Fix: Persist service credentials during silent install (JENKINS-71643)#725
Open
viru0909-dev wants to merge 4 commits intojenkinsci:masterfrom
Open
Fix: Persist service credentials during silent install (JENKINS-71643)#725viru0909-dev wants to merge 4 commits intojenkinsci:masterfrom
viru0909-dev wants to merge 4 commits intojenkinsci:masterfrom
Conversation
Adding Secure="yes" prevents the Windows Installer from dropping these properties during the UI-to-Execute sequence transition.
viru0909-dev
force-pushed
the
fix/jenkins-71643-secure-properties
branch
from
c30c32e to
ae68f20
Compare
Contributor
Author
|
@MarkEWaite I have verified the fix on a Windows machine. Verification Results: I built the MSI locally and ran a silent install: 
As shown in the attached screenshot of the verbose log, the SERVICE_USERNAME is successfully passed to the Server (s) execution sequence, and the SERVICE_PASSWORD is correctly masked. ** I also updated the implementation to use SetProperty elements scheduled After="AppSearch", which avoids the "Duplicate Symbol" error I encountered with the previous approach. |
viru0909-dev
force-pushed
the
fix/jenkins-71643-secure-properties
branch
from
ae68f20 to
8d6e0dc
Compare
viru0909-dev
force-pushed
the
fix/jenkins-71643-secure-properties
branch
from
8d6e0dc to
dcba942
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes #703
The Issue
During a silent installation (e.g., msiexec /i jenkins.msi /quiet), the SERVICE_USERNAME and SERVICE_PASSWORD properties were being stripped when the Windows Installer switched from the client process (UI sequence) to the elevated system process (Execute sequence). This caused the service to fail to start or default to LocalSystem.
The Fix
SERVICE_USERNAME: Added the Secure="yes" attribute to the property definition.
SERVICE_PASSWORD: Used SetProperty elements (scheduled After="AppSearch") to dynamically add this property to the SecureCustomProperties and MsiHiddenProperties lists at runtime.
Note: This approach was chosen over adding attributes directly to SERVICE_PASSWORD because that property is defined in an imported WiX library, which caused "Duplicate Symbol" errors during compilation when redefined.
Verification
Verified on Windows 10.
I built the MSI locally from this branch and performed a silent installation with verbose logging: msiexec /i "bin\Release\en-US\jenkins-2.544.msi" /quiet /lv! install.log SERVICE_USERNAME="TestUser" SERVICE_PASSWORD="Password123"
Result:
The log confirms SERVICE_USERNAME was successfully passed to the server process.
The log confirms SERVICE_PASSWORD was successfully masked (**********).