...
Code Block |
---|
GET
<base>/<cdap-version>/categories.json
<base>/<cdap-version>/packages.json
<base>/<cdap-version>/packages/<package-name>/<version>/icon.jpg
<base>/<cdap-version>/packages/<package-name>/<version>/license.txt
<base>/<cdap-version>/packages/<package-name>/<version>/spec.json
<base>/<cdap-version>/packages/<package-name>/<version>/spec.json.asc
<base>/<cdap-version>/packages/<package-name>/<version>/archive.zip
<base>/<cdap-version>/packages/<package-name>/<version>/archive.zip.asc |
...
Code Block |
---|
GET /<cdap-version>/packages/<package-name>/<version>/icon.jpg ex: GET /4.0.0/packages/PurchaseExample/4.0.0/icon.jpg [ icon bytes ] |
...
Get Package License
Code Block |
---|
GET /<cdap-version>/packages/<package-name>/<version>/license.txt
ex: GET /4.0.0/packages/PurchaseExample/4.0.0/license.txt
Copyright © 2014-2016 Cask Data, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
... |
Security
Since people will be able to download code from the marketplace, it is especially important that there is protection against malicious code. We can make use of PGP in order to sign both the package archive and the package spec that are downloadable from the marketplace. The Market UI will have to be configured to use a GPG key (for the public CDAP marketplace, we could re-use the GPG key used for CDAP rpms and debians or create another one). It can then use that public key along with the signature APIs to verify that the spec and archive were signed by the owner of the package.
...