John E. Conlon wrote:
On Sun, 2007-01-21 at 13:46 -0500, Richard S. Hall wrote:
John E. Conlon wrote:
Ran across a case where a project bundle was using a Bundle-Classpath
entry with the /target/classes/ value in it's manifest even though it
had no such path in the bundle. As expected Bnd flagged this as an
error.
Over at the spring-osgi maillist someone mentioned this practice as a
way to get their bundle working in an equinox environment. Don't
understand this statement really - Although I run eclipse I don't have
much experience with Equinox.
Is fudging the behavior of Bundle-Classpath in this manner okay or is
this verboten?
Yes, they are using this trick to get their bundles to work correctly as
PDE projects (they are working with maven that puts classes in
target/classes, but PDE doesn't expect them there, so they can add this
to the bundle class path to get PDE to look in the right place...or
something like that).
The spec says that missing class path entries should be ignored, so this
is ok I guess, but it does make life difficult for BND.
I may not understand this... but doesn't the path refer to resources
within the bundle/jar? If a bundle is created with a Bundle-Classpath
pointing to /target/classes/ why would the Equinox runtime look for
resources on the file system? Do other frameworks do this?
In short, Eclipse installs bundles (i.e., projects) by reference during
the development, rather than by copying. This means that Eclipse does
not build the bundle's JAR file. This is mainly due to performance
reasons. Felix also supports installing exploded bundle directories. As
Peter pointed out, though, Eclipse's project directory does not directly
map onto an exploded bundle directory, so some additional mapping is
necessary.
This is really only a development-time issue. Once an Eclipse bundle is
packaged as a JAR file, then everything works as you would expect.
-> richard
So if I create a production bundle and deploy it with such a Bundle-
Classpath and one or more OSGi frameworks looks outside of the bundle
for resources on the filesystem wouldn't this be a potential security
issue?
regards - John
