IntroductionPre-installation requirementsInstallingVerifying Docker imagesUninstalling
IntroductionPre-installation requirementsInstallingVerifying Docker imagesUninstalling
IntroductionPre-installation requirementsInstallingVerifying Docker imagesUninstalling
IntroductionPre-installation requirementsInstallingVerifying Docker imagesUninstalling
IntroductionPre-installation requirementsInstallingVerifying Docker imagesUninstalling
IntroductionPre-installation requirementsInstallingVerifying Docker imagesUninstalling
IntroductionSystem requirementsVerifying Docker imagesInstalling operations centerInstalling client controllersInstalling build agentsVerifying build componentsVerifying WAR files
IntroductionHA (active/active) fundamentalsInstallation on modern cloud platforms (active/active)Installation on traditional platforms (active/active)HA (active/active) considerationsSpecific High Availability (active/passive) installation for CloudBees CI on traditional platforms
IntroductionPipeline termsPipeline project typesCloudBees Pipeline benefits
IntroductionUsing Pipeline development utilitiesDetermining plugin compatibilityPipeline best practices
IntroductionPrerequisitesCreating your first PipelineCreating Pipelines in SCMCreating Pipelines in Web UIUsing Pipeline as Code
IntroductionConfig Adv ScriptedConfig Build StageConfig Deploy StageConfig Optional Step ArgsConfig Test StageCreating JenkinsfileCustomizing ParametersHandling FailuresString InterpolationUsing Multiple AgentsWorking With The Env
IntroductionManaging artifactsTracing artifactsTriggering jobs with a simple webhookRestoring filesVisualizing PipelineInserting checkpointsSecuring PipelinesConfiguring Pipelines with user-scoped credentialsUsing Pipeline PoliciesSpecifying a matrix of one or more dimensionsConverting a Freestyle project to a Declarative PipelinePipeline builds and HA (active/active)
IntroductionRestarting aborted buildsLong-running buildsSkip next buildConsolidated Build View pluginCloudBees Quiet Start pluginCloudBees Template pluginCloudBees Git Validated Merge pluginCloudBees Workspace Caching
IntroductionTrigger a job with a notification event using Cross Team CollaborationEnable external notification events with external HTTP endpointsCluster-wide copy artifactsCluster-wide job triggers
IntroductionSetting up a Pipeline Template CatalogDefining Pipeline Template CatalogsSetting Up A Pipeline TemplateUsing parameters in template.yamlManaging multibranch Pipeline options in template.yamlManaging Pipeline Template Catalogs in bulkExample full Maven/Java app Jenkinsfile
IntroductionUsing Declarative Pipeline syntaxUsing Scripted Pipeline syntax
IntroductionBranch SourceBitbucketGitBranch Property StrategyExamples
CloudBees Docker Build and Publish pluginCloudBees Docker TraceabilityDocker Pipeline pluginCloudBees Docker Hub/Registry Notification plugin
Introduction
IntroductionGetting startedNavigating the operations centerProvisioning managed controllers in multiple Kubernetes clustersProvisioning agents in a separate Kubernetes cluster from a managed controllerProvisioning a controller in a different namespace than the operations centerProvisioning a controller in a different OpenShift project than the operations centerManaging controllersManaging controllers in specific Kubernetes namespacesMigrating an existing managed controller to High Availability (HA)Managing agentsShared agentsShared configurationShared cloud configurationTrigger restrictionsChanging NFS storage locationQuiet startMove/Copy/PromoteCluster operationsInbound agentsUsing KanikoUsing Buildkit (docker buildx)Sidecar injector for self-signed certificates on KubernetesSidecar injector for self-signed certificates on OpenShiftUsing auto-scaling nodes on EKSUsing auto-scaling nodes on GKECloudBees Amazon Web Services Deploy EngineAmazon Web Services CLI PluginCloud Foundry CLI PluginIntegrate OpenShift CLIServiceNow integrationCreating projects based on GitHub repository structureUsing GitHub App authenticationWikiText plugin
IntroductionGetting startedNavigating the Operations CenterManaging client controllersMigrating from High Availability (active/passive) to High Availability (active/active) on CloudBees CI on traditional platformsManaging agentsShared agentsShared configurationShared cloud configurationTrigger restrictionsQuiet startMove/Copy/PromoteCluster operationsJava web start agentsServiceNow integrationCreating projects based on GitHub repository structureUsing GitHub App authenticationWikiText plugin
