Uploaded image for project: 'Solr'
  1. Solr
  2. SOLR-14695

Support loading of unsigned jars

    XMLWordPrintableJSON

    Details

    • Type: New Feature
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: Package Manager, packages
    • Labels:
      None

      Description

      Solr distribution can keep a set of sha512 hashes of already trusted jars. This helps loading first party jars without signing.

      The file may look as follows and this is placed at <solr-home>/server/resources/artifacts.json

      {
        "file-sha512" : {
          "dih-8.6.1.jar" : "d01b51de67ae1680a84a813983b1de3b592fc32f1a22b662fc9057da5953abd1b72476388ba342cad21671cd0b805503c78ab9075ff2f3951fdf75fa16981420"
        }
      }
      
      • if the sha512 of a certain file is trusted, it does not have to be signed with any keys.
      • There is no API to create or modify this. The Solr build scripts create this file at build time and add this to the distro

      see the document for more details

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                noble.paul Noble Paul
                Reporter:
                noble.paul Noble Paul
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated: