi,


From:
Andy Wilkinson <andy.wilkinson-F46XhrxXyN8RB7SZvlqPiA@public.gmane.org>

To:
equinox-dev-j9T/66MeVpFAfugRpC6u6w@public.gmane.org

Date:
01/06/2009 09:42 AM

Subject:
[equinox-dev] Verification of signed jars during bundle installation



Hi,

I've been looking into Equinox's support for dealing with signed jars and have a couple of queries with which I'd be grateful for some pointers.

I've figured out that I can enable SignedBundleHook by starting Equinox with -Dosgi.signedcontent.support=true. With the hook enabled I've then run the debugger through the installation of a bundle. This bundle is packaged in a Jar that's been signed but has since been modified such that the signatures are now wrong. I've observed SignedBundleHook.wrapBundleFile being invoked and a GeneralSecurityException being thrown, caught, and swallowed, when the tampering is discovered. Ideally I'd like the installation to fail at this point as the bundle's signatures are out of sync with its contents.

With this goal in mind I also looked at org.eclipse.osgi.internal.signedcontent.BundleInstallListener and experimented with enabling its policing of signed jars. I figured out that I can enable signed jar policing by starting Equinox with -Dosgi.signedcontent.authorization.engine.policy=signed but this appears to make things too restrictive as it requires every bundle that's installed to be signed, rather than just checking that those that are signed are signed correctly.

Is there any way to configure Equinox for the middle ground that I'm looking for? I'd like unsigned jars to be accepted, and signed jars to be accepted *unless* the signatures are incorrect in which case I'd like the attempt to install the bundle to fail.

Thanks,
Andy
_______________________________________________
equinox-dev mailing list
equinox-dev-j9T/66MeVpFAfugRpC6u6w@public.gmane.org
https://dev.eclipse.org/mailman/listinfo/equinox-dev


Permalink | Reply | 1 comment |
headers
Thomas Watson | 6 Jan 23:24
Picon
Favicon

Move the equinox incubator to RT

We have put this off long enough. As a New Year's resolution we will finally move the equinox incubator to its rightful place under RT->Equinox. We do not want to just move everything from the old equinox incubator over to the RT->Equinox because many projects in the old incubator are outdated and stagnant. We have opened a bug (https://bugs.eclipse.org/bugs/show_bug.cgi?id=258483) to determine what bundles from the equinox incubator are still active and should be moved over to the RT->Equinox repository.

At this time we are looking for folks on the Equinox team and the community to tell us what project from the incubator are still active. If you are using or maintaining a project in the equinox incubator then please chime into the bug https://bugs.eclipse.org/bugs/show_bug.cgi?id=258483 and let us know what projects you would like to see migrated over. Once we have the list of projects determined then we will finalize the new repository layout for the equinox incubator. We want to have the list of projects finalized by M5 (end of January).

Tom

Permalink | Reply | 6 comments |
headers
Andy Wilkinson | 7 Jan 11:31
Favicon

Re: Verification of signed jars during bundle installation

Thanks, Tom.

Andy.

----- Original Message -----
From: "Thomas Watson" <tjwatson@...>
To: "Equinox development mailing list" <equinox-dev@...>
Sent: Tuesday, 6 January, 2009 4:24:31 PM GMT +00:00 GMT Britain, Ireland, Portugal
Subject: Re: [equinox-dev] Verification of signed jars during bundle installation

Hi Andy, 

During 3.4 we had a team working on building an authorization engine into the framework to do the signature
validation and content validation at install time (i.e. when calling BundleContext.install().
Unfortunately we ran out of time and found that it was rather limiting to bake policies directly into the
framework (your case is a perfect example!!). 

As a result the authorization engine became internal/provisional and is not promoted as the way to do
install time verification of signed content. Instead, install time verification should be performed by
the install agent (p2 in Eclipse). In Equinox, p2 is using the SignedContentFactory service to
interrogate the bundle content to determine if a bundle is signed, trusted, or tampered with before
installing the bundle into the framework. This allows for more customized policies to be implemented
outside of the framework and allows for UIs to do things like ask the user if they would like to allow an
untrusted signed bundle to be installed. 

Tom 

Inactive hide details for Andy Wilkinson ---01/06/2009 09:42:10 AM---Hi,Andy Wilkinson ---01/06/2009
09:42:10 AM---Hi, 

From: 	
Andy Wilkinson <andy.wilkinson@...> 

To: 	
equinox-dev@... 

