Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-56835

conan client does not allow local root CA

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Open (View Workflow)
    • Priority: Major
    • Resolution: Unresolved
    • Component/s: artifactory-plugin
    • Labels:
      None
    • Environment:
      Jenkins 2.150.3 on master
      Artifactory Plugin 3.2.1
      Windows 10 slave with JRE version 1.8.0_201-b09, conan 1.11.2
    • Similar Issues:

      Description

      I use conan on an internal network with PKI rooted under a local private CA. For normal conan client use, this requires users to append to their ".conan/cacert.pem" file the local CA.

      When used by the Jenkins artifactory plugin, it appears that there is no way to influence the temporary per-build conan configuration to include the local CA, so any attempts to access our Artifactory host are blocked (correctly) as having an improper host certificate.

      A workaround for the CA issue is to create a system-wide or account-wide conan configuration, modify the "cacert.pem" file appropriately, and then use the following within a Jenkinsfile to force the use of a single ".conan" home folder. Unfortunately, this has implications on concurrent builds on a single host which I would like to avoid.

          // work-around Jenkins conan client not liking environment variable
          def realHome = "${env.CONAN_USER_HOME}".toString()
          withEnv(['CONAN_USER_HOME=']) {
              def conan = Artifactory.newConanClient(userHome: realHome)
              buildInfoDn = conan.run(
                  command: "install conanfile.py -s build_type=${buildtype} -o import_symstore=True".toString()
              )
          }
      

        Attachments

          Activity

          bsipos Brian Sipos created issue -
          Hide
          jgsogo Javier G. Sogo added a comment -

          Please, read the answer in this Github issue here: https://github.com/jfrog/jenkins-artifactory-plugin/pull/252#issuecomment-585871437

           

          I can recommend you to use conan config install command, it is a convenient way to share and keep track of the Conan configuration inside a company, you can store the proper cacert.pem file and run conan install as the first step in your Jenkins job.

          Show
          jgsogo Javier G. Sogo added a comment - Please, read the answer in this Github issue here:  https://github.com/jfrog/jenkins-artifactory-plugin/pull/252#issuecomment-585871437   I can recommend you to use  conan config install  command, it is a convenient way to share and keep track of the Conan configuration inside a company, you can store the proper  cacert.pem  file and run  conan install  as the first step in your Jenkins job.

            People

            Assignee:
            eyalbe Eyal Ben Moshe
            Reporter:
            bsipos Brian Sipos
            Votes:
            1 Vote for this issue
            Watchers:
            4 Start watching this issue

              Dates

              Created:
              Updated: