IntroductionPre-installation requirementsInstallingVerifying Docker imagesUninstalling
IntroductionPre-installation requirementsInstallingVerifying Docker imagesUninstalling
IntroductionPre-installation requirementsInstallingVerifying Docker imagesUninstalling
IntroductionPre-installation requirementsInstallingVerifying Docker imagesUninstalling
IntroductionPre-installation requirementsInstallingVerifying Docker imagesUninstalling
IntroductionPre-installation requirementsInstallingVerifying Docker imagesUninstalling
IntroductionSystem requirementsVerifying Docker imagesInstalling operations centerInstalling client controllersInstalling build agentsVerifying build componentsVerifying WAR filesHigh availability
IntroductionPipeline termsPipeline project typesCloudBees Pipeline benefits
IntroductionUsing Pipeline development utilitiesDetermining plugin compatibilityPipeline best practices
IntroductionPrerequisitesCreating your first PipelineCreating Pipelines in SCMCreating Pipelines in Web UIUsing Pipeline as Code
IntroductionConfig Adv ScriptedConfig Build StageConfig Deploy StageConfig Optional Step ArgsConfig Test StageCreating JenkinsfileCustomizing ParametersHandling FailuresString InterpolationUsing Multiple AgentsWorking With The Env
IntroductionManaging artifactsTracing artifactsTriggering jobs with a simple webhookRestoring filesVisualizing PipelineInserting checkpointsSecuring PipelinesConfiguring Pipelines with user-scoped credentialsUsing Pipeline PoliciesSpecifying a matrix of one or more dimensionsConverting a Freestyle project to a Declarative Pipeline
IntroductionRestarting aborted buildsLong-running buildsSkip next buildConsolidated Build View pluginCloudBees Quiet Start pluginCloudBees Template pluginCloudBees Git Validated Merge plugin
IntroductionTrigger a job with a notification event using Cross Team CollaborationEnable external notification events with external HTTP endpointsCluster-wide copy artifactsCluster-wide job triggers
IntroductionSetting up a Pipeline Template CatalogDefining Pipeline Template CatalogsSetting Up A Pipeline TemplateUsing parameters in template.yamlManaging multibranch Pipeline options in template.yamlManaging Pipeline Template Catalogs in bulkExample full Maven/Java app Jenkinsfile
IntroductionUsing Declarative Pipeline syntaxUsing Scripted Pipeline syntax
IntroductionBranch SourceBitbucketGitBranch Property StrategyExamples
CloudBees Docker Build and Publish pluginCloudBees Docker TraceabilityDocker Pipeline pluginCloudBees Docker Hub/Registry Notification plugin
IntroductionGetting startedNavigating the operations centerProvisioning managed controllers in multiple Kubernetes clustersProvisioning agents in a separate Kubernetes cluster from a managed controllerProvisioning a controller in a different namespace than the operations centerProvisioning a controller in a different OpenShift project than the operations centerManaging controllersManaging controllers in specific Kubernetes namespacesManaging agentsShared agentsShared configurationShared cloud configurationTrigger restrictionsChanging NFS storage locationQuiet startMove/Copy/PromoteCluster operationsInbound agentsUsing KanikoSidecar injector for self-signed certificates on KubernetesSidecar injector for self-signed certificates on OpenShiftUsing auto-scaling nodes on EKSUsing auto-scaling nodes on GKECloudBees Amazon Web Services Deploy EngineAmazon Web Services CLI PluginCloud Foundry CLI PluginIntegrate OpenShift CLIServiceNow integrationCreating projects based on GitHub repository structureUsing GitHub App authenticationWikiText plugin
IntroductionGetting startedNavigating the Operations CenterManaging client controllersManaging agentsShared agentsShared configurationShared cloud configurationTrigger restrictionsQuiet startMove/Copy/PromoteCluster operationsJava web start agentsServiceNow integrationCreating projects based on GitHub repository structureUsing GitHub App authenticationUsing GitHub App authentication
IntroductionTrust modelCentrally managing security for controllersCyberark Credential Provider PluginEnabling advanced use cases: cross controller triggers and bulk operationsRestricting access and delegating administration with Role-Based Access ControlCreating secure folders with Role-Based Access Control Auto ConfigurerRestricting job triggersSetting up operations center access controlsSetting up access controls on connected controllersTesting the SSH connection to an agentConfiguring restricted credentials with the CloudBees Restricted Credentials pluginFoldersFolders PlusInjecting secrets into buildsManaging build agents with Nodes Plus pluginExtended security settingsEnhanced credentials maskingUnderstanding Beekeeper security warningsPreventing unauthorized interaction between buildsSecurity recommendationsUsing single sign-on (SSO)operations center specific permissionsAuthentication mappingExample configurationsDelegating administrationData collection for the CloudBees Analytics PluginExternal secrets managementReplacing an expired certificateList of URLs that need accessBlocking access to URL patterns using the CloudBees Request Filter PluginServing resources from JenkinsVerifying Helm Charts Published with a Signature
IntroductionConfiguring network requirementsCentrally managing security for controllersCyberark Credential Provider PluginEnabling advanced use cases: cross-controller triggers and bulk operationsRestricting access and delegating administration with Role-Based Access ControlCreating secure folders with Role-Based Access Control Auto ConfigurerRestricting job triggersTesting the SSH connection to an agentConfiguring restricted credentials with the CloudBees Restricted Credentials pluginFoldersFolders PlusInjecting secrets into buildsManaging build agents with Nodes Plus pluginUnderstanding Beekeeper security warningsPreventing unauthorized interaction between buildsSecurity recommendationsExtended security settingsUsing single sign-on (SSO)Operations Center specific permissionsAuthentication mappingExample configurationsDelegating administrationData collection for the CloudBees Analytics PluginExternal secrets managementList of URLs that need accessBlocking access to URL patterns using the CloudBees Request Filter PluginServing resources from Jenkins
IntroductionExplaining $JENKINS_HOMEBest practices for backup and restoreBacking up manuallyRestoring manuallyRestoring credentialsUsing the CloudBees Backup PluginScheduling your backups in the CloudBees Backup PluginRestoring from CloudBees Backup PluginBackup and restore on KubernetesBackup and restore on AWSUsing Velero for backup and restore of Kubernetes clustersUsing cluster operations to run backups
IntroductionGetting the CLI toolUsing the CLI toolExamples of usageConfiguring multiple client controllersConfiguring an alias for the Jenkins CLI toolConfiguring the Jenkins CLI tool to work with non-TrustStore SSL certificatesCasC bundle management on operations center
CloudBees Inactive Items Plugin
Jenkins Health Advisor by CloudBees
CloudBees Pull Request Builder for GitHub plugin
Counting and monitoring user licenses with the CloudBees User Activity Monitoring plugin

Verifying the CloudBees CI on traditional platforms WAR files

2 minute read

CloudBees supports running CloudBees CI on traditional platforms using the WAR package.

If you are not using an install package and want to manually download the CloudBees CI WAR file (to run inside Apache Tomcat or a standalone), you should verify the authenticity of the WAR files. It can help to ensure that you are not the victim of a "man-in-the-middle" attack or another type of signature tampering.

You should verify the signature files before you run the WAR file package.

The signature files of the WAR file distributables are located at the download site with the respective WAR files. Refer to CloudBees Software Delivery Automation.

You can create a text file using the CloudBees public GPG key, and then run the verification process.

The CloudBees public GPG key is as follows:

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1

mQENBFaU9goBCAC/V/svxekI7Y/5am9Q6BpVcrG0IWxyhux3BejYHgCWKh4tt08M
7VvXncejezeOVZPJSHCVgRKwJOst2hKw+lJwhiaX847LRAeZwG6YbQ5Gd5OBEefN
3FMw4Ym6bzRrkQ213lJmmUOvFMDxs3nu1tScbJ6yyPe6FQyVlw30Di/rTTp5EzK6
5vmCG80lbWbUdyBTvoKkXAgHIjUYU4dV2pHvQL6a+CUbQsaC/UsTcGaPKNTQ3NsJ
XPJoK0GmENvpP1VYWIo6SzAMay9ZP9qM7ksr6RgqA+LvznF0J8gqOPpipoqwIB1a
5xVxZfsBGHYq45F5dLboF69SeJ+ra8mQVHyZABEBAAG0M0Nsb3VkQmVlcywgSW5j
LiAoQ29kZSBzaWduaW5nKSA8aW5mb0BjbG91ZGJlZXMuY29tPokBOAQTAQIAIgUC
VpT2CgIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQOOL185/5C9pz4QgA
tOk6+3PbAta8Pla9LCex1fDzJ2jBM7N5lblcvsa8yg2Tepkt0xzUSd29gaxTmsod
ZTVj0vWktDlS2lBvlbCqcYtI7r030EHdO2V7cFGTTsjqlGmzBT/My1wdXOVBDBU2
mxG/pzWqQ1lcre+ojFN4bzQNGD+f2MHvoWxLO2YQGhavG13c3r4Basb11AEmaFjt
0y9so/1OepoUuqhUph4c/xwck82aY8gcfFePre+a3+SzkXuAS+aKPTgk0WxIoN1k
JC9Z05wdwpecMbuhaKZjqF+3dDhebpBDpr8pLngA96647p9TDC5pQLxc3WHOzZ8S
IEoqhy52gNo1ndQoMkBgs7kBDQRWlPYKAQgArGSLYnq75EjcYefQvivaNa00FhFu
BN8KkuwRYebDhJXA6nOd530hxvVakYedz5MWaRs0tkqEThtqxEHc8Dt/3XZTNgEW
ULnITV1U3RmBeBwaMrBTECE4B+tlQ0A5Tqbw6or8ACV/dAfyclTv+mrRXf033IRF
5LVInkVuP7BgRbNOU9dmq01CDflbyw21QfEIXaY8OTyy/BeBXdArzMwW/EWbUEIn
V48Z8yaj6CuSdMNgrHtDSn1KNNCtPfofbW89Ofld1C21Iqqt6XieWkKZsTevzHjB
X1qvbvVOq/i/lor7KTIMXJT+5ZFvSNJqtxE7gyvJeThhJNqaosllanBbpQARAQAB
iQEfBBgBAgAJBQJWlPYKAhsMAAoJEDji9fOf+Qva7VgH/0s6RiaSepqJMMDE8WVM
wMPjBCHxL83MVcuewirpw0i4JhB4entJYcEJB7a6WGPiW25OIjZj+OzZd2UU6Ojd
VxbdYuSpCl2FDLPAzF79yS7cD/Fl0wuLbvN44t75jVqGoi3SXg+oPnqS8FONL7AE
ntyxuMdeQhBC7Wj5FjOIfuw8ZwFheEhzEPtAbE9McRoDcuxB2EfdIAA5QdBRCAo/
/8yHI8EuFdwFXmjYKwg2VBlFJYttfNaAev5ZRBOekq4MqOEb3yGFZRSSvQQjZxZb
GPCs/UlayiFIFeflgsIM7f52bo3KLFnul71X5yr/o3hWg7Q7loOzShdkhJM1ICkD
X8s=
=kNBt
-----END PGP PUBLIC KEY BLOCK-----

To verify the authenticity of the CloudBees CI WAR files, complete the following steps:

  1. Add the CloudBees public key to your GPG key store by using one of the following procedures:

    • Copy and paste the CloudBees public GPG key into a text file and import it.

    • Use the following command to create the text file, populate it with the CloudBees public GPG key, and import it:

      echo -e "-----BEGIN PGP PUBLIC KEY BLOCK-----\nVersion: GnuPG v1\n\nmQENBFaU9goBCAC/V/svxekI7Y/5am9Q6BpVcrG0IWxyhux3BejYHgCWKh4tt08M\n7VvXncejezeOVZPJSHCVgRKwJOst2hKw+lJwhiaX847LRAeZwG6YbQ5Gd5OBEefN\n3FMw4Ym6bzRrkQ213lJmmUOvFMDxs3nu1tScbJ6yyPe6FQyVlw30Di/rTTp5EzK6\n5vmCG80lbWbUdyBTvoKkXAgHIjUYU4dV2pHvQL6a+CUbQsaC/UsTcGaPKNTQ3NsJ\nXPJoK0GmENvpP1VYWIo6SzAMay9ZP9qM7ksr6RgqA+LvznF0J8gqOPpipoqwIB1a\n5xVxZfsBGHYq45F5dLboF69SeJ+ra8mQVHyZABEBAAG0M0Nsb3VkQmVlcywgSW5j\nLiAoQ29kZSBzaWduaW5nKSA8aW5mb0BjbG91ZGJlZXMuY29tPokBOAQTAQIAIgUC\nVpT2CgIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQOOL185/5C9pz4QgA\ntOk6+3PbAta8Pla9LCex1fDzJ2jBM7N5lblcvsa8yg2Tepkt0xzUSd29gaxTmsod\nZTVj0vWktDlS2lBvlbCqcYtI7r030EHdO2V7cFGTTsjqlGmzBT/My1wdXOVBDBU2\nmxG/pzWqQ1lcre+ojFN4bzQNGD+f2MHvoWxLO2YQGhavG13c3r4Basb11AEmaFjt\n0y9so/1OepoUuqhUph4c/xwck82aY8gcfFePre+a3+SzkXuAS+aKPTgk0WxIoN1k\nJC9Z05wdwpecMbuhaKZjqF+3dDhebpBDpr8pLngA96647p9TDC5pQLxc3WHOzZ8S\nIEoqhy52gNo1ndQoMkBgs7kBDQRWlPYKAQgArGSLYnq75EjcYefQvivaNa00FhFu\nBN8KkuwRYebDhJXA6nOd530hxvVakYedz5MWaRs0tkqEThtqxEHc8Dt/3XZTNgEW\nULnITV1U3RmBeBwaMrBTECE4B+tlQ0A5Tqbw6or8ACV/dAfyclTv+mrRXf033IRF\n5LVInkVuP7BgRbNOU9dmq01CDflbyw21QfEIXaY8OTyy/BeBXdArzMwW/EWbUEIn\nV48Z8yaj6CuSdMNgrHtDSn1KNNCtPfofbW89Ofld1C21Iqqt6XieWkKZsTevzHjB\nX1qvbvVOq/i/lor7KTIMXJT+5ZFvSNJqtxE7gyvJeThhJNqaosllanBbpQARAQAB\niQEfBBgBAgAJBQJWlPYKAhsMAAoJEDji9fOf+Qva7VgH/0s6RiaSepqJMMDE8WVM\nwMPjBCHxL83MVcuewirpw0i4JhB4entJYcEJB7a6WGPiW25OIjZj+OzZd2UU6Ojd\nVxbdYuSpCl2FDLPAzF79yS7cD/Fl0wuLbvN44t75jVqGoi3SXg+oPnqS8FONL7AE\nntyxuMdeQhBC7Wj5FjOIfuw8ZwFheEhzEPtAbE9McRoDcuxB2EfdIAA5QdBRCAo/\n/8yHI8EuFdwFXmjYKwg2VBlFJYttfNaAev5ZRBOekq4MqOEb3yGFZRSSvQQjZxZb\nGPCs/UlayiFIFeflgsIM7f52bo3KLFnul71X5yr/o3hWg7Q7loOzShdkhJM1ICkD\nX8s=\n=kNBt\n-----END PGP PUBLIC KEY BLOCK-----" > cloudbees.key
gpg --import cloudbees.key

    • Use the following command to retrieve the CloudBees public GPG key from a key server:

      gpg --verbose --keyserver keyserver.ubuntu.com --recv-keys 0x38E2F5F39FF90BDA

  2. Download the WAR files and the WAR signature (.asc) files.

  3. Verify the WAR files with one of the following commands:

    • Controller: gpg --verify cloudbees-core-cm.war.asc cloudbees-core-cm.war

    • Operations center: gpg --verify cloudbees-core-oc.war.asc cloudbees-core-oc.war

      The output is similar to the following:

      ---
gpg: Signature made Sat 01 Aug 2022 01:53:27 PM CEST
gpg:                using RSA key 0x38E2F5F39FF90BDA
gpg: Good signature from "CloudBees, Inc. (Code signing)<info@cloudbees.com>
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 7CF6 5665 2123 F836 A532 3AB1 38E2 F5F3 9FF9 0BDA
---

      GPG responds with a message that indicates whether the WAR file is validated as authentic. If the message states that it is a good signature, the WAR file is authentic. If the WAR file is not validated as authentic, you should contact CloudBees Support.

Verifying build components
High availability