You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@continuum.apache.org by "Wendy Smoak (JIRA)" <ji...@codehaus.org> on 2009/01/20 22:13:19 UTC
[jira] Created: (CONTINUUM-2044) Build agent should only accept
requests from its master
Build agent should only accept requests from its master
-------------------------------------------------------
Key: CONTINUUM-2044
URL: http://jira.codehaus.org/browse/CONTINUUM-2044
Project: Continuum
Issue Type: Improvement
Components: Distributed Builds
Affects Versions: 1.3.1
Reporter: Wendy Smoak
In the current implementation, a build agent will accept a request from anyone who knows the url, although it will only send responses to the master url in its config file.
The agent should only accept requests from its master, and should send an error response to any other requests.
On the dev list, Christian suggested using a shared secret as the simplest way for the agent to be sure the master making the request is who it says it is. See: http://www.nabble.com/How-can-an-agent-be-sure-that-a-request-comes-from-its-master--td21546892.html
Related to CONTINUUM-2041 (Master should be able to detect an incorrect master url in a build agent's config file)
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (CONTINUUM-2044) Build agent should only accept
requests from its master
Posted by "Wendy Smoak (JIRA)" <ji...@codehaus.org>.
[ http://jira.codehaus.org/browse/CONTINUUM-2044?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=270054#action_270054 ]
Wendy Smoak commented on CONTINUUM-2044:
----------------------------------------
What is the benefit of encrypting the key for this? Seems like any string of characters would do, since no one is ever expected to enter the *un* encrypted value anywhere.
> Build agent should only accept requests from its master
> -------------------------------------------------------
>
> Key: CONTINUUM-2044
> URL: http://jira.codehaus.org/browse/CONTINUUM-2044
> Project: Continuum
> Issue Type: Improvement
> Components: Distributed Builds
> Affects Versions: 1.3.1 (Alpha)
> Reporter: Wendy Smoak
> Assignee: Maria Catherine Tan
> Fix For: 1.4.1 (Beta)
>
>
> In the current implementation, a build agent will accept a request from anyone who knows the url, although it will only send responses to the master url in its config file.
> The agent should only accept requests from its master, and should send an error response to any other requests.
> On the dev list, Christian suggested using a shared secret as the simplest way for the agent to be sure the master making the request is who it says it is. See: http://www.nabble.com/How-can-an-agent-be-sure-that-a-request-comes-from-its-master--td21546892.html
> Related to CONTINUUM-2041 (Master should be able to detect an incorrect master url in a build agent's config file)
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (CONTINUUM-2044) Build agent should only accept
requests from its master
Posted by "Maria Catherine Tan (JIRA)" <ji...@codehaus.org>.
[ http://jira.codehaus.org/browse/CONTINUUM-2044?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=270007#action_270007 ]
Maria Catherine Tan commented on CONTINUUM-2044:
------------------------------------------------
Fixed in r1134319
- added a pre-shared key between master and all its agents.
To add a pre-shared key
1. Go to the configuration page and tick enable distributed build.
2. Enter the pre-shared secret key which will be encrypted once you save the changes.
3. Copy the encrypted key either from the continuum.xml or from the db and paste it to the configuration file (continuum-buildagent.xml) of the agents.
ToDo: documentation
> Build agent should only accept requests from its master
> -------------------------------------------------------
>
> Key: CONTINUUM-2044
> URL: http://jira.codehaus.org/browse/CONTINUUM-2044
> Project: Continuum
> Issue Type: Improvement
> Components: Distributed Builds
> Affects Versions: 1.3.1 (Alpha)
> Reporter: Wendy Smoak
> Assignee: Maria Catherine Tan
> Fix For: 1.4.1 (Beta)
>
>
> In the current implementation, a build agent will accept a request from anyone who knows the url, although it will only send responses to the master url in its config file.
> The agent should only accept requests from its master, and should send an error response to any other requests.
> On the dev list, Christian suggested using a shared secret as the simplest way for the agent to be sure the master making the request is who it says it is. See: http://www.nabble.com/How-can-an-agent-be-sure-that-a-request-comes-from-its-master--td21546892.html
> Related to CONTINUUM-2041 (Master should be able to detect an incorrect master url in a build agent's config file)
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Updated: (CONTINUUM-2044) Build agent should only accept
requests from its master
Posted by "Brett Porter (JIRA)" <ji...@codehaus.org>.
