Merge pull request #62 from dwnusbaum/JENKINS-36088-exposed-bug

Create directory before calling chmod
jenkinsci · Dec 11, 2017 · c871b5e · c871b5e
2 parents c0d9723 + 2baaf70
commit c871b5e
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 1 deletion.
diff --git a/src/main/java/org/jenkinsci/plugins/docker/commons/impl/ServerKeyMaterialFactory.java b/src/main/java/org/jenkinsci/plugins/docker/commons/impl/ServerKeyMaterialFactory.java
@@ -81,9 +81,10 @@ public KeyMaterial materialize() throws IOException, InterruptedException {
 
         if (key != null && cert != null && ca != null) {
             final FilePath tempCredsDir = new FilePath(getContext().getBaseDir(), UUID.randomUUID().toString());
+            tempCredsDir.mkdirs();
 
             // protect this information from prying eyes
-            tempCredsDir.chmod(0600);
+            tempCredsDir.chmod(0700);
 
             // these file names are defined by convention by docker
             copyInto(tempCredsDir, "key.pem", key);

diff --git a/src/test/java/org/jenkinsci/plugins/docker/commons/credentials/DockerServerEndpointTest.java b/src/test/java/org/jenkinsci/plugins/docker/commons/credentials/DockerServerEndpointTest.java
@@ -30,6 +30,7 @@
 import com.cloudbees.plugins.credentials.domains.Domain;
 import com.cloudbees.plugins.credentials.domains.DomainSpecification;
 import hudson.FilePath;
+import hudson.Functions;
 import hudson.model.FreeStyleProject;
 import hudson.remoting.VirtualChannel;
 import hudson.slaves.DumbSlave;
@@ -76,6 +77,9 @@ public void smokes() throws Exception {
             assertThat(keyMaterial.env().get("DOCKER_TLS_VERIFY", "missing"), is("1"));
             assertThat(keyMaterial.env().get("DOCKER_CERT_PATH", "missing"), not("missing"));
             path = new FilePath(channel, keyMaterial.env().get("DOCKER_CERT_PATH", "missing"));
+            if (!Functions.isWindows()) {
+                assertThat(path.mode() & 0777, is(0700));
+            }
             assertThat(path.child("key.pem").readToString(), is("a"));
             assertThat(path.child("cert.pem").readToString(), is("b"));
             assertThat(path.child("ca.pem").readToString(), is("c"));