Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
Qlik Introduces a New Era of Visualization! READ ALL ABOUT IT
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
CCaprano1678813540
Contributor
Contributor
‎2023-03-14 01:13 PM

Digital Signature changes in .item files on each job change within Talend Studio

Hello,

we are actively using Talend Studio to develop our ETL jobs. Talend Studio is being connected to our git repository. Each time we change a job, the signature and password hashes (?) are changed and we have a git diff. This is super confusing when doing a code review because we have so much noice. Is there a way to omit changes within the signatures when changing jobs within a team?

I just found the following statements:

```sh

​From Talend 7.0 onward, a digital signature is added to each project item when it is saved in Talend Studio. When importing a project or project items, Talend Studio validates the signatures and rejects items with an invalid signature. This is a security measure to prevent accidental or malicious modification of project items

```​

But there is no way to omit changes of the digital signature on each saving process. Is this possible by chance?

Best, Christoph

Labels (2)
Labels
221 Views
0 Likes
2 Replies
Afoster1677824530
Contributor III
Contributor III
‎2023-03-17 01:39 AM

Hello,

Please to see your issue I have a suggestion for you hope so it will helps

Unfortunately, it is not possible to omit changes to the digital signature on each saving process in Talend Studio. The digital signature is a security feature that ensures the integrity of project items and prevents accidental or malicious modification.

 

However, you can reduce the noise during code review by using git's "ignore" feature to ignore changes to the signature files. This will prevent the signature files from showing up in the git diff and reduce the amount of noise during code review.

 Dinar Chronicles Intel Blog

To ignore changes to the signature files, you can create a .gitignore file in your repository and add the following line to it:

 

Copy code

*.item.signature

This will ignore any changes to files with the ".item.signature" extension. You can also use wildcards to ignore changes to other signature files, if necessary.

 

Note that ignoring changes to the signature files may make it harder to detect accidental or malicious modifications to project items. You should use this approach with caution and make sure that you have other security measures in place to protect your project items.

221 Views
0 Likes
CCaprano1678813540
Contributor
Contributor
‎2023-04-30 02:22 AM
Author

Hi @Alderman foster​ ,

thank you for your reply! Unfortunately, we don't have .item.signature files but only .item files. We have at the end of each .item file an XML item called "<Signature></Signature>". Meaning that the .gitignore approach unfortunately does not work.

 

Even on each position change (e.g. from an tLog component), I get three git changes that does not relate to my feature (see attachments). When I have more components in my job, these changes scale linearly. Our developers don't want to use therefore multiple branches as they risk too many merge conflicts. However, when they don't use feature branches, we can't do a proper CI/CD workflow in the background with our jobs.

 

Is there a way to handle this issue? Example would be moving the signature code to separated files (as you said .item.signature) and also moving out the password elements from the .item files as they also seem to change when the signature changes.

 

Thank you! 🙂

 

0695b00000fLW3rAAG.png0695b00000fLW3wAAG.png 

0695b00000fLW3mAAG.png

221 Views
0 Likes