Talend Studio
signs Jobs before they are deployed to Talend Cloud Management Console using Java
Jar signing (https://docs.oracle.com/javase/8/docs/technotes/guides/jar/jar.html#Signed_JAR_File).
The META-INF
folder of the zip file contains a .SF
file with the SHA-256 digests of every file contained in the zip, as well as the digest of
the manifest itself. The signing credentials are obtained from the Talend license
file, and the signing key itself is bundled with Talend Studio. This
signs the .SF
file and outputs the signature into a .RSA
file in META-INF
. The signature algorithm used is RSA-SHA256. You can
enable Job signature validation in Remote Engines.
Procedure
Do the following depending on the version of your engine:
- If your engine is v2.12.0 and onwards, run this KARAF
command:
feature:uninstall talend-job-server-signature-verifier-disabler
This command uninstalls the Karaf talend-job-server-signature-verifier-disabler feature to enable Job signature validation.
- If you are using an older engine version, in the <RemoteEngineInstallationDirectory>/etc/org.talend.ipaas.rt.jobserver.client.cfg file, set the job.signature.verifying parameter to be true and save the file.