Uploaded image for project: 'Solr'
  1. Solr
  2. SOLR-14158

package manager to read keys from packagestore and not ZK

Attach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Blocker
    • Resolution: Fixed
    • 8.4
    • 8.4.1
    • packages

    Description

      The security of the package system relies on securing ZK. It's much easier for users to secure the file system than securing ZK.

      We provide an option to read public keys from file store. 

      This will

      • Have a special directory called trusted . Direct writes are forbidden to that directory over http
      • The CLI directly writes to the keys to <SOLR_HOME>/filestore/trusted/keys/ directory. Other nodes are asked to fetch the public key files from that node
      • Package artifacts will continue to be uploaded over http

      Attachments

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            noble.paul Noble Paul
            noble.paul Noble Paul
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0h
                0h
                Logged:
                Time Spent - 1h
                1h

                Issue deployment