[ https://issues.apache.org/jira/browse/FELIX-3610?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13422559#comment-13422559 ]
Guillaume Nodet commented on FELIX-3610: ---------------------------------------- Here's the problem I have. #1 I install a signed bundle. Signatures are verified, all good. #2 Stop Felix #3 Tamper with the jar (change a class in the jar without changing the signatures) #4 Restart The restart happen with no exceptions. It may be a timing issue because the activator of the security stuff isn't started yet or something else, but that happens. I thought it was because the check was only done at installation time, which is not the case according to what you say (as it should be done when restarting too). Still, there's a problem. > Support runtime verification for signed bundles > ----------------------------------------------- > > Key: FELIX-3610 > URL: https://issues.apache.org/jira/browse/FELIX-3610 > Project: Felix > Issue Type: Improvement > Components: Framework, Framework Security > Reporter: Guillaume Nodet > Assignee: Karl Pauls > > Signed bundles are only checked when installed, but the goal of signed > bundles is to make sure no one has changed the jar. This is not ensured > unless bundle entries are verified when loaded. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira