the “code-signing” feature is a nice security additon, however it causes a few issues, if you are customizing your instance to fit your own environment.
this starts with the .htaccess file, which probably in most instances needs a few additional settings. Therefore this file will show up in the list of “invalid files”. also if you remove the default “skeleton” files and replace them with your own, that will create such warnings.
As said before, I like the feature, but there should be a possibility to “update” the signatures of files once the individual deployment is finished - in this case, only those files would trigger a warning, that are not “intentionally changed by the site administrator”.
Of course I tried to update the signatures of in “signature.json”, however this understandably triggers a
- Signature could not get verified."
and stops the whole verification.
Any ideas, how this feature could be made “adaptable to the individual implementation”?
Do simply perform the .htaccess edits after #### DO NOT CHANGE ANYTHING ABOVE THIS LINE ####, which is generated if the .htaccess is writable by your web server on an update. (or even better: use your web server config)
Don’t modify the skeleton files directly, read the documentation for the config file. You’ll find skeletondirectory
That is not possible because the signature is a cryptographic one done with a key only our release server has access to. Also it has the purpose to make it possible for us to see if an user has tampered with a system and is filing a bug report. You can completely disable it though by setting integrity.check.disabled to true in config.php.
However, any issue that you file them we may simply refuse to look into as they may be caused by custom additions which are unsupported
as per “.htaccess”) I did not notice this - but it works as expected. thanks for pointing this out to me
as per “skeleton”) I did not notice this - but it works as expected. thanks for pointing this out to me
however, I still get a few warnings for other files. I tried to “reupload” them two or three times, which helped with a few of the messages, but not all…