Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Copy ascii-armored PGP signature of jenkins.war to get.jenkins.io
Fixes jenkins-infra/helpdesk#4055 Since get.jenkins.io already includes the SHA-256 checksum file for the war file and it is copied to two destinations in this script, it seems like a good place to copy the ASCII-armored PGP signatures for the war at the same time. The sha256 file shows that the file downloaded by the user is the same file that was uploaded. The asc file shows that the uploaded file was signed by the Jenkins PGP signing key. Confirmed that the 2.456 asc matches the war file with: $ wget https://pkg.jenkins.io/debian-stable/jenkins.io-2023.key $ gpg --import jenkins.io-2023.key $ wget https://get.jenkins.io/war/2.456/jenkins.war $ wget https://repo.jenkins-ci.org/artifactory/releases/org/jenkins-ci/main/jenkins-war/2.456/jenkins-war-2.456.war.asc $ mv jenkins-war-2.456.war.asc jenkins.war.asc $ gpg --verify jenkins.war.asc Confirmed that the script changes worked as expected with the following commands: MY_WORKDIR=$(mktemp -d) echo My work directory is $MY_WORKDIR AGENT_WORKDIR=${MY_WORKDIR}/agent-workdir SRCDIR=${MY_WORKDIR}/src-dir WARDIR=${MY_WORKDIR}/dest-war-dir WAR_WEBDIR=${MY_WORKDIR}/dest-war-webdir export AGENT_WORKDIR SRCDIR WARDIR WAR_WEBDIR mkdir -p ${AGENT_WORKDIR} ${SRCDIR} ${WARDIR} ${WAR_WEBDIR} ARTIFACTNAME=jenkins BASE=$(pwd) SSH_OPTS= VERSION=2.456 WAR=${SRCDIR}/jenkins.war WAR_SHASUM=${SRCDIR}/jenkins.war.sha256 export ARTIFACTNAME BASE VERSION SSH_OPTS WAR WAR_SHASUM PKGSERVER=localhost export PKGSERVER (cd $SRCDIR && wget https://get.jenkins.io/war/${VERSION}/jenkins.war) (cd $SRCDIR && wget https://get.jenkins.io/war/${VERSION}/jenkins.war.sha256) (cd $SRCDIR && wget https://repo.jenkins-ci.org/artifactory/releases/org/jenkins-ci/main/jenkins-war/${VERSION}/jenkins-war-${VERSION}.war.asc && mv jenkins-war-${VERSION}.war.asc jenkins.war.asc) echo "WARDIR contents before publish:" && ls ${WARDIR} echo bash -v war/publish/publish.sh echo "WARDIR contents after publish:" && ls ${WARDIR}/ echo "WARDIR/VERSION contents after publish:" && ls ${WARDIR}/${VERSION}/
- Loading branch information