Solved: Re: set plugin Legal owner

yatigammanabnd · ‎09-27-2018

We have been developing our own plugin (and a package) for vRO via a maven Archetype.

But it has suddenly come to my attention that when I view the package through the vRO app, it states the "Legal owner" as "vCO Plug-in SDK Archetype"

How can I set this manually to not say that?

I've tried editing the "dunes-meta-inf.xml" in the plugin folder: ...-package/src/main/resources/META-INF/dunes-meta-inf.xml

but that made no difference

yatigammanabnd · ‎09-27-2018

ah, I get the feeling the solution might be in here:

Maven-Based Plug-In Development Best Practices : "Using a Package-Signing Certificate"

create a certificate to use and point the -package/pom to where the certificate is

View solution in original post

yatigammanabnd · ‎09-27-2018

ah, I get the feeling the solution might be in here:

Maven-Based Plug-In Development Best Practices : "Using a Package-Signing Certificate"

create a certificate to use and point the -package/pom to where the certificate is

iiliev · ‎09-27-2018

Also, if you deliver your plug-in as VMOAPP file, you can embed an EULA (end user license agreement) that the users of your plug-in will have to review and accept before being able to install the plug-in via vRO Control Center UI.

yatigammanabnd · ‎10-03-2018

A quick question,

so I now know that by setting a package-signing certificate (as explained Maven-Based Plug-In Development Best Practices : "Using a Package-Signing Certificate")

it will set the "Legal owner" to whatever the certificate states it should be.

But what I'd like to know is what else does using a package-signing certificate do? (either from the user's point of view -> can the see anything else signed?, or behind the scenes -> any other plugin alterations that don't appear to the user)

iiliev · ‎10-04-2018

Hmm, I don't think there is something other than content signing. Do you have some specific concern(s) in mind?

yatigammanabnd · ‎10-04-2018

no concerns, just curious if there is anywhere else I can see the fact it has been content signed (other than as the "Legal owner" of the package part of my vmoapp plugin)?

I guess I could also phrase it as: is it the vRO package (within the plugin) that is signed, or the whole plugin itself (or anything else when I build a vmoapp plugin)? -> and if it is more than the package, where can I see it has been signed too?

iiliev · ‎10-04-2018

It is the content of the package (workflows/actions/etc.) that is signed, not the whole plug-in.

yatigammanabnd · ‎04-30-2020

iiliev, I thought I'd add to this old post, and ask:

* is the plugin legal owner still visible via the HTML5 UI? (I'm looking in vRO 7.6, but cannot see it)

* and does the package signing still achieve anything when using the HTML5 UI? (before you stated

It is the content of the package (workflows/actions/etc.) that is signed, not the whole plug-in.

- and I notice that in 7.6 of vRO which has both Java and HTML5 UIs, that while I cannot see anything signed in HTML5, the JAVA UI still does show our plugin as signed)

Edit:

So after more looking around, I think I again might have answered my question, for HTML5, is it that one can see the certificate through the control-center:
/vco-controlcenter/config/login.html#/control-app/certificates -> "Publisher Trusted Certificates"?
(as that is where I have finally found our certificate details that come with the plugin)

All

set plugin Legal owner