Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read this important communication.

Bug 78208

Summary: Need better support for signing of features and plug-ins
Product: [Eclipse Project] Platform Reporter: Adrian Cho <adrian_cho>
Component: RuntimeAssignee: platform-runtime-inbox <platform-runtime-inbox>
Status: RESOLVED FIXED QA Contact:
Severity: enhancement    
Priority: P3 CC: celek, dreich, jeffmcaffer, john.arthorne, Kevin_Haaland, n.a.edgar, pascal
Version: 3.1   
Target Milestone: 3.3   
Hardware: All   
OS: All   
Whiteboard:

Description Adrian Cho CLA 2004-11-09 14:43:03 EST
Eclipse needs better support for users to determine whether a plug-in or 
feature is signed.  Currently, it is possible to sign a plug-in or feature on 
an update site but the jar is exploded on disk so the signing is not 
maintained.  In addition, Eclipse.org should be signing the features and plug-
it provides.  I think right now that it looks silly that they are unsigned.  
FYI, IBM is planning to sign features and plug-ins in its commercial offerings.

I see a few things that need to happen here:

a) Signing needs to be maintained on disk.

b) The About dialog needs to be updated to indicate whether the provider has 
signed the plug-in or feature.

c) The Foundation needs to purchase a Java code signing ID and decide on a 
process for how the Eclipse teams can use this to sign the various plug-ins 
and features while maintaining the integrity of the certificate (ensuring that 
the private key does not fall into the wrong hands).
Comment 1 Pascal Rapicault CLA 2005-05-10 11:20:46 EDT
Has the UI team ever been notified of the item b)? 
Or do expect product providers to write their own?

CC'ing Nick.
Comment 2 Nick Edgar CLA 2005-05-10 14:26:05 EDT
This is news to me.  I've filed bug 94461 for the About dialog, and tagged it
for 3.2.  If this is high priority for 3.1, please shout.

Comment 3 Jeff McAffer CLA 2005-05-11 17:04:42 EDT
The 3.1 signing effort is more about being *able to* verify the origins of 
plugins (and thus the validity of an install) than it is about actually 
checking.  We will not be able to do the work for b) in 3.1.  What would be 
interesting for "someone" to write is a tool that takes a list of pluigns and a 
set of certificates and verifies that the given plugins are in fact signed by 
the appropriate people.  
Comment 4 dreich CLA 2005-05-16 14:15:16 EDT
The initial impetus for this bugzilla report is that when adding features to 
the IDE, an ugly popup comes up that the feature is not signed.  We have the 
check in there, but we don't have a certificate to sign against, so unless one 
gets a certificate, puts it in, then signs the feature against it, that popup 
will show every time something is added to the IDE.  We should have a cert for 
IES that we can sign against, and anything we add will be signed and be 
happy.  OR, we should turn off the check, or make it a perference to "check 
digital certificates when adding new features" so people can turn it off.  
This is not a major functional deficiency, but it really looks ugly.
Comment 5 Christophe Elek CLA 2005-06-23 09:39:03 EDT
Jeff can you elaborate ? UM checks the cert used to sign a JAR is in one of teh
valid keystore of Eclipse
Also, even if the JAR is signed, UM will still prompt the user :( This is the
way IE, Firefox and other seem to work. Not sure if we have to prompt for legal
resons or not.
Comment 6 Jeff McAffer CLA 2006-04-24 14:15:08 EDT
Some amount of support for this is going into 3.2 but the full signing of the Eclipse supplied plugins is being deferred to 3.3
Comment 7 Pascal Rapicault CLA 2007-04-17 14:53:41 EDT
3.3 is signed