[JIRA] (JENKINS-49532) autogenerated keystore should not be kept in temp directory
Title: Message Title Ivan Fernandez Calvo edited a comment on JENKINS-49532 Re: autogenerated keystore should not be kept in temp directory [~qwrrty] I am testing some stuff to save the configuration of the keystore ASAP I finished I will release an close this Jira. Add Comment This message was sent by Atlassian JIRA (v7.3.0#73011-sha1:3c73d0e) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-49532) autogenerated keystore should not be kept in temp directory
Title: Message Title Ivan Fernandez Calvo commented on JENKINS-49532 Re: autogenerated keystore should not be kept in temp directory Tim Pierce I testing some stuff to save the configuration of the keystore ASAP I finished I will release an close this Jira. Add Comment This message was sent by Atlassian JIRA (v7.3.0#73011-sha1:3c73d0e) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-49532) autogenerated keystore should not be kept in temp directory
Title: Message Title Tim Pierce commented on JENKINS-49532 Re: autogenerated keystore should not be kept in temp directory It looks like the PR has been merged. Is there anything else that needs to be done to close the ticket? Is that my responsibility as the ticket owner? FWIW, I also agree that it makes sense to automatically re-create the file if it disappears in the middle of a session. Add Comment This message was sent by Atlassian JIRA (v7.3.0#73011-sha1:3c73d0e) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-49532) autogenerated keystore should not be kept in temp directory
Title: Message Title Venkata Siva Naga Tatikonda commented on JENKINS-49532 Re: autogenerated keystore should not be kept in temp directory I agree with Coltrey, if the file doesn't exist Jenkins should re-create and use it dynamically Add Comment This message was sent by Atlassian JIRA (v7.3.0#73011-sha1:3c73d0e) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-49532) autogenerated keystore should not be kept in temp directory
Title: Message Title SCM/JIRA link daemon commented on JENKINS-49532 Re: autogenerated keystore should not be kept in temp directory Code changed in jenkins User: Ivan Fernandez Calvo Path: src/main/java/org/jenkinsci/plugins/saml/BundleKeyStore.java http://jenkins-ci.org/commit/saml-plugin/f0c2b160b0a862fe1a3f6d79317a092b013b5576 Log: JENKINS-49532 autogenerated keystore should not be kept in temp directory (#42) Add Comment This message was sent by Atlassian JIRA (v7.3.0#73011-sha1:3c73d0e) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-49532) autogenerated keystore should not be kept in temp directory
Title: Message Title Coltrey Mather commented on JENKINS-49532 Re: autogenerated keystore should not be kept in temp directory If the file does not exist, shouldn't it be re-created? Add Comment This message was sent by Atlassian JIRA (v7.3.0#73011-sha1:3c73d0e) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-49532) autogenerated keystore should not be kept in temp directory
Title: Message Title Tim Pierce commented on JENKINS-49532 Re: autogenerated keystore should not be kept in temp directory The workaround we are using for the time being is adding an exclusion in /etc/tmpfiles.d/jenkins.conf to keep the keystore from being deleted. I agree that JENKINS_HOME would be a more suitable location for the autogenerated keystore. Add Comment This message was sent by Atlassian JIRA (v7.3.0#73011-sha1:3c73d0e) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-49532) autogenerated keystore should not be kept in temp directory
Title: Message Title Ivan Fernandez Calvo updated JENKINS-49532 Jenkins / JENKINS-49532 autogenerated keystore should not be kept in temp directory Change By: Ivan Fernandez Calvo Status: In Progress Review Add Comment This message was sent by Atlassian JIRA (v7.3.0#73011-sha1:3c73d0e) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-49532) autogenerated keystore should not be kept in temp directory
Title: Message Title Ivan Fernandez Calvo started work on JENKINS-49532 Change By: Ivan Fernandez Calvo Status: Open In Progress Add Comment This message was sent by Atlassian JIRA (v7.3.0#73011-sha1:3c73d0e) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-49532) autogenerated keystore should not be kept in temp directory
Title: Message Title Ivan Fernandez Calvo commented on JENKINS-49532 Re: autogenerated keystore should not be kept in temp directory as a workaround you can change the temporal folder with `java.io.tmpdir` java property, but probably this file should be created into the JENKINS_HOME folder Add Comment This message was sent by Atlassian JIRA (v7.3.0#73011-sha1:3c73d0e) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-49532) autogenerated keystore should not be kept in temp directory
Title: Message Title Tim Pierce created an issue Jenkins / JENKINS-49532 autogenerated keystore should not be kept in temp directory Issue Type: Improvement Assignee: Ivan Fernandez Calvo Components: saml-plugin Created: 2018-02-13 16:31 Environment: SAML-plugin 1.0.5 Priority: Minor Reporter: Tim Pierce The SAML plugin automatically generates a keystore in /tmp (when it has not been manually configured otherwise). However, /tmp files are subject to garbage collection; if the keystore is subsequently deleted by a cleanup process (e.g. tmpwatch, systemd-tmpfiles-clean, etc), it will break SAML authentication and require a restart of the Jenkins process. Being able to specify a path or directory for where to create the autogenerated keystore would solve this problem. The existing mechanism for specifying a keystore requires configuring the plugin manually with a key password and keystore password. We deploy and manage a fleet of Jenkins instances via Ansible and are limited to configuration options that can be scripted. The automatically generated keystore would be a satisfactory solution if it were not subject to garbage collection.
