Check Downloaded Files #48
Comments
|
we welcome pull requests :D |
KengoTODA
added a commit
to KengoTODA/jenkins-ci.org-docker
that referenced
this issue
Apr 19, 2015
… proper for build.
charles-dyfis-net
added a commit
to charles-dyfis-net/jenkins-docker
that referenced
this issue
Sep 20, 2016
The intent of using eval when processing JAVA_OPTS or JENKINS_OPTS is to allow arguments with spaces to be passed through and parsed without the bugs given in [BashFAQ jenkinsci#50](http://mywiki.wooledge.org/BashFAQ/050). By using `eval`, however, the issues discussed in [BashFAQ jenkinsci#48](http://mywiki.wooledge.org/BashFAQ/048) are introduced. Strings containing whitespace can be safely processed with `xargs`, which -- when not used with the non-POSIX extensions `-0` or `-d` -- follows shell quoting conventions in splitting its input stream into arguments.
carlossg
pushed a commit
that referenced
this issue
Sep 26, 2016
The intent of using eval when processing JAVA_OPTS or JENKINS_OPTS is to allow arguments with spaces to be passed through and parsed without the bugs given in [BashFAQ #50](http://mywiki.wooledge.org/BashFAQ/050). By using `eval`, however, the issues discussed in [BashFAQ #48](http://mywiki.wooledge.org/BashFAQ/048) are introduced. Strings containing whitespace can be safely processed with `xargs`, which -- when not used with the non-POSIX extensions `-0` or `-d` -- follows shell quoting conventions in splitting its input stream into arguments.
fatihkilic
pushed a commit
to fatihkilic/docker
that referenced
this issue
Apr 14, 2017
The intent of using eval when processing JAVA_OPTS or JENKINS_OPTS is to allow arguments with spaces to be passed through and parsed without the bugs given in [BashFAQ jenkinsci#50](http://mywiki.wooledge.org/BashFAQ/050). By using `eval`, however, the issues discussed in [BashFAQ jenkinsci#48](http://mywiki.wooledge.org/BashFAQ/048) are introduced. Strings containing whitespace can be safely processed with `xargs`, which -- when not used with the non-POSIX extensions `-0` or `-d` -- follows shell quoting conventions in splitting its input stream into arguments.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Could we add some checking of downloaded files to the Dockerfile?
At the moment the Dockerfile does:
There is no guarantee that this file has come from jenkins, hasn't been tampered with or corrupted in transit. It would be great if we could add a checksum or use a signature file if available. To see how to download files securely, have a look at the Wordpress and MongoDB Dockerfiles:
https://github.com/docker-library/wordpress/blob/990b1b00b8ca4903e11e53e908b1996fbaab3c1a/Dockerfile
https://github.com/docker-library/mongo/blob/fc66d9cbedac47806c7ae05b1b291c4ee32f6e6a/2.8/Dockerfile
The text was updated successfully, but these errors were encountered: