To build Apache™ Ant projects as part of the CloudBees Assurance Program (CAP), CloudBees CI includes the Ant plugin that contains features and pre-default configuration settings to build Apache Ant projects.
By default, the Apache Ant build uses the default JDK provided by the agent. To enable FIPS mode on the JDK installation of the Jenkins agent executing the build along with jvmargs
, run the following Java arguments:
-Xbootclasspath/a:/usr/share/jenkins/fips/bc-fips.jar:/usr/share/jenkins/fips/bctls-fips.jar:/usr/share/jenkins/fips/bcpkix-fips.jar:/usr/share/jenkins/fips/fips-security-manager.jar -Dorg.bouncycastle.fips.approved_only=true -Djava.security.manager=com.cloudbees.cbci.fips_security_manager.FIPSSecurityManager -Djavax.net.ssl.trustStoreType=PKCS12 -Dcom.redhat.fips=false
jvmargs
can be passed through as an ANT_OPT
setting in the build.xml
file, as a JAVA_OPT
setting in the pipeline script if the job is a pipeline, or in the Invoke Ant build step if the job is a FreeStyle job.
CloudBees cannot guarantee FIPS 140-2 compliance of an external JDK, Apache Ant distribution, or any of the Ant plugins downloaded or used during the build. |