Sign extension on my self hosted openvsx marketplace #1156
Comments
|
@RichardSGFR Do you have mirror mode enabled ( Is the JobRunr background server running? org:
jobrunr:
job-scheduler:
enabled: true
background-job-server:
enabled: true
worker-count: 2 |
|
Hello @amvanbaren , No the mirror mode is disabled, for the moment my deployment can't have access to internet. It has only access to internal network. Maybe in the future we will open it to have the mirror mode but not for the moment (it demands a lot of security concerns in my organisation). I use openvsx-server image v0.23.1, and openvsx-webui v0.23.1. Concerning the JobRunR it is enable. Here is my application.yml for further analysis : logging:
level:
root: INFO
org:
springframework: INFO
eclipse.openvsx: DEBUG
springframework.security: INFO
springframework.security.oauth2: INFO
springframework.web: INFO
springframework.session.web.http.SessionRepositoryFilter.SESSION_LOGGER: INFO
server:
address: 0.0.0.0
port: 8080
shutdown: graceful
use-forward-headers: true
forward-headers-strategy: native
tomcat:
remote-ip-header: X-Forwarded-For
protocol-header: X-Forwarded-Proto
compression:
enabled: true
mime-types: text/html,text/plain,text/css,application/javascript,application/json,text/xml,application/xml,application/xml+rss,text/javascript
min-response-size: 1024
servlet:
session:
cookie:
same-site: none
secure: true
domain: mydomain.com
ssl:
enabled: true
certificate-private-key: /etc/ssl/certs/tls.key
certificate: /etc/ssl/certs/tls.crt
trustore: /app/keystores/truststore.p12
trustore-password: ${TRUSTORE_PASSWORD}
spring:
web:
cors:
allowed-origins: https://myoauth2.provider
allowed-methods: GET,POST
allowed-headers: Authorization,Content-Type
allow-credentials: true
datasource:
url: "jdbc:postgresql://mypgdb:port/openvsx"
username: ${PG_USER}
password: ${PG_PASSWORD}
cache:
jcache:
config: classpath:ehcache.xml
flyway:
baseline-on-migrate: true
baseline-version: 0.1.0
baseline-description: JobRunr tables
jpa:
open-in-view: false
properties:
hibernate:
dialect: org.hibernate.dialect.PostgreSQLDialect
hibernate:
ddl-auto: none
session:
cookie:
same-site: none
domain: mydomain.com
http-only: true
secure: true
max-age: 3600
timeout: 3600
store-type: jdbc
jdbc:
initialize-schema: never
profiles:
include: ovsx
security:
oauth2:
client:
registration:
mycustomauth:
client-id: ${CLIENT_mycustomauth}
client-secret: ${SECRET_mycustomauth}
redirect-uri: "{baseUrl}/login/oauth2/code/{registrationId}"
authorization-grant-type: authorization_code
scope:
- openid
- profile
provider:
mycustomauth:
authorization-uri: https://myoauth2.provider/oauth2/authorize
token-uri: https://myoauth2.provider/oauth2/token
user-info-uri: https://myoauth2.provider/oauth2/userinfo
jwk-set-uri: https://myoauth2.provider/oauth2/jwks.json
user-name-attribute: name
bucket4j:
enabled: true
filters:
- cache-name: buckets
url: '/api/-/(namespace/create|publish)'
http-response-headers:
Access-Control-Allow-Origin: '*'
Access-Control-Expose-Headers: X-Rate-Limit-Retry-After-Seconds, kubeX-Rate-Limit-Remaining
rate-limits:
- cache-key: getParameter("token")
bandwidths:
- capacity: 15
time: 1
unit: seconds
- cache-name: buckets
url: '/vscode/asset/.*/.*/.*/Microsoft.VisualStudio.Services.Icons.Default'
http-response-headers:
Access-Control-Allow-Origin: '*'
Access-Control-Expose-Headers: X-Rate-Limit-Retry-After-Seconds, X-Rate-Limit-Remaining
rate-limits:
- cache-key: getRemoteAddr()
bandwidths:
- capacity: 75
time: 1
unit: seconds
- cache-name: buckets
url: '/vscode/(?!asset/.*/.*/.*/Microsoft.VisualStudio.Services.Icons.Default).*|/api/(?!(.*/.*/review(/delete)?)|(-/(namespace/create|publish))).*'
http-response-headers:
Access-Control-Allow-Origin: '*'
Access-Control-Expose-Headers: X-Rate-Limit-Retry-After-Seconds, X-Rate-Limit-Remaining
rate-limits:
- cache-key: getRemoteAddr()
bandwidths:
- capacity: 15
time: 1
unit: seconds
management:
tracing:
enabled: false
zipkin:
tracing:
enabled: false
springdoc:
swagger-ui:
docExpansion: list
operationsSorter: alpha
supportedSubmitMethods:
- get
org:
jobrunr:
job-scheduler:
enabled: true
background-job-server:
enabled: true
worker-count: 2
dashboard:
enabled: false
database:
type: sql
miscellaneous:
allow-anonymous-data-usage: false
ovsx:
registry:
version: 0.23.1
webui:
frontendRoutes: "/extension/**,/namespace/**,/user-settings/**,/admin-dashboard/**"
elasticsearch:
enabled: false
databasesearch:
enabled: true
storage:
local:
directory: /app/storage
extension-control:
enabled: false
integrity:
key-pair: renew
oauth2:
provider: mycustomauth
attribute-names:
mycustomauth:
avatar-url: avatar_url
email: email
full-name: name
login-name: sub
provider-url: ''
|
|
Ok, then it should work. You should see |
|
Hello, I see that a job has run this night and now most of the extension are correctly signed. 2025-03-26T03:00:03.445Z DEBUG 1 --- [ool-12-thread-2] o.e.o.adapter.VSCodeIdUpdateService : DAILY UPDATE ALL But I still have two extensions (the bigger ones) that are not correctly signed. I see no error in the openvsx server log. What log level should I change to have more info about what is happening ? |
|
The logs you've included are something different. |
|
There is no mention to Here is my logs : |
|
What happens when you set |
|
Hello, when set to Then I restart the openvsx server with |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello,
I am trying to use OpenVsx as self hosted marketplace for my enterprise extension.
I have deployed the openvsx server and webui images on kubernetes and it works well, with enterprise SSO and certificate.
When I try to use my marketplace in vscodium I have isue with extension not being signed by the marketplace
When connecting to the public openvsx marketplace the signature is working fine.
How should I set up my private signature between my self hosted openvsx server and vscodium ?
I tryed to add those line on application.yml but it does not seems to change anything :
ovsx:
integrity:
key-pair: renew
The text was updated successfully, but these errors were encountered: