[JIRA] (JENKINS-61717) jenkins-cli.jar missing from war
Title: Message Title Jonathan Gray created an issue Jenkins / JENKINS-61717 jenkins-cli.jar missing from war Issue Type: Bug Assignee: Unassigned Components: cli Created: 2020-03-27 18:00 Environment: The latest jenkins lts docker image using version 2.222.1 Labels: regression jenkins lts docker Priority: Critical Reporter: Jonathan Gray In all prior releases the jenkins-cli.jar file was packaged as part of the jenkins war and was accessable from within the docker image at /var/jenkins_home/war/WEB-INF/jenkins-cli.jar. In the 2.222.1 release it was removed. I didn't see anything in the release changelog about it, so I'm assuming it's an accident. Please re-add it. Add Comment
[JIRA] (JENKINS-60857) Wildcard certificates rejected by Winstone after Jetty update
Title: Message Title Jonathan Gray edited a comment on JENKINS-60857 Re: Wildcard certificates rejected by Winstone after Jetty update For what it's worth, this prevented my instance from starting and I had to rollback to the 2.204.2 docker container.{noformat}Running from: /usr/share/jenkins/jenkins.warwebroot: EnvVars.masterEnvVars.get("JENKINS_HOME")[2020-03-01 17:20:09] [INFO ] Logging initialized @382ms to org.eclipse.jetty.util.log.JavaUtilLog[2020-03-01 17:20:09] [INFO ] Beginning extraction from war file[2020-03-01 17:20:10] [WARNING] Empty contextPath[2020-03-01 17:20:10] [WARNING] Using the --httpsPrivateKey/--httpsCertificate options currently relies on unsupported APIs in the Oracle JRE.Please use --httpsKeyStore and related options instead.[2020-03-01 17:20:10] [INFO ] Exclude Ciphers [^.*_(MD5|SHA|SHA1)$, ^TLS_RSA_.*$, ^SSL_.*$, ^.*_NULL_.*$, ^.*_anon_.*$][2020-03-01 17:20:10] [INFO ] jetty-9.4.25.v20191220; built: 2019-12-20T17:00:00.294Z; git: a9729c7e7f33a459d2616a8f9e9ba8a90f432e95; jvm 1.8.0_242-b08[2020-03-01 17:20:10] [INFO ] NO JSP Support for /, did not find org.eclipse.jetty.jsp.JettyJspServlet[2020-03-01 17:20:10] [INFO ] DefaultSessionIdManager workerName=node0[2020-03-01 17:20:10] [INFO ] No SessionScavenger set, using defaults[2020-03-01 17:20:10] [INFO ] node0 Scavenging every 66ms[2020-03-01 17:20:11] [INFO ] Jenkins home directory: /var/jenkins_home found at: EnvVars.masterEnvVars.get("JENKINS_HOME")[2020-03-01 17:20:11] [INFO ] Started w.@2ad48653{Jenkins v2.204.3,/,file:///var/jenkins_home/war/,AVAILABLE}{/var/jenkins_home/war}[2020-03-01 17:20:11] [INFO ] Started ServerConnector@77b52d12{HTTP/1.1,[http/1.1]}{0.0.0.0:8080}[2020-03-01 17:20:11] [INFO ] x509=X509@17d919b6(hudson,h=[ci.teamlab.domain.invalid, team-jenkins-oshoc-01.team.domain.invalid, cinew.teamlab.domain.invalid, www.ci.teamlab.domain.invalid, www.cinew.teamlab.domain.invalid],w=[]) for SslContextFactory@53f3bdbd[provider=null,keyStore=null,trustStore=null][2020-03-01 17:20:11] [INFO ] Stopped ServerConnector@77b52d12{HTTP/1.1,[http/1.1]}{0.0.0.0:8080}[2020-03-01 17:20:11] [INFO ] Stopped ServerConnector@100fc185{SSL,[ssl, http/1.1]}{0.0.0.0:8443}[2020-03-01 17:20:11] [INFO ] node0 Stopped scavenging[2020-03-01 17:20:11] [INFO ] Shutting down a Jenkins instance that was still starting up[2020-03-01 17:20:11] [INFO ] Stopped w.