[FIXED JENKINS-15596]

Disable authenticode verification on jenkins.exe and jenkins-slave.exe by generating a proper application configuration file. See: http://msdn.microsoft.com/en-us/library/cc656914.aspx See: http://msdn.microsoft.com/en-us/library/bb629393.aspx See: http://support.microsoft.com/kb/936707
jenkinsci · Mar 2, 2013 · 934e9d3 · 934e9d3
1 parent ef9c30c
commit 934e9d3
Show file tree

Hide file tree

Showing 8 changed files with 24 additions and 10 deletions.
diff --git a/changelog.html b/changelog.html
@@ -76,6 +76,9 @@
   <li class=bug>
     Fix dependency graph computation when upstream build trigger is involved
     (<a href="https://issues.jenkins-ci.org/browse/JENKINS-13502">issue 13502</a>)
+  <li class=bug>
+    Disabled Authenticode verification for Windows services.
+    (<a href="https://issues.jenkins-ci.org/browse/JENKINS-15596">issue 15596</a>)
 </ul>
 </div><!--=TRUNK-END=-->
 

diff --git a/core/src/main/java/hudson/lifecycle/WindowsInstallerLink.java b/core/src/main/java/hudson/lifecycle/WindowsInstallerLink.java
@@ -127,8 +127,9 @@ public void doDoInstall(StaplerRequest req, StaplerResponse rsp, @QueryParameter
 
         try {
             // copy files over there
-            copy(req, rsp, dir, getClass().getResource("/windows-service/jenkins.exe"), "jenkins.exe");
-            copy(req, rsp, dir, getClass().getResource("/windows-service/jenkins.xml"), "jenkins.xml");
+            copy(req, rsp, dir, getClass().getResource("/windows-service/jenkins.exe"),         "jenkins.exe");
+            copy(req, rsp, dir, getClass().getResource("/windows-service/jenkins.exe.config"),  "jenkins.exe.config");
+            copy(req, rsp, dir, getClass().getResource("/windows-service/jenkins.xml"),         "jenkins.xml");
             if(!hudsonWar.getCanonicalFile().equals(new File(dir,"jenkins.war").getCanonicalFile()))
                 copy(req, rsp, dir, hudsonWar.toURI().toURL(), "jenkins.war");
 

diff --git a/core/src/main/java/hudson/lifecycle/WindowsServiceLifecycle.java b/core/src/main/java/hudson/lifecycle/WindowsServiceLifecycle.java
@@ -50,15 +50,15 @@
  */
 public class WindowsServiceLifecycle extends Lifecycle {
     public WindowsServiceLifecycle() {
-        updateHudsonExeIfNeeded();
+        updateJenkinsExeIfNeeded();
     }
 
     /**
-     * If <tt>hudson.exe</tt> is old compared to our copy,
+     * If <tt>jenkins.exe</tt> is old compared to our copy,
      * schedule an overwrite (except that since it's currently running,
-     * we can only do it when Hudson restarts next time.)
+     * we can only do it when Jenkins restarts next time.)
      */
-    private void updateHudsonExeIfNeeded() {
+    private void updateJenkinsExeIfNeeded() {
         try {
             File rootDir = Jenkins.getInstance().getRootDir();
 
@@ -83,7 +83,7 @@ private void updateHudsonExeIfNeeded() {
                 }
             }
         } catch (IOException e) {
-            LOGGER.log(Level.SEVERE, "Failed to replace hudson.exe",e);
+            LOGGER.log(Level.SEVERE, "Failed to replace jenkins.exe",e);
         }
     }
 

diff --git a/core/src/main/java/hudson/os/windows/ManagedWindowsServiceLauncher.java b/core/src/main/java/hudson/os/windows/ManagedWindowsServiceLauncher.java
@@ -299,6 +299,8 @@ public void launch(final SlaveComputer computer, final TaskListener listener) th
                 logger.println(Messages.ManagedWindowsServiceLauncher_CopyingSlaveExe());
                 copyStreamAndClose(getClass().getResource("/windows-service/jenkins.exe").openStream(), new SmbFile(remoteRoot,"jenkins-slave.exe").getOutputStream());
 
+                copyStreamAndClose(getClass().getResource("/windows-service/jenkins.exe.config").openStream(), new SmbFile(remoteRoot,"jenkins-slave.exe.config").getOutputStream());
+
                 copySlaveJar(logger, remoteRoot);
 
                 // copy jenkins-slave.xml

diff --git a/core/src/main/resources/windows-service/jenkins.exe.config b/core/src/main/resources/windows-service/jenkins.exe.config
@@ -0,0 +1,6 @@
+<!-- see http://support.microsoft.com/kb/936707 -->
+<configuration>
+  <runtime>
+    <generatePublisherEvidence enabled="false"/>
+  </runtime>
+</configuration>
diff --git a/msi/build.sh b/msi/build.sh
@@ -10,8 +10,9 @@ fi
 rm -rf tmp || true
 mkdir tmp || true
 unzip -p "$war" 'WEB-INF/lib/jenkins-core-*.jar' > tmp/core.jar
-unzip -p tmp/core.jar windows-service/jenkins.exe > tmp/jenkins.exe
-unzip -p tmp/core.jar windows-service/jenkins.xml > tmp/jenkins.xm_
+unzip -p tmp/core.jar windows-service/jenkins.exe        > tmp/jenkins.exe
+unzip -p tmp/core.jar windows-service/jenkins.exe.config > tmp/jenkins.exe.config
+unzip -p tmp/core.jar windows-service/jenkins.xml        > tmp/jenkins.xm_
 # replace executable name to the bundled JRE
 sed -e 's|executable.*|executable>%BASE%\\jre\\bin\\java</executable>|' < tmp/jenkins.xm_ > tmp/jenkins.xml
 

diff --git a/msi/jenkins.wxs b/msi/jenkins.wxs
@@ -13,6 +13,7 @@
               <Directory Id='JreDir' Name='jre'/>
               <Component Id='Main' Guid='e4a652bf-c210-4a45-95c4-5dc875b4880b'>
                 <File Name="jenkins.exe" Source='tmp/jenkins.exe' KeyPath='yes'/>
+                <File Name="jenkins.exe.config" Source='tmp/jenkins.exe.config' DiskId='1' />
                 <File Name="jenkins.xml" Source='tmp/jenkins.xml' DiskId='1' />
                 <File Name="jenkins.war" Source='$(var.WAR)' DiskId='1' />
                 <ServiceInstall Id="JenkinsService"

diff --git a/war/pom.xml b/war/pom.xml
@@ -125,7 +125,7 @@ THE SOFTWARE.
     <dependency>
       <groupId>org.jenkins-ci.modules</groupId>
       <artifactId>windows-slave-installer</artifactId>
-      <version>1.1</version>
+      <version>1.2</version>
     </dependency>
     <dependency>
       <groupId>org.jenkins-ci.modules</groupId>