IntroductionTrust modelPod Security AdmissionCentrally managing security for controllersCyberark Credential Provider PluginHashiCorp Vault PluginEnabling advanced use cases: cross controller triggers and bulk operationsRestricting access and delegating administration with Role-Based Access ControlCreating secure folders with Role-Based Access Control Auto ConfigurerRestricting job triggersSetting up operations center access controlsSetting up access controls on connected controllersTesting the SSH connection to an agentConfiguring restricted credentials with the CloudBees Restricted Credentials pluginFoldersFolders PlusInjecting secrets into buildsManaging build agents with Nodes Plus pluginExtended security settingsEnhanced credentials maskingUnderstanding Beekeeper security warningsPreventing unauthorized interaction between buildsSecurity recommendationsUsing single sign-on (SSO)CloudBees CI integration with Microsoft Entra IDoperations center specific permissionsAuthentication mappingExample configurationsDelegating administrationData collection for the CloudBees Analytics PluginExternal secrets managementReplacing an expired certificateList of URLs that need accessBlocking access to URL patterns using the CloudBees Request Filter PluginServing resources from JenkinsVerifying Helm Charts Published with a Signature
IntroductionConfiguring network requirementsCentrally managing security for controllersCyberark Credential Provider PluginHashiCorp Vault PluginEnabling advanced use cases: cross-controller triggers and bulk operationsRestricting access and delegating administration with Role-Based Access ControlCreating secure folders with Role-Based Access Control Auto ConfigurerRestricting job triggersTesting the SSH connection to an agentConfiguring restricted credentials with the CloudBees Restricted Credentials pluginFoldersFolders PlusInjecting secrets into buildsManaging build agents with Nodes Plus pluginUnderstanding Beekeeper security warningsPreventing unauthorized interaction between buildsSecurity recommendationsExtended security settingsUsing single sign-on (SSO)CloudBees CI integration with Microsoft Entra IDOperations Center specific permissionsAuthentication mappingExample configurationsDelegating administrationData collection for the CloudBees Analytics PluginExternal secrets managementList of URLs that need accessBlocking access to URL patterns using the CloudBees Request Filter PluginServing resources from Jenkins
IntroductionExplaining $JENKINS_HOMEBest practices for backup and restoreBacking up manuallyRestoring manuallyRestoring credentialsUsing the CloudBees Backup PluginScheduling your backups in the CloudBees Backup PluginRestoring from CloudBees Backup PluginBackup and restore on KubernetesBackup and restore on AWSUsing Velero for backup and restore of Kubernetes clustersUsing cluster operations to run backups
IntroductionGetting the CLI toolUsing the CLI toolExamples of usageConfiguring multiple client controllersConfiguring an alias for the Jenkins CLI toolConfiguring the Jenkins CLI tool to work with non-TrustStore SSL certificatesCasC bundle management on operations center
CloudBees Inactive Items Plugin
Jenkins Health Advisor by CloudBees
CloudBees Pull Request Builder for GitHub plugin
Count and monitor user licenses with the CloudBees User Activity Monitoring plugin
Introduction
CasC fundamentals
CasC requirements
IntroductionGetting startedCreating a bundleConfiguring the operations center on modern platformsConfiguring the operations center on traditional platformsRetrieving bundles using SCMUpdating a bundleBundle update timing for the operations centerViewing the operations center update logCreating itemsConfiguring RBACDetermining plugin compatibilityTroubleshooting
IntroductionGetting startedCreating a bundleAdding controller bundles to the operations centerUpdating a bundleBundle update timing for controllersViewing the controller update logConfiguring bundle availabilitySetting up a managed controllerSetting up a client controllerCreating itemsConfiguring RBACDetermining plugin compatibilityAdvanced topicsTroubleshooting
Plugin management with CasC
CasC CLI commands
CasC HTTP API
Support policies

Verifying the CloudBees CI on traditional platforms WAR files

3 minute read

CloudBees supports running CloudBees CI on traditional platforms using the WAR package.

If you are not using an install package and want to manually download the CloudBees CI WAR file (to run inside Apache Tomcat or a standalone), you should verify the authenticity of the WAR files. It can help to ensure that you are not the victim of a "man-in-the-middle" attack or another type of signature tampering.

You should verify the signature files before you run the WAR file package.

The signature files of the WAR file distributables are located at the download site with the respective WAR files. Refer to CloudBees Software Delivery Automation.

For versions 2.426.2.x and later

The CloudBees public GPG keys is as follows:

-----BEGIN PGP PUBLIC KEY BLOCK-----

mQENBFaU9goBCAC/V/svxekI7Y/5am9Q6BpVcrG0IWxyhux3BejYHgCWKh4tt08M
7VvXncejezeOVZPJSHCVgRKwJOst2hKw+lJwhiaX847LRAeZwG6YbQ5Gd5OBEefN
3FMw4Ym6bzRrkQ213lJmmUOvFMDxs3nu1tScbJ6yyPe6FQyVlw30Di/rTTp5EzK6
5vmCG80lbWbUdyBTvoKkXAgHIjUYU4dV2pHvQL6a+CUbQsaC/UsTcGaPKNTQ3NsJ
XPJoK0GmENvpP1VYWIo6SzAMay9ZP9qM7ksr6RgqA+LvznF0J8gqOPpipoqwIB1a
5xVxZfsBGHYq45F5dLboF69SeJ+ra8mQVHyZABEBAAG0M0Nsb3VkQmVlcywgSW5j
LiAoQ29kZSBzaWduaW5nKSA8aW5mb0BjbG91ZGJlZXMuY29tPokBTwQTAQgAOQIb
AwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AWIQR89lZlISP4NqUyOrE44vXzn/kL
2gUCVpT2CwAKCRA44vXzn/kL2q4kB/9p8t3U4JgrAWBzxHalckxm8IbTH9rKynhP
dLaPmtdpx69GUj5/gIVVL/SgTEQNpkJ5gY79BSI3Vwr1ylyt1B6lgKy6uKaIeY8I
5qJqe25fyDcP/MDbEC0UvvGziAYDVdwTxp3y/kIW6lk8F3Wgl0p9bYY56vmzSjZV
pRyimGO7Ud5J/tgp60g/OriuoMT9+8p+eRCkxMdmxaZ2SM7g/ML4U0d/K1of71le
CFIZvEqtGLkguSfHztMBGeV42PpxZR5Z1lM/wWP1G4GqjZtkrrEpyW6dtrtJjtf4
DIVchJsBIDnl67CUjJjSZ/+2JInYmevxd2fuThbgqmlKfayup1mSuQENBFaU9goB
CACsZItiervkSNxh59C+K9o1rTQWEW4E3wqS7BFh5sOElcDqc53nfSHG9VqRh53P
kxZpGzS2SoROG2rEQdzwO3/ddlM2ARZQuchNXVTdGYF4HBoysFMQITgH62VDQDlO
pvDqivwAJX90B/JyVO/6atFd/TfchEXktUieRW4/sGBFs05T12arTUIN+VvLDbVB
8Qhdpjw5PLL8F4Fd0CvMzBb8RZtQQidXjxnzJqPoK5J0w2Cse0NKfUo00K09+h9t
bz05+V3ULbUiqq3peJ5aQpmxN6/MeMFfWq9u9U6r+L+WivspMgxclP7lkW9I0mq3
ETuDK8l5OGEk2pqiyWVqcFulABEBAAGJATYEGAEIACACGwwWIQR89lZlISP4NqUy
OrE44vXzn/kL2gUCVpT2CwAKCRA44vXzn/kL2itAB/94T4jsKUXGoQWQo/O21L3m
MErnaAYv+HEhNPUFIgkz9qO/FsUUt+OK4Fl5cRP5FHfpGy7aiHMtrYedyZ7T+ItJ
0M+cDgOfrTRcyXpN9tRidB4AYAGECag0/rTej8T6jk6aRVuEOt0Pbt9klNRm9/4V
dejcKjCuoU78gtjfe5WIVvupaLepqTMfoUOWuVo7vB2vWGCv5/JLyrXekwaoE56A
byVDhi3DsGsUHMigvjeIZz0xENQGBaeFaEcFBF28aqTb9haWIrE9wFohFP8+5oGF
5qUed2i3C6UYfjAJyVoQ+BmfKnT35FHEUkjoM8soEP+zxRrccokqI0zULeL5H/8k
=y+i9
-----END PGP PUBLIC KEY BLOCK-----

