-
Notifications
You must be signed in to change notification settings - Fork 66
/
ref-p2-trust.htm
56 lines (43 loc) · 3.27 KB
/
ref-p2-trust.htm
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"><html lang="en">
<HEAD>
<meta name="copyright" content="Copyright (c) Red Hat Inc. and others 2022. This page is made available under license. For full details see the LEGAL in the documentation book that contains this page." >
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=ISO-8859-1">
<META HTTP-EQUIV="Content-Style-Type" CONTENT="text/css">
<LINK REL="STYLESHEET" HREF="../book.css" CHARSET="ISO-8859-1" TYPE="text/css">
<script language="JavaScript" src="PLUGINS_ROOT/org.eclipse.help/livehelp.js" type="text/javascript"></script>
<title>Trust</title>
</HEAD>
<BODY BGCOLOR="#ffffff">
<H1 CLASS="Head">Trusting p2 installations</H1>
<P CLASS="Intro">
Installing artifacts is by nature a security risk as it will then allow the artifacts to
execute potentially malicious code. To mitigate this risk, p2 does verify artifact <b>signatures</b>
during installations and warns of any discrepancy.
</P>
<h2>Unsigned artifacts warning</h2>
<p>If some artifacts have no digital signatures attached (using <code>jarsigner</code> or PGP signing technologies),
the <em>Unsigned artifacts</em> dialog pops-up to warn that there is no signature for those artifacts.</p>
<p>An artifact without a signature can easily be tampered so that the artifact being installed contains different content
as what's expected during installation. So artifacts without signatures are a security thread and installating them
is a risky action, much care should be taken before approving such installation.</p>
<p>The pop-up allows to abort installation, or to take the risk of installing an installed artifact and continue installation.</p>
<h2>Trust Dialog</h2>
<p>One of the main goal of signatures is to match a signer identity to an artifact, so that in order to trust an artifact,
a user can simply decide whether they trust the signer. It's usually an easier decision to take.</p>
<p>Sometimes, all artifacts have a signature but the identity of the signer is not know whether it can be trusted or not.
The strategy to decide whether a signer can be trusted or not is up to the user; different users can have different workflows to decide
whether to trust a signer or not.</p>
<p>In such case, the <em>Trust</em> dialog shows the list of certificates or PGP public keys along with extra information
to let user define whether those can be trusted (Is the key itself trust? If yes, do I trust the signer?...).</p>
<p>If all artifacts are signed by at least 1 trusted key or certificate, installation will continue; otherwise it's aborted.</p>
<h2>Trust Preference Page</h2>
<p><a class="command-link" href='javascript:executeCommand("org.eclipse.ui.window.preferences(preferencePageId=org.eclipse.equinox.internal.p2.ui.sdk.scheduler.AutomaticUpdatesPreferencePage)")'>
<img src="PLUGINS_ROOT/org.eclipse.help/command_link.svg" alt="command link"> <strong>Install/Update > Trust</strong></a> preference page
lists all the PGP public keys that are considered as already trusted and allows to add or remove some.</p>
<h3 class="related">Related tasks</h3>
<a href="../tasks/tasks-120.htm">Updating the installation</a><br>
<a href="../tasks/tasks-124.htm">Installing new software</a>
<h3 class="related">Related reference</h3>
<a href="ref-61.htm">Help Menu</a>
</BODY>
</HTML>