Issue
After upgrading to 2.332.1.5
and using a plugin catalog (not the Configuration as Code (CasC) one) it is not posible to install CAP plugins in an air-gapped environment.
When trying to install some of the available CAP
plugins the following execeptions can be seen:
Also then following log messages are present in your instance logs:
2022-03-29 12:16:45.724+0000 [id=61979] INFO hudson.PluginManager#install: Starting installation of a batch of 4 plugins plus their dependencies
2022-03-29 12:16:45.725+0000 [id=61979] INFO hudson.model.UpdateSite$Plugin#deploy: Adding dependent install of maven-plugin for plugin conditional-buildstep
2022-03-29 12:16:45.725+0000 [id=82096] INFO h.model.UpdateCenter$DownloadJob#run: Starting the installation of cloudbees-pipeline-policies on behalf of sperts
2022-03-29 12:16:45.725+0000 [id=61979] INFO hudson.model.UpdateSite$Plugin#deploy: Adding dependent install of javadoc for plugin maven-plugin
2022-03-29 12:16:45.726+0000 [id=61979] INFO hudson.model.UpdateSite$Plugin#deploy: Adding dependent install of run-condition for plugin conditional-buildstep
2022-03-29 12:16:45.726+0000 [id=82096] INFO h.m.UpdateCenter$UpdateCenterConfiguration#download: Downloading cloudbees-pipeline-policies
2022-03-29 12:16:45.732+0000 [id=82096] INFO hudson.model.UpdateCenter#verifyChecksums: Attempt to verify a downloaded file (cloudbees-pipeline-policies.jpi.tmp) using SHA-512 or SHA-256 failed since your configured update site does not provide either of those checksums. Falling back to SHA-1.
2022-03-29 12:16:45.733+0000 [id=82096] INFO h.model.UpdateCenter$DownloadJob#run: Starting the installation of javadoc on behalf of sperts
2022-03-29 12:16:45.733+0000 [id=82096] INFO h.m.UpdateCenter$UpdateCenterConfiguration#download: Downloading javadoc
2022-03-29 12:16:45.736+0000 [id=82096] INFO hudson.model.UpdateCenter#verifyChecksums: Attempt to verify a downloaded file (javadoc.jpi.tmp) using SHA-512 or SHA-256 failed since your configured update site does not provide either of those checksums. Falling back to SHA-1.
2022-03-29 12:16:45.736+0000 [id=82096] SEVERE h.model.UpdateCenter$DownloadJob#run: Failed to install javadoc
java.io.IOException: Downloaded file /var/jenkins_home/plugins/javadoc.jpi.tmp does not match expected SHA-1, expected '2cacmQkT9GAZtSplATykdJXjcpM=', actual '1R1r3SwZw8YOdMa+Ge7lJK58pVY='
at hudson.model.UpdateCenter.throwVerificationFailure(UpdateCenter.java:2059)
at hudson.model.UpdateCenter.verifyChecksums(UpdateCenter.java:2112)
at hudson.model.UpdateCenter$InstallationJob.replace(UpdateCenter.java:2292)
at hudson.model.UpdateCenter$UpdateCenterConfiguration.install(UpdateCenter.java:1358)
at hudson.model.UpdateCenter$DownloadJob._run(UpdateCenter.java:1896)
at hudson.model.UpdateCenter$InstallationJob._run(UpdateCenter.java:2205)
at hudson.model.UpdateCenter$DownloadJob.run(UpdateCenter.java:1867)
at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
at hudson.remoting.AtmostOneThreadExecutor$Worker.run(AtmostOneThreadExecutor.java:121)
at java.base/java.lang.Thread.run(Thread.java:829)
Environment
- CloudBees CI (CloudBees Core) 2.332.1.5
- CloudBees CI (CloudBees Core) on modern cloud platforms - Managed controller 2.332.1.5
- CloudBees CI (CloudBees Core) on modern cloud platforms - Operations Center 2.332.1.5
- CloudBees CI (CloudBees Core) on traditional platforms - Client controller 2.332.1.5
- CloudBees CI (CloudBees Core) on traditional platforms - Operations Center 2.332.1.5
- CloudBees Jenkins Platform - Client controller 2.332.1.5
- CloudBees Jenkins Platform - Operations Center 2.332.1.5
- CloudBees Jenkins Distribution 2.332.1.5
Explanation
At /WEB-INF/plugins/update-center.json
the offline update center JSON file is defined. There for each plugin a sha1
hash is specified. The issue is that it is not encoded as expected by the runtime. At runtime, the plugin file sha1
is calculated and compared against the entry in the update-center.json
. This comparison expects both values to be equal to consider the download (even if that it is using the file://
protocol) valid.
Resolution
The solution is to upgrade to 2.332.2.4 or later.
Workaround
The only available workaround is to disable the plugin catalog in the Controller and install the desired CAP
plugins. Then it is possible to enable again the plugin catalog.
0 Comments