Remove dependency to acegi-security in favor of jbcrypt (because aceg…

…i was remove from jenkins 2.277.x

2/contrib/jenkins/jenkins-common.sh

@@ -13,10 +13,22 @@ export ITEM_ROOTDIR="\${ITEM_ROOTDIR}" # Preserve this variable Jenkins has in c
 function obfuscate_password {
     local password="$1"
     local salt="$2"
-    local acegi_security_path=`find /tmp/war/WEB-INF/lib/ -name acegi-security-*.jar`
-    local commons_codec_path=`find /tmp/war/WEB-INF/lib/ -name commons-codec-*.jar`
-
+    #local acegi_security_path=`find /tmp/war/WEB-INF/lib/ -name acegi-security-*.jar`
+    #local commons_codec_path=`find /tmp/war/WEB-INF/lib/ -name commons-codec-*.jar`
+    local jbcrypt_path=`find /tmp/war/WEB-INF/lib/ -name jbcrypt-*.jar`
     # source for password-encoder.jar is inside the jar.
     # acegi-security-1.0.7.jar is inside the jenkins war.
-    java -classpath "${acegi_security_path}:${commons_codec_path}:/opt/openshift/password-encoder.jar" com.redhat.openshift.PasswordEncoder $password $salt
+#    java -classpath "${acegi_security_path}:${commons_codec_path}:/opt/openshift/password-encoder.jar" com.redhat.openshift.PasswordEncoder $password $salt
+     java -classpath "${jbcrypt_path}:/opt/openshift/password-encoder.jar" com.redhat.openshift.PasswordEncoder $password $salt
 }
+
+# Returns 0 if password matches 1 otherwise
+function has_password_changed {
+    local password="$1"
+    local password_hash="$2"
+    local jbcrypt_path=`find /tmp/war/WEB-INF/lib/ -name jbcrypt-*.jar`
+    # source for password-encoder.jar is inside the jar.
+     java -classpath "${jbcrypt_path}:/opt/openshift/password-encoder.jar" com.redhat.openshift.PasswordChecker $password $password_hash
+}
+
+

2/contrib/s2i/run

@@ -35,7 +35,8 @@ function update_admin_password() {
   # get random admin dir
   ADMIN_DIR=`ls /var/lib/jenkins/users | grep admin`
   ls ${JENKINS_HOME}/users/${ADMIN_DIR}
-  sed -i "s,<passwordHash>.*</passwordHash>,<passwordHash>$new_password_hash</passwordHash>,g" "${JENKINS_HOME}/users/${ADMIN_DIR}/config.xml"
+  new_password_hash=$(obfuscate_password ${JENKINS_PASSWORD:-password})
+  sed -i "s,<passwordHash>.*</passwordHash>,<passwordHash>#jbcrypt:$new_password_hash</passwordHash>,g" "${JENKINS_HOME}/users/${ADMIN_DIR}/config.xml"
   echo $new_password_hash > ${JENKINS_HOME}/password
 }
 
@@ -354,10 +355,6 @@ fi
 
 mkdir /tmp/war
 unzip -q /usr/lib/jenkins/jenkins.war -d /tmp/war
-if [ -e ${JENKINS_HOME}/password ]; then
-  old_salt=$(cat ${JENKINS_HOME}/password | sed 's/:.*//')
-fi
-new_password_hash=`obfuscate_password ${JENKINS_PASSWORD:-password} $old_salt`
 
 # finish the move of the default logs dir, /var/log/jenkins, to the volume mount
 mkdir -p ${JENKINS_HOME}/logs
@@ -530,7 +527,8 @@ if [ -e ${JENKINS_HOME}/password ]; then
   # the jenkins ui, so we only want to do this if the env variable has been explicitly modified from
   # the original value.
   old_password_hash=`cat ${JENKINS_HOME}/password`
-if [ $old_password_hash != $new_password_hash ]; then
+  password_changed=$(has_password_changed ${JENKINS_PASSWORD:-password} ${old_password_hash} )
+  if [ "$password_changed" != "" ]; then
     echo "Detected password environment variable change, updating Jenkins configuration ..."
     update_admin_password
   fi