You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@lucene.apache.org by "Noble Paul (Jira)" <ji...@apache.org> on 2020/08/18 13:40:00 UTC
[jira] [Updated] (SOLR-14695) Support loading of unsigned jars
[ https://issues.apache.org/jira/browse/SOLR-14695?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Noble Paul updated SOLR-14695:
------------------------------
Description:
Solr distribution can keep a set of sha512 hashes of already trusted jars. This helps loading first party jars without signing.
The file may look as follows and this is placed at {{<solr-home>/server/resources/artifacts.json}}
{code:json}
{
"file-sha512" : {
"dih-8.6.1.jar" : "d01b51de67ae1680a84a813983b1de3b592fc32f1a22b662fc9057da5953abd1b72476388ba342cad21671cd0b805503c78ab9075ff2f3951fdf75fa16981420"
}
}
{code}
* if the sha512 of a certain file is trusted, it does not have to be signed with any keys.
* There is no API to create or modify this. The Solr build scripts create this file at build time and add this to the distro
see the [document|https://docs.google.com/document/d/1n7gB2JAdZhlJKFrCd4Txcw4HDkdk7hlULyAZBS-wXrE/edit#] for more details
was:
Solr distribution can keep a set of sha512 hashes of already trusted jars. This helps loading first party jars without signing.
The file may look as follows and this is placed at {{<solr-home>/filestore/\_trusted_/artifacts.json}}
{code:json}
{
"file-sha512" : {
"dih-8.6.1.jar" : "d01b51de67ae1680a84a813983b1de3b592fc32f1a22b662fc9057da5953abd1b72476388ba342cad21671cd0b805503c78ab9075ff2f3951fdf75fa16981420"
}
}
{code}
* if the sha512 of a certain file is trusted, it does not have to be signed with any keys.
* There is no API to create or modify this. The Solr build scripts create this file at build time and add this to the distro
see the [document|https://docs.google.com/document/d/1n7gB2JAdZhlJKFrCd4Txcw4HDkdk7hlULyAZBS-wXrE/edit#] for more details
> Support loading of unsigned jars
> --------------------------------
>
> Key: SOLR-14695
> URL: https://issues.apache.org/jira/browse/SOLR-14695
> Project: Solr
> Issue Type: New Feature
> Security Level: Public(Default Security Level. Issues are Public)
> Components: Package Manager, packages
> Reporter: Noble Paul
> Assignee: Noble Paul
> Priority: Major
>
> Solr distribution can keep a set of sha512 hashes of already trusted jars. This helps loading first party jars without signing.
> The file may look as follows and this is placed at {{<solr-home>/server/resources/artifacts.json}}
> {code:json}
> {
> "file-sha512" : {
> "dih-8.6.1.jar" : "d01b51de67ae1680a84a813983b1de3b592fc32f1a22b662fc9057da5953abd1b72476388ba342cad21671cd0b805503c78ab9075ff2f3951fdf75fa16981420"
> }
> }
> {code}
> * if the sha512 of a certain file is trusted, it does not have to be signed with any keys.
> * There is no API to create or modify this. The Solr build scripts create this file at build time and add this to the distro
> see the [document|https://docs.google.com/document/d/1n7gB2JAdZhlJKFrCd4Txcw4HDkdk7hlULyAZBS-wXrE/edit#] for more details
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@lucene.apache.org
For additional commands, e-mail: issues-help@lucene.apache.org