init

generator.py

@@ -0,0 +1,4 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
# 
# Desc: Jenkins update center generator
# depend:  
+#   yum -y install make gcc automake autoconf python3-devel
+#   pip install pycrypto


import os
import json
import base64
import binascii
import urllib.request
from Crypto.Hash import SHA512, SHA
from Crypto.PublicKey import RSA
from Crypto.Signature import PKCS1_v1_5


class JenkinsUpdateCenter:
  def __init__(self):
    self.updateCenterVersion = "1"
    self.core = None
    self.warnings = None
    self.plugins = None
    self.id = "default"
    self.connectionCheckUrl = None
    self._private_key = None
    self._cert = [None]

  def _sha1_digest(self, body):
    digest = base64.b64encode(SHA.new(body).digest()).decode("utf-8")
    return digest

  def _sha512_digest(self, body):
    digest = binascii.hexlify(SHA512.new(body).digest()).decode("utf-8")
    return digest

  def _sign(self, body, algo = "SHA-1"):
    signer = PKCS1_v1_5.new(self._private_key)
    
    if algo == "SHA-1":
      digest = SHA.new()
    else:
      digest = SHA512.new()

    digest.update(body)

    try:
      signature = signer.sign(digest)
    except Exception as err:
      raise Exception("Could not make sign. "+str(err))
    return signature
    
  def _sha1_signature(self, body):
    signature = base64.b64encode(self._sign(body, "SHA-1")).decode("utf-8")
    return signature

  def _sha512_signature(self, body):
    signature = binascii.hexlify(self._sign(body, "SHA-512")).decode("utf-8")
    return signature

  def load_private(self, key_path):
    try:
      with open(key_path, "r") as fd:
        self._private_key = RSA.importKey(fd.read())
    except Exception as err:
      raise Exception("Could not load private key "+key_path+". "+str(err))

  def load_public(self, key_path):
    try:
      with open(key_path, "rb") as fd:
        self._cert = base64.b64encode(fd.read()).decode("utf-8")
    except Exception as err:
      raise Exception("Could not load public key "+key_path+". "+str(err))

  def out(self, fd):
    output = {}
    output["updateCenterVersion"] = self.updateCenterVersion
    if self.core is not None:
      output["core"] = self.core
    if self.warnings is not None:
      output["warnings"] = self.warnings
    if self.plugins is not None:
      output["plugins"] = self.plugins
    output["id"] = self.id
    if self.connectionCheckUrl is not None:
      output["connectionCheckUrl"] = self.connectionCheckUrl

    payload = (json.dumps(output, separators=(",", ":"), sort_keys=True, ensure_ascii=False).encode("utf-8"))
    output["signature"] = {"certificates":[self._cert]}
    output["signature"]["correct_digest"] = self._sha1_digest(payload)
    output["signature"]["correct_digest512"] = self._sha512_digest(payload)
    output["signature"]["correct_signature"] = self._sha1_signature(payload)
    output["signature"]["correct_signature512"] = self._sha512_signature(payload)

    try:
      fd.write("updateCenter.post(\n"+json.dumps(output, separators=(",", ":"), sort_keys=True)+"\n);")
    except Exception as err:
      raise Exception("Could not write output. "+str(err))


def main():

  mirrors_file = "mirrors.json"
  private_key = "rootCA/update-center.key"
  public_key = "rootCA/update-center.crt"
  
  original_download_url = "http://updates.jenkins-ci.org/download/"
  original_update_center_url = "https://mirrors.cloud.tencent.com/jenkins/updates/update-center.json"
  original_file = urllib.request.urlopen(original_update_center_url)
  original_context = original_file.read()
  original = json.loads(original_context.replace(str.encode("updateCenter.post(\n"), str.encode("")).replace(str.encode("\n);"), str.encode("")))
  
  uc = JenkinsUpdateCenter()
  uc.load_private(private_key)
  uc.load_public(public_key)
  uc.warnings = original["warnings"]
  
  try:
    with open(mirrors_file, "r") as fd:
      mirrors_url = json.loads(fd.read())
  except Exception as err:
    raise Exception("Could not load mirrors " + mirrors_file +". " + str(err))

  for site,mirror_url in mirrors_url.items():
    print("Generate:", mirror_url)
    uc.plugins = json.loads(json.dumps(original["plugins"]).replace(original_download_url, mirror_url))
    uc.core = json.loads(json.dumps(original["core"]).replace(original_download_url, mirror_url))
    if not os.path.exists(site):
      os.makedirs(site)
    with open("updates/" + site + "/update-center.json", "w") as fd:
      uc.out(fd)


if __name__ == '__main__':
  main()

mirrors.json

@@ -0,0 +1,7 @@
+{
+    "tencent": "https://mirrors.cloud.tencent.com/jenkins/",
+    "huawei": "https://mirrors.huaweicloud.com/jenkins/",
+    "tsinghua": "https://mirrors.tuna.tsinghua.edu.cn/jenkins/",
+    "ustc": "https://mirrors.ustc.edu.cn/jenkins/",
+    "bit": "http://mirror.bit.edu.cn/jenkins/"
+}

rootCA/update-center.crt

@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDUzCCAjugAwIBAgIJAM1djSWTsI9XMA0GCSqGSIb3DQEBCwUAMEAxCzAJBgNV
+BAYTAkNOMREwDwYDVQQHDAhTaGFuZ0hhaTEOMAwGA1UECgwFbGVvcHMxDjAMBgNV
+BAsMBWxlb3BzMB4XDTIwMDMwNTAzNDA1MFoXDTMwMDMwMzAzNDA1MFowQDELMAkG
+A1UEBhMCQ04xETAPBgNVBAcMCFNoYW5nSGFpMQ4wDAYDVQQKDAVsZW9wczEOMAwG
+A1UECwwFbGVvcHMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDn313H
+uYQHVwzNos2pfi5gh6/rD+INU5SlC7ifD5tuvRTP3XMaEgFeCp2Qa/8jaRIAh+Xx
+t6hELg+tANrL7NOXjdB3n3ZYzARbZtEzajcH+C57G7N4EgFJh56zkO1Mf3QGxsz8
+WOOWGgD1hA1uFSU88yMHm07YWCo9oPTeYgKHJ8A91Tl5J9OcsPP6Bn4yf59RtW31
+CXuAcDn7zpvZbSZr29gX7dNjTqLzcDSAyJd+q5IJ90A09dNUvz7KZMd8UkbNvOdX
+1r9HftZYymdnEeDsgBGtckyKs4N1gGLicrWEdxflXEHYjMW2/NoajMZlLw8c8z57
+gHiiFY9U0uUiXOEbAgMBAAGjUDBOMB0GA1UdDgQWBBROtLBr+H9MJdI5Qte5M9Un
+2f3SdzAfBgNVHSMEGDAWgBROtLBr+H9MJdI5Qte5M9Un2f3SdzAMBgNVHRMEBTAD
+AQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAuDOjFsrqZRwgb3Lez8pYg/LZkWe4aWaK6
+0P2rP7f9tI0hvGy8E/jP9kQxcQqn44uLC3wbW6NslG11Odn68Wp6Bqp2WMtl2c5z
+tlsNCWctXL5vgmW7+oJC1xmdb/VZZS8hW/tFycTlVmAXkMVBOh+IKTq7WMZTJzEQ
+zXDH4zrDk1xdmEX5k52VJq8uYZoVwHVcxafhPiNqfUWHHgoPK92zqGUarN6UN3vi
+yeuFYtyU+2P5wR+o5E7YD7U42HhQDSnGp1+TfFZ0Sqi7vhk5l0/N4bMIgcGegEqu
+tGDnjsHgcnkTfy4gocXBeaJLQQt6XqQ129+ThJPyy7thucL/IOiL
+-----END CERTIFICATE-----

rootCA/update-center.key

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEA599dx7mEB1cMzaLNqX4uYIev6w/iDVOUpQu4nw+bbr0Uz91z
+GhIBXgqdkGv/I2kSAIfl8beoRC4PrQDay+zTl43Qd592WMwEW2bRM2o3B/guexuz
+eBIBSYees5DtTH90BsbM/FjjlhoA9YQNbhUlPPMjB5tO2FgqPaD03mIChyfAPdU5
+eSfTnLDz+gZ+Mn+fUbVt9Ql7gHA5+86b2W0ma9vYF+3TY06i83A0gMiXfquSCfdA
+NPXTVL8+ymTHfFJGzbznV9a/R37WWMpnZxHg7IARrXJMirODdYBi4nK1hHcX5VxB
+2IzFtvzaGozGZS8PHPM+e4B4ohWPVNLlIlzhGwIDAQABAoIBAEaLg7m3LH8bMe8C
+YDX4CN4fihsnGuxZCHlqZoImOnDnoARZ6KH+5mGZMzT0VoyMdAirT/9JlC0iImzN
+PMQcSofqgolSf6wmbhDs6CsPXqzTCjk0RVb7i162n0ccicXjZQaGx2jjFmLdiHsp
+8PgUAN9ZTcgLrWJO+JMFfFqIUSKTFiQUw5giYxjh1XfbYI2Cv+v9WcME/UaCt5ux
+mQ0CEsfV64iGuR1cfb0QLin2i4qTO74GhEHcNg2q/BkR2+EamwG0X90joFRwHWR8
+cyuVuAsv3Hz7+GGxBRQOU1x5atS4ixCOVaSXHixhFa+/Na1tN/k2i30y+VRnROsT
+UPBB73kCgYEA/O6dPjKhyQ3LmE4JJLuhsYa/+Eq175kVG5IM4esaUQvOXVV/Jywv
+XpYMKAbqDHBOVeMMpFcc3o0PnKD0daZi/59j/l3r7Qkei8jFyRGv8zCQoXl9CNs6
+SEBlfDB5UVzTfmTVP6VbarM6IUiTwOTgRXdIUK13uskdiQfLqKdbVPcCgYEA6q9c
+Cb8b9gzzoXgvhQdulQa1cl+uw9MfG2dJ+o41QTmuJN9k6B8rWPBZT/Gpkz72m4SZ
+t/DlEIoy522t73mxIpXgnNilDBiY/bz4T2Xek3NK5VLht+9/TqHSZ+k8nPdie251
+Ikk3C9raDMPJa9jIo5YZl+1N7M7vC8DLw9ywH/0CgYEAkJlt5fAWVBYB7jm2unxW
+bWKG/1DfAHJ5AcEWglXhPrJMMUm+nsuA7UdE/eEuDxxpfGqIgK+YvpbQdRADkfsk
+n9Uk2nghd+r9vpZylIf7GkIKfXYyCE0k3ceK/VvND7nM43aL/43uXGrIcdzHM8Dl
+gnE2M4FocK2np/5/7RR4f3MCgYBHgvvmtGdOyI+MilTgkm0t2Ad+PI3CehimfwjZ
+4m9z2qGn9rKG0Miip0pvw9HKXotCxFsa47rJGXN9dbxklo5VXZo98P4J+4zS9Lwt
+ZXs3LxCJZIIHTGFcko7MvxOLOQ63Uec7dVfisuNytE4yILKytlBCLTtrh3rr9+mf
+WyYH+QKBgQDHYIJmRYmqlROc8sXcgwoT5tokabjpt1p6eaqm4KCkvexDq1sSRTGQ
+762RdGkU2i0Be7CdZh2ThPHPe82Ea1qi2PamEWAC7IvG6i2Z58LVz17dosOqbHj/
+nfTWGdidwwN0CGJSzyuyaa+lmtpLUcFTQ5oOV2lKK1bQtYSdjIUVXw==
+-----END RSA PRIVATE KEY-----