[jira] [Commented] (SOLR-13534) Dynamic loading of jars from a url

Tue, 11 Jun 2019 15:31:27 -0700 


    [ 
https://issues.apache.org/jira/browse/SOLR-13534?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16861563#comment-16861563
 ] 

Alexandre Rafalovitch commented on SOLR-13534:
----------------------------------------------

I feel sha512 is good for verification, but it still opens up an attack vector 
of whatever downloads the archive before the actual verification step.

Also, perhaps there should be a INFO log message or similar if this is enabled. 

And I am guessing if the local copies of the jar are missing, it (they) will 
all be loaded from the remote location on startup. Is there an issue with 
multiple entries hitting the same URL?

> Dynamic loading of jars from a url
> ----------------------------------
>
>                 Key: SOLR-13534
>                 URL: https://issues.apache.org/jira/browse/SOLR-13534
>             Project: Solr
>          Issue Type: Improvement
>            Reporter: Noble Paul
>            Priority: Major
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> Dynamic loading is possible from {{.system}} collection. It's much easier to 
> host the jars on a remote service and load it from there. This way the user 
> should have no problem in loading jars when the {{.system}} collection is not 
> available for some reason.
> The steps should look as follows
>  # get the hash of your jar file.  {{openssl dgst -sha512 <jar>}}
>  # upload it your hosting service . say the location is 
> {{[http://host:port/my-jar/location|http://hostport/]}}
>  # create a runtime lib entry for the collection as follows
> {code:java}
> curl http://localhost:8983/solr/techproducts/config -H 
> 'Content-type:application/json' -d '{
>    "add-runtimelib": { "name":"jarblobname", 
> "sha512":"e94bb3990b39aacdabaa3eef7ca6102d96fa46766048da50269f25fd41164440a4e024d7a7fb0d5ec328cd8322bb65f5ba7886e076a8f224f78cb310fd45896d"
>  , "url" : "http://host:port/my-jar/loaction"}
> }'
> {code}
> to update the jar, just repeat the steps and use the {{update-runtimelib}} to 
> update the sha512 hash



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org

Reply via email to