Verifying artifact signature - Cloud

Talend Remote Engine User Guide for Linux

Version
Cloud
Language
English (United States)
EnrichDitaval
linux
Product
Talend Cloud
Module
Talend Remote Engine
Content
Design and Development
Installation and Upgrade
Talend Studio signs Jobs before they are deployed to Talend Cloud Management Console using Java Jar signing (https://docs.oracle.com/javase/8/docs/technotes/guides/jar/jar.html#Signed_JAR_File).

The META-INF folder of the zip file contains a .SF file with the SHA-256 digests of every file contained in the zip, as well as the digest of the manifest itself. The signing credentials are obtained from the Talend license file, and the signing key itself is bundled with Talend Studio. This signs the .SF file and outputs the signature into a .RSA file in META-INF. The signature algorithm used is RSA-SHA256. You can enable Job signature validation in Remote Engines.

Procedure

Do the following depending on the version of your engine:
  • If your engine is v2.12.0 and onwards, run this KARAF command:
    feature:uninstall talend-job-server-signature-verifier-disabler

    This command uninstalls the Karaf talend-job-server-signature-verifier-disabler feature to enable Job signature validation.

  • If you are using an older engine version, in the <RemoteEngineInstallationDirectory>/etc/org.talend.ipaas.rt.jobserver.client.cfg file, set the job.signature.verifying parameter to be true and save the file.