Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-25153

Update ssh-slaves and ssh-credentials plugins in war file

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Minor
    • Resolution: Duplicate
    • Component/s: core
    • Labels:
      None
    • Environment:
      Docker
    • Similar Issues:

      Description

      I am trying to setup a Dockerfile for our Jenkins server. Here is my dockerfile: https://github.com/mtscout6/jenkins-docker/blob/master/jenkins-server/Dockerfile

      The problem I have is that the latest Docker plugin relies on ssh-slaves 1.8 and ssh-credentials 1.9. The jenkins war file is currently housing ssh-slaves 1.7 and ssh-credentials 1.8, when I tried adding those plugins to the war file they are replaced, but now I get a SHA-256 digest error. I'm sure this is because the checksum is now invalid as found in the META-INF/MANIFEST.MF file.

      I tried using the jar -uf command to update those plugins, also to no avail. What do I need to do to update these plugins so my docker container is ready to run right out of the gate?

      Here is the docker log output when running the docker container for the image defined by the above docker file: https://gist.github.com/mtscout6/a31298e1dcc5acf5863c.

      Thanks,
      Matt Smith

        Attachments

          Issue Links

            Activity

            Hide
            stephenconnolly Stephen Connolly added a comment - - edited

            just pre-populate the $JENKINS_HOME/plugins directory with (rename .hpi to .jpi) each plugin's .jpi files and create a .jpi.pinned file beside it.

            That way you don't need to resign the jenkins.war file after modification, because you will not be modifying it.

            Show
            stephenconnolly Stephen Connolly added a comment - - edited just pre-populate the $JENKINS_HOME/plugins directory with (rename .hpi to .jpi) each plugin's .jpi files and create a .jpi.pinned file beside it. That way you don't need to resign the jenkins.war file after modification, because you will not be modifying it.
            Hide
            stephenconnolly Stephen Connolly added a comment -

            I do not see this as an issue with any of the listed components... nothing to do with the docker plugin. nothing to do with the credentials plugin. nothing to do with the ssh-credentials plugin. This is a side effect of the code signing in core and there is a known solution

            Show
            stephenconnolly Stephen Connolly added a comment - I do not see this as an issue with any of the listed components... nothing to do with the docker plugin. nothing to do with the credentials plugin. nothing to do with the ssh-credentials plugin. This is a side effect of the code signing in core and there is a known solution
            Hide
            mtscout6 Matthew Smith added a comment -

            The problem is that the $JENKINS_HOME directory is being provided via a docker container volume, the goal here is not to rely on what that data volume may or may not provide.

            Show
            mtscout6 Matthew Smith added a comment - The problem is that the $JENKINS_HOME directory is being provided via a docker container volume, the goal here is not to rely on what that data volume may or may not provide.
            Hide
            stephenconnolly Stephen Connolly added a comment -

            Unassigning incorrectly associated plugin components. Unassigning myself from this issue

            Show
            stephenconnolly Stephen Connolly added a comment - Unassigning incorrectly associated plugin components. Unassigning myself from this issue
            Hide
            danielbeck Daniel Beck added a comment -

            The problem is that the $JENKINS_HOME directory is being provided via a docker container volume, the goal here is not to rely on what that data volume may or may not provide.

            Appears to be a duplicate of JENKINS-24986 then, which proposes an additional location that is not extracted from the war, and not in JENKINS_HOME.

            Show
            danielbeck Daniel Beck added a comment - The problem is that the $JENKINS_HOME directory is being provided via a docker container volume, the goal here is not to rely on what that data volume may or may not provide. Appears to be a duplicate of JENKINS-24986 then, which proposes an additional location that is not extracted from the war, and not in JENKINS_HOME.
            Hide
            mtscout6 Matthew Smith added a comment -

            Fair enough I'll buy that

            Show
            mtscout6 Matthew Smith added a comment - Fair enough I'll buy that
            Hide
            jglick Jesse Glick added a comment -

            Why not just delete the signatures from the WAR file, or resign with your own key? Then you will not get a checksum mismatch. The signature is not really checked by anything that I know of anyway.

            Show
            jglick Jesse Glick added a comment - Why not just delete the signatures from the WAR file, or resign with your own key? Then you will not get a checksum mismatch. The signature is not really checked by anything that I know of anyway.
            Hide
            mtscout6 Matthew Smith added a comment -

            Are these the right files to delete to "unsign" it?

            zip -d /usr/share/jenkins/jenkins.war META-INF/JENKINS.SF
            zip -d /usr/share/jenkins/jenkins.war META-INF/JENKINS.RSA

            That did not appear to work, but I may have the wrong files.

            Show
            mtscout6 Matthew Smith added a comment - Are these the right files to delete to "unsign" it? zip -d /usr/share/jenkins/jenkins.war META-INF/JENKINS.SF zip -d /usr/share/jenkins/jenkins.war META-INF/JENKINS.RSA That did not appear to work, but I may have the wrong files.
            Hide
            jglick Jesse Glick added a comment -

            Yes, those, plus the file entries (with Name and SHA-256-Digest) in META-INF/MANIFEST.MF.

            Show
            jglick Jesse Glick added a comment - Yes, those, plus the file entries (with Name and SHA-256-Digest ) in META-INF/MANIFEST.MF .
            Hide
            mtscout6 Matthew Smith added a comment -

            That did the trick. Thanks!

            Show
            mtscout6 Matthew Smith added a comment - That did the trick. Thanks!

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              mtscout6 Matthew Smith
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: