Request using the certificate file of the official Jenkins Update Center
Locked
 
|
Hi team, As we know, there're many mirrors of Jenkins update-center. But if you just look into the update-center.json file. You will find out that all the URLs of the real plugin file are the same. I try to modify the URL plugins into a mirror one. But it's unavailable due to security reasons. Jenkins will do the validation with update-center.json file. In order to fix this, I just make my own certificate file. Before using it, you need to download the certificate file into your Jenkins. It's still very inconvenient for many users. So, I was wondering if I can get permission of accessing the official certificate file. People just don't need to do anything besides changing the URL of the update center. I know this file should not share with someone who is not a member of the Jenkins infra team. Because it's very important for all Jenkins users. An alternative solution is that we store the certificate file in a safe place. For example, store it in the GitHub secret. In case anyone wants to know more about the details. You can see this project https://github.com/jenkins-zh/update-center-mirror Best regards Zhao Xiaojie (Rick) You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CAMM7nTFvMJ6ARbNiyB44hY7YQ7rsLMhf_g1yktpJWCbiwFMz9g%40mail.gmail.com. |
Re: Request using the certificate file of the official Jenkins Update Center
|
|
> On 17. Nov 2020, at 14:48, Rick <[hidden email]> wrote: > > I try to modify the URL plugins into a mirror one. But it's unavailable due > to security reasons. Jenkins will do the validation with update-center.json > file. In order to fix this, I just make my own certificate file. Before > using it, you need to download the certificate file into your Jenkins. It's > still very inconvenient for many users. > > So, I was wondering if I can get permission of accessing the official > certificate file. People just don't need to do anything besides changing > the URL of the update center. I know this file should not share with > someone who is not a member of the Jenkins infra team. Because it's very > important for all Jenkins users. An alternative solution is that we store > the certificate file in a safe place. For example, store it in the GitHub > secret. If the only change is download URLs that point to a site in China, we can look into generating appropriately modified files in the regular update center which you can then pull without modification. -- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/D60E8D5F-A3E0-4FB1-A815-F0A28B7FEA37%40beckweb.net. |
Re: Request using the certificate file of the official Jenkins Update Center
|
|
Yes, we just need to change the URL of plugins. You mean generate two or more versions of update-cener.json files? For example, update-center.json and update-center-zh.json ? Am I right?
On 11/17/2020 21:57,[hidden email] wrote:
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/44f497ab.6a8f.175d683041f.Coremail.zxjlwt%40126.com. |
Re: Request using the certificate file of the official Jenkins Update Center
|
|
Why don’t the regular files work? Users should be directed to a Chinese mirror already, is it the distance to get the redirect? On Tue, 17 Nov 2020 at 14:02, Rick <[hidden email]> wrote:
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CAH-3BieGO-irB1C7U0ct4eZ%2BXabp1Jy4Mfsu0Wy8JUPjLKznOA%40mail.gmail.com. |
Re: Request using the certificate file of the official Jenkins Update Center
|
|
Because all plugins URL point to https://updates.jenkins.io/download/plugins/xxx instead of the mirror. On 11/17/2020 22:40,[hidden email] wrote:
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/3b80874e.6b81.175d6aa52e8.Coremail.zxjlwt%40126.com. |
|
|
> Because all plugins URL point to https://updates.jenkins.io/download/plugins/xxx instead of the mirror. And then you are redirected to mirrors HTTP/1.1 302 Found Date: Tue, 17 Nov 2020 14:50:34 GMT Server: Mirrorbits/v0.5.1 Cache-Control: private, no-cache Content-Type: text/html; charset=utf-8 Link: <https://mirror.gruenehoelle.nl/jenkins/plugins/plugin-util-api/1.4.0/plugin-util-api.hpi>; rel=duplicate; pri=1; geo=nl Link: <https://ftp-nyc.osuosl.org/pub/jenkins/plugins/plugin-util-api/1.4.0/plugin-util-api.hpi>; rel=duplicate; pri=2; geo=us Link: <https://mirror.serverion.com/jenkins/plugins/plugin-util-api/1.4.0/plugin-util-api.hpi>; rel=duplicate; pri=3; geo=us Link: <https://ftp-chi.osuosl.org/pub/jenkins/plugins/plugin-util-api/1.4.0/plugin-util-api.hpi>; rel=duplicate; pri=4; geo=us Link: <https://mirror.xmission.com/jenkins/plugins/plugin-util-api/1.4.0/plugin-util-api.hpi>; rel=duplicate; pri=5; geo=us Link: <https://mirrors.tuna.tsinghua.edu.cn/jenkins/plugins/plugin-util-api/1.4.0/plugin-util-api.hpi>; rel=duplicate; pri=6; geo=cn Link: <https://ftp.yz.yamagata-u.ac.jp/pub/misc/jenkins/plugins/plugin-util-api/1.4.0/plugin-util-api.hpi>; rel=duplicate; pri=7; geo=jp Location: https://ftp.halifax.rwth-aachen.de/jenkins/plugins/plugin-util-api/1.4.0/plugin-util-api.hpi Via: 1.1 get.jenkins.io HTTP/2 200 server: nginx/1.14.2 date: Tue, 17 Nov 2020 14:50:35 GMT content-type: application/octet-stream content-length: 613574 last-modified: Fri, 16 Oct 2020 07:26:25 GMT accept-ranges: bytes On Tue, Nov 17, 2020, at 3:44 PM, Rick wrote:
