[JENKINS-51820] Removing Java Web Start support #532
Conversation
It could but why would you feel the need to do this, if you are downloading the agent from the link on the controller, which you presumably trust already? Or using it from an image published on a trustworthy registry? (And if someone wanted to “tamper with” the JAR file after you downloaded it, they would merely need to delete the signature—nothing other than JAR signatures are a 1990s technology. If there is a current threat model we can discuss what that is, and how best to address it with current tools and conventions. I would rather remove something which adds complexity to our build & release process with no clear remaining value, in the same PR which removes the scenario for which that thing was (so far as I know) originally added. |
| <!-- see http://docs.oracle.com/javase/8/docs/technotes/guides/jweb/security/manifest.html --> | ||
| <Permissions>all-permissions</Permissions> | ||
| <Codebase>*</Codebase> | ||
| <Application-Name>Jenkins Remoting Agent</Application-Name> |
There was a problem hiding this comment.
Needs at least a corresponding change to org.jenkinsci.plugins.pipeline.utility.steps.conf.mf.ReadManifestStepTest:
hudson.remoting.ProxyException: Assertion failed:
assert man.main['Application-Name'] == 'Jenkins Remoting Agent'
at org.codehaus.groovy.runtime.InvokerHelper.assertFailed(InvokerHelper.java:420)
at org.codehaus.groovy.runtime.ScriptBytecodeAdapter.assertFailed(ScriptBytecodeAdapter.java:663)
at com.cloudbees.groovy.cps.impl.AssertBlock$ContinuationImpl.fail(AssertBlock.java:47)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at com.cloudbees.groovy.cps.impl.ContinuationPtr$ContinuationImpl.receive(ContinuationPtr.java:72)
at com.cloudbees.groovy.cps.impl.ConstantBlock.eval(ConstantBlock.java:21)
at com.cloudbees.groovy.cps.Next.step(Next.java:83)
at com.cloudbees.groovy.cps.Continuable$1.call(Continuable.java:174)
at com.cloudbees.groovy.cps.Continuable$1.call(Continuable.java:163)
at org.codehaus.groovy.runtime.GroovyCategorySupport$ThreadCategoryInfo.use(GroovyCategorySupport.java:136)
at org.codehaus.groovy.runtime.GroovyCategorySupport.use(GroovyCategorySupport.java:275)
at com.cloudbees.groovy.cps.Continuable.run0(Continuable.java:163)
at org.jenkinsci.plugins.workflow.cps.SandboxContinuable.access$001(SandboxContinuable.java:18)
at org.jenkinsci.plugins.workflow.cps.SandboxContinuable.run0(SandboxContinuable.java:51)
at org.jenkinsci.plugins.workflow.cps.CpsThread.runNextChunk(CpsThread.java:187)
at org.jenkinsci.plugins.workflow.cps.CpsThreadGroup.run(CpsThreadGroup.java:420)
at org.jenkinsci.plugins.workflow.cps.CpsThreadGroup.access$400(CpsThreadGroup.java:95)
at org.jenkinsci.plugins.workflow.cps.CpsThreadGroup$2.call(CpsThreadGroup.java:330)
at org.jenkinsci.plugins.workflow.cps.CpsThreadGroup$2.call(CpsThreadGroup.java:294)
at org.jenkinsci.plugins.workflow.cps.CpsVmExecutorService$2.call(CpsVmExecutorService.java:67)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
at hudson.remoting.SingleLaneExecutorService$1.run(SingleLaneExecutorService.java:139)
at jenkins.util.ContextResettingExecutorService$1.run(ContextResettingExecutorService.java:28)
at jenkins.security.ImpersonatingExecutorService$1.run(ImpersonatingExecutorService.java:68)
at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at java.base/java.lang.Thread.run(Thread.java:829)
Finished: FAILURE
There was a problem hiding this comment.
There was a problem hiding this comment.
I am strongly in favor of this improvement. I tried a couple of times previously to push this removal through, but wasn't able then to overcome the resistance. There really is no reason to continue supporting JWS, especially as we move forward with Java versions.
Similarly there really isn't any value in continuing to sign the jar. The suggestions that it may continue to be useful in some situations never manage to explain the benefit or the scenarios.
The PR looks like it covers all of the necessary bits in Remoting that need to change. As noted various places, there are other related changes in other areas.
I'm approving, contingent on getting a successful build. (I'll be traveling for a while and unable to assist further until afterwards.)
|
I guess we can just release this from someones machine given the signature is removed? No need to use release.ci.jenkins.io? This PR is now ready for merge, after ~24 hours, we will merge it if there's no negative feedback. Thanks! |
|
There should be some announcement somewhere about stopping the signing. Doesn't need to be a big deal, but just somewhere to let people know / point people to. Some people will notice and probably a few will complain. |
|
Quick blog post before shipping this I guess? |
Noted in the changelog for jenkinsci/jenkins#6543; do you think we need something more?
Someone could, yes, if we prefer not to use trusted.ci or (especially pending jenkins-infra/jenkins-maven-cd-action#14) set up CD. |
|
Looks fine to me |
|
I was thinking something more, but, yes, I think the changelog is sufficient and we don't need to bother with more. |
jglick
changed the title
|
@timja what did you to do release Remoting? There are no commits in |
|
The JAR looks OK, but the Git history does not. |
|
Same as I do for all machine releases. Looking at the log currently but all looks fine |
|
I'm guessing this repo has some extra config for releasing |
fixed |
|
OK, https://github.com/jenkinsci/remoting/commits/master looks right now. |
Remoting releases from older baselines (like stable-4.13.x) need to deliver a signed jar file for compatibility. This pull request changes the default branch used for remoting releases from release.ci.jenkins.io to use the stable-4.13.x branch instead of the master branch. Remoting development on the remoting master branch no longer requires a signed jar file with the removal of Java Web Start in jenkinsci/remoting#532 The release.ci.jenkins.io job that delivers remoting with signed jars is no longer used for releases of the master branch of the remoting repository. This change should allow us to deliver remoting 4.13.1. Remoting releases from the master branch will continue to use JEP-229 as was done for https://github.com/jenkinsci/remoting/releases/tag/3020.vcc32c3b_cc767
Preparation for dropping Java 8 support, since we did not support JWS on newer Java versions anyway.
javawslaunch mode.-headlessargument made into a no-op.SecurityManagercall which printed warnings on Java 17 (superseding Don't set null SecurityManager on Java 17 #531 and thus also Remove setting of null security manager #481 & [JENKINS-67000] Restore setting of null security manager #507) since this was only used to undo what JWS did.Should only be merged & released if jenkinsci/jenkins#6543 is also approved, as otherwise the GUI would offer an option which no longer works.