To verify the authenticity of the CloudBees CI WAR files, complete the following steps:

  1. Add the CloudBees public key to your GPG key store by using one of the following procedures:

    • Copy and paste the CloudBees public GPG key into a text file and import it.

    • Use the following command to create the text file, populate it with the CloudBees public GPG key, and import it:

      echo -e "-----BEGIN PGP PUBLIC KEY BLOCK-----\n\nmQENBFaU9goBCAC/V/svxekI7Y/5am9Q6BpVcrG0IWxyhux3BejYHgCWKh4tt08M\n7VvXncejezeOVZPJSHCVgRKwJOst2hKw+lJwhiaX847LRAeZwG6YbQ5Gd5OBEefN\n3FMw4Ym6bzRrkQ213lJmmUOvFMDxs3nu1tScbJ6yyPe6FQyVlw30Di/rTTp5EzK6\n5vmCG80lbWbUdyBTvoKkXAgHIjUYU4dV2pHvQL6a+CUbQsaC/UsTcGaPKNTQ3NsJ\nXPJoK0GmENvpP1VYWIo6SzAMay9ZP9qM7ksr6RgqA+LvznF0J8gqOPpipoqwIB1a\n5xVxZfsBGHYq45F5dLboF69SeJ+ra8mQVHyZABEBAAG0M0Nsb3VkQmVlcywgSW5j\nLiAoQ29kZSBzaWduaW5nKSA8aW5mb0BjbG91ZGJlZXMuY29tPokBTwQTAQgAOQIb\nAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AWIQR89lZlISP4NqUyOrE44vXzn/kL\n2gUCVpT2CwAKCRA44vXzn/kL2q4kB/9p8t3U4JgrAWBzxHalckxm8IbTH9rKynhP\ndLaPmtdpx69GUj5/gIVVL/SgTEQNpkJ5gY79BSI3Vwr1ylyt1B6lgKy6uKaIeY8I\n5qJqe25fyDcP/MDbEC0UvvGziAYDVdwTxp3y/kIW6lk8F3Wgl0p9bYY56vmzSjZV\npRyimGO7Ud5J/tgp60g/OriuoMT9+8p+eRCkxMdmxaZ2SM7g/ML4U0d/K1of71le\nCFIZvEqtGLkguSfHztMBGeV42PpxZR5Z1lM/wWP1G4GqjZtkrrEpyW6dtrtJjtf4\nDIVchJsBIDnl67CUjJjSZ/+2JInYmevxd2fuThbgqmlKfayup1mSuQENBFaU9goB\nCACsZItiervkSNxh59C+K9o1rTQWEW4E3wqS7BFh5sOElcDqc53nfSHG9VqRh53P\nkxZpGzS2SoROG2rEQdzwO3/ddlM2ARZQuchNXVTdGYF4HBoysFMQITgH62VDQDlO\npvDqivwAJX90B/JyVO/6atFd/TfchEXktUieRW4/sGBFs05T12arTUIN+VvLDbVB\n8Qhdpjw5PLL8F4Fd0CvMzBb8RZtQQidXjxnzJqPoK5J0w2Cse0NKfUo00K09+h9t\nbz05+V3ULbUiqq3peJ5aQpmxN6/MeMFfWq9u9U6r+L+WivspMgxclP7lkW9I0mq3\nETuDK8l5OGEk2pqiyWVqcFulABEBAAGJATYEGAEIACACGwwWIQR89lZlISP4NqUy\nOrE44vXzn/kL2gUCVpT2CwAKCRA44vXzn/kL2itAB/94T4jsKUXGoQWQo/O21L3m\nMErnaAYv+HEhNPUFIgkz9qO/FsUUt+OK4Fl5cRP5FHfpGy7aiHMtrYedyZ7T+ItJ\n0M+cDgOfrTRcyXpN9tRidB4AYAGECag0/rTej8T6jk6aRVuEOt0Pbt9klNRm9/4V\ndejcKjCuoU78gtjfe5WIVvupaLepqTMfoUOWuVo7vB2vWGCv5/JLyrXekwaoE56A\nbyVDhi3DsGsUHMigvjeIZz0xENQGBaeFaEcFBF28aqTb9haWIrE9wFohFP8+5oGF\n5qUed2i3C6UYfjAJyVoQ+BmfKnT35FHEUkjoM8soEP+zxRrccokqI0zULeL5H/8k\n=y+i9\n-----END PGP PUBLIC KEY BLOCK-----" > cloudbees.key
gpg --import cloudbees.key

