Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-32831

"None of the Update Sites passed the signature check" w/ Jenkins v1.647

      When search for plugin updates w/ the url:

      https://updates.jenkins-ci.org/experimental/update-center.json
      

      this error occurs:

      None of the Update Sites passed the signature check
      

          [JENKINS-32831] "None of the Update Sites passed the signature check" w/ Jenkins v1.647

          Daniel Beck added a comment -

          Only happens with the experimental update site, if it is accessed via HTTPS. Workarounds would be to not use one of these.

          Daniel Beck added a comment - Only happens with the experimental update site, if it is accessed via HTTPS. Workarounds would be to not use one of these.

          Daniel Beck added a comment -

          Likely introduced in https://github.com/jenkinsci/jenkins/pull/1972 for 1.647. 1.646 doesn't have this issue.

          Daniel Beck added a comment - Likely introduced in https://github.com/jenkinsci/jenkins/pull/1972 for 1.647. 1.646 doesn't have this issue.

          So, this happens cause now the updates site checks for updates on tool installers for all the updates centers configured in the system. Before this fix the tool installers updates were always checked against the default update center e.g. http://updates.jenkins-ci.org/updates/hudson.tasks.Maven.MavenInstaller.json.html?id=hudson.tasks.Maven.MavenInstaller&version=1.642.2-SNAPSHOT+%28private-02%2F08%2F2016+23%3A10+GMT-valentinaarmenise%29

          Now, tools installers are checked against the update centers actually configured. If the experimental update center is the only one configured, there are no json files available for ant, maven and jdk (the tool installers). So we return the validation error, although the experimental update center has been successfully consulted for what concerns the plugins.

          The error message is misleading, the problem is not the signature but the update json files for tool installers not being found. I could probably catch this case and avoid returning a validation error in case there are no json files for tool installers.

          valentina armenise added a comment - So, this happens cause now the updates site checks for updates on tool installers for all the updates centers configured in the system. Before this fix the tool installers updates were always checked against the default update center e.g. http://updates.jenkins-ci.org/updates/hudson.tasks.Maven.MavenInstaller.json.html?id=hudson.tasks.Maven.MavenInstaller&version=1.642.2-SNAPSHOT+%28private-02%2F08%2F2016+23%3A10+GMT-valentinaarmenise%29 Now, tools installers are checked against the update centers actually configured. If the experimental update center is the only one configured, there are no json files available for ant, maven and jdk (the tool installers). So we return the validation error, although the experimental update center has been successfully consulted for what concerns the plugins. The error message is misleading, the problem is not the signature but the update json files for tool installers not being found. I could probably catch this case and avoid returning a validation error in case there are no json files for tool installers.

          I can see another issue here :
          the current implementation do check tool installers metadata using a custom JSONValidator, not relying on hudson.model.UpdateSite#verifySignature
          As a side effect, a custom UpdateSite implementation (typically, CloudBees one) will fail to validate

          Nicolas De Loof added a comment - I can see another issue here : the current implementation do check tool installers metadata using a custom JSONValidator, not relying on hudson.model.UpdateSite#verifySignature As a side effect, a custom UpdateSite implementation (typically, CloudBees one) will fail to validate

          Code changed in jenkins
          User: Valentina Armenise
          Path:
          core/src/main/java/hudson/model/DownloadService.java
          http://jenkins-ci.org/commit/jenkins/d2b1f15fc56f382f1d578c9317fca917ddabac92
          Log:
          JENKINS-32831 if metadata for tool installer does not exist should not fail

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Valentina Armenise Path: core/src/main/java/hudson/model/DownloadService.java http://jenkins-ci.org/commit/jenkins/d2b1f15fc56f382f1d578c9317fca917ddabac92 Log: JENKINS-32831 if metadata for tool installer does not exist should not fail

          Code changed in jenkins
          User: Daniel Beck
          Path:
          core/src/main/java/hudson/model/DownloadService.java
          core/src/main/java/hudson/tools/DownloadFromUrlInstaller.java
          http://jenkins-ci.org/commit/jenkins/d8241ff7803ca134fa39fb88bb990fc6a0abef93
          Log:
          Merge pull request #2050 from varmenise/JENKINS-32831

          [FIXED JENKINS-32831] do not fail if there are no metadata for tool installers

          Compare: https://github.com/jenkinsci/jenkins/compare/37111bf12e50...d8241ff7803c

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Daniel Beck Path: core/src/main/java/hudson/model/DownloadService.java core/src/main/java/hudson/tools/DownloadFromUrlInstaller.java http://jenkins-ci.org/commit/jenkins/d8241ff7803ca134fa39fb88bb990fc6a0abef93 Log: Merge pull request #2050 from varmenise/ JENKINS-32831 [FIXED JENKINS-32831] do not fail if there are no metadata for tool installers Compare: https://github.com/jenkinsci/jenkins/compare/37111bf12e50...d8241ff7803c

          dogfood added a comment -

          Integrated in jenkins_main_trunk #4512
          JENKINS-32831 if metadata for tool installer does not exist should not (Revision d2b1f15fc56f382f1d578c9317fca917ddabac92)

          Result = UNSTABLE
          valentina.armenise : d2b1f15fc56f382f1d578c9317fca917ddabac92
          Files :

          • core/src/main/java/hudson/model/DownloadService.java

          dogfood added a comment - Integrated in jenkins_main_trunk #4512 JENKINS-32831 if metadata for tool installer does not exist should not (Revision d2b1f15fc56f382f1d578c9317fca917ddabac92) Result = UNSTABLE valentina.armenise : d2b1f15fc56f382f1d578c9317fca917ddabac92 Files : core/src/main/java/hudson/model/DownloadService.java

          Code changed in jenkins
          User: Valentina Armenise
          Path:
          core/src/main/java/hudson/model/DownloadService.java
          http://jenkins-ci.org/commit/jenkins/951729c585fa63a85f43849b45ad2c6b3bce505c
          Log:
          JENKINS-32831 if metadata for tool installer does not exist should not fail

          (cherry picked from commit d2b1f15fc56f382f1d578c9317fca917ddabac92)

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Valentina Armenise Path: core/src/main/java/hudson/model/DownloadService.java http://jenkins-ci.org/commit/jenkins/951729c585fa63a85f43849b45ad2c6b3bce505c Log: JENKINS-32831 if metadata for tool installer does not exist should not fail (cherry picked from commit d2b1f15fc56f382f1d578c9317fca917ddabac92)

          Looks like that issue came back. I now get this every time when I try to check for updates with the experimental url. It did work until about 8 hours ago but then stopped working until now.

          Roman Bäriswyl added a comment - Looks like that issue came back. I now get this every time when I try to check for updates with the experimental url. It did work until about 8 hours ago but then stopped working until now.

          Daniel Beck added a comment -

          Entirely different reason: See INFRA-1051 which tracks the current issue.

          Daniel Beck added a comment - Entirely different reason: See INFRA-1051 which tracks the current issue.

            varmenise valentina armenise
            manuel4y Manuel
            Votes:
            0 Vote for this issue
            Watchers:
            8 Start watching this issue

              Created:
              Updated:
              Resolved: