Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-34745

Check Updates PeriodicWork dies horribly in the case of invalid signature

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Critical Critical
    • core
    • jenkins-2.2

      Runtime exceptions should be handled at least

      Stacktrace:

      May 12, 2016 12:24:18 AM hudson.init.impl.InstallUncaughtExceptionHandler$DefaultUncaughtExceptionHandler uncaughtException
      SEVERE: A thread (Download metadata thread/57) died unexpectedly due to an uncaught exception, this may leave your Jenkins in a bad way and is usually indicative of a bug in the code.
      java.lang.IndexOutOfBoundsException: Index: 0, Size: 0
      	at java.util.ArrayList.rangeCheck(ArrayList.java:653)
      	at java.util.ArrayList.get(ArrayList.java:429)
      	at jenkins.util.JSONSignatureValidator.verifySignature(JSONSignatureValidator.java:85)
      	at hudson.model.UpdateSite.verifySignature(UpdateSite.java:224)
      	at hudson.model.UpdateSite.updateData(UpdateSite.java:203)
      	at hudson.model.UpdateSite.updateDirectlyNow(UpdateSite.java:175)
      	at hudson.PluginManager.doCheckUpdatesServer(PluginManager.java:1408)
      	at jenkins.model.DownloadSettings$DailyCheck.execute(DownloadSettings.java:121)
      	at hudson.model.AsyncPeriodicWork$1.run(AsyncPeriodicWork.java:99)
      	at java.lang.Thread.run(Thread.java:745)
      

          [JENKINS-34745] Check Updates PeriodicWork dies horribly in the case of invalid signature

          Oleg Nenashev created issue -

          Code changed in jenkins
          User: Oleg Nenashev
          Path:
          core/src/main/java/hudson/PluginManager.java
          core/src/main/java/jenkins/util/JSONSignatureValidator.java
          http://jenkins-ci.org/commit/jenkins/1e6afbae3b82936602f28c402379e04d0b00a47e
          Log:
          JENKINS-34745 - Prevent CheckUpdates PeriodicWork death if update site cert is missing (#2333)

          • JENKINS-34745 - Prevent CheckUpdates PeriodicWork death in the case of the missing update site signature
          • JENKINS-34745 - Fix the formatting of the validation message (cc @lanwen)

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Oleg Nenashev Path: core/src/main/java/hudson/PluginManager.java core/src/main/java/jenkins/util/JSONSignatureValidator.java http://jenkins-ci.org/commit/jenkins/1e6afbae3b82936602f28c402379e04d0b00a47e Log: JENKINS-34745 - Prevent CheckUpdates PeriodicWork death if update site cert is missing (#2333) JENKINS-34745 - Prevent CheckUpdates PeriodicWork death in the case of the missing update site signature JENKINS-34745 - Fix typo in the validator JENKINS-34745 - Fix the formatting of the validation message (cc @lanwen)
          Itai Sanders made changes -
          Priority Original: Major [ 3 ] New: Critical [ 2 ]

          Itai Sanders added a comment -

          this exceptions happens here on a daily basis, seems like some sort of idle process that throws it in a very different context.
          the exception causes Jenkins to enter a java.lang.OutOfMemoryError: Java heap space spiral from this point onward until the service crashes and must be restarted manually.

          change Priority to critical because of the daily crash.

          Itai Sanders added a comment - this exceptions happens here on a daily basis, seems like some sort of idle process that throws it in a very different context. the exception causes Jenkins to enter a java.lang.OutOfMemoryError: Java heap space spiral from this point onward until the service crashes and must be restarted manually. change Priority to critical because of the daily crash.

          Oleg Nenashev added a comment -

          The fix has been released in jenkins-2.4

          Oleg Nenashev added a comment - The fix has been released in jenkins-2.4
          Oleg Nenashev made changes -
          Labels New: lts-candidate
          Oleg Nenashev made changes -
          Resolution New: Fixed [ 1 ]
          Status Original: Open [ 1 ] New: Resolved [ 5 ]

          Code changed in jenkins
          User: Oleg Nenashev
          Path:
          core/src/main/java/hudson/PluginManager.java
          core/src/main/java/jenkins/util/JSONSignatureValidator.java
          http://jenkins-ci.org/commit/jenkins/c6131436f4a022cae8772508873181e1d148a91b
          Log:
          JENKINS-34745 - Prevent CheckUpdates PeriodicWork death if update site cert is missing (#2333)

          • JENKINS-34745 - Prevent CheckUpdates PeriodicWork death in the case of the missing update site signature
          • JENKINS-34745 - Fix the formatting of the validation message (cc @lanwen)

          (cherry picked from commit 1e6afbae3b82936602f28c402379e04d0b00a47e)

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Oleg Nenashev Path: core/src/main/java/hudson/PluginManager.java core/src/main/java/jenkins/util/JSONSignatureValidator.java http://jenkins-ci.org/commit/jenkins/c6131436f4a022cae8772508873181e1d148a91b Log: JENKINS-34745 - Prevent CheckUpdates PeriodicWork death if update site cert is missing (#2333) JENKINS-34745 - Prevent CheckUpdates PeriodicWork death in the case of the missing update site signature JENKINS-34745 - Fix typo in the validator JENKINS-34745 - Fix the formatting of the validation message (cc @lanwen) (cherry picked from commit 1e6afbae3b82936602f28c402379e04d0b00a47e)
          Oliver Gondža made changes -
          Labels Original: lts-candidate New: 1.651.3-fixed
          R. Tyler Croy made changes -
          Workflow Original: JNJira [ 170926 ] New: JNJira + In-Review [ 198985 ]

            oleg_nenashev Oleg Nenashev
            oleg_nenashev Oleg Nenashev
            Votes:
            1 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: