Skip to content
Permalink
Browse files
Merge pull request #62 from dwnusbaum/JENKINS-36088-exposed-bug
Create directory before calling chmod
  • Loading branch information
jglick committed Dec 11, 2017
2 parents c0d9723 + 2baaf70 commit c871b5e85fc96df8f70ef65aa96d2d73edf16615
@@ -81,9 +81,10 @@ public KeyMaterial materialize() throws IOException, InterruptedException {

if (key != null && cert != null && ca != null) {
final FilePath tempCredsDir = new FilePath(getContext().getBaseDir(), UUID.randomUUID().toString());
tempCredsDir.mkdirs();

// protect this information from prying eyes
tempCredsDir.chmod(0600);
tempCredsDir.chmod(0700);

// these file names are defined by convention by docker
copyInto(tempCredsDir, "key.pem", key);
@@ -30,6 +30,7 @@
import com.cloudbees.plugins.credentials.domains.Domain;
import com.cloudbees.plugins.credentials.domains.DomainSpecification;
import hudson.FilePath;
import hudson.Functions;
import hudson.model.FreeStyleProject;
import hudson.remoting.VirtualChannel;
import hudson.slaves.DumbSlave;
@@ -76,6 +77,9 @@ public void smokes() throws Exception {
assertThat(keyMaterial.env().get("DOCKER_TLS_VERIFY", "missing"), is("1"));
assertThat(keyMaterial.env().get("DOCKER_CERT_PATH", "missing"), not("missing"));
path = new FilePath(channel, keyMaterial.env().get("DOCKER_CERT_PATH", "missing"));
if (!Functions.isWindows()) {
assertThat(path.mode() & 0777, is(0700));
}
assertThat(path.child("key.pem").readToString(), is("a"));
assertThat(path.child("cert.pem").readToString(), is("b"));
assertThat(path.child("ca.pem").readToString(), is("c"));

0 comments on commit c871b5e

Please sign in to comment.