Community
Participate
Working Groups
Build ID: I20070222-0951 Steps To Reproduce: 1. Use Eclipse 3.3M5eh 2. Run update manger for http://eclipse.jcraft.com/ 3. Choose JSch Plug-in 0.1.32 Update manager will fail with following message, Unable to complete action for feature "JSch Plug-in" due to errors. Verification of feature unsuccessful. Installation cancelled. [The signature cannot be verified for this signer META-INF/XXXXXX.RSA in this bundle: org.eclipse.osgi.baseadaptor.bundlefile.ZipBundleFile@12394f8] The signature cannot be verified for this signer META-INF/XXXXXX.RSA in this bundle: org.eclipse.osgi.baseadaptor.bundlefile.ZipBundleFile@12394f8 Our digital certificate has been issued from Thawte(http://www.thawte.com) and it should be successfully verified. In fact, there is no problem on Eclipse SDK 3.3M3(or previous) in updating JSch Plug-in 0.1.32 at http://eclipse.jcraft.com/ This problem have occured on Eclipse 3.3M4 and laters. More information:
Created attachment 60255 [details] a screenshot of Feature Verification dialong on Eclipse SDK 3.3M3 As above, Eclipse SDK 3.3M3 can successfuly verify our digitally signed plug-in(feature) at http://eclipse.jcraft.com/ , but Eclipse SDK 3.3M{4,5,5eh} can not and show the error message dialog instead of Feature Verification dialog.
Here are Update versions submitted for M3: plugin@org.eclipse.update.configurator=v20092006-1400 plugin@org.eclipse.update.core=v20102006-1507 plugin@org.eclipse.update.scheduler=v20060809 plugin@org.eclipse.update.ui=v20092006-1400 fragment@org.eclipse.update.core.win32=v20060809 Versions for M4: plugin@org.eclipse.update.configurator=v20061214 plugin@org.eclipse.update.core=v20061214 plugin@org.eclipse.update.scheduler=v20061214 plugin@org.eclipse.update.ui=v20061214 fragment@org.eclipse.update.core.win32=v20061214 (removed entries that didn't change)
Tom, can you recall changes in the OSGi runtime that may have caused this? I compared the two versions from above for o.e.u.core and most of the changes are related to pack200. I didn't check o.e.u.configurator - all of the changes there have been provided by the runtime team.
Today, I tried Eclipse SDK Version: 3.3.0 Build id: I20070313-1051 and I found that the problem has been disappeared! If you are not interested in where is the reason, please change its status to RESOLVED. Thank you for your help.
With pleasure. It is probably something in the handshake bewteen the runtime and Update. Update didn't change but runtime did and continues to do so. Closing.
I think this was fixed with the code released in bug 170698. The code in certificate parser in M5 assumed that the certificates were ordered from original signer -> root signer. This was an invalid assumption. The code released in bug 170698 fixed this to ensure that we always check the trust of the root signer.
