Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-34745

Check Updates PeriodicWork dies horribly in the case of invalid signature

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Critical Critical
    • core
    • jenkins-2.2

      Runtime exceptions should be handled at least

      Stacktrace:

      May 12, 2016 12:24:18 AM hudson.init.impl.InstallUncaughtExceptionHandler$DefaultUncaughtExceptionHandler uncaughtException
      SEVERE: A thread (Download metadata thread/57) died unexpectedly due to an uncaught exception, this may leave your Jenkins in a bad way and is usually indicative of a bug in the code.
      java.lang.IndexOutOfBoundsException: Index: 0, Size: 0
      	at java.util.ArrayList.rangeCheck(ArrayList.java:653)
      	at java.util.ArrayList.get(ArrayList.java:429)
      	at jenkins.util.JSONSignatureValidator.verifySignature(JSONSignatureValidator.java:85)
      	at hudson.model.UpdateSite.verifySignature(UpdateSite.java:224)
      	at hudson.model.UpdateSite.updateData(UpdateSite.java:203)
      	at hudson.model.UpdateSite.updateDirectlyNow(UpdateSite.java:175)
      	at hudson.PluginManager.doCheckUpdatesServer(PluginManager.java:1408)
      	at jenkins.model.DownloadSettings$DailyCheck.execute(DownloadSettings.java:121)
      	at hudson.model.AsyncPeriodicWork$1.run(AsyncPeriodicWork.java:99)
      	at java.lang.Thread.run(Thread.java:745)
      

          [JENKINS-34745] Check Updates PeriodicWork dies horribly in the case of invalid signature

          Code changed in jenkins
          User: Oleg Nenashev
          Path:
          core/src/main/java/hudson/PluginManager.java
          core/src/main/java/jenkins/util/JSONSignatureValidator.java
          http://jenkins-ci.org/commit/jenkins/1e6afbae3b82936602f28c402379e04d0b00a47e
          Log:
          JENKINS-34745 - Prevent CheckUpdates PeriodicWork death if update site cert is missing (#2333)

          • JENKINS-34745 - Prevent CheckUpdates PeriodicWork death in the case of the missing update site signature
          • JENKINS-34745 - Fix the formatting of the validation message (cc @lanwen)

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Oleg Nenashev Path: core/src/main/java/hudson/PluginManager.java core/src/main/java/jenkins/util/JSONSignatureValidator.java http://jenkins-ci.org/commit/jenkins/1e6afbae3b82936602f28c402379e04d0b00a47e Log: JENKINS-34745 - Prevent CheckUpdates PeriodicWork death if update site cert is missing (#2333) JENKINS-34745 - Prevent CheckUpdates PeriodicWork death in the case of the missing update site signature JENKINS-34745 - Fix typo in the validator JENKINS-34745 - Fix the formatting of the validation message (cc @lanwen)

          Itai Sanders added a comment -

          this exceptions happens here on a daily basis, seems like some sort of idle process that throws it in a very different context.
          the exception causes Jenkins to enter a java.lang.OutOfMemoryError: Java heap space spiral from this point onward until the service crashes and must be restarted manually.

          change Priority to critical because of the daily crash.

          Itai Sanders added a comment - this exceptions happens here on a daily basis, seems like some sort of idle process that throws it in a very different context. the exception causes Jenkins to enter a java.lang.OutOfMemoryError: Java heap space spiral from this point onward until the service crashes and must be restarted manually. change Priority to critical because of the daily crash.

          Oleg Nenashev added a comment -

          The fix has been released in jenkins-2.4

          Oleg Nenashev added a comment - The fix has been released in jenkins-2.4

          Code changed in jenkins
          User: Oleg Nenashev
          Path:
          core/src/main/java/hudson/PluginManager.java
          core/src/main/java/jenkins/util/JSONSignatureValidator.java
          http://jenkins-ci.org/commit/jenkins/c6131436f4a022cae8772508873181e1d148a91b
          Log:
          JENKINS-34745 - Prevent CheckUpdates PeriodicWork death if update site cert is missing (#2333)

          • JENKINS-34745 - Prevent CheckUpdates PeriodicWork death in the case of the missing update site signature
          • JENKINS-34745 - Fix the formatting of the validation message (cc @lanwen)

          (cherry picked from commit 1e6afbae3b82936602f28c402379e04d0b00a47e)

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Oleg Nenashev Path: core/src/main/java/hudson/PluginManager.java core/src/main/java/jenkins/util/JSONSignatureValidator.java http://jenkins-ci.org/commit/jenkins/c6131436f4a022cae8772508873181e1d148a91b Log: JENKINS-34745 - Prevent CheckUpdates PeriodicWork death if update site cert is missing (#2333) JENKINS-34745 - Prevent CheckUpdates PeriodicWork death in the case of the missing update site signature JENKINS-34745 - Fix typo in the validator JENKINS-34745 - Fix the formatting of the validation message (cc @lanwen) (cherry picked from commit 1e6afbae3b82936602f28c402379e04d0b00a47e)

            oleg_nenashev Oleg Nenashev
            oleg_nenashev Oleg Nenashev
            Votes:
            1 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: