Fix [JENKINS-72585]: Pass HTTPS keystore password via stdin#715
Fix [JENKINS-72585]: Pass HTTPS keystore password via stdin#715viru0909-dev wants to merge 2 commits into
Conversation
|
All CI checks passed. The changes are verified and ready for review. |
| ${java_opts_tmp} \ | ||
| -jar "${jenkins_war_tmp}" \ | ||
| ${inferred_jenkins_opts} | ||
| if [ -n "${JENKINS_HOME}" ]; then |
There was a problem hiding this comment.
Please restore the spacing that was in the original script. Your changes have made this section of the script inconsistent with the rest of the script. Inconsistent formatting in a file can be a distraction to reviewers.
There was a problem hiding this comment.
Thanks for the review! I've restored the original 4-space indentation to ensure consistency with the rest of the script. Ready for another look.
viru0909-dev
force-pushed
the
fix/secure-keystore-password
branch
from
cc45a5a to
434da9e
Compare
|
@MarkEWaite Thanks for the feedback! I've completely reworked the PR to address your concerns. |
|
We are in process with several packaging changes related to the GPG signing key update and the RPM unification. I'd prefer to not merge this for a week or two, while we focus on those higher priority items |
|
Any updates on merging this? |
No update. I'm working on other issues, unlikely to look at this for a month or more. |
3 participants
Fixes #707
Description
Modified
jenkins.shto use--paramsFromStdInwhenJENKINS_HTTPS_KEYSTORE_PASSWORDis set.Previously, the password was passed as a command-line argument, which exposed it to other users via the process list (
ps aux). This change pipes the password via standard input, which is secure.Testing done