Loading...

XML

Word

Printable

JSON

Type: Task
Resolution: Fixed
Priority: Major - P3
Fix Version/s: 8.3.0-rc0
Affects Version/s: None
Component/s: None
Labels:
None

Assigned Teams:

Query Integration
Backwards Compatibility:
Fully Compatible
CAR Domain/s:
None

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Name(s):
None
Goal Link:
None

Add the config flag 'extensions_signature_verification_secure' to bazel bazel/config/BUILD.bazel file. Make sure it is false be default (with 'build_setting_default = False'). Create an alias for the flag like all others. Set the flag to true in the public-release config.

Then add a preprocessor macro called 'MONGO_CONFIG_EXT_SIG_SECURE' in the src/mongo/BUILD.bazel file. To do this well need to make a config_setting in bazel/config/BUILD.bazel called 'extensions_signature_verification_secure_enabled' which should be true if release is true OR 'extensions_signature_verification_secure' is true. Im not exactly sure how to implement the OR condition, but I assume it must be possible.

is depended on by

SERVER-115283 Update package release verifier to ensure extensions sig insecure mode never active in for release builds

Open

SERVER-115288 Add extensions gpg key to ring in secure mode

Open

SERVER-115282 Add --extensionsSignaturePubKeyPath server flag

In Code Review

Assignee:: Joe Shalabi
Reporter:: Joe Shalabi
Participants:: Githook User, Joe Shalabi
Votes:: 0 Vote for this issue
Watchers:: 2 Start watching this issue

Created:: Dec 11 2025 04:52:19 AM UTC
Updated:: Dec 19 2025 11:29:48 AM UTC
Resolved:: Dec 18 2025 10:24:09 PM UTC

Details

Description

Attachments

Issue Links

Activity

People

Dates