Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[JENKINS-55946] always force an interpreter #89

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

[JENKINS-55946] always force an interpreter #89

wants to merge 2 commits into from

Conversation

witokondoria
Copy link
Member

@witokondoria witokondoria commented Jan 8, 2019
edited by dwnusbaum
Loading

See JENKINS-55946.

Pipeline jobs including an sh step are including a shebang on the underlying script. Such shebang caused the script to be mode changed to executable. These "executables", when written on a mounted filesystem with the noexec flag, become non-executable (causing a not obvious failure).

Replacing the bare executable script with a call to the runner defined at the shebang, avoids this situation

@witokondoria
always force an interpreter
deef67e 
Pipeline jobs including an sh step are including a shebang on the underlying script. Such shebang caused the script to be mode changed to executable. These "executables", when written on a mounted filesystem with the noexec flag, become non-executable (causing a not obvious failure).

Replacing the bare executable script with a call to the runner defined at the shebang, avoids this situation
@dwnusbaum
Copy link
Member

Thanks for the PR @witokondoria!

We try to track nontrivial changes through Jira issues, so would you be able to open an issue on https://issues.jenkins-ci.org/secure/Dashboard.jspa with component durable-task, and more or less copy the PR description to the ticket to explain the problem and your solution?

Is the scenario you mention something that can be reproduced in a test using a Docker container? For example, we previously had errors on Alpine, and so added some Alpine-specific tests (e.g. runOnAlpineDocker uses this Dockerfile so we don't accidentally regress the behavior). Given that seemingly minor changes in this plugin can have surprising effects on some platforms, it is best to add tests whenever possible to avoid regressions.

@witokondoria witokondoria changed the title always force an interpreter [JENKINS-55946] always force an interpreter Feb 4, 2019
@witokondoria
Copy link
Member Author

I have created the requested ticket (and assigned to you)
Im currently unable to implement the test, as I dont have access to a Docker daemon. The solution would be providing a new mountpoint, with the required flags:

mkdir -p /tmp/noexecmount mkdir -p /tmp/noexecdir mount --bind -o loop,noexec /tmp/noexecdir /tmp/noexecmount/

tmp/noexecmount would be the workspace folder while hopefully, the bind mount wont fiddle with the noexec flag

@dwnusbaum
Copy link
Member

The CI failure is because BourneShellScriptTest.runOnUbuntuDocker timed out on the JDK 8 build on Linux. Perhaps just a flaky test.

@dwnusbaum dwnusbaum requested review from dwnusbaum and jglick February 4, 2019 14:26
@dwnusbaum
Copy link
Member

FWIW I was a little concerned that shebang lines like #!/usr/bin/env python3 might break with this, but I tested it and they work fine before and after.

@jglick
Copy link
Member

jglick commented Apr 3, 2019

Perhaps just a flaky test.

Maybe, but should be investigated before merging.

@jglick
Copy link
Member

jglick commented Apr 3, 2019

I was a little concerned that shebang lines like #!/usr/bin/env python3 might break with this, but I tested it and they work

Sounds like that should be made into a test case, since it is not immediately obvious from reading the code.

jglick
jglick approved these changes Apr 3, 2019
View reviewed changes
Copy link
Member

@jglick jglick left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this is safe.

@witokondoria
Copy link
Member Author

I was a little concerned that shebang lines like #!/usr/bin/env python3 might break with this, but I tested it and they work

Sounds like that should be made into a test case, since it is not immediately obvious from reading the code.

Will try to include such tests

@dwnusbaum
Copy link
Member

@witokondoria Do you think you will have any time to look into adding some tests?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jglick jglick jglick approved these changes

@dwnusbaum dwnusbaum Awaiting requested review from dwnusbaum

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@witokondoria @dwnusbaum @jglick