Permalink
Browse files

[JENKINS-34745] - Prevent CheckUpdates PeriodicWork death if update s…

…ite cert is missing (#2333)

* [JENKINS-34745] - Prevent CheckUpdates PeriodicWork death in the case of the missing update site signature

* [JENKINS-34745] - Fix typo in the validator

* [JENKINS-34745] - Fix the formatting of the validation message (cc @lanwen)

(cherry picked from commit 1e6afba)
  • Loading branch information...
oleg-nenashev authored and olivergondza committed May 14, 2016
1 parent 02725ad commit c6131436f4a022cae8772508873181e1d148a91b
@@ -978,20 +978,24 @@ public HttpResponse doUploadPlugin(StaplerRequest req) throws IOException, Servl
@Restricted(NoExternalUse.class)
@RequirePOST public HttpResponse doCheckUpdatesServer() throws IOException {
Jenkins.getInstance().checkPermission(Jenkins.ADMINISTER);
for (UpdateSite site : Jenkins.getInstance().getUpdateCenter().getSites()) {
FormValidation v = site.updateDirectlyNow(DownloadService.signatureCheck);
if (v.kind != FormValidation.Kind.OK) {
// TODO crude but enough for now
return v;
try {
for (UpdateSite site : Jenkins.getInstance().getUpdateCenter().getSites()) {
FormValidation v = site.updateDirectlyNow(DownloadService.signatureCheck);
if (v.kind != FormValidation.Kind.OK) {
// TODO crude but enough for now
return v;
}
}
}
for (DownloadService.Downloadable d : DownloadService.Downloadable.all()) {
FormValidation v = d.updateNow();
if (v.kind != FormValidation.Kind.OK) {
return v;
for (DownloadService.Downloadable d : DownloadService.Downloadable.all()) {
FormValidation v = d.updateNow();
if (v.kind != FormValidation.Kind.OK) {
return v;
}
}
return HttpResponses.forwardToPreviousPage();
} catch(RuntimeException ex) {
throw new IOException("Unhandled exception during updates server check", ex);
}
return HttpResponses.forwardToPreviousPage();
}
protected String identifyPluginShortName(File t) {
@@ -82,7 +82,11 @@ public FormValidation verifySignature(JSONObject o) throws IOException {
// this is for computing a signature
Signature sig = Signature.getInstance("SHA1withRSA");
sig.initVerify(certs.get(0));
if (certs.isEmpty()) {
return FormValidation.error("No certificate found in %s. Cannot verify the signature", name);
} else {
sig.initVerify(certs.get(0));
}
SignatureOutputStream sos = new SignatureOutputStream(sig);
// until JENKINS-11110 fix, UC used to serve invalid digest (and therefore unverifiable signature)

0 comments on commit c613143

Please sign in to comment.