Hi Bernd, In one of my former companies, I implemented a custom features service doing something similar to what you describe.
So, it's not implemented in Karaf "out of the box", but pretty easy to do (you can create your own features service verify signature nested in the feature repository for instance). Regards JB On Wed, Nov 27, 2024 at 11:07 AM Bernd <[email protected]> wrote: > > Hello, > > Quick question is there a karaf or OSGi component to have a > installation/feature.xml integrity protected (signed) without using jar > signing? It should be possible to fix a whole product configuration, like for > example signing a boot feature.xml which then contains only fixed versions > and checksums. Or is there a method in/for the obr? > > Gruss > Bernd > > > -- > http://bernd.eckenfels.net