@2ad48653{Jenkins v2.204.3,/,null,UNAVAILABLE}{/var/jenkins_home/war}[2020-03-01 17:20:11] [INFO ] Jetty shutdown successfullyjava.io.IOException: Failed to start Jetty at winstone.Launcher.(Launcher.java:191) at winstone.Launcher.main(Launcher.java:362) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at Main._main(Main.java:375) at Main.main(Main.java:151)Caused by: java.lang.IllegalStateException: KeyStores with multiple certificates are not supported on the base class org.eclipse.jetty.util.ssl.SslContextFactory. (Use org.eclipse.jetty.util.ssl.SslContextFactory$Server or org.eclipse.jetty.util.ssl.SslContextFactory$Client instead) at org.eclipse.jetty.util.ssl.SslContextFactory.newSniX509ExtendedKeyManager(SslContextFactory.java:1275) at org.eclipse.jetty.util.ssl.SslContextFactory.getKeyManagers(SslContextFactory.java:1256) at org.eclipse.jetty.util.ssl.SslContextFactory.load(SslContextFactory.java:374) at org.eclipse.jetty.util.ssl.SslContextFactory.doStart(SslContextFactory.java:245) at org.eclipse.jetty.util.component.Abstrac
[JIRA] (JENKINS-60857) Wildcard certificates rejected by Winstone after Jetty update
Title: Message Title Jonathan Gray edited a comment on JENKINS-60857 Re: Wildcard certificates rejected by Winstone after Jetty update For what it's worth, this prevented my instance from starting and I had to rollback to the 2.204.2 docker container.{noformat} Running from: /usr/share/jenkins/jenkins.war webroot: EnvVars.masterEnvVars.get("JENKINS_HOME")[2020-03-01 17:20:09] [INFO ] Logging initialized @382ms to org.eclipse.jetty.util.log.JavaUtilLog[2020-03-01 17:20:09] [INFO ] Beginning extraction from war file[2020-03-01 17:20:10] [WARNING] Empty contextPath[2020-03-01 17:20:10] [WARNING] Using the --httpsPrivateKey/--httpsCertificate options currently relies on unsupported APIs in the Oracle JRE.Please use --httpsKeyStore and related options instead.[2020-03-01 17:20:10] [INFO ] Exclude Ciphers [^.*_(MD5|SHA|SHA1)$, ^TLS_RSA_.*$, ^SSL_.*$, ^.*_NULL_.*$, ^.*_anon_.*$][2020-03-01 17:20:10] [INFO ] jetty-9.4.25.v20191220; built: 2019-12-20T17:00:00.294Z; git: a9729c7e7f33a459d2616a8f9e9ba8a90f432e95; jvm 1.8.0_242-b08[2020-03-01 17:20:10] [INFO ] NO JSP Support for /, did not find org.eclipse.jetty.jsp.JettyJspServlet[2020-03-01 17:20:10] [INFO ] DefaultSessionIdManager workerName=node0[2020-03-01 17:20:10] [INFO ] No SessionScavenger set, using defaults[2020-03-01 17:20:10] [INFO ] node0 Scavenging every 66ms[2020-03-01 17:20:11] [INFO ] Jenkins home directory: /var/jenkins_home found at: EnvVars.masterEnvVars.get("JENKINS_HOME")[2020-03-01 17:20:11] [INFO ] Started w.@2ad48653{Jenkins v2.204.3,/,file:///var/jenkins_home/war/,AVAILABLE}{/var/jenkins_home/war}[2020-03-01 17:20:11] [INFO ] Started ServerConnector@77b52d12{HTTP/1.1,[http/1.1]}{0.0.0.0:8080}[2020-03-01 17:20:11] [INFO ] x509=X509@17d919b6(hudson,h=[ci.teamlab.domain.invalid, team-jenkins-oshoc-01.team.domain.invalid, cinew.teamlab.domain.invalid, www.ci.teamlab.domain.invalid, www.cinew.teamlab.domain.invalid],w=[]) for SslContextFactory@53f3bdbd[provider=null,keyStore=null,trustStore=null][2020-03-01 17:20:11] [INFO ] Stopped ServerConnector@77b52d12{HTTP/1.1,[http/1.1]}{0.0.0.0:8080}[2020-03-01 17:20:11] [INFO ] Stopped ServerConnector@100fc185{SSL,[ssl, http/1.1]}{0.0.0.0:8443}[2020-03-01 17:20:11] [INFO ] node0 Stopped scavenging[2020-03-01 17:20:11] [INFO ] Shutting down a Jenkins instance that was still starting up[2020-03-01 17:20:11] [INFO ] Stopped w.