> For the complete documentation index, see [llms.txt](https://imarslo.gitbook.io/handbook/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://imarslo.gitbook.io/handbook/awesomeshell/artifactory.md). # artifactory * [reference](#reference) * [integration with pipeline](#integration-with-pipeline) * [aql](#aql) * [Artifactory SSL Certification](#artifactory-ssl-certification) * [configuration](#configuration) * [allow partial folder in particular repo](#allow-partial-folder-in-particular-repo) * [access token](#access-token) * [setup repository](#setup-repository) * [debian/ubuntu](#debianubuntu) > \[!NOTE|label:reference:] > > * [How to enable verbose log on JVM Garbage Collection](https://jfrog.com/knowledge-base/how-to-enable-verbose-log-on-jvm-garbage-collection/) > * JAVA\_OPTIONS: > > ``` > -verbose:gc -XX:+PrintGCDetails -XX:+PrintGCTimeStamps -Xloggc:/path/to/file/gc.log > ``` ### reference #### integration with pipeline > * [Scripted Pipeline Syntax](https://www.jfrog.com/confluence/display/JFROG/Scripted+Pipeline+Syntax#ScriptedPipelineSyntax-PromotingBuildsinArtifactory) > * [Jenkins Pipeline Examples](https://github.com/jfrog/project-examples/tree/master/jenkins-examples/pipeline-examples) #### aql [**Jenkins Artifactory Plugin AQL download latest artifact matching pattern**](https://stackoverflow.com/a/40351260/2940319) ```powershell $pair = "$($art_user):$($art_pass)" Write-Verbose "Attempting to convert Artifactory credentials to a base64 string for automation" $encodedCreds = [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes($pair)) $basicAuthValue = "Basic $encodedCreds" $headers = @{ Authorization = $basicAuthValue } Write-Host "Attempting to perform a AQL search." $aql_search = $art_base_url + "/api/search/aql" Write-Host "Building aql query with the following parameters, groupID: $group_id, artifactID: $artifact_id, version: $version, classifier: $classifier and repos: $art_generic_repokey." $aql_query = 'items.find({"repo":"' + $art_generic_repokey + '","$or":[{"$and":[{"path":{"$match":"' + $group_id + '/' + $artifact_id + '/' + $version + '"},"name":{"$match":"' + $artifact_id + '*' + $classifier + '*.' + $extension + '"}}]}]}).sort({"$desc":["modified"]}).limit(1)' Write-Host "Built the following aql query: '$aql_query' ." $aql_content = Invoke-RestMethod -Uri $aql_search -Headers $headers -Method Post -Body $aql_query -ContentType 'text/plain' Write-Host "Attempting to submit the aql query to the following artifactory server: $art_base_url." $aql_results = ($aql_content).results Write-Host "Attempting to parse query results and build the artifact download uri." $aql_repo,$aql_path,$aql_name = ($aql_results).repo,($aql_results).path,($aql_results).name $artifactDownloadUri = $art_base_url + '/' + $aql_repo + '/' + $aql_path + '/' + $aql_name Write-Host "Found the following uri: $artifactDownloadUri !!" if ($artifactMimeType -eq 'application/zip' -or $extension -eq 'zip') { Write-Verbose "Attempting to save the artifact to $download_dir/$art_dist_name.zip" Invoke-RestMethod -Uri $artifactDownloadUri -Headers $headers -OutFile "$download_dir/$art_dist_name.zip" } ``` #### Artifactory SSL Certification > \[!NOTE|label:references:] > > * [ARTIFACTORY: How to Resolve an “unable to find valid certification path to requested target” Error](https://jfrog.com/knowledge-base/how-to-resolve-unable-to-find-valid-certification-path-to-requested-target-error/) > * [Using TLS Certificates as a Client](https://www.jfrog.com/confluence/display/JFROG/Using+TLS+Certificates+as+a+Client) > * [Working with Certificates and SSL](https://docs.oracle.com/cd/E19830-01/819-4712/ablqw/index.html) > * [ibook : ssl/keystore](https://github.com/marslo/ibook/blob/marslo/docs/cheatsheet/ssl/keystore.html) > \[!TIP|label:see also:] > > * [iMarslo: get remote server certs](https://github.com/marslo/ibook/blob/marslo/docs/cheatsheet/ssl/ssl.html#get-remote-server-certs) **get remote cert** ```bash $ openssl s_client -showcerts -connect : #i.e. $ echo -n | openssl s_client -connect : -debug | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > .crt # or $ keytool -printcert \ -rfc \ -sslserver : > .crt # or # https://www.howtouselinux.com/post/openssl-command-to-generate-view-check-certificate $ echo -n | openssl s_client \ [-servername ] \ -connect : 2>/dev/null | openssl x509 ``` > \[!NOTE] if `issue (i:)` is the same as `subject (s:)`. Therefore, this is the root certificat. i.e. : > > ```bash > $ openssl s_client -connect cdn.redhat.com:443 -showcerts < /dev/null > Certificate chain > 0 s:C = US, ST = North Carolina, O = "Red Hat, Inc.", OU = Red Hat Network, CN = cdn.redhat.com > i:C = US, ST = North Carolina, O = "Red Hat, Inc.", OU = Red Hat Network, CN = Red Hat Entitlement Operations Authority, emailAddress = ca-support@redhat.com > -----BEGIN CERTIFICATE----- > ... > -----END CERTIFICATE----- > 1 s:C = US, ST = North Carolina, O = "Red Hat, Inc.", OU = Red Hat Network, CN = Red Hat Entitlement Operations Authority, emailAddress = ca-support@redhat.com > i:C = US, ST = North Carolina, L = Raleigh, O = "Red Hat, Inc.", OU = Red Hat Network, CN = Entitlement Master CA, emailAddress = ca-support@redhat.com > -----BEGIN CERTIFICATE----- > ... > -----END CERTIFICATE----- > 2 s:C = US, ST = North Carolina, L = Raleigh, O = "Red Hat, Inc.", OU = Red Hat Network, CN = Entitlement Master CA, emailAddress = ca-support@redhat.com > i:C = US, ST = North Carolina, L = Raleigh, O = "Red Hat, Inc.", OU = Red Hat Network, CN = Entitlement Master CA, emailAddress = ca-support@redhat.com > -----BEGIN CERTIFICATE----- > ... > -----END CERTIFICATE----- > ``` **import to truststore** ```bash $ sudo keytool -importcert \ -keystore /usr/local/java/jdk1.8.0_60/jre/lib/security/cacerts \ -storepass changeit \ -file .crt \ -alias "-crt" ``` ### configuration #### allow partial folder in particular repo ![allow temp && demo, and disallow sprint && weekly](/files/-MMR-gWIOB2w7tQ3rscx) #### [access token](https://jfrog.com/help/r/jfrog-platform-administration-documentation/access-tokens) > \[!NOTE|label:references:] > > * [ARTIFACTORY: Creating Access Tokens in Artifactory](https://jfrog.com/knowledge-base/artifactory-creating-access-tokens-in-artifactory/) > * [Access Tokens](https://jfrog.com/help/r/jfrog-platform-administration-documentation/access-tokens) [**generating expirable tokens**](https://jfrog.com/help/r/jfrog-platform-administration-documentation/generating-expirable-tokens) * from version 7.21.1, this can be specified by setting the `token.max-expiry` parameter in the `$JFROG_HOME/artifactory/var/etc/artifactory/access.config.yml` file ( prior to version 7.21.1, the parameter to set was `artifactory.access.token.non.admin.max.expires.in` ). * if the `token.max-expiry` is equal to 0 (which is the default), there is no limitation to the token expiry. However, if the maximum expiry is greater than 0, the user cannot create a non-expirable token. * the `token.max-expiry` parameter must be set to a value higher than the `token.default-expiry` parameter value. ### setup repository #### debian/ubuntu > \[!NOTE|label:references:] > > * [Setting\_up\_Debian\_repositories\_with\_JFrog\_Artifactory.md](https://gist.github.com/kumlali/930fe7ef60af0a491d0671756e53d9c3) --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://imarslo.gitbook.io/handbook/awesomeshell/artifactory.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.