  2. Download the WAR files and the WAR signature (.asc) files.

  3. Verify the WAR files with one of the following commands:

    • Controller: gpg --verify cloudbees-core-cm.war.asc cloudbees-core-cm.war

    • Operations center: gpg --verify cloudbees-core-oc.war.asc cloudbees-core-oc.war

      The output is similar to the following:

      ---
gpg: Signature made Wed Nov 29 12:08:28 2023 EST
gpg:                using RSA key 7CF656652123F836A5323AB138E2F5F39FF90BDA
gpg: Good signature from "CloudBees, Inc. (Code signing) <info@cloudbees.com>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 7CF6 5665 2123 F836 A532  3AB1 38E2 F5F3 9FF9 0BDA
---

      GPG responds with a message that indicates whether the WAR file is validated as authentic. If the message states that it is a good signature, the WAR file is authentic. If the WAR file is not validated as authentic, you should contact CloudBees Support.

For versions 2.426.1.x and earlier

The CloudBees public GPG key is as follows:

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1

mQENBFaU9goBCAC/V/svxekI7Y/5am9Q6BpVcrG0IWxyhux3BejYHgCWKh4tt08M
7VvXncejezeOVZPJSHCVgRKwJOst2hKw+lJwhiaX847LRAeZwG6YbQ5Gd5OBEefN
3FMw4Ym6bzRrkQ213lJmmUOvFMDxs3nu1tScbJ6yyPe6FQyVlw30Di/rTTp5EzK6
5vmCG80lbWbUdyBTvoKkXAgHIjUYU4dV2pHvQL6a+CUbQsaC/UsTcGaPKNTQ3NsJ
XPJoK0GmENvpP1VYWIo6SzAMay9ZP9qM7ksr6RgqA+LvznF0J8gqOPpipoqwIB1a
5xVxZfsBGHYq45F5dLboF69SeJ+ra8mQVHyZABEBAAG0M0Nsb3VkQmVlcywgSW5j
LiAoQ29kZSBzaWduaW5nKSA8aW5mb0BjbG91ZGJlZXMuY29tPokBOAQTAQIAIgUC
VpT2CgIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQOOL185/5C9pz4QgA
tOk6+3PbAta8Pla9LCex1fDzJ2jBM7N5lblcvsa8yg2Tepkt0xzUSd29gaxTmsod
ZTVj0vWktDlS2lBvlbCqcYtI7r030EHdO2V7cFGTTsjqlGmzBT/My1wdXOVBDBU2
mxG/pzWqQ1lcre+ojFN4bzQNGD+f2MHvoWxLO2YQGhavG13c3r4Basb11AEmaFjt
0y9so/1OepoUuqhUph4c/xwck82aY8gcfFePre+a3+SzkXuAS+aKPTgk0WxIoN1k
JC9Z05wdwpecMbuhaKZjqF+3dDhebpBDpr8pLngA96647p9TDC5pQLxc3WHOzZ8S
IEoqhy52gNo1ndQoMkBgs7kBDQRWlPYKAQgArGSLYnq75EjcYefQvivaNa00FhFu
BN8KkuwRYebDhJXA6nOd530hxvVakYedz5MWaRs0tkqEThtqxEHc8Dt/3XZTNgEW
ULnITV1U3RmBeBwaMrBTECE4B+tlQ0A5Tqbw6or8ACV/dAfyclTv+mrRXf033IRF
5LVInkVuP7BgRbNOU9dmq01CDflbyw21QfEIXaY8OTyy/BeBXdArzMwW/EWbUEIn
V48Z8yaj6CuSdMNgrHtDSn1KNNCtPfofbW89Ofld1C21Iqqt6XieWkKZsTevzHjB
X1qvbvVOq/i/lor7KTIMXJT+5ZFvSNJqtxE7gyvJeThhJNqaosllanBbpQARAQAB
iQEfBBgBAgAJBQJWlPYKAhsMAAoJEDji9fOf+Qva7VgH/0s6RiaSepqJMMDE8WVM
wMPjBCHxL83MVcuewirpw0i4JhB4entJYcEJB7a6WGPiW25OIjZj+OzZd2UU6Ojd
VxbdYuSpCl2FDLPAzF79yS7cD/Fl0wuLbvN44t75jVqGoi3SXg+oPnqS8FONL7AE
ntyxuMdeQhBC7Wj5FjOIfuw8ZwFheEhzEPtAbE9McRoDcuxB2EfdIAA5QdBRCAo/
/8yHI8EuFdwFXmjYKwg2VBlFJYttfNaAev5ZRBOekq4MqOEb3yGFZRSSvQQjZxZb
GPCs/UlayiFIFeflgsIM7f52bo3KLFnul71X5yr/o3hWg7Q7loOzShdkhJM1ICkD
X8s=
=kNBt
-----END PGP PUBLIC KEY BLOCK-----

To verify the authenticity of the CloudBees CI WAR files, complete the following steps:

  1. Add the CloudBees public key to your GPG key store by using one of the following procedures:

    • Copy and paste the CloudBees public GPG key into a text file and import it.

    • Use the following command to create the text file, populate it with the CloudBees public GPG key, and import it:

      echo -e "-----BEGIN PGP PUBLIC KEY BLOCK-----\nVersion: GnuPG v1\n\nmQENBFaU9goBCAC/V/svxekI7Y/5am9Q6BpVcrG0IWxyhux3BejYHgCWKh4tt08M\n7VvXncejezeOVZPJSHCVgRKwJOst2hKw+lJwhiaX847LRAeZwG6YbQ5Gd5OBEefN\n3FMw4Ym6bzRrkQ213lJmmUOvFMDxs3nu1tScbJ6yyPe6FQyVlw30Di/rTTp5EzK6\n5vmCG80lbWbUdyBTvoKkXAgHIjUYU4dV2pHvQL6a+CUbQsaC/UsTcGaPKNTQ3NsJ\nXPJoK0GmENvpP1VYWIo6SzAMay9ZP9qM7ksr6RgqA+LvznF0J8gqOPpipoqwIB1a\n5xVxZfsBGHYq45F5dLboF69SeJ+ra8mQVHyZABEBAAG0M0Nsb3VkQmVlcywgSW5j\nLiAoQ29kZSBzaWduaW5nKSA8aW5mb0BjbG91ZGJlZXMuY29tPokBOAQTAQIAIgUC\nVpT2CgIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQOOL185/5C9pz4QgA\ntOk6+3PbAta8Pla9LCex1fDzJ2jBM7N5lblcvsa8yg2Tepkt0xzUSd29gaxTmsod\nZTVj0vWktDlS2lBvlbCqcYtI7r030EHdO2V7cFGTTsjqlGmzBT/My1wdXOVBDBU2\nmxG/pzWqQ1lcre+ojFN4bzQNGD+f2MHvoWxLO2YQGhavG13c3r4Basb11AEmaFjt\n0y9so/1OepoUuqhUph4c/xwck82aY8gcfFePre+a3+SzkXuAS+aKPTgk0WxIoN1k\nJC9Z05wdwpecMbuhaKZjqF+3dDhebpBDpr8pLngA96647p9TDC5pQLxc3WHOzZ8S\nIEoqhy52gNo1ndQoMkBgs7kBDQRWlPYKAQgArGSLYnq75EjcYefQvivaNa00FhFu\nBN8KkuwRYebDhJXA6nOd530hxvVakYedz5MWaRs0tkqEThtqxEHc8Dt/3XZTNgEW\nULnITV1U3RmBeBwaMrBTECE4B+tlQ0A5Tqbw6or8ACV/dAfyclTv+mrRXf033IRF\n5LVInkVuP7BgRbNOU9dmq01CDflbyw21QfEIXaY8OTyy/BeBXdArzMwW/EWbUEIn\nV48Z8yaj6CuSdMNgrHtDSn1KNNCtPfofbW89Ofld1C21Iqqt6XieWkKZsTevzHjB\nX1qvbvVOq/i/lor7KTIMXJT+5ZFvSNJqtxE7gyvJeThhJNqaosllanBbpQARAQAB\niQEfBBgBAgAJBQJWlPYKAhsMAAoJEDji9fOf+Qva7VgH/0s6RiaSepqJMMDE8WVM\nwMPjBCHxL83MVcuewirpw0i4JhB4entJYcEJB7a6WGPiW25OIjZj+OzZd2UU6Ojd\nVxbdYuSpCl2FDLPAzF79yS7cD/Fl0wuLbvN44t75jVqGoi3SXg+oPnqS8FONL7AE\nntyxuMdeQhBC7Wj5FjOIfuw8ZwFheEhzEPtAbE9McRoDcuxB2EfdIAA5QdBRCAo/\n/8yHI8EuFdwFXmjYKwg2VBlFJYttfNaAev5ZRBOekq4MqOEb3yGFZRSSvQQjZxZb\nGPCs/UlayiFIFeflgsIM7f52bo3KLFnul71X5yr/o3hWg7Q7loOzShdkhJM1ICkD\nX8s=\n=kNBt\n-----END PGP PUBLIC KEY BLOCK-----" > cloudbees.key
gpg --import cloudbees.key

    • Use the following command to retrieve the CloudBees public GPG key from a key server:

      gpg --verbose --keyserver keyserver.ubuntu.com --recv-keys 0x38E2F5F39FF90BDA

  2. Download the WAR files and the WAR signature (.asc) files.

  3. Verify the WAR files with one of the following commands:

    • Controller: gpg --verify cloudbees-core-cm.war.asc cloudbees-core-cm.war

    • Operations center: gpg --verify cloudbees-core-oc.war.asc cloudbees-core-oc.war

      The output is similar to the following:

      ---
gpg: Signature made Sat 01 Aug 2022 01:53:27 PM CEST
gpg:                using RSA key 0x38E2F5F39FF90BDA
gpg: Good signature from "CloudBees, Inc. (Code signing)<info@cloudbees.com>
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 7CF6 5665 2123 F836 A532 3AB1 38E2 F5F3 9FF9 0BDA
---

      GPG responds with a message that indicates whether the WAR file is validated as authentic. If the message states that it is a good signature, the WAR file is authentic. If the WAR file is not validated as authentic, you should contact CloudBees Support.

Verifying build components