@2ad48653{Jenkins v2.204.3,/,null,UNAVAILABLE}{/var/jenkins_home/war}[2020-03-01 17:20:11] [INFO ] Jetty shutdown successfully java.io.IOException: Failed to start Jetty at winstone.Launcher.(Launcher.java:191) at winstone.Launcher.main(Launcher.java:362) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)at java.lang.reflect.Method.invoke(Method.java:498) at Main._main(Main.java:375) at Main.main(Main.java:151) Caused by: java.lang.IllegalStateException: KeyStores with multiple certificates are not supported on the base class org.eclipse.jetty.util.ssl.SslContextFactory. (Use org.eclipse.jetty.util.ssl.SslContextFactory$Server or org.eclipse.jetty.util.ssl.SslContextFactory$Client instead) at org.eclipse.jetty.util.ssl.SslContextFactory.newSniX509ExtendedKeyManager( SslContextFactory SslContextFactory .java:1275) at org.eclipse.jetty.util.ssl.SslContextFactory.getKeyManagers(SslContextFactory.java:1256) at org.eclipse.jetty.util.ssl.SslContextFactory.load(SslContextFactory.java:374) at org.eclipse.jetty.util.ssl.SslContextFactory.do
[JIRA] (JENKINS-60857) Wildcard certificates rejected by Winstone after Jetty update
Title: Message Title Jonathan Gray edited a comment on JENKINS-60857 Re: Wildcard certificates rejected by Winstone after Jetty update For what it's worth, this prevented my instance from starting and I had to rollback to the 2.204.2 docker container.{noformat}webroot: EnvVars.masterEnvVars.get("JENKINS_HOME")[2020-03-01 17:20:09] [INFO ] Logging initialized @382ms to org.eclipse.jetty.util.log.JavaUtilLog[2020-03-01 17:20:09] [INFO ] Beginning extraction from war file[2020-03-01 17:20:10] [WARNING] Empty contextPath[2020-03-01 17:20:10] [WARNING] Using the --httpsPrivateKey/--httpsCertificate options currently relies on unsupported APIs in the Oracle JRE.Please use --httpsKeyStore and related options instead.[2020-03-01 17:20:10] [INFO ] Exclude Ciphers [^.*_(MD5|SHA|SHA1)$, ^TLS_RSA_.*$, ^SSL_.*$, ^.*_NULL_.*$, ^.*_anon_.*$][2020-03-01 17:20:10] [INFO ] jetty-9.4.25.v20191220; built: 2019-12-20T17:00:00.294Z; git: a9729c7e7f33a459d2616a8f9e9ba8a90f432e95; jvm 1.8.0_242-b08[2020-03-01 17:20:10] [INFO ] NO JSP Support for /, did not find org.eclipse.jetty.jsp.JettyJspServlet[2020-03-01 17:20:10] [INFO ] DefaultSessionIdManager workerName=node0[2020-03-01 17:20:10] [INFO ] No SessionScavenger set, using defaults[2020-03-01 17:20:10] [INFO ] node0 Scavenging every 66ms[2020-03-01 17:20:11] [INFO ] Jenkins home directory: /var/jenkins_home found at: EnvVars.masterEnvVars.get("JENKINS_HOME")[2020-03-01 17:20:11] [INFO ] Started w.