Code signing
Jenkins Code Signing
3 min
this section introduces the jenkins code signing plugin jenkins terminology a plugin implements one or more build steps for pipeline or project consumption by convention, a plugin generally implements only one build step for separation a pipeline is a set of configurable build steps this terminology generally refers to the pipeline plugin a build step is the fundamental building block of build automation in jenkins everything that performs an action in your project is a build step, such as pulling from git or notifying users that a build is complete a stage is a logical grouping of those build steps for example, you can skip the entire test stage, but you must specify individual build steps to skip over to bypass part of the stage stages also help you visualize the build process results because stages are not a required part of a pipeline and are strictly logical, you don't need to worry about stages other than understanding the concept pipeline scripting pipeline scripting comes in the following forms declarative a pre defined set of tasks and environments in which to run build steps and groovy expressions imperative (or scripted) similar to the declarative version but limited because of the lack of a declarative environment in exchange, you gain the full power of groovy it's very powerful but difficult to use purpose of the fxcl jenkins plugin existing jenkins code signing plugins do not have an approval process you must give the resulting signature immediately, or it fails when a request to sign is submitted, it fails because there is no time for approval nor can you query for the same request by using tools such as jarsigner, which relies on pkcs11 thus, you need a plugin that handles the approval process the fxcl jenkins plugin accomplishes the following interfaces with the {{ch}} registration authority to enable the standard approval process enables you to sign files in bulk by incorporating fxcl functionality into the plugin