Java Version 7, Update 45 warning every time I try starting the slave

[Jeremy Morton]

When I run the javaws.exe command line to start slave-agent.jnlp, I now get this Security warning from Java, which implies that in a future Java update, I won't be able to run it at all.

 

Is this something that I need to configure to make Java happy, or is this a Jenkins-side fix?

 

Security Warning

Do you want to run this application?

Name: hudson.remoting.Launcher

Publisher: UNKNOWN

Location: http://jenkinsmaster:8080

Running applications by UNKNOWN publishers will be blocked in a future release

because it is potentially unsafe and a security risk.

Risk: This application will run with unrestricted access which may put your computer and personal information at

risk. The information provided is unreliable op unknown so it is recommended not to run this application unless

you are familiar with its source

This application will be blocked in a Future Java security update because the JAR File manifest does not

contain the Permissions attribute. Please contact the Publisher for more information. More Information

Select the box below, then click Run to start the application

I accept the risk and want to run this application  Run Cancel

[Andreas Schilling]

Hi Jeremy,

with Java7 u45 some big changes have been made to security handling. We were massively affected with our own applications which are also delivered via webstart.
You can't do anything, the provider of the application (and the JNLP for it) has to take some actions. (or, maybe you also can turn down java security settings to basically "none", but usually this is neither wanted nor allowed)
In our case this was adding some new manifest headers to all application JARs and signing the JNLP as well, not only the JARs.
I will check later whether there is already a JIRA issue for that. I believe this is quite important, especially if you're working at a company where you can't control what Java versions become installed (and using the latest is usually favoured by most sysadmins)

Mit freundlichen Grüßen / kind regards
i.A. Andreas Schilling
Enterprise Processes & Software
-------------------------------------------------------------------
Dipl. Inf. Andreas Schilling
Senior Software Architect

TWT GmbH
Science & Innovation
Ernsthaldenstraße 17
D-70565 Stuttgart
 
Tel: +49.7 11.21 57 77.6 73
Mobil: +49.1 72.6 22 88 70
E-Mail: andreas....@twt-gmbh.de
--------------------------------------------------------------------
www.twt-gmbh.de
--------------------------------------------------------------------
Geschäftsführung: Dr. Dimitrios Vartziotis, Joachim Laicher (Stv.), Frank Beutenmüller (Stv.)
Registergericht: Amtsgericht Stuttgart, HRB Nr. 212778
Umsatzsteuer: ID-Nr.: DE147841145
--------------------------------------------------------------------

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-use...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

[Mikael Larsson]

Hi,

We had the same issue and solved it by using the alternative way to start the jnlp-jar:

   java -jar slave.jar -jnlpUrl https://ci.domain.com/jenkins/computer/COMPUTERNAME/slave-agent.jnlp

[Jeremy Morton]

I am not finding slave.jar, and that command errors with:

Error: Unable to access jarfile slave.jar

[Daniel Beck]

Download from your Jenkins at https://ci.domain.com/jenkins/jnlpJars/slave.jar

[Mark Waite]

You can download slave.jar from the link on each slave node definition page.  It is available from http://localhost:8080/jnlpJars/slave.jar (replace localhost with your Jenkins server host name).

Mark Waite

--

[Adam Westhusing]

I tried doing this and still received the security warning.  Is there anything special that needs to be set on the server side to not receive the warning?  

[Mark Waite]

No, there is nothing on the server side which needs to be set.  Maybe I'm not understanding the technique you attempted.

I downloaded the slave.jar file from the Jenkins server to a local directory on my computer.

I created a batch file and inserted the "java -jar slave.jar ..." command in the batch file

I started the batch file by double clicking it from Windows explorer

Did you do something different than that?

Mark Waite

[Mark]

I am experiencing the same problems. Executed: java -jar slave.jar -jnlpUrlhttp://HOSTNAME:8080/computer/HOSTNAME/slave-agent.jnlp -secret xxxx

 

And still get the error message "Running this application may be a security risk"

 

Op dinsdag 17 december 2013 00:55:24 UTC+1 schreef Mark Waite:

[Andreas Schilling]

Hi everyone,

as stated in my answer from some time ago, the issue is that the JNLP for Java versions from v7u45 must be signed.
That means the build process for the slave-JAR must be extended accordingly. This is how it works:
https://blogs.oracle.com/thejavatutorials/entry/signing_a_jnlp_file
https://blogs.oracle.com/thejavatutorials/entry/signing_jar_files_with_a

Does anyone know whether there is already a JIRA-issue for that? If not, I can create it.