@2ad48653{Jenkins v2.204.3,/,file:///var/jenkins_home/war/,AVAILABLE}{/var/jenkins_home/war}[2020-03-01 17:20:11] [INFO ] Started ServerConnector@77b52d12{HTTP/1.1,[http/1.1]}{0.0.0.0:8080}[2020-03-01 17:20:11] [INFO ] x509=X509@17d919b6(hudson,h=[ci.teamlab.domain.invalid, team-jenkins-oshoc-01.team.domain.invalid, cinew.teamlab.domain.invalid, www.ci.teamlab.domain.invalid, www.cinew.teamlab.domain.invalid],w=[]) for SslContextFactory@53f3bdbd[provider=null,keyStore=null,trustStore=null][2020-03-01 17:20:11] [INFO ] Stopped ServerConnector@77b52d12{HTTP/1.1,[http/1.1]}{0.0.0.0:8080}[2020-03-01 17:20:11] [INFO ] Stopped ServerConnector@100fc185{SSL,[ssl, http/1.1]}{0.0.0.0:8443}[2020-03-01 17:20:11] [INFO ] node0 Stopped scavenging[2020-03-01 17:20:11] [INFO ] Shutting down a Jenkins instance that was still starting up[2020-03-01 17:20:11] [INFO ] Stopped w.@2ad48653{Jenkins v2.204.3,/,null,UNAVAILABLE}{/var/jenkins_home/war}[2020-03-01 17:20:11] [INFO ] Jetty shutdown successfully java.io.IOException: Failed to start Jetty at winstone.Launcher.(Launcher.java:191) at winstone.Launcher.main(Launcher.java:362) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at Main._main(Main.java:375) at Main.main(Main.java:151) Caused by: java.lang.IllegalStateException: KeyStores with multiple certificates are not supported on the base class org.eclipse.jetty.util.ssl.SslContextFactory. (Use org.eclipse.jetty.util.ssl.SslContextFactory$Server or org.eclipse.jetty.util.ssl.SslContextFactory$Client instead) at org.eclipse.jetty.util.ssl.SslContextFactory.newSniX509ExtendedKeyManager(SslContextFactory.java:1275) at org.eclipse.jetty.util.ssl.SslContextFactory.getKeyManagers(SslContextFactory.java:1256) at org.eclipse.jetty.util.ssl.SslContextFactory.load(SslContextFactory.java:374) at org.eclipse.jetty.util.ssl.SslContextFactory.doStart(SslContextFactory.java:245) at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72)
[JIRA] (JENKINS-60857) Wildcard certificates rejected by Winstone after Jetty update
Title: Message Title Jonathan Gray edited a comment on JENKINS-60857 Re: Wildcard certificates rejected by Winstone after Jetty update For what it's worth, this prevented my instance from starting and I had to rollback to the 2.204.2 docker container.{noformat}webroot: EnvVars.masterEnvVars.get("JENKINS_HOME")[2020-03-01 17:20:09] [INFO ] Logging initialized @382ms to org.eclipse.jetty.util.log.JavaUtilLog[2020-03-01 17:20:09] [INFO ] Beginning extraction from war file[2020-03-01 17:20:10] [WARNING] Empty contextPath[2020-03-01 17:20:10] [WARNING] Using the --httpsPrivateKey/--httpsCertificate options currently relies on unsupported APIs in the Oracle JRE.Please use --httpsKeyStore and related options instead.[2020-03-01 17:20:10] [INFO ] Exclude Ciphers [^.*_(MD5|SHA|SHA1)$, ^TLS_RSA_.*$, ^SSL_.*$, ^.*_NULL_.*$, ^.*_anon_.*$][2020-03-01 17:20:10] [INFO ] jetty-9.4.25.v20191220; built: 2019-12-20T17:00:00.294Z; git: a9729c7e7f33a459d2616a8f9e9ba8a90f432e95; jvm 1.8.0_242-b08[2020-03-01 17:20:10] [INFO ] NO JSP Support for /, did not find org.eclipse.jetty.jsp.JettyJspServlet[2020-03-01 17:20:10] [INFO ] DefaultSessionIdManager workerName=node0[2020-03-01 17:20:10] [INFO ] No SessionScavenger set, using defaults[2020-03-01 17:20:10] [INFO ] node0 Scavenging every 66ms[2020-03-01 17:20:11] [INFO ] Jenkins home directory: /var/jenkins_home found at: EnvVars.masterEnvVars.get("JENKINS_HOME")[2020-03-01 17:20:11] [INFO ] Started w.@2ad48653{Jenkins v2.204.3,/,file:///var/jenkins_home/war/,AVAILABLE}{/var/jenkins_home/war}[2020-03-01 17:20:11] [INFO ] Started ServerConnector@77b52d12{HTTP/1.1,[http/1.1]}{0.0.0.0:8080}[2020-03-01 17:20:11] [INFO ] x509=X509@17d919b6(hudson,h=[ci.teamlab.domain.invalid, team-jenkins-oshoc-01.team.domain.invalid, cinew.teamlab.domain.invalid, www.ci.teamlab.domain.invalid, www.cinew.teamlab.domain.invalid],w=[]) for SslContextFactory@53f3bdbd[provider=null,keyStore=null,trustStore=null][2020-03-01 17:20:11] [INFO ] Stopped ServerConnector@77b52d12{HTTP/1.1,[http/1.1]}{0.0.0.0:8080}[2020-03-01 17:20:11] [INFO ] Stopped ServerConnector@100fc185{SSL,[ssl, http/1.1]}{0.0.0.0:8443}[2020-03-01 17:20:11] [INFO ] node0 Stopped scavenging[2020-03-01 17:20:11] [INFO ] Shutting down a Jenkins instance that was still starting up[2020-03-01 17:20:11] [INFO ] Stopped w.@2ad48653{Jenkins v2.204.3,/,null,UNAVAILABLE}{/var/jenkins_home/war}[2020-03-01 17:20:11] [INFO ] Jetty shutdown successfully java.io.IOException: Failed tostart Jetty at winstone.Launcher.(Launcher.java:191) atwinstone.Launcher.main(Launcher.java:362) atsun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) atsun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) atsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)at java.lang.reflect.Method.invoke(Method.java:498) at Main._main(Main.java:375) atMain.main(Main.java:151) Caused by: java.lang.IllegalStateException: KeyStores with multiplecertificates are not supported on the base class org.eclipse.jetty.util.ssl.SslContextFactory.(Use org.eclipse.jetty.util.ssl.SslContextFactory$Server ororg.eclipse.jetty.util.ssl.SslContextFactory$Client instead) atorg.eclipse.jetty.util.ssl.SslContextFactory.newSniX509ExtendedKeyManager( SslContextFactory SslContextFactory .java:1275) atorg.eclipse.jetty.util.ssl.SslContextFactory.getKeyManagers(SslContextFactory.java:1256) atorg.eclipse.jetty.util.ssl.SslContextFactory.load(SslContextFactory.java:374) atorg.eclipse.jetty.util.ssl.SslContextFactory.doStart(SslContextFactory.java:245) atorg.eclipse.jetty.u
[JIRA] (JENKINS-60857) Wildcard certificates rejected by Winstone after Jetty update
Title: Message Title Jonathan Gray edited a comment on JENKINS-60857 Re: Wildcard certificates rejected by Winstone after Jetty update For what it's worth, this prevented my instance from starting and I had to rollback to the 2.204.2 docker container. { quote noformat }webroot: EnvVars.masterEnvVars.get("JENKINS_HOME")[2020-03-01 17:20:09] [INFO ] Logging initialized @382ms to org.eclipse.jetty.util.log.JavaUtilLog[2020-03-01 17:20:09] [INFO ] Beginning extraction from war file[2020-03-01 17:20:10] [WARNING] Empty contextPath[2020-03-01 17:20:10] [WARNING] Using the --httpsPrivateKey/--httpsCertificate options currently relies on unsupported APIs in the Oracle JRE.Please use --httpsKeyStore and related options instead.[2020-03-01 17:20:10] [INFO ] Exclude Ciphers [^.*_(MD5|SHA|SHA1)$, ^TLS_RSA_.*$, ^SSL_.*$, ^.*_NULL_.*$, ^.*_anon_.*$][2020-03-01 17:20:10] [INFO ] jetty-9.4.25.v20191220; built: 2019-12-20T17:00:00.294Z; git: a9729c7e7f33a459d2616a8f9e9ba8a90f432e95; jvm 1.8.0_242-b08[2020-03-01 17:20:10] [INFO ] NO JSP Support for /, did not find org.eclipse.jetty.jsp.JettyJspServlet[2020-03-01 17:20:10] [INFO ] DefaultSessionIdManager workerName=node0[2020-03-01 17:20:10] [INFO ] No SessionScavenger set, using defaults[2020-03-01 17:20:10] [INFO ] node0 Scavenging every 66ms[2020-03-01 17:20:11] [INFO ] Jenkins home directory: /var/jenkins_home found at: EnvVars.masterEnvVars.get("JENKINS_HOME")[2020-03-01 17:20:11] [INFO ] Started w.@2ad48653{Jenkins v2.204.3,/,file:///var/jenkins_home/war/,AVAILABLE}{/var/jenkins_home/war}[2020-03-01 17:20:11] [INFO ] Started ServerConnector@77b52d12{HTTP/1.1,[http/1.1]}{0.0.0.0:8080}[2020-03-01 17:20:11] [INFO ] x509=X509@17d919b6(hudson,h=[ci.teamlab.domain.invalid, team-jenkins-oshoc-01.team.domain.invalid, cinew.teamlab.domain.invalid, www.ci.teamlab.domain.invalid, www.cinew.teamlab.domain.invalid],w=[]) for SslContextFactory@53f3bdbd[provider=null,keyStore=null,trustStore=null][2020-03-01 17:20:11] [INFO ] Stopped ServerConnector@77b52d12{HTTP/1.1,[http/1.1]}{0.0.0.0:8080}[2020-03-01 17:20:11] [INFO ] Stopped ServerConnector@100fc185{SSL,[ssl, http/1.1]}{0.0.0.0:8443}[2020-03-01 17:20:11] [INFO ] node0 Stopped scavenging[2020-03-01 17:20:11] [INFO ] Shutting down a Jenkins instance that was still starting up[2020-03-01 17:20:11] [INFO ] Stopped w.@2ad48653{Jenkins v2.204.3,/,null,UNAVAILABLE}{/var/jenkins_home/war}[2020-03-01 17:20:11] [INFO ] Jetty shutdown successfully java.io.IOException: Failed to start Jetty at winstone.Launcher.(Launcher.java:191) at winstone.Launcher.main(Launcher.java:362) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at Main._main(Main.java:375) at Main.main(Main.java:151) Caused by: java.lang.IllegalStateException: KeyStores with multiple certificates are not supported on the base class org.eclipse.jetty.util.ssl.SslContextFactory. (Use org.eclipse.jetty.util.ssl.SslContextFactory$Server or org.eclipse.jetty.util.ssl.SslContextFactory$Client instead) at org.eclipse.jetty.util.ssl.SslContextFactory.newSniX509ExtendedKeyManager(SslContextFactory.java:1275) at org.eclipse.jetty.util.ssl.SslContextFactory.getKeyManagers(SslContextFactory.java:1256) at org.eclipse.jetty.util.ssl.SslContextFactory.load(SslContextFactory.java:374) at org.eclipse.jetty.util.ssl.SslContextFactory.doStart(SslContextFactory.java:245) at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycl
[JIRA] (JENKINS-60857) Wildcard certificates rejected by Winstone after Jetty update
Title: Message Title Jonathan Gray edited a comment on JENKINS-60857 Re: Wildcard certificates rejected by Winstone after Jetty update For what it's worth, this prevented my instance from starting and I had to rollback to the 2.204.2 docker container . {quote}webroot: EnvVars.masterEnvVars.get("JENKINS_HOME")[2020-03-01 17:20:09] [INFO ] Logging initialized @382ms to org.eclipse.jetty.util.log.JavaUtilLog[2020-03-01 17:20:09] [INFO ] Beginning extraction from war file[2020-03-01 17:20:10] [WARNING] Empty contextPath[2020-03-01 17:20:10] [WARNING] Using the --httpsPrivateKey/--httpsCertificate options currently relies on unsupported APIs in the Oracle JRE.Please use --httpsKeyStore and related options instead.