Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-40286

EncryptedSlaveAgentJnlpFile should use SlaveComputer.getJnlpMac() instead of reimplementing it

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Resolved (View Workflow)
    • Priority: Minor
    • Resolution: Fixed
    • Component/s: core
    • Labels:
      None
    • Similar Issues:

      Description

      Basically getJnlpMac() does JnlpSlaveAgentProtocol.SLAVE_SECRET.mac(getName()), and EncryptedSlaveAgentJnlpFile.generateResponse does: JnlpSlaveAgentProtocol.SLAVE_SECRET.mac(slaveName.getBytes("UTF-8"))
      I'd like to be able to override getJnlpMac and have the key used consistently.

        Attachments

          Issue Links

            Activity

            Hide
            kbrowder Kevin Browder added a comment -

            Specifically i think EncryptedSlaveAgentJnlpFile should change it from being an AccessControlled to being a SlaveComputer and the line with JnlpSlaveAgentProtocol.SLAVE_SECRET.mac(slaveName.getBytes("UTF-8")) should become byte[] jnlpMac = Util.fromHexString(it.getJnlpMac())
            Thus making the SlaveComputer the one-and-only authority on the secret.

            Show
            kbrowder Kevin Browder added a comment - Specifically i think EncryptedSlaveAgentJnlpFile should change it from being an AccessControlled to being a SlaveComputer and the line with JnlpSlaveAgentProtocol.SLAVE_SECRET.mac(slaveName.getBytes("UTF-8")) should become byte[] jnlpMac = Util.fromHexString(it.getJnlpMac()) Thus making the SlaveComputer the one-and-only authority on the secret.
            Hide
            kbrowder Kevin Browder added a comment -
            Show
            kbrowder Kevin Browder added a comment - I think https://github.com/jenkinsci/jenkins/pull/2658 should fix this.
            Hide
            kbrowder Kevin Browder added a comment -

            I dropped this into the review state, the tests all pass. Thanks in advance for whoever reviews this PR.

            Show
            kbrowder Kevin Browder added a comment - I dropped this into the review state, the tests all pass. Thanks in advance for whoever reviews this PR.
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: kbrowder
            Path:
            core/src/main/java/jenkins/slaves/EncryptedSlaveAgentJnlpFile.java
            http://jenkins-ci.org/commit/jenkins/37806a53c87855cbdd9eda073600ad828ec6f5c0
            Log:
            [FIXED JENKINS-40286] - Delegate JnlpMac computation to SlaveComputers if possible (#2658)

            [FIXED JENKINS-40286] - Delegate JnlpMac computation to SlaveComputers if possible

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: kbrowder Path: core/src/main/java/jenkins/slaves/EncryptedSlaveAgentJnlpFile.java http://jenkins-ci.org/commit/jenkins/37806a53c87855cbdd9eda073600ad828ec6f5c0 Log: [FIXED JENKINS-40286] - Delegate JnlpMac computation to SlaveComputers if possible (#2658) [FIXED JENKINS-40286] - Delegate JnlpMac computation to SlaveComputers if possible
            Hide
            oleg_nenashev Oleg Nenashev added a comment - - edited

            Released in jenkins-2.37

            Show
            oleg_nenashev Oleg Nenashev added a comment - - edited Released in jenkins-2.37

              People

              • Assignee:
                Unassigned
                Reporter:
                kbrowder Kevin Browder
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: