You can just drop the public key you are signing with into a directory in the jenkins home and it should then be seen as a valid bundle...
On 10 January 2014 02:34, Jonathan Li <[email protected]> wrote: > Resurrecting this thread as I'm stuck in a similar situation of running > Jenkins in an environment without access to the internet. I'm using > https://github.com/jenkinsci/backend-update-center2 to generate and > retrieve the data for the update center, but validation of the json files > is causing a bit of a headache. A minor issue that I'll tackle later (and > am scripting around for now) is that the url's for the plugins are wrong > for my environment (the json blob that's created for each plugin > <https://github.com/jenkinsci/backend-update-center2/blob/master/src/main/java/org/jvnet/hudson/update_center/Main.java#L233> > is pointing at the default update site > http://updates.jenkins-ci.org/download/). > > It looks like the signatureCheck variable was removed as of 1.502 by this > commit > <https://github.com/jenkinsci/jenkins/commit/1ce132aafb242d9eccd737dfed07d51ce74508c0> > . > 1.501 > https://github.com/jenkinsci/jenkins/blob/jenkins-1.501/core/src/main/java/hudson/model/UpdateSite.java#L736 > 1.502 > https://github.com/jenkinsci/jenkins/blob/jenkins-1.502/core/src/main/java/hudson/model/UpdateSite.java > > The tests were updated to use the new updateDirectly() method and are able > to bypass signature validation of the update center json file, but it looks > like there's no longer an easy way to disable the validation when running > Jenkins "normally". Is there a recommended way to disable signature > validation? > > I realize the correct approach is to set up the trust chain, but I haven't > had a chance to look in detail at how it's built. At first glance, it > seems like it includes the certs distributed in the war > <https://github.com/jenkinsci/jenkins/blob/jenkins-1.546/core/src/main/java/jenkins/util/JSONSignatureValidator.java#L74> > and > any certs in the update-center-rootCAs directory under JENKINS_HOME > <https://github.com/jenkinsci/jenkins/blob/jenkins-1.546/core/src/main/java/jenkins/util/JSONSignatureValidator.java#L80> > . > > > On Thursday, August 8, 2013 8:04:16 AM UTC-7, Jan Seidel wrote: >> >> OK, i figured out that this is connected to the signature check which I >> want to get rid of anyways. >> As I learned was one nifty solution to add a file named *init.groovy* to >> JENKINS_HOME with the content: >> >> >> >> >> >> >> >> >> >> >> >> >> *try{ // disable verification of signature of JSON file from update >> center hudson.model.UpdateSite.signatureCheck = false; print "Disabled >> signature check for update site\n";}catch (MissingPropertyException e){ // >> ignore as is if no signature check flag is present, no signature check is >> done anyway print "No flag for signature check present\n";}* >> That worked at least until 1.509 but not anymore :( >> I'm trying to figure out if there is a new implementation which allows to >> turn of signature check via boolean value. But no luck so far. >> Well, I am no skilled programmer. >> >> Has someone eventually a hint? >> >> Cheers >> Jan >> > -- > You received this message because you are subscribed to the Google Groups > "Jenkins Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. > -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