[2020-03-01 17:20:10] [INFO ] Exclude Ciphers [^.*_(MD5|SHA|SHA1)$, ^TLS_RSA_.*$, ^SSL_.*$, ^.*_NULL_.*$, ^.*_anon_.*$][2020-03-01 17:20:10] [INFO ] jetty-9.4.25.v20191220; built: 2019-12-20T17:00:00.294Z; git: a9729c7e7f33a459d2616a8f9e9ba8a90f432e95; jvm 1.8.0_242-b08[2020-03-01 17:20:10] [INFO ] NO JSP Support for /, did not find org.eclipse.jetty.jsp.JettyJspServlet[2020-03-01 17:20:10] [INFO ] DefaultSessionIdManager workerName=node0[2020-03-01 17:20:10] [INFO ] No SessionScavenger set, using defaults[2020-03-01 17:20:10] [INFO ] node0 Scavenging every 66ms[2020-03-01 17:20:11] [INFO ] Jenkins home directory: /var/jenkins_home found at: EnvVars.masterEnvVars.get("JENKINS_HOME")[2020-03-01 17:20:11] [INFO ] Started w.@2ad48653{Jenkins v2.204.3,/,file:///var/jenkins_home/war/,AVAILABLE}{/var/jenkins_home/war}[2020-03-01 17:20:11] [INFO ] Started ServerConnector@77b52d12{HTTP/1.1,[http/1.1]}{0.0.0.0:8080}[2020-03-01 17:20:11] [INFO ] x509=X509@17d919b6(hudson,h=[ci.teamlab.domain.invalid, team-jenkins-oshoc-01.team.domain.invalid, cinew.teamlab.domain.invalid, www.ci.teamlab.domain.invalid, www.cinew.teamlab.domain.invalid],w=[]) for SslContextFactory@53f3bdbd[provider=null,keyStore=null,trustStore=null][2020-03-01 17:20:11] [INFO ] Stopped ServerConnector@77b52d12{HTTP/1.1,[http/1.1]}{0.0.0.0:8080}[2020-03-01 17:20:11] [INFO ] Stopped ServerConnector@100fc185{SSL,[ssl, http/1.1]}{0.0.0.0:8443}[2020-03-01 17:20:11] [INFO ] node0 Stopped scavenging[2020-03-01 17:20:11] [INFO ] Shutting down a Jenkins instance that was still starting up[2020-03-01 17:20:11] [INFO ] Stopped w.@2ad48653{Jenkins v2.204.3,/,null,UNAVAILABLE}{/var/jenkins_home/war}[2020-03-01 17:20:11] [INFO ] Jetty shutdown successfully java.io.IOException: Failed to start Jetty at winstone.Launcher.(Launcher.java:191) at winstone.Launcher.main(Launcher.java:362) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at Main._main(Main.java:375) at Main.main(Main.java:151) Caused by: java.lang.IllegalStateException: KeyStores with multiple certificates are not supported on the base class org.eclipse.jetty.util.ssl.SslContextFactory. (Use org.eclipse.jetty.util.ssl.SslContextFactory$Server or org.eclipse.jetty.util.ssl.SslContextFactory$Client instead) at org.eclipse.jetty.util.ssl.SslContextFactory.newSniX509ExtendedKeyManager(SslContextFactory.java:1275) at org.eclipse.jetty.util.ssl.SslContextFactory.getKeyManagers(SslContextFactory.java:1256) at org.eclipse.jetty.util.ssl.SslContextFactory.load(SslContextFactory.java:374) at org.eclipse.jetty.util.ssl.SslContextFactory.doStart(SslContextFactory.java:245) at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:7
[JIRA] (JENKINS-60857) Wildcard certificates rejected by Winstone after Jetty update
Title: Message Title Jonathan Gray commented on JENKINS-60857 Re: Wildcard certificates rejected by Winstone after Jetty update For what it's worth, this prevented my instance from starting and I had to rollback to 2.204.2. Add Comment This message was sent by Atlassian Jira (v7.13.12#713012-sha1:6e07c38) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.204231.1579860751000.1940.1583085180586%40Atlassian.JIRA.