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/300b9abe-c22b-4a65-af7d-7676ab50c514%40www.fastmail.com. |
Re: Request using the certificate file of the official Jenkins Update Center
|
|
Yes, I can get the right location via curl -I -Lhttps://get.jenkins.io/plugins/plugin-util-api/1.4.0/plugin-util-api.hpi But I’m not sure why it’s still super slow sometimes. Perhaps it’s slow when we try to resolve this domain get.jenkins.io On 11/17/2020 22:52,[hidden email] wrote:
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/5555c3f8.6bd0.175d6b6bfbb.Coremail.zxjlwt%40126.com. |
Re: Request using the certificate file of the official Jenkins Update Center
|
|
Could you do some timing / benchmarking so we can see where the issue is? On Tue, 17 Nov 2020 at 14:59, Rick <[hidden email]> wrote:
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CAH-3BicZwnW29Hb_R7e4N31cyiqtvd2%3DXM_a3u5EDsOghEe%2BWQ%40mail.gmail.com. |
Re: Request using the certificate file of the official Jenkins Update Center
|
|
In reply to this post by Xiaojie Zhao
> On 17. Nov 2020, at 15:01, Rick <[hidden email]> wrote: > > > You mean generate two or more versions of update-cener.json files? For example, update-center.json and update-center-zh.json ? Am I right? Basically this, yes. Re mirrors, did you test using the regular update site recently, and still encounter performance issues? I think we used a pretty badly outdated Geo IP DB until a few months ago, so if you haven't checked in a while, it makes sense to retry using the regular URLs to see how well this works now. -- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/C975C702-599F-4504-B833-942BE2A3B177%40beckweb.net. |
|
|
I am wondering what it would take to directly use get.jenkins.io instead of update-center.
update-center.json is available from the mirror as well as you can see here -> https://get.jenkins.io/updates/current/update-center.json?mirrorlist The challenge is because the json is potentially generated every 3 minutes, it's hard for mirrors to stay up to date but we still control some of them. If no mirrors have the file with the correct checksum, then it fallback to a hardcode mirror that we configured. We could also ask mirrors maintainers to sync "/updates" every three minutes, it doesn't represent a lot of files. Also, we must ensure that mirrorbits scan files from /updates every few minutes to generate file hashes. On Tue, Nov 17, 2020, at 7:03 PM, Daniel Beck wrote: > > > > On 17. Nov 2020, at 15:01, Rick <[hidden email]> wrote: > > > > > > You mean generate two or more versions of update-cener.json files? For example, update-center.json and update-center-zh.json ? Am I right? > > Basically this, yes. > > Re mirrors, did you test using the regular update site recently, and > still encounter performance issues? I think we used a pretty badly > outdated Geo IP DB until a few months ago, so if you haven't checked in > a while, it makes sense to retry using the regular URLs to see how well > this works now. > > -- > You received this message because you are subscribed to the Google > Groups "Jenkins Developers" group. > To unsubscribe from this group and stop receiving emails from it, send > an email to [hidden email]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/jenkinsci-dev/C975C702-599F-4504-B833-942BE2A3B177%40beckweb.net. > -- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/ca31583c-7c7a-4ec3-a9f0-8752a5ccfd03%40www.fastmail.com. |
Re: Request using the certificate file of the official Jenkins Update Center
|
|
Using https://get.jenkins.io/updates/current/update-center.json?mirrorlist will easier for the global users. But I got some errors below
There were errors checking the update sites: None of the tool installer metadata passed the signature check On Wednesday, November 18, 2020 at 4:34:53 PM UTC+8 Olblak wrote: I am wondering what it would take to directly use get.jenkins.io instead of update-center. You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/bd3c568d-8fd4-4024-b7b7-2203083a5248n%40googlegroups.com. |
«
Return to Jenkins dev
|
1 view|%1 views
| Free forum by Nabble | Edit this page |