-trustSignedContentOnly | -tsco

Whether to trust each artifact only if it is jar-signed or PGP-signed.

-trustedAuthorities | -ta <comma separated list>

The authorities from which repository content, including repository metadata, is trusted. An empty value will reject all remote connections.

-trustedPGPKeys | -tk <comma separated list>

The fingerprints of PGP keys to trust as signers of artifacts. An empty value will reject all PGP keys.

-trustedCertificates | -tc <comma separated list>

The SHA-256 'fingerprints' of unanchored certificates to trust as signers of artifacts. An empty value will reject all unanchored certificates.

-verboseTrust | -vt

Whether to print detailed information about the content trust.

Plug-in developers are encouraged to migrate their E4 application model element classes to use for example jakarta.inject.Inject instead of javax.inject.Inject or jakarta.annotation.PostConstruct instead of javax.annotation.PostConstruct. At the moment annotations from both namespaces jakarta and javax are supported.

The support for annotations from the javax.inject and javax.annotation package is now deprecated and will be removed in a future release, after a deprecation period of at least two years. If it necessary to make a Plug-in compatible with past versions (that don't support jakarta annotations), recent and future versions (that don't support javax annotations) of the E4-Injector, it can be considered to apply the annotations from both namespaces simultaneously and to import the packages from both namespaces only optionally. But this strategy does not work for usages of the javax/jakarta.inject.Provider and should generally be used with caution and be verified in detail for more complex setups.

The Eclipse SDK itself already has been migrated off these annotations from the javax namespace to the jakarta replacements and therefore does not pull the former into a target-platform anymore. If your application still needs these javax annotations you potentially have to add them explicitly to your target using entries like:

  <unit id="jakarta.inject.jakarta.inject-api" version="1.0.5"/>
  <unit id="jakarta.annotation-api" version="1.3.5"/>
      

Counterintuitively the javax annotations are provided by a bundle with the same symbolic name as their jakarta successor but with a 1.x version, while the jakarta successors have a 2.x version. It is therefore necessary to specify the version explicitly since those bundles are not required in their latest version.

The ECF backend used by p2 has switched to a new JDK-based provider by default. This provider is implemented using the JDK's built-in java.net.http.HttpClient, significantly reducing the number of third-party library dependencies.

To ease the transition, Eclipse ships both the newer JDK-based backend as well as older the Apache-based backend. The JDK-based backend takes precedence. If you encounter networking issues when installing or updating, particularly with regard to network access via a proxy, please proceed as follows:

1. Collect as much data as possible, e.g. is a proxy being used, are the sites being contacted password protected, what is your operating system, what is your JDK version, what configuration details about your network makes it unique?
2. Open an issue here with a description of the problem along with all the relevant details.
3. Consider providing a test-case for p2 to ensure that your use-case is covered now and forever into the future.
4. Configure your eclipse.ini to add the following JVM option to disable the JDK-based backend:
   -Dorg.eclipse.ecf.provider.filetransfer.excludeContributors=org.eclipse.ecf.provider.filetransfer.httpclientjava