[ http://jira.codehaus.org/browse/CONTINUUM-2044?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Brett Porter updated CONTINUUM-2044:
------------------------------------
Fix Version/s: 1.4.x
> Build agent should only accept requests from its master
> -------------------------------------------------------
>
> Key: CONTINUUM-2044
> URL: http://jira.codehaus.org/browse/CONTINUUM-2044
> Project: Continuum
> Issue Type: Improvement
> Components: Distributed Builds
> Affects Versions: 1.3.1
> Reporter: Wendy Smoak
> Fix For: 1.4.x
>
>
> In the current implementation, a build agent will accept a request from anyone who knows the url, although it will only send responses to the master url in its config file.
> The agent should only accept requests from its master, and should send an error response to any other requests.
> On the dev list, Christian suggested using a shared secret as the simplest way for the agent to be sure the master making the request is who it says it is. See: http://www.nabble.com/How-can-an-agent-be-sure-that-a-request-comes-from-its-master--td21546892.html
> Related to CONTINUUM-2041 (Master should be able to detect an incorrect master url in a build agent's config file)
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Assigned: (CONTINUUM-2044) Build agent should only accept
requests from its master
Posted by "Maria Catherine Tan (JIRA)" <ji...@codehaus.org>.
[ http://jira.codehaus.org/browse/CONTINUUM-2044?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Maria Catherine Tan reassigned CONTINUUM-2044:
----------------------------------------------
Assignee: Maria Catherine Tan
> Build agent should only accept requests from its master
> -------------------------------------------------------
>
> Key: CONTINUUM-2044
> URL: http://jira.codehaus.org/browse/CONTINUUM-2044
> Project: Continuum
> Issue Type: Improvement
> Components: Distributed Builds
> Affects Versions: 1.3.1 (Alpha)
> Reporter: Wendy Smoak
> Assignee: Maria Catherine Tan
> Fix For: 1.4.1 (Beta)
>
>
> In the current implementation, a build agent will accept a request from anyone who knows the url, although it will only send responses to the master url in its config file.
> The agent should only accept requests from its master, and should send an error response to any other requests.
> On the dev list, Christian suggested using a shared secret as the simplest way for the agent to be sure the master making the request is who it says it is. See: http://www.nabble.com/How-can-an-agent-be-sure-that-a-request-comes-from-its-master--td21546892.html
> Related to CONTINUUM-2041 (Master should be able to detect an incorrect master url in a build agent's config file)
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Closed: (CONTINUUM-2044) Build agent should only accept
requests from its master
Posted by "Maria Catherine Tan (JIRA)" <ji...@codehaus.org>.
[ http://jira.codehaus.org/browse/CONTINUUM-2044?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Maria Catherine Tan closed CONTINUUM-2044.
------------------------------------------
Resolution: Fixed
> Build agent should only accept requests from its master
> -------------------------------------------------------
>
> Key: CONTINUUM-2044
> URL: http://jira.codehaus.org/browse/CONTINUUM-2044
> Project: Continuum
> Issue Type: Improvement
> Components: Distributed Builds
> Affects Versions: 1.3.1 (Alpha)
> Reporter: Wendy Smoak
> Assignee: Maria Catherine Tan
> Fix For: 1.4.1 (Beta)
>
>
> In the current implementation, a build agent will accept a request from anyone who knows the url, although it will only send responses to the master url in its config file.
> The agent should only accept requests from its master, and should send an error response to any other requests.
> On the dev list, Christian suggested using a shared secret as the simplest way for the agent to be sure the master making the request is who it says it is. See: http://www.nabble.com/How-can-an-agent-be-sure-that-a-request-comes-from-its-master--td21546892.html
> Related to CONTINUUM-2041 (Master should be able to detect an incorrect master url in a build agent's config file)
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (CONTINUUM-2044) Build agent should only accept
requests from its master
Posted by "Maria Catherine Tan (JIRA)" <ji...@codehaus.org>.
[ http://jira.codehaus.org/browse/CONTINUUM-2044?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=270228#comment-270228 ]
Maria Catherine Tan commented on CONTINUUM-2044:
------------------------------------------------
The key will be saved in the database and in configuration files that's why I thought of encrypting it. But if it's unnecessary I could remove it.
> Build agent should only accept requests from its master
> -------------------------------------------------------
>
> Key: CONTINUUM-2044
> URL: http://jira.codehaus.org/browse/CONTINUUM-2044
> Project: Continuum
> Issue Type: Improvement
> Components: Distributed Builds
> Affects Versions: 1.3.1 (Alpha)
> Reporter: Wendy Smoak
> Assignee: Maria Catherine Tan
> Fix For: 1.4.1 (Beta)
>
>
> In the current implementation, a build agent will accept a request from anyone who knows the url, although it will only send responses to the master url in its config file.
