How do I avoid plugin mirror sites X during downloading?

ppxl · July 15, 2024, 1:39pm

Hi all,

I am automatically downloading Jenkins plugins into an air gapped environment. That worked pretty good over the last years. Because of regulatory reasons I am no longer allowed to download plugins from a one or more mirror servers (aka block list).

So my two questions are:

From which alternative location should I download the plugin?
And how can I determine the location automatically?

What I tried until now:

I know the ...plugins/git/5.2.2/git.hpi?mirrorlist trick but that only provides an HTML page and we all know parsing HTML for links is more than unpleasant.
I tried to curl the plugin URL with a proper Accept: application/json header as can be seen in the mirrorbits source but it too returns only HTML.
URLs like pkg.jenkins.io/plugins/git/5.2.2/git.hpi or jenkins.io/plugins/git/5.2.2/git.hpi do not work

What will not work for me:

parsing HTML because it depends on HTML URL location knowledge and is too brittle for the future
browsing the HTML page by hand and copying the URL

What I hope for:

a static URL to fall back to (bypassing mirrors at all)
a JSON result from which I can select the next mirror (choose a different mirror)

For your understanding, my workflow looks like this:

load next plugin metadata from the official update center JSON => url and so on

GET https://get.jenkins.io/plugins/${plugin}/${version}/${plugin}.hpi

analyze response

if response Code is 302 and Location is not in ${UrlBlockList}: yay

else: download from original source or other mirror (HELP)

Please note: Doing a full mirror is out of the question.

Thanks and cheers

MarkEWaite · July 15, 2024, 2:16pm

Since you’re running an offline installation, it seems like you can safely assume that all the mirrors have all the files that are interesting to you. If the selected mirror fails, fallback to another hard-coded mirror (based on your location) and try again. If that assumption is proven invalid, then you delay your update for 24 hours and try again.

We strongly prefer that people not access it directly, because it bypasses the mirrors, but archives.jenkins.io retains copies of all the Jenkins plugin releases and core releases. Please, please only use it as a fallback, not as your primary download location.

ppxl · July 15, 2024, 2:28pm

Thank you Mark for your swift reply. I fully understand your concerns regarding archives.jenkins.io as a main download target. After all the mirrors are there for a reason (mostly that server fee money doesn’t grow on trees )

I monitored the mirror redirects locations and found that more than often not even the nearest (even though) unwanted mirror is chosen which cues the idea that not all mirrors are the fully in sync. I am not sure but for now I will rewrite the mirror URL with a secondary near mirror and will watch the results.

I’ll let you know how that worked out. Thanks again

Topic		Replies	Views
Unable to download plugins. Mirror site mirror.freedif.org has been flagged as a malware Ask a question plugin-site	0	18	August 26, 2024
How does https://www.jenkins.io/download/ decide, where to download from? Ask a question	2	607	April 13, 2023
Jenkins plugin archive latest link is not updated Using Jenkins	3	768	September 11, 2022
How to hardconfig the mirror to use? Using Jenkins	2	1338	November 6, 2023
Can jenkins plugins be downloaded to a offline repository of some sort? Ask a question	2	489	October 25, 2022

How do I avoid plugin mirror sites X during downloading?

Related topics