Using the Karaf shell, if someone updates a bundle using the bundle:update command, the command unzips the .jar file and manipulates the MANIFEST without questioning it.
BundleUtils.fixBundleWithUpdateLocation is responsible for this.
This is a severe issue when using JAR files with signature (JRE jarsigner) and signature checking. If a bundle is only allowed to start with a valid signature this will break it and the bundle won't activate again.
Update of the bundles was done using:
update <bundle name> file:/<location on file system>
The only workaround is to uninstall the bundle and install it again.
An option to tell update if it should update the MANIFEST or not would be a nice feature to have.
Maybe there is another CLI command to achieve this? Updating the bundle using the Karaf Webconsole doesn't have this issue at all.