search

jenkinsci / juseppe

Jenkins Update Site Embedded for Plugin Publishing Easily
https://hub.docker.com/r/lanwen/juseppe/
Apache License 2.0
56 stars 20 forks source link

Add functions to generate update center certificates #23

Open oleg-nenashev opened 8 years ago

oleg-nenashev commented 8 years ago

In order to operate correctly, Jenkins update sites need to specify private/public keys and X509 certificates. These certificates should be placed into the root of Update site.

It would be great if Juseppe could generate at least self-signed certificates for such purpose.

lanwen commented 8 years ago

Think openssl shell command is enough, isn't it? Or u can simply disable sign check for bundled update site. What for it needed in this case?

oleg-nenashev commented 8 years ago

1) Signature checks cannot be easily disabled in the current core version 2) But it's quire easy to programmatically add a TrustAnchor 3) A valid certificate + TrustAnchor based on the filepath make the update site to work transparently

So I think it may be a useful addition to the library. Generation of these files by default - TBD

lanwen commented 8 years ago
  1. https://github.com/jenkinsci/update-sites-manager-plugin/pull/2
  2. Custom sign validator: https://github.com/jenkinsci/update-sites-manager-plugin/blob/master/src/main/java/jp/ikedam/jenkins/plugins/updatesitesmanager/internal/ExtendedCertJsonSignValidator.java

its already done.