Status: Open (View Workflow)
This feature is really problematic and requires a bunch of additional work to make it work, such as creating an Oracle account to get JDKs (lol).
Disabling this feature, and strongly encouraging the use of containers is the right path forward for new users
creating an Oracle account to get JDKs
jdk-tool should anyway be amended to use anonymous OpenJDK downloads by default. CC dnusbaum
the certificate store is locked down
In the Jenkins JVM? I thought this was only used in the evergreen-client (client.js acc. to code search)? FWIW this seems like it is guaranteed to cause all kinds of mayhem, not just for tool downloads. Surely you can find some better mechanism, such as restricting certificate customizations to the actual code contacting this server.
encourage the heavy use of Pipeline and Docker in Evergreen rather than support half-baked features like Tool Installers
Well, tools and tool installers are supported by Pipeline, and (writing as a principal author of it!) the Pipeline Docker plugin is one of the least baked features in Jenkins and IMO should not be included in Essentials^H^H^H^H^H^H^H^H^H^HEvergreen at all.
At any rate, to the subject of the issue, I certainly agree with the notion that we should discourage use of tools.
jdk-tool should anyway be amended to use anonymous OpenJDK downloads by default. CC Devin Nusbaum
Yes, I think it would make sense to update https://github.com/jenkins-infra/crawler and jdk-tool to use anonymous downloads from http://jdk.java.net/archive/ for Java 9 and newer, and once Java 8 is officially EOL'd by Oracle (currently planned for January 2019) then I think we could totally remove the code that works with Oracle's website and requires an Oracle account to downloads old versions.
This came up in relation to
JENKINS-53190since rsandell was also unable to configure a Maven tool installer:
This error is basically due to how the certificate store is locked down to prevent forgeries of evergreen.jenkins.io's trust chain. A mechanism I'm loathe to change.
I think the ideal solution is to encourage the heavy use of Pipeline and Docker in Evergreen rather than support half-baked features like Tool Installers.