Git Product home page Git Product logo

digicert-software-trust-code-sign-plugin's Introduction

Code signing with Software Trust Manager

Code Signing with Software Trust Manager Jenkins plugin is a keypair-based signing workflow that improves software security and integrates with DevOps processes to sign binaries on Windows and Linux.

This action accelerates the installation and configuration of clients and various signing tools to help developers become signing-ready for Jenkins plugin workflows.

Software Trust Manager

DigiCert® Software Trust Manager provides a solution to manage and automate your code signing workflows securely.

Software Trust Manager:

  • Requires multi-factor authentication (MFA) for code signing.
  • Prevents unauthorized access or misuse of keys and certificates.
  • Enforces consistency and compliance of security policies.
  • Guards against insertion of malware during software releases.
  • Expedites remediation by giving you an audit history of all actions taken within your account.

You can use Software Trust Manager to securely:

  • Generate and manage your credentials.
  • Create, edit, import, export, or delete keypairs.
  • Generate certificates using a keypair in your account.
  • View your audit and signature logs.
  • Create releases.
  • Sign code.

DigiCert ONE account

Software Trust Manager is part of the DigiCert ONE platform, which also includes DigiCert® Trust Lifecycle Manager, DigiCert® Document Trust Manager, and DigiCert® IoT Trust Manager, enabling organizations to manage their diverse PKI workflows from a single pane of glass.

You require a DigiCert ONE account to access Software Trust Manager. If you do not currently have a DigiCert ONE account, you can request a 30-day free trial account from DigiCert Sales.

Use cases

This is a list of popular use cases supported by this plugin. This is not a comprehensive list.

  • KSP signing
  • PKCS11 signing

Signing tools

This is a list of popular signing tools supported by Software Trust Manager. This is not a comprehensive list.

  • SignTool
  • NuGet
  • jarsigner
  • jSign

Documentation

For comprehensive documentation, refer to: Jenkins plugin for keypair signing

Feedback and issues

Contact DigiCert

Learn more

To learn more about centralizing and automating your code signing workflows with Software Trust Manager, reach out to Sales/Enquiry or visit: http://www.digicert.com/signing/software-trust-manager.

digicert-software-trust-code-sign-plugin's People

Contributors

raeesa-digicert avatar

Watchers

avatar avatar avatar

Forkers

jenkinsci

digicert-software-trust-code-sign-plugin's Issues

java.lang.IllegalStateException: Jenkins.instance is missing

I have Jenkins 2.426.1 installed locally with the Code Signing with Software Trust Manager 13.v147276d96cb_1 plugin installed. Running on a local Jenkins node, invoking SoftwareTrustManagerSetup() succeeds as expected. I'm also using fake inputs for the credentials aside from SM_HOST, which uses the demo gateway.

14:38:21  Running on [Jenkins](http://<REDACTED>/computer/(built-in)/) in /var/lib/jenkins/workspace/Scratch/test-keylocker-plugin
14:38:21  [Pipeline] {
14:38:22  [Pipeline] stage
14:38:22  [Pipeline] { (Setup KeyLocker)
14:38:22  [Pipeline] SoftwareTrustManagerSetup
14:38:22  
14:38:22  Agent type: Linux
14:38:22  
14:38:22  Istalling SMCTL from: https://demo.one.digicert.com/signingmanager/api-ui/v1/releases/noauth/smtools-linux-x64.tar.gz/download 
14:38:22  
14:38:22    % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
14:38:22                                   Dload  Upload   Total   Spent    Left  Speed
14:38:22  
14:38:22    0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
14:38:23    0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
14:38:24   35 68.0M   35 24.1M    0     0  20.3M      0  0:00:03  0:00:01  0:00:02 20.3M
14:38:24   78 68.0M   78 53.7M    0     0  24.5M      0  0:00:02  0:00:02 --:--:-- 24.5M
14:38:24  100 68.0M  100 68.0M    0     0  25.2M      0  0:00:02  0:00:02 --:--:-- 25.2M
14:38:25  
14:38:25  SMCTL Istallation Complete
14:38:25  
14:38:25  
14:38:25  Creating PKCS11 Config File

However when attempting a build using a Docker based node (from a Docker Cloud configuration on the instance), I run into the Jenkins.instance issue.