> The agent should only accept requests from its master, and should send an error response to any other requests.
> On the dev list, Christian suggested using a shared secret as the simplest way for the agent to be sure the master making the request is who it says it is. See: http://www.nabble.com/How-can-an-agent-be-sure-that-a-request-comes-from-its-master--td21546892.html
> Related to CONTINUUM-2041 (Master should be able to detect an incorrect master url in a build agent's config file)
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (CONTINUUM-2044) Build agent should only accept
requests from its master
Posted by "Wendy Smoak (JIRA)" <ji...@codehaus.org>.
[ http://jira.codehaus.org/browse/CONTINUUM-2044?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=230203#action_230203 ]
Wendy Smoak commented on CONTINUUM-2044:
----------------------------------------
Also need to consider CONTINUUM-2545 which added a webdav interface that currently does respond to anyone who connects.
> Build agent should only accept requests from its master
> -------------------------------------------------------
>
> Key: CONTINUUM-2044
> URL: http://jira.codehaus.org/browse/CONTINUUM-2044
> Project: Continuum
> Issue Type: Improvement
> Components: Distributed Builds
> Affects Versions: 1.3.1 (Alpha)
> Reporter: Wendy Smoak
> Fix For: 1.4.1 (Beta)
>
>
> In the current implementation, a build agent will accept a request from anyone who knows the url, although it will only send responses to the master url in its config file.
> The agent should only accept requests from its master, and should send an error response to any other requests.
> On the dev list, Christian suggested using a shared secret as the simplest way for the agent to be sure the master making the request is who it says it is. See: http://www.nabble.com/How-can-an-agent-be-sure-that-a-request-comes-from-its-master--td21546892.html
> Related to CONTINUUM-2041 (Master should be able to detect an incorrect master url in a build agent's config file)
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (CONTINUUM-2044) Build agent should only accept
requests from its master
Posted by "Maria Catherine Tan (JIRA)" <ji...@codehaus.org>.
[ http://jira.codehaus.org/browse/CONTINUUM-2044?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=270748#comment-270748 ]
Maria Catherine Tan commented on CONTINUUM-2044:
------------------------------------------------
r1137294
* downgrade atlassian xmlrpc to 0.8.2 to fix the intermittent NPE
> Build agent should only accept requests from its master
> -------------------------------------------------------
>
> Key: CONTINUUM-2044
> URL: http://jira.codehaus.org/browse/CONTINUUM-2044
> Project: Continuum
> Issue Type: Improvement
> Components: Distributed Builds
> Affects Versions: 1.3.1 (Alpha)
> Reporter: Wendy Smoak
> Assignee: Maria Catherine Tan
> Fix For: 1.4.1 (Beta)
>
>
> In the current implementation, a build agent will accept a request from anyone who knows the url, although it will only send responses to the master url in its config file.
> The agent should only accept requests from its master, and should send an error response to any other requests.
> On the dev list, Christian suggested using a shared secret as the simplest way for the agent to be sure the master making the request is who it says it is. See: http://www.nabble.com/How-can-an-agent-be-sure-that-a-request-comes-from-its-master--td21546892.html
> Related to CONTINUUM-2041 (Master should be able to detect an incorrect master url in a build agent's config file)
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (CONTINUUM-2044) Build agent should only accept
requests from its master
Posted by "Maria Catherine Tan (JIRA)" <ji...@codehaus.org>.
[ http://jira.codehaus.org/browse/CONTINUUM-2044?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=270243#comment-270243 ]
Maria Catherine Tan commented on CONTINUUM-2044:
------------------------------------------------
r1135020
* remove encryption of PSK
* update documentation
> Build agent should only accept requests from its master
> -------------------------------------------------------
>
> Key: CONTINUUM-2044
> URL: http://jira.codehaus.org/browse/CONTINUUM-2044
> Project: Continuum
> Issue Type: Improvement
> Components: Distributed Builds
> Affects Versions: 1.3.1 (Alpha)
> Reporter: Wendy Smoak
> Assignee: Maria Catherine Tan
> Fix For: 1.4.1 (Beta)
>
>
> In the current implementation, a build agent will accept a request from anyone who knows the url, although it will only send responses to the master url in its config file.
> The agent should only accept requests from its master, and should send an error response to any other requests.
> On the dev list, Christian suggested using a shared secret as the simplest way for the agent to be sure the master making the request is who it says it is. See: http://www.nabble.com/How-can-an-agent-be-sure-that-a-request-comes-from-its-master--td21546892.html
> Related to CONTINUUM-2041 (Master should be able to detect an incorrect master url in a build agent's config file)
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira