Resurrecting this thread as I'm stuck in a similar situation of running Jenkins in an environment without access to the internet. I'm using https://github.com/jenkinsci/backend-update-center2 to generate and retrieve the data for the update center, but validation of the json files is causing a bit of a headache. A minor issue that I'll tackle later (and am scripting around for now) is that the url's for the plugins are wrong for my environment (the json blob that's created for each plugin<https://github.com/jenkinsci/backend-update-center2/blob/master/src/main/java/org/jvnet/hudson/update_center/Main.java#L233>is pointing at the default update site http://updates.jenkins-ci.org/download/).
It looks like the signatureCheck variable was removed as of 1.502 by this commit<https://github.com/jenkinsci/jenkins/commit/1ce132aafb242d9eccd737dfed07d51ce74508c0> . 1.501 https://github.com/jenkinsci/jenkins/blob/jenkins-1.501/core/src/main/java/hudson/model/UpdateSite.java#L736 1.502 https://github.com/jenkinsci/jenkins/blob/jenkins-1.502/core/src/main/java/hudson/model/UpdateSite.java The tests were updated to use the new updateDirectly() method and are able to bypass signature validation of the update center json file, but it looks like there's no longer an easy way to disable the validation when running Jenkins "normally". Is there a recommended way to disable signature validation? I realize the correct approach is to set up the trust chain, but I haven't had a chance to look in detail at how it's built. At first glance, it seems like it includes the certs distributed in the war<https://github.com/jenkinsci/jenkins/blob/jenkins-1.546/core/src/main/java/jenkins/util/JSONSignatureValidator.java#L74> and any certs in the update-center-rootCAs directory under JENKINS_HOME<https://github.com/jenkinsci/jenkins/blob/jenkins-1.546/core/src/main/java/jenkins/util/JSONSignatureValidator.java#L80> . On Thursday, August 8, 2013 8:04:16 AM UTC-7, Jan Seidel wrote: > > OK, i figured out that this is connected to the signature check which I > want to get rid of anyways. > As I learned was one nifty solution to add a file named *init.groovy* to > JENKINS_HOME with the content: > > > > > > > > > > > > > *try{ // disable verification of signature of JSON file from update > center hudson.model.UpdateSite.signatureCheck = false; print "Disabled > signature check for update site\n";}catch (MissingPropertyException e){ // > ignore as is if no signature check flag is present, no signature check is > done anyway print "No flag for signature check present\n";}* > That worked at least until 1.509 but not anymore :( > I'm trying to figure out if there is a new implementation which allows to > turn of signature check via boolean value. But no luck so far. > Well, I am no skilled programmer. > > Has someone eventually a hint? > > Cheers > Jan > -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
