Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[JENKINS-37567] - Add option to specify certchain, enforce certificate checks #190

Merged

Conversation

@oleg-nenashev
Copy link
Member

commented Aug 18, 2017

It should finalize JENKINS-37567.

I have checked the default options, the change does not impact the local dev build and @kohsuke 's release flow. I am quite aware about the jarsigner -tsa step in the release profile, but it seems to be harmless on my local machine.

@reviewbybees @olamy @kohsuke

<processAttachedArtifacts>false</processAttachedArtifacts>
<certs>true</certs>
<errorWhenNotSigned>true</errorWhenNotSigned>
<arguments>-strict</arguments> <!--otherwise certificate chains will be ignored-->

This comment has been minimized.

Copy link
@oleg-nenashev

oleg-nenashev Aug 18, 2017

Author Member

@olamy Likely I should create a MJARSIGNER issue for adding this parameter. I would argue it should be enabled by default in Java's jarsigner or in at least Maven JarSigner Plugin, but it would be a potentially breaking change

@reviewbybees

This comment has been minimized.

Copy link

commented Aug 18, 2017

This pull request originates from a CloudBees employee. At CloudBees, we require that all pull requests be reviewed by other CloudBees employees before we seek to have the change accepted. If you want to learn more about our process please see this explanation.

@alexanderrtaylor
Copy link

left a comment

LGTM
🐝

@oleg-nenashev

This comment has been minimized.

Copy link
Member Author

commented Aug 18, 2017

@oleg-nenashev

This comment has been minimized.

Copy link
Member Author

commented Aug 18, 2017

Merging in order to proceed with the release

@oleg-nenashev oleg-nenashev merged commit ca48837 into jenkinsci:master Aug 18, 2017

0 of 3 checks passed

Jenkins Looks like there's a problem with this pull request
Details
continuous-integration/jenkins/branch This commit cannot be built
Details
continuous-integration/jenkins/pr-head This commit cannot be built
Details
@aheritier
Copy link
Member

left a comment

LGTM 🐝 Sorry for the delay @oleg-nenashev

@oleg-nenashev oleg-nenashev referenced this pull request Oct 5, 2017
2 of 2 tasks complete
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
4 participants
You can’t perform that action at this time.