I recently did a setup of Jenkins that had to access git repositories via https on a server that only had a self signed certificate. Here are the bits and pieces that I had to configure.
Ignoring SSL warnings in git
Since all git traffic was internal I chose not to bother too much about this isssue and just disable http certificate checks in git. If you run the command
git config --global http.sslVerify true
an entry like this will be added to your .gitconfig:
[http]
sslVerify = false
We’ll have to put this .gitconfig in a couple of places to enable Jenkins accessing the git server.
Jenkins master
Certain operations are performed on the master itself, e.g. scanning the repo for branches in multibranch pipelines. The .gitconfig mentioned above must be placed into /var/jenkins_home/.gitconfig on the master. In my case this was a Docker setup so I mounted the file into the container.
Jenkins worker
Before the first build step of a pipeline actually runs Jenkins does a git checkout on the worker node. Even if you choose to run your build inside a Docker container the checkout happens before the container is actually started. So the user running the Jenkins agent must be configured with the .gitconfig mentioned above, too.
Not covered here
I’m sure there are other places where a git checkout happens in Jenkins, e.g. if you do a checkout as part of a pipeline using the checkout() function in a Jenkinsfile. Since I don’t use that functionality right now I did not bother to go into details here.
Quick templating with gmaven and GStringTemplateEngine
At work I have come across the requirement to generate some files based on the info in a pom.xml. Maven’s resource filtering feature would be the first thing that comes to mind but unfortunately it’s not powerful enough for my use case. I had to generate a …
Creating a plain Eclipse project using JPMS and JUnit tests
I use the Eclipse IDE as my daily driver for development. For a long time I have ignored the Java Platform Module System (JPMS) which was introduced in Java 9 and I’m still ignoring it today. If you want a proper module system simply use the better one that …
read moreKotlin multiline strings vs the $ character
Generating test coverage for Sonar with maven, surefire and jacoco
At work we’re using Sonar to keep our code quality under control. One integral part of code quality is test coverage and Sonar offers coverage metrics in the UI. However, the Sonar docs on code coverage are a bit sparse (at best) and don’t tell you the exact …
read moreFiltering spam mails with bogofilter
I’m running a Postfix server here at home to process incoming mail. To integrate spam filtering I’m delivering mails via procmail - it’s as simple as setting mailbox_command = /usr/bin/procmail in postfix’ main.cf.
Spam filtering works by invoking the filter (bogofilter in my case) from procmail …
read moreDeploying files with maven-deploy-plugin
We recently had an outage of our Nexus instance at work. The file system went corrupt, nexus would not start up properly complaining about a corrupted Orient DB.
The blob store was largely left intact. In hindsight I should have tried to rebuild the OrientDB from the blob store using …
read moreFixing the dreaded “problem with defaults entries” in debian
At work we host a number of Debian VMs. Most of them are integrated into the central active directory server using the sssd package.
Quite unrelatedly my boss kept nagging me about incoming emails to root that looked like this
Subject: *** SECURITY information for <host> ***
<host> : Sep 29 05:45 …Chromecasting using a custom Chromium build
Setting up a software RAID1
I’m helping a friend to set up a machine with Gentoo. This will be a machine to host production applications and it is equipped with 2 identical hard drives. I will set up a software RAID 1. This has been a life saver on a similar machine before where …
read more