Recent searches
Search options
I am this close 
to writing an update-center.json generator so I can host Jenkins plugins without running their server.
And, quit. I can update the json file, but there are a bunch of other assumptions built-in that make it difficult. Plus, my boss said that we already know how to load a bunch of plugins and so it’s just easier to grab them all from storage, dump them in the Jenkins plugin for and then tell people downstream that they’re not supposed to touch them.
Also, why does thing have an intrusive RSA signature with a distinct root of trust? Maybe this made sense when the project didn’t host the plugins over https, but it’s pointless now. Also, the update-center.json file has to be named that and Jenkins core assumes the presence of files in a metadata for next to that despite the whole file being metadata about plugins and specifying whole URLs for everything…
Looking at the Java code reminded me that Java considers absolutely everything an Object and it just felt silly to have a Signature and Signer object. Oh, and the padding on the signature is some form that the Python cryptography module says should only be used for legacy protocols (which fits with earlier criticisms of the whole signatures thing anyway).