Date: 	
01/06/2009 09:42 AM 

Subject: 	
[equinox-dev] Verification of signed jars during bundle installation 

Hi, 

I've been looking into Equinox's support for dealing with signed jars and have a couple of queries with
which I'd be grateful for some pointers. 

I've figured out that I can enable SignedBundleHook by starting Equinox with
-Dosgi.signedcontent.support=true. With the hook enabled I've then run the debugger through the
installation of a bundle. This bundle is packaged in a Jar that's been signed but has since been modified
such that the signatures are now wrong. I've observed SignedBundleHook.wrapBundleFile being invoked
and a GeneralSecurityException being thrown, caught, and swallowed, when the tampering is discovered.
Ideally I'd like the installation to fail at this point as the bundle's signatures are out of sync with its
contents. 

With this goal in mind I also looked at
org.eclipse.osgi.internal.signedcontent.BundleInstallListener and experimented with enabling
its policing of signed jars. I figured out that I can enable signed jar policing by starting Equinox with
-Dosgi.signedcontent.authorization.engine.policy=signed but this appears to make things too
restrictive as it requires every bundle that's installed to be signed, rather than just checking that
those that are signed are signed correctly. 

Is there any way to configure Equinox for the middle ground that I'm looking for? I'd like unsigned jars to be
accepted, and signed jars to be accepted *unless* the signatures are incorrect in which case I'd like the
attempt to install the bundle to fail. 

Thanks, 
Andy 
_______________________________________________ 
equinox-dev mailing list 
equinox-dev@... 
https://dev.eclipse.org/mailman/listinfo/equinox-dev 

_______________________________________________
equinox-dev mailing list
equinox-dev@...
https://dev.eclipse.org/mailman/listinfo/equinox-dev
Permalink | Reply | 0 comments |
headers
Leen Toelen | 7 Jan 16:42
Picon

Starting all dependent bundles

Hi,


I would like to create a headless product and application meant to be run as a windows service (headless). When creating my product (and product description) I mention all needed plugins. When I export the service, this is my config.ini:

osgi.splashPath=platform:/base/plugins/com.my.product.service
eclipse.product=service.Product
osgi.bundles.defaultStartLevel=4
osgi.bundles=org.eclipse.equinox.common <at> 2:start,org.eclipse.update.configurator <at> 3:start,org.eclipse.core.runtime <at> start

When I check the osgi console I see that all my plugins are resolved but not started, and I need to do this manually. How can I make sure that they are started automatically when the product starts?

Regards,
Leen Toelen
Permalink | Reply | 3 comments |
headers
O'Flynn, Dennis | 7 Jan 16:45
Picon
Favicon

RE: Starting all dependent bundles

You could provide your own customized “config.ini”.  The product configuration editor allows you to specify the config.ini to use.  This is defined within the “Configuration” tab.

 


The contents of this e-mail are intended for the named addressee only. It contains information that may be confidential. Unless you are the named addressee or an authorized designee, you may not copy or use it, or disclose it to anyone else. If you received it in error please notify us immediately and then destroy it.

From: equinox-dev-bounces-j9T/66MeVpFAfugRpC6u6w@public.gmane.org [mailto:equinox-dev-bounces-j9T/66MeVpFAfugRpC6u6w@public.gmane.org] On Behalf Of Leen Toelen
Sent: Wednesday, January 07, 2009 10:43 AM
To: equinox-dev-j9T/66MeVpFAfugRpC6u6w@public.gmane.org
Subject: [equinox-dev] Starting all dependent bundles

 

Hi,

 

I would like to create a headless product and application meant to be run as a windows service (headless). When creating my product (and product description) I mention all needed plugins. When I export the service, this is my config.ini:

 

osgi.splashPath=platform:/base/plugins/com.my.product.service

eclipse.product=service.Product

osgi.bundles.defaultStartLevel=4

osgi.bundles=org.eclipse.equinox.common <at> 2:start,org.eclipse.update.configurator <at> 3:start,org.eclipse.core.runtime <at> start

 

When I check the osgi console I see that all my plugins are resolved but not started, and I need to do this manually. How can I make sure that they are started automatically when the product starts?

 

Regards,

Leen Toelen


Permalink | Reply | 2 comments |

Gmane