[jira] [Commented] (SOLR-14695) Support loading of unsigned jars

[Jira]

    [ 
https://issues.apache.org/jira/browse/SOLR-14695?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17168273#comment-17168273
 ] 

Jan Høydahl commented on SOLR-14695:
------------------------------------

For fat-solr, users would have validated the PGP signature of the fat tgz and 
can thus trust all its content. SHA alone is normally only recommended to check 
that the download succeeded, not to assert you got the authentic bits.

I'm worried that we keep adding required files to {{SOLR_HOME}} here. We're 
trying to get rid of the requirement for solr.xml and zoo.cfg, so users can 
start Solr with a completely empty {{SOLR_HOME}}. Could we consider putting the 
pre-generated {{trusted_artifacts.json}} in {{WEB-INF/classes}} and read it 
from classpath instead? You could still look for this file in 
{{<solr-home>/filestore/}} but please do not require the user to put the file 
there after install before she can start installing the bundled packages.

> Support loading of unsigned jars
> --------------------------------
>
>                 Key: SOLR-14695
>                 URL: https://issues.apache.org/jira/browse/SOLR-14695
>             Project: Solr
>          Issue Type: New Feature
>      Security Level: Public(Default Security Level. Issues are Public) 
>          Components: Package Manager, packages
>            Reporter: Noble Paul
>            Assignee: Noble Paul
>            Priority: Major
>
> Solr distribution can keep a set of sha512 hashes of already trusted jars. 
> This helps loading first party jars without signing.
> The file may look as follows and this is placed at 
> {{<solr-home>/filestore/\_trusted_/artifacts.json}}
> {code:json}
> {
>   "file-sha512" : {
>     "dih-8.6.1.jar" : 
> "d01b51de67ae1680a84a813983b1de3b592fc32f1a22b662fc9057da5953abd1b72476388ba342cad21671cd0b805503c78ab9075ff2f3951fdf75fa16981420"
>   }
> }
> {code}
>  * if the sha512 of a certain file is trusted, it does not have to be signed 
> with any keys.
>  * There is no API to create or modify this. The Solr build scripts create 
> this file at build time and add this to the distro
> see the 
> [document|https://docs.google.com/document/d/1n7gB2JAdZhlJKFrCd4Txcw4HDkdk7hlULyAZBS-wXrE/edit#]
>  for more details



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org
For additional commands, e-mail: issues-h...@lucene.apache.org