14:49:57  Also:   hudson.remoting.Channel$CallSiteStackTrace: Remote call to ubuntu2204-jenkins-agent
14:49:57  		at hudson.remoting.Channel.attachCallSiteStackTrace(Channel.java:1784)
14:49:57  		at hudson.remoting.UserRequest$ExceptionResponse.retrieve(UserRequest.java:356)
14:49:57  		at hudson.remoting.Channel$2.adapt(Channel.java:1034)
14:49:57  		at hudson.remoting.Channel$2.adapt(Channel.java:1030)
14:49:57  		at hudson.remoting.FutureAdapter.get(FutureAdapter.java:61)
14:49:57  		at io.jenkins.plugins.digicert.Pipeline$ExecutionImpl.run(Pipeline.java:59)
14:49:57  		at io.jenkins.plugins.digicert.Pipeline$ExecutionImpl.run(Pipeline.java:40)
14:49:57  		at org.jenkinsci.plugins.workflow.steps.SynchronousNonBlockingStepExecution.lambda$start$0(SynchronousNonBlockingStepExecution.java:47)
14:49:57  		at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)
14:49:57  java.lang.IllegalStateException: Jenkins.instance is missing. Read the documentation of Jenkins.getInstanceOrNull to see what you are doing wrong.
14:49:57  	at jenkins.model.Jenkins.get(Jenkins.java:816)
14:49:57  	at io.jenkins.plugins.digicert.AgentInfo.getCredential(AgentInfo.java:45)
14:49:57  	at io.jenkins.plugins.digicert.AgentInfo.getValue(AgentInfo.java:51)
14:49:57  	at io.jenkins.plugins.digicert.AgentInfo.call(AgentInfo.java:64)
14:49:57  	at io.jenkins.plugins.digicert.AgentInfo.call(AgentInfo.java:25)
14:49:57  	at hudson.remoting.UserRequest.perform(UserRequest.java:211)
14:49:57  	at hudson.remoting.UserRequest.perform(UserRequest.java:54)
14:49:57  	at hudson.remoting.Request$2.run(Request.java:377)
14:49:57  	at hudson.remoting.InterceptingExecutorService.lambda$wrap$0(InterceptingExecutorService.java:78)
14:49:57  Also:   org.jenkinsci.plugins.workflow.actions.ErrorAction$ErrorId: 92908a8f-de24-4edc-8bcd-6dd0bce76d4f
14:49:57  Caused: java.util.concurrent.ExecutionException
14:49:57  	at hudson.remoting.Channel$2.adapt(Channel.java:1036)
14:49:57  	at hudson.remoting.Channel$2.adapt(Channel.java:1030)
14:49:57  	at hudson.remoting.FutureAdapter.get(FutureAdapter.java:61)
14:49:57  	at io.jenkins.plugins.digicert.Pipeline$ExecutionImpl.run(Pipeline.java:59)
14:49:57  	at io.jenkins.plugins.digicert.Pipeline$ExecutionImpl.run(Pipeline.java:40)
14:49:57  	at org.jenkinsci.plugins.workflow.steps.SynchronousNonBlockingStepExecution.lambda$start$0(SynchronousNonBlockingStepExecution.java:47)
14:49:57  	at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)
14:49:57  	at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
14:49:57  	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
14:49:57  	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
14:49:57  	at java.base/java.lang.Thread.run(Thread.java:829)
14:49:58  Finished: FAILURE

There seems to be an issue with remoting here. Is the expectation here that the setup needs to be executed on a local Jenkins node?

This is also evident in Jenkins 2.414.3.

IllegalStateException or MissingContextVariableException on use with Jenkins scripted pipeline

We have a Jenkins 2.414.2 setup with the master running on Linux that can spawn agents on Linux or Windows on the fly. I want to use the Digicert Jenkins Code signing with Software Trust Manager Version: 13.v147276d96cb_1 to jarsign on Linux and sign .exes on Windows.

To do so I installed the plugin on our Jenkins and followed your guide. The guide mentions we should call SoftwareTrustManagerSetup() in the Jenkinsfile. I've tried doing so on both a Linux and Windows agent, but those give me the IllegalStateException shown below. Doing so straight on the master node gives me the MissingContextVariableException.

java.lang.IllegalStateException: Jenkins.instance is missing. Read the documentation of Jenkins.getInstanceOrNull to see what you are doing wrong.
    at jenkins.model.Jenkins.get(Jenkins.java:816)
    at io.jenkins.plugins.digicert.AgentInfo.getCredential(AgentInfo.java:45)
    at io.jenkins.plugins.digicert.AgentInfo.getValue(AgentInfo.java:51)
    at io.jenkins.plugins.digicert.AgentInfo.call(AgentInfo.java:64)
    at io.jenkins.plugins.digicert.AgentInfo.call(AgentInfo.java:25)
    at hudson.remoting.UserRequest.perform(UserRequest.java:211)
    at hudson.remoting.UserRequest.perform(UserRequest.java:54)
    at hudson.remoting.Request$2.run(Request.java:377)
    at hudson.remoting.InterceptingExecutorService.lambda$wrap$0(InterceptingExecutorService.java:78)
    at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
    at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
    at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
    at java.base/java.lang.Thread.run(Thread.java:840)

org.jenkinsci.plugins.workflow.steps.MissingContextVariableException: Required context class hudson.FilePath is missing
Perhaps you forgot to surround the code with a step that provides this, such as: node
    at org.jenkinsci.plugins.credentialsbinding.impl.BindingStep$Execution2.doStart(BindingStep.java:130)
    at org.jenkinsci.plugins.workflow.steps.GeneralNonBlockingStepExecution.lambda$run$0(GeneralNonBlockingStepExecution.java:77)
    at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)
    at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
    at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
    at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
    at java.base/java.lang.Thread.run(Thread.java:829)

The documentation for Jenkins.getInstanceOrNull and Jenkins.get does indeed mention that this only works on the master node. If this plugin really needs to run on the master node, on a Windows machine, to sign .exes, it is a no-go for us.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.