[JIRA] (JENKINS-56964) Expose timeout grace period as configurable
Title: Message Title Jonathan Gray created an issue Jenkins / JENKINS-56964 Expose timeout grace period as configurable Issue Type: Improvement Assignee: Unassigned Components: workflow-basic-steps-plugin Created: 2019-04-10 18:47 Labels: plugin pipeline configuration Priority: Minor Reporter: Jonathan Gray As a job author, I would like the pipeline timeout GRACE_PERIOD exposed as a configurable option so that I can allow for teardown steps that take longer than 5s or 60s. I use the timeout option on a stage, but during the normal course of operations if that timeout engages items in an always post step only get that grace period to complete. For processes with extensive cleanup, you see `Body did not finish within grace period; terminating with extreme prejudice` and it force-kills what's running. This can leave some cleanup process incomplete. I'd like to see an option in the timeout step to specify how long that grace period ought to be. Relevant code link: https://github.com/jenkinsci/workflow-basic-steps-plugin/blob/3ecc7bbd91182e330a23a9e661ae1cdfa2d2b55e/src/main/java/org/jenkinsci/plugins/workflow/steps/TimeoutStepExecution.java#L41
[JIRA] (JENKINS-40839) pipeline timeout doesn't kill the job
Title: Message Title Jonathan Gray commented on JENKINS-40839 Re: pipeline timeout doesn't kill the job Looks like this is still going on: Jenkins 2.164.1 Pipeline: Basic Steps 2.15 Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-44611) Any way to restrict build for non-whitelisted users?
Title: Message Title Jonathan Gray commented on JENKINS-44611 Re: Any way to restrict build for non-whitelisted users? It's also a human interfacing issue too. Once the concept of trust apart from committership/ownership exists, the existing solution uses the PR itself as the CI interface to permit/retry/whitelist the build/submitter. Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-44611) Any way to restrict build for non-whitelisted users?
Title: Message Title Jonathan Gray commented on JENKINS-44611 Re: Any way to restrict build for non-whitelisted users? 100% agree. The GHPRB plugin which appears to have now been deprecated in favor of github-branch-source-plugin has a major feature gap that appears to have been misunderstood here. This is a blocker issue for us on migrating away from GHPRB, and from a security perspective we're currently in a less than desirable position since GHPRB seems to presently have security issues. As a maintainer of an OSS project running a self-hosted Jenkins instance for the community, I want to build all PRs by those who are trusted contributors (which may be more than just those with merge rights) automatically. For those who are not trusted, the PR build needs to be authorized via PR comment by a trusted user before it is built. This should support Multibranch pipeline style jobs via Jenkinsfile so that the build process itself may be updated by untrusted OSS contributors. This approval pipeline/step/check is critical because you must protect against malicious PR modifications of a Jenkinsfile. Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.