Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-32831

"None of the Update Sites passed the signature check" w/ Jenkins v1.647

      When search for plugin updates w/ the url:

      https://updates.jenkins-ci.org/experimental/update-center.json
      

      this error occurs:

      None of the Update Sites passed the signature check
      

          [JENKINS-32831] "None of the Update Sites passed the signature check" w/ Jenkins v1.647

          Manuel created issue -

          Daniel Beck added a comment -

          Only happens with the experimental update site, if it is accessed via HTTPS. Workarounds would be to not use one of these.

          Daniel Beck added a comment - Only happens with the experimental update site, if it is accessed via HTTPS. Workarounds would be to not use one of these.

          Daniel Beck added a comment -

          Likely introduced in https://github.com/jenkinsci/jenkins/pull/1972 for 1.647. 1.646 doesn't have this issue.

          Daniel Beck added a comment - Likely introduced in https://github.com/jenkinsci/jenkins/pull/1972 for 1.647. 1.646 doesn't have this issue.
          Daniel Beck made changes -
          Labels Original: plugin plugin-manager updateCenter New: plugin plugin-manager regression updateCenter
          valentina armenise made changes -
          Assignee New: valentina armenise [ varmenise ]
          valentina armenise made changes -
          Status Original: Open [ 1 ] New: In Progress [ 3 ]

          So, this happens cause now the updates site checks for updates on tool installers for all the updates centers configured in the system. Before this fix the tool installers updates were always checked against the default update center e.g. http://updates.jenkins-ci.org/updates/hudson.tasks.Maven.MavenInstaller.json.html?id=hudson.tasks.Maven.MavenInstaller&version=1.642.2-SNAPSHOT+%28private-02%2F08%2F2016+23%3A10+GMT-valentinaarmenise%29

          Now, tools installers are checked against the update centers actually configured. If the experimental update center is the only one configured, there are no json files available for ant, maven and jdk (the tool installers). So we return the validation error, although the experimental update center has been successfully consulted for what concerns the plugins.

          The error message is misleading, the problem is not the signature but the update json files for tool installers not being found. I could probably catch this case and avoid returning a validation error in case there are no json files for tool installers.

          valentina armenise added a comment - So, this happens cause now the updates site checks for updates on tool installers for all the updates centers configured in the system. Before this fix the tool installers updates were always checked against the default update center e.g. http://updates.jenkins-ci.org/updates/hudson.tasks.Maven.MavenInstaller.json.html?id=hudson.tasks.Maven.MavenInstaller&version=1.642.2-SNAPSHOT+%28private-02%2F08%2F2016+23%3A10+GMT-valentinaarmenise%29 Now, tools installers are checked against the update centers actually configured. If the experimental update center is the only one configured, there are no json files available for ant, maven and jdk (the tool installers). So we return the validation error, although the experimental update center has been successfully consulted for what concerns the plugins. The error message is misleading, the problem is not the signature but the update json files for tool installers not being found. I could probably catch this case and avoid returning a validation error in case there are no json files for tool installers.
          Daniel Beck made changes -
          Link New: This issue is related to JENKINS-32328 [ JENKINS-32328 ]

          I can see another issue here :
          the current implementation do check tool installers metadata using a custom JSONValidator, not relying on hudson.model.UpdateSite#verifySignature
          As a side effect, a custom UpdateSite implementation (typically, CloudBees one) will fail to validate

          Nicolas De Loof added a comment - I can see another issue here : the current implementation do check tool installers metadata using a custom JSONValidator, not relying on hudson.model.UpdateSite#verifySignature As a side effect, a custom UpdateSite implementation (typically, CloudBees one) will fail to validate
          Daniel Beck made changes -
          Labels Original: plugin plugin-manager regression updateCenter New: lts-candidate plugin plugin-manager regression updateCenter

            varmenise valentina armenise
            manuel4y Manuel
            Votes:
            0 Vote for this issue
            Watchers:
            8 Start watching this issue

              Created:
              Updated:
              Resolved: