Jenkins builds of GitLab branches stopped working due to security patch

There have been some security patches to Jenkins recently, which have stopped some plugins from working – in our case, the Gitlab Merge Request Builder Plugin.

Parameters that used to get passed in as part of a trigger to build a branch stopped being passed through.

Errors in the Jenkins build console output looked like this – you can see that ${gitlabSourceBranch} is not being replaced properly with the branch name:

git config remote.refs/remotes/origin/${gitlabSourceBranch}.url git@git.dev53.co.uk:specialproject/specialrepo.git # timeout=10

And the log file had lots of entries like this:

May 17, 2016 9:25:33 AM hudson.model.ParametersAction filter
WARNING: Skipped parameter `gitlabSourceBranch` as it is undefined on `knowmalaria-merge`. Set `-Dhudson.model.ParametersAction.keepUndefinedParameters`=true to allow undefined parameters to be injected as environment variables or `-Dhudson.model.ParametersAction.safeParameters=[comma-separated list]` to whitelist specific parameter names, even though it represents a security breach

To get the branches building again, we had to update the parameters that the Jenkins server is started with.

In /etc/init.d/jenkins, set up a list of the parameters that the build will need :


# allow parameters to be passed in to gitlab builds
ALLOW_GITLAB_PARAMETERS="-Dhudson.model.ParametersAction.safeParameters=gitlabMergeRequestIid,gitlabSourceRepository,gitlabMergeRequestId,gitlabTargetBranch,gitlabSourceBranch,gitlabDescription,gitlabSourceName"

and pass those parameters to the process at startup:


# --user in daemon doesn't prepare environment variables like HOME, USER, LOGNAME or USERNAME,
# so we let su do so for us now
$SU -l $JENKINS_USER --shell=/bin/bash -c "$DAEMON $DAEMON_ARGS -- $JAVA $JAVA_ARGS $ALLOW_GITLAB_PARAMETERS -jar $JENKINS_WAR $JENKINS_ARGS" || return 2

Then restart your Jenkins server:

sudo service jenkins restart

You may have a different list of parameters that need to be passed to the build – check the ‘parameters’ page for one of your previous builds.

See more description of the original security flaw here:

http://www.infoworld.com/article/3070093/security/jenkins-security-patches-could-break-plug-ins.html
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11

Enable trackpad coasting in Ubuntu 10.04

I like the way trackpad edge-scrolling allows you to “coast” (start scrolling with the edge of the trackpad, then release it, and the scrolling continues until you tap the trackpad again).

It’s not enabled by default on Ubuntu 10.04, but here’s how to turn it on (put it in a startup script):

xinput set-prop –type=float “AlpsPS/2 ALPS DualPoint TouchPad” “Synaptics Coasting Speed” 1

Installing Ruby Active Record on Ubuntu 10.04

I had to jump through a few hoops..

I tried the obvious “sudo gem install activerecord”, but it gave an error – it needs to install the i18n gem, but that needs rubygems version >= 1.3.6, and I had rubygems 1.3.5.

So I had to upgrade  rubygems first, which would normally be :

sudo gem update --system

but that reports that it’s been disabled on Debian, and directs you to use apt-get instead (which doesn’t have a better version). So I had to use the gem-updater gem:

sudo gem install rubygems-update
sudo update_rubygems
after which I had rubygems 1.3.7. Then I could get active record:
sudo gem install activerecord

I still needed to get the mysql gem installed, which in turn needed the libmysql-dev stuff installed

sudo apt-get install libmysqlclient15-dev
sudo gem install mysql

Ubuntu and CloudInit on Amazon EC2

Alestic and Canonical have released new Ubuntu AMIs for EC2 – the EBS version in the eu-west-1 region has AMI ID “ami-38bf954c”, and the source is “099720109477/ebs/ubuntu-images/ubuntu-lucid-10.04-i386-server-20100827”.

Ubuntu images support CloudInit, which runs scripts on startup to allow you to configure the server (set up ssh keys, update the repos etc). There’s a load of different ways to specify what should get run (see https://help.ubuntu.com/community/CloudInit for full details).

One of the simplest is just to give it a script in the User Data, like this:

#!/bin/sh
echo "Hello World.  The time is now $(date -R)!" | tee /root/output.txt
EOF

It runs as the root user, so you can do pretty much anything you want to configure the box.