Verifying artifact signature

Verifying artifact signature - Cloud

Talend Remote Engine User Guide for Linux

Version

Cloud

Language

English (United States)

EnrichDitaval

linux

Product

Talend Cloud

Module

Talend Remote Engine

Content

Design and Development

Installation and Upgrade

Talend Studio signs Jobs before they are deployed to Talend Cloud Management Console using Java Jar signing (https://docs.oracle.com/javase/8/docs/technotes/guides/jar/jar.html#Signed_JAR_File).

The META-INF folder of the zip file contains a .SF file with the SHA-256 digests of every file contained in the zip, as well as the digest of the manifest itself. The signing credentials are obtained from the Talend license file, and the signing key itself is bundled with Talend Studio. This signs the .SF file and outputs the signature into a .RSA file in META-INF. The signature algorithm used is RSA-SHA256. You can enable Job signature validation in Remote Engines.

Procedure

Do the following depending on the version of your engine:

If your engine is v2.12.0 and onwards, run this KARAF command:
```
feature:uninstall talend-job-server-signature-verifier-disabler
```
This command uninstalls the Karaf talend-job-server-signature-verifier-disabler feature to enable Job signature validation.
If you are using an older engine version, in the <RemoteEngineInstallationDirectory>/etc/org.talend.ipaas.rt.jobserver.client.cfg file, set the job.signature.verifying parameter to be true and save the file.