Installation of Eclipse plugin

Jars could not be verified while installed from binaries:

  • Eclipse 4.11 with Java11
  • SonarLint for eclipse binaries
  • Versions tried:
    • 5.5.x
    • 5.4.x
    • 5.2.x
    • 4.3.0
    • 4.1.0
  • steps to reproduce
    • download zip file
    • in Eclipse → Install new software → Add → Archive → point to zip file
    • select all and proceed with next
  • at later stage the warning message will be displayed: You are installing software that contains unsigned content. The authenticity or validity of this software cannot be established.
  • no workaround, besides accepting

Same issue does not occur while installed via Marketplace, but behind proxy does not work due to not trusted CA.

Hello, welcome to the community! And thank you for your report.

According to my recent test using the latest 5.5.2 zipped update site, this can happen if you install the “SonarLint for Eclipse Source Code” feature (second item below), which is not signed.

Only the “SonarLint for Eclipse” feature (first item) is needed for end users, and as far as I can tell it sports a valid signature.

1 Like

Hi,

I think it would make sense to sign the source feature as well. Especially if it could avoid confusion like this. I created a ticket:

1 Like