UpdateSites Manager plugin fails with Jenkins 1.596.1+

Tue, 12 May 2015 14:40:27 -0700 

Hello,

Since the Jenkins LTS 1.596.1 I'm having the following issue when using 
UpdateSites 
Manager 
<https://wiki.jenkins-ci.org/display/JENKINS/UpdateSites+Manager+plugin> 
plugin:

SEVERE: ERROR: Signature verification failed in update site 
&#039;biouno-update-center&#039; 
<a href='#' class='showDetails'>(show details)</a><pre 
style='display:none'>java.security.cert.CertPathValidatorException: Path 
does not chain with any of the trust anchors
      at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate
(PKIXCertPathValidator.java:208)
      at java.security.cert.CertPathValidator.validate(CertPathValidator.
java:279)
      at org.jvnet.hudson.crypto.CertificateUtil.validatePath(
CertificateUtil.java:93)
      at jenkins.util.JSONSignatureValidator.verifySignature(
JSONSignatureValidator.java:76)
      at hudson.model.UpdateSite.verifySignature(UpdateSite.java:227)
      at hudson.model.UpdateSite.updateData(UpdateSite.java:206)
      at hudson.model.UpdateSite.updateDirectlyNow(UpdateSite.java:178)
      at hudson.PluginManager.doCheckUpdatesServer(PluginManager.java:890)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
...

The core of this plugin is the ManagedUpdateSite.java 
<https://github.com/jenkinsci/update-sites-manager-plugin/blob/master/src/main/java/jp/ikedam/jenkins/plugins/updatesitesmanager/ManagedUpdateSite.java>,
 
that extends *hudson.model**.UpdateSite*.
Until the version 1.596, the (*@Override*) *doPostBack(...)* method of this 
class was getting properly invoked during a "check update" event (*Check 
Now* button). Under the hood (and few methods below...), it was generating 
a file from the CA Certificate provided via UI.
>From 1.596.1 and on, this method is no longer invoked. So, the only way to 
check the update from my custom update site is by manually placing the 
certificate file in the $JENKINS_ROOT/update-center-rootCAs/ folder.

The plugin itself did not change since 2013. There were some changes in the 
Jenkins core to handle these security things, but I was not yet able to 
understand how it affected the UpdateSites Manager...
My first question would be: is this a bug in the Jenkins core or the 
UpdateSites plugin should comply with the latest changes from the 1.596.1+?

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-users/84f60dc4-3f0b-4e90-a488-afe50054c9a9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to