Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Stop recommending -jnlpUrl #8639

Merged
merged 1 commit into from
Nov 9, 2023
Merged

Stop recommending -jnlpUrl #8639

merged 1 commit into from
Nov 9, 2023

Conversation

basil
Copy link
Member

@basil basil commented Oct 25, 2023
edited
Loading

See jenkinsci/remoting#677 (comment); the -jnlpUrl form essentially means you don't have to specify -name and things like -webSocket, -workDir, etc but then requires Remoting to query the server for these values. Simpler and less error-prone to just pass in the desired arguments directly without the extra layer of indirection.

Unfortunately, passing in -name via a shell can be tricky if the name contains special characters. We tested with a name of "foo's `bar" (yes, that includes both single and double quotes, backticks, and spaces) on both Unix and Windows to come up with the escaping algorithm. Fortunately we don't need to do deal with most other characters that need escaping in shells due to the restrictions imposed by Jenkins#checkGoodName.

The end result is a simpler connection algorithm on the Remoting side that skips an additional request to the .jnlp file on the server and instead begins execution directly with the desired set of arguments. This removal of a layer of indirection makes things easier to understand and debug.

Testing done

Tested the instructions on both Unix and Windows with an agent named "foo's `bar".

Proposed changelog entries

  • Stop recommending JNLP URL in agent launch instructions.

Proposed upgrade guidelines

N/A

Submitter checklist
Beta Give feedback

Desired reviewers

@mention

Before the changes are marked as ready-for-merge:

Maintainer checklist
Beta Give feedback

@basil basil added internal rfe For changelog: Minor enhancement. use `major-rfe` for changes to be highlighted and removed internal labels Oct 25, 2023
@basil basil requested a review from a team October 25, 2023 15:30
@basil
Copy link
Member Author

basil commented Oct 25, 2023

I don't think the escaping is all that interesting since this is a command the user is expected to copy and paste rather than something automatically executed, but CC'ing the security team in case they are interested.

jglick
jglick approved these changes Oct 25, 2023
View reviewed changes
Copy link
Member

@jglick jglick left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A good start.

core/src/main/java/hudson/slaves/JNLPLauncher.java
sb.append("-name ");
sb.append(computerName);
sb.append(' ');
if (isWebSocket()) {
Copy link
Member

@jglick jglick Oct 25, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We could simply deprecate this option, since it will now have no effect other than changing the recommendation for the command if you take the advice to stop using -jnlpUrl. Compare discussion of vmargs in #6543.

core/src/main/java/hudson/slaves/JNLPLauncher.java
if (isWebSocket()) {
sb.append("-webSocket ");
}
if (tunnel != null) {
Copy link
Member

@jglick jglick Oct 25, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same here. Also workDirSettings. IOW there is no longer a reason to have any nondeprecated configurable parameters on JNLPLauncher.

@basil
Copy link
Member Author

basil commented Oct 25, 2023

A good start.

If you think more things can be cleaned up, then by all means, propose some pull requests to clean them up. I will not be taking cleanup suggestions.

@daniel-beck
Copy link
Member

Seems fine from security POV, thanks for considering the escaping here.

@daniel-beck daniel-beck removed the request for review from a team October 26, 2023 08:46
@daniel-beck daniel-beck added the security-approved @jenkinsci/core-security-review reviewed this PR for security issues label Oct 26, 2023
@basil basil mentioned this pull request Oct 26, 2023
Merged
@MarkEWaite
Copy link
Contributor

This PR is now ready for merge. We will merge it after approximately 24 hours if there is no negative feedback.

@MarkEWaite MarkEWaite self-assigned this Nov 8, 2023
@MarkEWaite MarkEWaite added the ready-for-merge The PR is ready to go, and it will be merged soon if there is no negative feedback label Nov 8, 2023
@MarkEWaite MarkEWaite merged commit 41d09e0 into jenkinsci:master Nov 9, 2023
16 checks passed
@basil basil deleted the remoting branch November 9, 2023 20:20
@jglick jglick mentioned this pull request Dec 7, 2023
Merged
@basil basil mentioned this pull request Dec 7, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@NotMyFault NotMyFault NotMyFault approved these changes

@jglick jglick jglick approved these changes

Assignees

@MarkEWaite MarkEWaite

Labels
ready-for-merge The PR is ready to go, and it will be merged soon if there is no negative feedback rfe For changelog: Minor enhancement. use `major-rfe` for changes to be highlighted security-approved @jenkinsci/core-security-review reviewed this PR for security issues
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@basil @daniel-beck @MarkEWaite @jglick @NotMyFault