[
https://issues.apache.org/jira/browse/SOLR-14688?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17306659#comment-17306659
]
Noble Paul commented on SOLR-14688:
-----------------------------------
We expect the whole system to be a single artifact
How I expect it to work.
You make your packaged Solr with the jars and the hash of the jars included in
the package.
/solr/
/trusted_artifacts.txt (location of this file TBD)
/userfiles/
/jar1.jar (this can be anywhere under the userfiles)
/jar2.jar
package manager should read and keep a copy of trusted_artifacts.txt in memory
(if it is present). When a jar is to be loaded and it has no corresponding
metadata, it checks if the hash of the jar is present in trusted_artifacts.txt.
if yes, it totally bypasses verifying the jar using public key stored in ZK
> First party package implementation design
> -----------------------------------------
>
> Key: SOLR-14688
> URL: https://issues.apache.org/jira/browse/SOLR-14688
> Project: Solr
> Issue Type: Improvement
> Reporter: Noble Paul
> Priority: Major
> Labels: package, packagemanager
>
> Here's the design document for first party packages:
> https://docs.google.com/document/d/1n7gB2JAdZhlJKFrCd4Txcw4HDkdk7hlULyAZBS-wXrE/edit?usp=sharing
> Put differently, this is about package-ifying our "contribs".
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
