Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[FIXED JENKINS-33599] write file with admin password for installer #2142

Merged
merged 9 commits into from Mar 19, 2016

Conversation

4 participants
@kohsuke
Copy link
Member

commented Mar 19, 2016

This takes over PR #2138.

To make finding the initial admin password easier, write it to a file and display the location of the file so the user knows exactly where to look. Also removed tracking in the user object, as this was just so the token was available across restarts (previously using a custom UserProperty).

This addresses: https://issues.jenkins-ci.org/browse/JENKINS-33599

In addition to initial PR #2138, the following has been added to address the comments:

  • File was moved into $JENKINS_HOME/secrets where other files of this nature are in.
  • File permission is set to 0640 to allow group users to read this file. There was a lot of discussion about this. 0640 is a nice middle ground, and it is already way more stringent than typical webapps.
  • Incorrect use of 'BulkChange' is fixed.

kzantow and others added some commits Mar 17, 2016

Set the file permission to 0640
Note that we already go much beyond what normal webapps do, which is to
show the initial configuration dialog unauthenticated to anyone with
access.
No need to take those parameters when unused
In fact it's desirable not to have them to keep things more POJO
Save the lookup
and its dataflow analysis warning

@kohsuke kohsuke changed the title [JENKINS-33599] write file with admin password for installer [FIXED JENKINS-33599] write file with admin password for installer Mar 19, 2016

@kohsuke

This comment has been minimized.

Copy link
Member Author

commented Mar 19, 2016

@reviewbybees in particular @daniel-beck

@reviewbybees

This comment has been minimized.

Copy link

commented Mar 19, 2016

This pull request originates from a CloudBees employee. At CloudBees, we require that all pull requests be reviewed by other CloudBees employees before we seek to have the change accepted. If you want to learn more about our process please see this explanation.

Put this into the secrets dir
... so that the nature of this file is little more clearer
<j:if test="${error}">
<div class="alert alert-danger">
<strong>${%ERROR:} </strong>
${%There is a problem with the security token, please check the logs for the correct token}
${%The password entered is incorrect, please check the file for the correct password}

This comment has been minimized.

Copy link
@daniel-beck

daniel-beck Mar 19, 2016

Member

Given how often the wording of these messages change, maybe it makes sense to move them into the .properties file?

@daniel-beck

This comment has been minimized.

Copy link
Member

commented Mar 19, 2016

👍

kohsuke added a commit that referenced this pull request Mar 19, 2016

Merge pull request #2142 from jenkinsci/PR-2138
[FIXED JENKINS-33599] write file with admin password for installer

@kohsuke kohsuke merged commit c4fb608 into 2.0 Mar 19, 2016

1 check passed

Jenkins This pull request looks good
Details

@daniel-beck daniel-beck deleted the PR-2138 branch Sep 21, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.