packaging icon indicating copy to clipboard operation
packaging copied to clipboard

Published 20 hours ago verified publisher icon jenkinsci

Copy PGP signature to get.jenkins.io

Open MarkEWaite opened this issue 2 months ago • 4 comments

Copy PGP signature of war file to get.jenkins.io

Fixes https://github.com/jenkins-infra/helpdesk/issues/4055

Since get.jenkins.io already includes the SHA-256 checksum file for the war file and it is copied to two destinations in this script, it seems like a good place to copy the ASCII-armored PGP signatures for the war at the same time.

The sha256 file shows that the file downloaded by the user is the same file that was uploaded.

The asc file shows that the uploaded file was signed by the Jenkins PGP signing key.

Testing done

Confirmed that the 2.456 asc matches the war file with:

$ wget https://pkg.jenkins.io/debian-stable/jenkins.io-2023.key
$ gpg --import jenkins.io-2023.key
$ wget https://get.jenkins.io/war/2.456/jenkins.war
$ wget https://repo.jenkins-ci.org/artifactory/releases/org/jenkins-ci/main/jenkins-war/2.456/jenkins-war-2.456.war.asc
$ mv jenkins-war-2.456.war.asc jenkins.war.asc
$ gpg --verify jenkins.war.asc

Confirmed that the script changes worked as expected with the following commands:

MY_WORKDIR=$(mktemp -d)
echo My work directory is $MY_WORKDIR

AGENT_WORKDIR=${MY_WORKDIR}/agent-workdir
SRCDIR=${MY_WORKDIR}/src-dir
WARDIR=${MY_WORKDIR}/dest-war-dir
WAR_WEBDIR=${MY_WORKDIR}/dest-war-webdir
export AGENT_WORKDIR SRCDIR WARDIR WAR_WEBDIR
mkdir -p ${AGENT_WORKDIR} ${SRCDIR} ${WARDIR} ${WAR_WEBDIR}

ARTIFACTNAME=jenkins
BASE=$(pwd)
SSH_OPTS=
VERSION=2.456
WAR=${SRCDIR}/jenkins.war
WAR_SHASUM=${SRCDIR}/jenkins.war.sha256
export ARTIFACTNAME BASE VERSION SSH_OPTS WAR WAR_SHASUM

PKGSERVER=localhost
export PKGSERVER

(cd $SRCDIR && wget https://get.jenkins.io/war/${VERSION}/jenkins.war)
(cd $SRCDIR && wget https://get.jenkins.io/war/${VERSION}/jenkins.war.sha256)
(cd $SRCDIR && wget https://repo.jenkins-ci.org/artifactory/releases/org/jenkins-ci/main/jenkins-war/${VERSION}/jenkins-war-${VERSION}.war.asc && mv jenkins-war-${VERSION}.war.asc jenkins.war.asc)

echo "WARDIR contents before publish:" && ls ${WARDIR}
echo
bash -v war/publish/publish.sh
echo "WARDIR contents after publish:" && ls ${WARDIR}/
echo "WARDIR/VERSION contents after publish:" && ls ${WARDIR}/${VERSION}/

### Submitter checklist
- [x] Make sure you are opening from a **topic/feature/bugfix branch** (right side) and not your main branch!
- [x] Ensure that the pull request title represents the desired changelog entry
- [x] Please describe what you did
- [x] Link to relevant issues in GitHub or Jira
- [x] Link to relevant pull requests, esp. upstream and downstream changes

MarkEWaite avatar Apr 30 '24 21:04 MarkEWaite