Mit freundlichen Grüßen / kind regards
i.A. Andreas Schilling
Enterprise Processes & Software
-------------------------------------------------------------------
Dipl. Inf. Andreas Schilling
Senior Software Architect

TWT GmbH
Science & Innovation
Ernsthaldenstraße 17
D-70565 Stuttgart
 
Tel: +49.7 11.21 57 77.6 73
Mobil: +49.1 72.6 22 88 70
E-Mail: andreas....@twt-gmbh.de
--------------------------------------------------------------------
www.twt-gmbh.de
--------------------------------------------------------------------
Geschäftsführung: Dr. Dimitrios Vartziotis, Joachim Laicher (Stv.), Frank Beutenmüller (Stv.)
Registergericht: Amtsgericht Stuttgart, HRB Nr. 212778
Umsatzsteuer: ID-Nr.: DE147841145
--------------------------------------------------------------------

Von:        Mark <markd...@gmail.com>
An:        jenkins...@googlegroups.com
Datum:        17.12.2013 16:07
Betreff:        Re: Java Version 7, Update 45 warning every time I try starting the slave
Gesendet von:        jenkins...@googlegroups.com

---

[Jeremy Morton]

FYI, as of Update 51, it now blocks with no option to allow execution.

On Thursday, December 19, 2013 6:21:36 AM UTC-5, Andreas Schilling wrote:

Hi everyone,

as stated in my answer from some time ago, the issue is that the JNLP for Java versions from v7u45 must be signed.
That means the build process for the slave-JAR must be extended accordingly. This is how it works:
https://blogs.oracle.com/thejavatutorials/entry/signing_a_jnlp_file
https://blogs.oracle.com/thejavatutorials/entry/signing_jar_files_with_a

Does anyone know whether there is already a JIRA-issue for that? If not, I can create it.

Mit freundlichen Grüßen / kind regards
i.A. Andreas Schilling
Enterprise Processes & Software
-------------------------------------------------------------------
Dipl. Inf. Andreas Schilling
Senior Software Architect

TWT GmbH
Science & Innovation
Ernsthaldenstraße 17
D-70565 Stuttgart
 

Tel: +49.7 11.21 57 77.6 73
Mobil: +49.1 72.6 22 88 70

[Jeremy Morton]

Even worse, even if you don't update Java, it refuses to run self-signed jnlp files because you aren't running the latest version [and the latest version blocks them, too].

On Wednesday, January 15, 2014 3:10:15 PM UTC-5, Jeremy Morton wrote:

[k.thi...@comcast.net]

Try going to Java in Control Panel > Programs.

Then go to the Security Tab, and click on edit site list.  Add your jenkins base address there 

---

From: "Jeremy Morton" <raist...@hotmail.com>
To: jenkins...@googlegroups.com
Sent: Wednesday, January 15, 2014 2:22:08 PM
Subject: Re: Re: Java Version 7, Update 45 warning every time I try starting the slave

--

[Jeremy Morton]

Thanks, that got me back to having to check a box each time I start the program. There doesn't seem to be a way to tell it to just run it when it is launched.

[Srinivas Kona]

One workaround would be to decrease the security level of java.....start-->configure java--->security tab--->decrease the security level to the least.

[Mark Waite]

Another work around is to start the slave using a local copy of slave.jar, rather than using JNLP.  A local copy of slave.jar works on JDK7u51 as well and does not require any changes to the Java permission settings.

Mark Waite

--

Thanks!

Mark Waite

[alex ouzounis]

This is what we do.

We have a script that launches the slave which fetches the slave.jar from the master and uses that.

example:

#!/bin/bash

rm slave.jar

wget $JENKINS_MASTER_URL/jnlpJars/slave.jar

source ~/.bash_profile

java -jar slave.jar

Alex

[gho_v]

Hi,

I have the same problem, I upgraded Jenkins to the latest version (1.561), I setup the window slave using 'Launch slave agents via Java Web Start'. Everytime I restart window (installed with Java 1.7 update 45), I got the security warning pop up to ask me 'Do you want to run this application?' and I need to click 'Run' to continue.  Is there any way to bypass/disable this pop up? I have jobs that will restart window and I don't want to manually go into the window node to click 'Run' to continue running the jenkins jobs.

Thanks.

[k.thi...@comcast.net]

Try this:

Open Java in your control panel

Go to the "Security" tab

Click "edit site list"

Click "Add"

Enter in the root url of your jenkins server

Not 100% sure if that will work for you, but I believe we had to do that with a couple of our build machines running java 7.  You might get the prompt initially still, but I think there is an option to trust on the prompt.

---

From: "gho_v" <gho...@gmail.com>
To: jenkins...@googlegroups.com
Sent: Wednesday, April 30, 2014 8:52:38 PM
Subject: Re: Java Version 7, Update 45 warning every time I try starting the slave

Hi,

I have the same problem, I upgraded Jenkins to the latest version (1.561), I setup the window slave using 'Launch slave agents via Java Web Start'. Everytime I restart window (installed with Java 1.7 update 45), I got the security warning pop up to ask me 'Do you want to run this application?' and I need to click 'Run' to continue.  Is there any way to bypass/disable this pop up? I have jobs that will restart window and I don't want to manually go into the window node to click 'Run' to continue running the jenkins jobs.

Thanks.

--

You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-use...@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.