Code signing

Jenkins Code Signing

3min

This section introduces Jenkins Code Signing plugin.

Jenkins terminology

A plugin implements one or more build steps for pipeline or project consumption. By convention, a plugin generally implements only one build step for separation.

A pipeline is a set of configurable build-steps. This terminology generally refers to the Pipeline plugin.

A build step is the fundamental building block of build automation in Jenkins. Everything that performs an action in your project is a build step, such as pulling from git or notifying users that a build is complete.

A stage is a logical grouping of those build steps. For example, you can skip the entire Test stage, but you must specify individual build steps to skip over to bypass part of the stage. Stages also help you visualize the build process results. Because stages are not a required part of a pipeline and are strictly logical, you don't need to worry about stages other than understanding the concept.

Pipeline scripting

Pipeline scripting comes in the following forms:

  • Declarative: A pre-defined set of tasks and environments in which to run build steps and Groovy expressions.
  • Imperative (or scripted): Similar to the declarative version but limited because of the lack of a declarative environment. In exchange, you gain the full power of Groovy. It's very powerful but difficult to use.

Purpose of the FXCL Jenkins plugin

Existing Jenkins code signing plugins do not have an approval process. You must give the resulting signature immediately, or it fails. When a request to sign is submitted, it fails because there is no time for approval. Nor can you query for the same request by using tools such as Jarsigner, which relies on PKCS11. Thus, you need a plugin that handles the approval process.

The FXCL Jenkins Plugin accomplishes the following:

  • Interfacing with the registration authority allows for the standard approval process.
  • You can sign files in bulk by incorporating FXCL functionality into the plugin.