should say "into a magic directory in the jenkins home" and not "into a directory in the jenkins home"
On 16 June 2014 11:57, Stephen Connolly <[email protected]> wrote: > You can just drop the public key you are signing with into a directory in > the jenkins home and it should then be seen as a valid bundle... > > > On 10 January 2014 02:34, Jonathan Li <[email protected]> wrote: > >> Resurrecting this thread as I'm stuck in a similar situation of running >> Jenkins in an environment without access to the internet. I'm using >> https://github.com/jenkinsci/backend-update-center2 to generate and >> retrieve the data for the update center, but validation of the json files >> is causing a bit of a headache. A minor issue that I'll tackle later (and >> am scripting around for now) is that the url's for the plugins are wrong >> for my environment (the json blob that's created for each plugin >> <https://github.com/jenkinsci/backend-update-center2/blob/master/src/main/java/org/jvnet/hudson/update_center/Main.java#L233> >> is pointing at the default update site >> http://updates.jenkins-ci.org/download/). >> >> It looks like the signatureCheck variable was removed as of 1.502 by this >> commit >> <https://github.com/jenkinsci/jenkins/commit/1ce132aafb242d9eccd737dfed07d51ce74508c0> >> . >> 1.501 >> https://github.com/jenkinsci/jenkins/blob/jenkins-1.501/core/src/main/java/hudson/model/UpdateSite.java#L736 >> 1.502 >> https://github.com/jenkinsci/jenkins/blob/jenkins-1.502/core/src/main/java/hudson/model/UpdateSite.java >> >> The tests were updated to use the new updateDirectly() method and are >> able to bypass signature validation of the update center json file, but it >> looks like there's no longer an easy way to disable the validation when >> running Jenkins "normally". Is there a recommended way to disable >> signature validation? >> >> I realize the correct approach is to set up the trust chain, but I >> haven't had a chance to look in detail at how it's built. At first glance, >> it seems like it includes the certs distributed in the war >> <https://github.com/jenkinsci/jenkins/blob/jenkins-1.546/core/src/main/java/jenkins/util/JSONSignatureValidator.java#L74> >> and >> any certs in the update-center-rootCAs directory under JENKINS_HOME >> <https://github.com/jenkinsci/jenkins/blob/jenkins-1.546/core/src/main/java/jenkins/util/JSONSignatureValidator.java#L80> >> . >> >> >> On Thursday, August 8, 2013 8:04:16 AM UTC-7, Jan Seidel wrote: >>> >>> OK, i figured out that this is connected to the signature check which I >>> want to get rid of anyways. >>> As I learned was one nifty solution to add a file named *init.groovy* >>> to JENKINS_HOME with the content: >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> *try{ // disable verification of signature of JSON file from update >>> center hudson.model.UpdateSite.signatureCheck = false; print "Disabled >>> signature check for update site\n";}catch (MissingPropertyException e){ // >>> ignore as is if no signature check flag is present, no signature check is >>> done anyway print "No flag for signature check present\n"; }* >>> That worked at least until 1.509 but not anymore :( >>> I'm trying to figure out if there is a new implementation which allows >>> to turn of signature check via boolean value. But no luck so far. >>> Well, I am no skilled programmer. >>> >>> Has someone eventually a hint? >>> >>> Cheers >>> Jan >>> >> -- >> You received this message because you are subscribed to the Google Groups >> "Jenkins Users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> For more options, visit https://groups.google.com/groups/opt_out. >> > > -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
