Noble Paul created SOLR-14695:
---------------------------------
Summary: Support loading of unsigned jars
Key: SOLR-14695
URL: https://issues.apache.org/jira/browse/SOLR-14695
Project: Solr
Issue Type: New Feature
Security Level: Public (Default Security Level. Issues are Public)
Components: Package Manager, packages
Reporter: Noble Paul
Assignee: Noble Paul
Solr distribution can keep a set of sha512 hashes of already trusted jars. This
helps loading first party jars without signing.
The file may look as follows and this is placed at
{{<solr-home>/filestore/\_trusted_/artifacts.json}}
{code:json}
{
"file-sha512" : {
"dih-8.6.1.jar" :
"d01b51de67ae1680a84a813983b1de3b592fc32f1a22b662fc9057da5953abd1b72476388ba342cad21671cd0b805503c78ab9075ff2f3951fdf75fa16981420"
}
}
{code}
* if the sha512 of a certain file is trusted, it does not have to be signed
with any keys.
* There is no API to create or modify this. The Solr build scripts create this
file at build time and add this to the distro
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org
For additional commands, e-mail: issues-h...@lucene.apache.org
