Uploaded image for project: 'Infrastructure'
  1. Infrastructure
  2. INFRA-2250

Get a code signing certificate for Jenkins project

    Details

    • Similar Issues:

      Description

      In order to sign maven artifacts generated during core releases, the Jenkins project need a code signing certificate.
      This certificate is used by Maven Jarsigner plugin.

      First step requires some administrative work from CDF as they are now the legal entity for the Jenkins project, and once we get one we need to update and secure the azure key vault described here

      Remark: There is an open issue on CDF project

        Attachments

          Activity

          Hide
          olblak Olivier Vernin added a comment -

          I'll create a globalsign account and then integrate it in our azure environment

          Show
          olblak Olivier Vernin added a comment - I'll create a globalsign account and then integrate it in our azure environment
          Hide
          olblak Olivier Vernin added a comment -

          A digicert account was created by cdf, and I request acess as suggested here

          Show
          olblak Olivier Vernin added a comment - A digicert account was created by cdf, and I request acess as suggested here
          Hide
          jglick Jesse Glick added a comment -

          Could we just publish unsigned releases in the interim? There are other ways to verify the authenticity of a download (checksums, HTTPS). Most of Jenkins functionality lives in plugins, after all, and these are unsigned. I do not really see why the core WAR is so special.

          Show
          jglick Jesse Glick added a comment - Could we just publish unsigned releases in the interim? There are other ways to verify the authenticity of a download (checksums, HTTPS). Most of Jenkins functionality lives in plugins, after all, and these are unsigned. I do not really see why the core WAR is so special.
          Hide
          olblak Olivier Vernin added a comment -

          This discussion already happened multiple times in the past and we wanted to avoid taking this shortcut but I agree that it's hanging for a long time now so let find alternatives and move this forward

          Show
          olblak Olivier Vernin added a comment - This discussion already happened multiple times in the past and we wanted to avoid taking this shortcut but I agree that it's hanging for a long time now so let find alternatives and move this forward
          Hide
          markewaite Mark Waite added a comment -

          Certificate has been received and used in the creation of the first Jenkins weekly from the core automation project.

          Show
          markewaite Mark Waite added a comment - Certificate has been received and used in the creation of the first Jenkins weekly from the core automation project.

            People

            • Assignee:
              olblak Olivier Vernin
              Reporter:
              olblak Olivier Vernin
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: