[JIRA] (JENKINS-50298) Use p4trust file if credential's Trust fingerprint is blank

1 view
Skip to first unread message

jbrown@perforce.com (JIRA)

unread,
Mar 20, 2018, 1:23:02 PM3/20/18
to jenkinsc...@googlegroups.com
Joel Brown created an issue
 
Jenkins / Improvement JENKINS-50298
Use p4trust file if credential's Trust fingerprint is blank
Issue Type: Improvement Improvement
Assignee: Unassigned
Components: p4-plugin
Created: 2018-03-20 17:22
Priority: Minor Minor
Reporter: Joel Brown

If the credential's Trust field is blank, use the fingerprint from the p4trust file.

This means any node using this credential must have a P4TRUST file that already trusts the server.
Add Comment Add Comment
 
This message was sent by Atlassian JIRA (v7.3.0#73011-sha1:3c73d0e)
Atlassian logo

igor.milos@cfm.fr (JIRA)

unread,
Nov 9, 2018, 11:49:02 AM11/9/18
to jenkinsc...@googlegroups.com
Igor Milos updated an issue
Change By: Igor Milos
Priority: Minor Major
This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d)

igor.milos@cfm.fr (JIRA)

unread,
Nov 9, 2018, 11:49:03 AM11/9/18
to jenkinsc...@googlegroups.com
Igor Milos commented on Improvement JENKINS-50298
 
Re: Use p4trust file if credential's Trust fingerprint is blank

We deploy a p4 trust file on all our servers, including Jenkins slaves, and we export the variable P4TRUST to point to it.

We would like p4-plugin in Jenkins to use this set up (the P4TRUST and the file) when we try to configure an SSL connection.

However, this doesn't work - we get a fingerprint error. The only way to make p4-plugin establish an SSL connection, which is not really usable at scale, is to unset the P4TRUST variable and enter the fingerprint manually in the configuration. Obviously, this approach is does not scale (we have 100s of connections to configure) and creates an unacceptable exception in our deployment process.

We are therefore at this stage unable to use SSL connections effectively from p4-plugin, which runs contrary to our companies internal Security policies.

This is a major issue in our adoption of Jenkins / Perforce CI pipeline.

igor.milos@cfm.fr (JIRA)

unread,
Nov 9, 2018, 11:53:02 AM11/9/18
to jenkinsc...@googlegroups.com
Igor Milos edited a comment on Improvement JENKINS-50298
We deploy a p4 trust file on all our servers, including Jenkins slaves, and we export the variable P4TRUST to point to it.

We would like p4-plugin in Jenkins to use this set up (the P4TRUST and the file) when we try to configure an SSL connection.

However, this doesn't work - we get a fingerprint error. The only way to make p4-plugin establish an SSL connection, which is not really usable at scale, is to unset the P4TRUST variable and enter the fingerprint manually in the configuration. Obviously, this approach is does not scale (we have 100s of connections to configure) and creates would require an unacceptable undesirable exception in our deployment process.


We are therefore at this stage unable to use SSL connections effectively from p4-plugin, which runs contrary to our companies internal Security policies.

This is a major issue in our adoption of Jenkins / Perforce CI pipeline.

jbrown@perforce.com (JIRA)

unread,
Nov 13, 2018, 2:20:02 PM11/13/18
to jenkinsc...@googlegroups.com
Joel Brown updated an issue
 
Change By: Joel Brown
Labels: P4_SUPPORT

jbrown@perforce.com (JIRA)

unread,
Nov 15, 2018, 2:36:03 PM11/15/18
to jenkinsc...@googlegroups.com
Joel Brown updated an issue
Change By: Joel Brown
Labels: P4_SUPPORT P4_VERIFY

jbrown@perforce.com (JIRA)

unread,
Nov 15, 2018, 2:37:02 PM11/15/18
to jenkinsc...@googlegroups.com
Joel Brown updated an issue
If the credential's Trust field is blank, just use the fingerprint from the p4trust file.


This means any node using this credential must have a P4TRUST file that already trusts the server.

igor.milos@cfm.fr (JIRA)

unread,
Mar 13, 2019, 9:25:02 AM3/13/19
to jenkinsc...@googlegroups.com
Igor Milos commented on Improvement JENKINS-50298
 
Re: Use p4trust file if credential's Trust fingerprint is blank

Hello, is this fixing this issue going to be put in the road map?

igor.milos@cfm.fr (JIRA)

unread,
Apr 17, 2019, 7:48:03 AM4/17/19
to jenkinsc...@googlegroups.com
Igor Milos edited a comment on Improvement JENKINS-50298
We deploy a p4 trust file on all our servers, including Jenkins slaves, and we export the variable P4TRUST to point to it.

We would like p4-plugin in Jenkins to use this set up (the P4TRUST and the file) when we try to configure an SSL connection.

However, this doesn't work - we get a fingerprint error. The only way to make p4-plugin establish an SSL connection, which is not really usable at scale, is to unset the P4TRUST variable and enter the fingerprint manually in the configuration. Obviously, this This approach based on manual input does not scale ( for us as we have 100s of connections more than 20 Jenkins master servers to configure) maintain and would require an undesirable exception in our deployment process. The risk is that if the fingerprint changes a manual procedure does not guarantee that all of the Masters will be updated, causing connection failures.

We are therefore at this stage unable to use SSL connections effectively from p4-plugin, which runs contrary to our companies internal Security policies.

This is a major issue in our adoption of Jenkins / Perforce CI pipeline.

pallen@perforce.com (JIRA)

unread,
Jun 4, 2019, 10:42:01 AM6/4/19
to jenkinsc...@googlegroups.com
Paul Allen updated an issue
 
Change By: Paul Allen
Labels: P4_VERIFY P4_B
Reply all
Reply to author
Forward
0 new messages