Trusting p2 installations

Installing artifacts is by nature a security risk as it will then allow the artifacts to execute potentially malicious code. To mitigate this risk, p2 does verify artifact signatures during installations and warns of any discrepancy.

Unsigned artifacts warning

If some artifacts have no digital signatures attached (using jarsigner or PGP signing technologies), the Unsigned artifacts dialog pops-up to warn that there is no signature for those artifacts.

An artifact without a signature can easily be tampered so that the artifact being installed contains different content as what's expected during installation. So artifacts without signatures are a security thread and installating them is a risky action, much care should be taken before approving such installation.

The pop-up allows to abort installation, or to take the risk of installing an installed artifact and continue installation.

Trust Dialog

One of the main goal of signatures is to match a signer identity to an artifact, so that in order to trust an artifact, a user can simply decide whether they trust the signer. It's usually an easier decision to take.

Sometimes, all artifacts have a signature but the identity of the signer is not know whether it can be trusted or not. The strategy to decide whether a signer can be trusted or not is up to the user; different users can have different workflows to decide whether to trust a signer or not.

In such case, the Trust dialog shows the list of certificates or PGP public keys along with extra information to let user define whether those can be trusted (Is the key itself trust? If yes, do I trust the signer?...).

If all artifacts are signed by at least 1 trusted key or certificate, installation will continue; otherwise it's aborted.

Trust Preference Page

command link Install/Update > Trust preference page lists all the PGP public keys that are considered as already trusted and allows to add or remove some.

Updating the installation
Installing new software Help Menu