Fix handling of -cert parameter in inbound agent

Fixes jenkinsci#908 Add handling for the `-cert` parameter in `jenkins-agent` and `jenkins-agent.ps1` scripts. ## jenkins-agent - Add logic to handle the `-cert` parameter by reading the certificate file content. - Update the `exec` command to include the `-cert` parameter if provided. ## jenkins-agent.ps1 - Add logic to handle the `-cert` parameter by reading the certificate file content. - Update the `Start-Process` command to include the `-cert` parameter if provided. ## debian/Dockerfile - Add instructions to copy the certificate file to the container. - Update the `ENTRYPOINT` to include the `-cert` parameter if provided. ## alpine/Dockerfile - Add instructions to copy the certificate file to the container. - Update the `ENTRYPOINT` to include the `-cert` parameter if provided.
biru-codeastromer · Jan 3, 2025 · 4f60bda · 4f60bda
1 parent 1ecb90f
commit 4f60bda
Show file tree

Hide file tree

Showing 4 changed files with 28 additions and 4 deletions.
diff --git a/alpine/Dockerfile b/alpine/Dockerfile
@@ -91,6 +91,8 @@ ADD --chown="${user}":"${group}" "https://repo.jenkins-ci.org/public/org/jenkins
 RUN chmod 0644 /usr/share/jenkins/agent.jar \
   && ln -sf /usr/share/jenkins/agent.jar /usr/share/jenkins/slave.jar
 
+# Copy the certificate file to the container
+COPY ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
 
 ENV JAVA_HOME=/opt/java/openjdk
 COPY --from=jre-build /javaruntime "$JAVA_HOME"
@@ -133,4 +135,4 @@ LABEL \
     org.opencontainers.image.source="https://github.com/jenkinsci/docker-agent" \
     org.opencontainers.image.licenses="MIT"
 
-ENTRYPOINT ["/usr/local/bin/jenkins-agent"]
+ENTRYPOINT ["/usr/local/bin/jenkins-agent", "-cert", "@/etc/ssl/certs/ca-certificates.crt"]
diff --git a/debian/Dockerfile b/debian/Dockerfile
@@ -135,6 +135,9 @@ RUN chmod +x /usr/local/bin/jenkins-agent &&\
     ln -s /usr/local/bin/jenkins-agent /usr/local/bin/jenkins-slave
 USER ${user}
 
+# Copy the certificate file to the container
+COPY ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
+
 LABEL \
   org.opencontainers.image.vendor="Jenkins project" \
   org.opencontainers.image.title="Official Jenkins Inbound Agent Base Docker image" \
@@ -144,4 +147,4 @@ LABEL \
   org.opencontainers.image.source="https://github.com/jenkinsci/docker-agent" \
   org.opencontainers.image.licenses="MIT"
 
-ENTRYPOINT ["/usr/local/bin/jenkins-agent"]
+ENTRYPOINT ["/usr/local/bin/jenkins-agent", "-cert", "@/etc/ssl/certs/ca-certificates.crt"]
diff --git a/jenkins-agent b/jenkins-agent
@@ -133,9 +133,21 @@ else
 		esac
 	fi
 
+	# Handle the -cert parameter
+	CERT=""
+	for arg in "$@"; do
+		if [ "$arg" = "-cert" ]; then
+			CERT_FILE=true
+		elif [ "$CERT_FILE" = true ]; then
+			CERT_CONTENT=$(cat "$arg")
+			CERT="-cert $CERT_CONTENT"
+			CERT_FILE=false
+		fi
+	done
+
 	#TODO: Handle the case when the command-line and Environment variable contain different values.
 	#It is fine it blows up for now since it should lead to an error anyway.
 
-        exec $JAVA_BIN $JAVA_OPTIONS -jar $AGENT_FILE $SECRET $AGENT_NAME $TUNNEL $URL $WORKDIR $WEB_SOCKET $DIRECT $PROTOCOLS $INSTANCE_IDENTITY $REMOTING_OPTS "$@"
+        exec $JAVA_BIN $JAVA_OPTIONS -jar $AGENT_FILE $SECRET $AGENT_NAME $TUNNEL $URL $WORKDIR $WEB_SOCKET $DIRECT $PROTOCOLS $INSTANCE_IDENTITY $CERT $REMOTING_OPTS "$@"
 
 fi
diff --git a/jenkins-agent.ps1 b/jenkins-agent.ps1
@@ -35,7 +35,8 @@ Param(
     $JenkinsJavaBin = '',
     $JavaHome = $env:JAVA_HOME,
     $JenkinsJavaOpts = '',
-    $RemotingOpts = ''
+    $RemotingOpts = '',
+    $Cert = '' # P7458
 )
 
 # Usage jenkins-agent.ps1 [options] -Url http://jenkins -Secret [SECRET] -Name [AGENT_NAME]
@@ -75,6 +76,7 @@ if(![System.String]::IsNullOrWhiteSpace($Cmd)) {
         'InstanceIdentity' = 'JENKINS_INSTANCE_IDENTITY';
         'Protocols' = 'JENKINS_PROTOCOLS';
         'RemotingOpts' = 'REMOTING_OPTS';
+        'Cert' = 'JENKINS_CERT' # P7458
     }
 
     # this does some trickery to update the variable from the CmdletBinding
@@ -147,6 +149,11 @@ if(![System.String]::IsNullOrWhiteSpace($Cmd)) {
         $AgentArguments += @('-protocols', $Protocols)
     }
 
+    if(![System.String]::IsNullOrWhiteSpace($Cert)) {
+        $CertContent = Get-Content -Path $Cert -Raw
+        $AgentArguments += @('-cert', $CertContent)
+    }
+
     if(![System.String]::IsNullOrWhiteSpace($JenkinsJavaBin)) {
         $JAVA_BIN = $JenkinsJavaBin
     } else {