Uploaded image for project: 'Solr'
  1. Solr
  2. SOLR-14695

Support loading of unsigned jars

    XMLWordPrintableJSON

Details

    • New Feature
    • Status: Open
    • Major
    • Resolution: Unresolved
    • None
    • None
    • Package Manager, packages
    • None

    Description

      Solr distribution can keep a set of sha512 hashes of already trusted jars. This helps loading first party jars without signing.

      The file may look as follows and this is placed at <solr-home>/server/resources/artifacts.json

      {
  "file-sha512" : {
    "dih-8.6.1.jar" : "d01b51de67ae1680a84a813983b1de3b592fc32f1a22b662fc9057da5953abd1b72476388ba342cad21671cd0b805503c78ab9075ff2f3951fdf75fa16981420"
  }
}
      • if the sha512 of a certain file is trusted, it does not have to be signed with any keys.
      • There is no API to create or modify this. The Solr build scripts create this file at build time and add this to the distro

      see the document for more details

      Attachments

        Issue Links

          is a child of

          Improvement - An improvement or enhancement to an existing feature or task. SOLR-14688 First party package implementation design

          • Major - Major loss of function.
          • Open
          is related to

          Improvement - An improvement or enhancement to an existing feature or task. SOLR-14688 First party package implementation design

          • Major - Major loss of function.
          • Open

          Activity

            People

              noble.paul Noble Paul
              noble.paul Noble Paul
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated: