Merge pull request #146 from slide/windows_fixes

Fix more issues with password expiry
lemeurherve · Jul 17, 2020 · 346adc7 · 346adc7
2 parents 0c80067 + d61ae95
commit 346adc7
Show file tree

Hide file tree

Showing 6 changed files with 88 additions and 50 deletions.
diff --git a/11/windows/nanoserver-1809/Dockerfile b/11/windows/nanoserver-1809/Dockerfile
@@ -33,16 +33,24 @@ ARG JAVA_HOME=C:\jdk-${JAVA_VERSION}
 
 SHELL ["pwsh.exe", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'SilentlyContinue';"]
 
-USER ContainerAdministrator
+ENV JAVA_VERSION jdk-11.0.7+10
 
-RUN [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 ; `
-    $javaRoot = 'OpenJDK11U-jdk_x64_windows_hotspot_{0}' -f $env:JAVA_VERSION.Replace('+', '_') ; `
-    $url = 'https://github.com/AdoptOpenJDK/openjdk11-binaries/releases/download/jdk-{0}/{1}.zip' -f [System.Uri]::EscapeDataString($env:JAVA_VERSION), $javaRoot ; `
-    Write-Host "Retrieving $url..." ; `
-    Invoke-WebRequest $url -OutFile 'openjdk.zip' -UseBasicParsing ; `
-    if ((Get-FileHash openjdk.zip -Algorithm sha256).Hash -ne $env:JAVA_SHA256) { Write-Error 'Java SHA256 mismatch' ; exit 1} ; `
-    Expand-Archive openjdk.zip -DestinationPath C:/ ; `
-    Remove-Item -Path openjdk.zip
+USER ContainerAdministrator
+RUN Write-Host ('Downloading https://github.com/AdoptOpenJDK/openjdk11-binaries/releases/download/jdk-11.0.7%2B10.2/OpenJDK11U-jdk_x64_windows_hotspot_11.0.7_10.zip ...'); `
+    [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; `
+    Invoke-WebRequest -Uri https://github.com/AdoptOpenJDK/openjdk11-binaries/releases/download/jdk-11.0.7%2B10.2/OpenJDK11U-jdk_x64_windows_hotspot_11.0.7_10.zip -O 'openjdk.zip'; `
+    Write-Host ('Verifying sha256 (61e99ff902e02c83b6c48172968593ee05ae183a39e5ef13a44bd4bf7eb2ce8b) ...'); `
+    if ((Get-FileHash openjdk.zip -Algorithm sha256).Hash -ne '61e99ff902e02c83b6c48172968593ee05ae183a39e5ef13a44bd4bf7eb2ce8b') { `
+            Write-Host 'FAILED!'; `
+            exit 1; `
+    }; `
+    `
+    Write-Host 'Expanding Zip ...'; `
+    Expand-Archive -Path openjdk.zip -DestinationPath C:\ ; `
+    $jdkDirectory=(Get-ChildItem -Directory | ForEach-Object { $_.FullName } | Select-String 'jdk'); `
+    Move-Item -Path $jdkDirectory C:\openjdk-11; `
+    Write-Host 'Removing openjdk.zip ...'; `
+    Remove-Item openjdk.zip -Force
 
 ARG VERSION=4.3
 LABEL Description="This is a base image, which provides the Jenkins agent executable (agent.jar)" Vendor="Jenkins project" Version="${VERSION}"
@@ -62,10 +70,12 @@ RUN [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tl
     Write-Host "Retrieving $url..." ; `
     Invoke-WebRequest $url -OutFile 'GitLfs.zip' -UseBasicParsing ; `
     Expand-Archive GitLfs.zip -DestinationPath c:\mingit\mingw64\bin ; `
-    Remove-Item GitLfs.zip -Force
+    Remove-Item GitLfs.zip -Force ; `
+    & C:\mingit\cmd\git.exe lfs install
 
-ENV ProgramFiles="C:\Program Files"
-ENV WindowsPATH="C:\Windows\system32;C:\Windows"
+ENV ProgramFiles="C:\Program Files" `
+    WindowsPATH="C:\Windows\system32;C:\Windows" `
+    JAVA_HOME="C:\openjdk-11"
 ENV PATH="${WindowsPATH};${ProgramFiles}\PowerShell;${JAVA_HOME}\bin;C:\mingit\cmd"
 
 ARG user=jenkins
@@ -76,7 +86,6 @@ ARG AGENT_HASH_FILENAME=$AGENT_FILENAME.sha1
 RUN net accounts /maxpwage:unlimited ; `
     net user "$env:user" /add /expire:never /passwordreq:no ; `
     net localgroup Administrators /add $env:user ; `
-    setx /M PATH '%PATH%;%JAVA_HOME%\bin' ; `
     New-Item -ItemType Directory -Path C:/ProgramData/Jenkins | Out-Null
 
 ARG AGENT_ROOT=C:/Users/$user

diff --git a/11/windows/windowsservercore-1809/Dockerfile b/11/windows/windowsservercore-1809/Dockerfile
@@ -55,7 +55,7 @@ ARG AGENT_HASH_FILENAME=$AGENT_FILENAME.sha1
 
 RUN net user "$env:user" /add /expire:never /passwordreq:no ; `
     net localgroup Administrators /add $env:user ; `
-    wmic useraccount WHERE Name=$env:user set PasswordExpires=false; `
+    Set-LocalUser -Name $env:user -PasswordNeverExpires 1; `
     New-Item -ItemType Directory -Path C:/ProgramData/Jenkins | Out-Null
 
 ARG AGENT_ROOT=C:/Users/$user

diff --git a/8/windows/nanoserver-1809/Dockerfile b/8/windows/nanoserver-1809/Dockerfile
@@ -27,22 +27,26 @@
 ARG POWERSHELL_VERSION=
 FROM mcr.microsoft.com/powershell:${POWERSHELL_VERSION}nanoserver-1809
 
-ARG JAVA_VERSION=8u242-b08
-ARG JAVA_SHA256=8288e4d0983019706db89c153d18bfce28d033f646be65c8ae1c33c6c65b943e
-ARG JAVA_HOME=C:\jdk${JAVA_VERSION}
-
 SHELL ["pwsh.exe", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'SilentlyContinue';"]
 
-USER ContainerAdministrator
+ENV JAVA_VERSION jdk8u252-b09
 
-RUN [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 ; `
-    $javaRoot = 'OpenJDK8U-jdk_x64_windows_hotspot_{0}' -f $env:JAVA_VERSION.Replace('-', '') ; `
-    $url = $('https://github.com/AdoptOpenJDK/openjdk8-binaries/releases/download/jdk{0}/{1}.zip' -f $env:JAVA_VERSION, $javaRoot) ; `
-    Write-Host "Retrieving $url..." ; `
-    Invoke-WebRequest $url -OutFile 'openjdk.zip' -UseBasicParsing ; `
-    if ((Get-FileHash openjdk.zip -Algorithm sha256).Hash -ne $env:JAVA_SHA256) { Write-Error 'Java SHA256 mismatch' ; exit 1} ; `
-    Expand-Archive openjdk.zip -DestinationPath C:/ ; `
-    Remove-Item -Path openjdk.zip
+USER ContainerAdministrator
+RUN Write-Host ('Downloading https://github.com/AdoptOpenJDK/openjdk8-binaries/releases/download/jdk8u252-b09.1/OpenJDK8U-jdk_x64_windows_hotspot_8u252b09.zip ...'); `
+    [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; `
+    Invoke-WebRequest -Uri https://github.com/AdoptOpenJDK/openjdk8-binaries/releases/download/jdk8u252-b09.1/OpenJDK8U-jdk_x64_windows_hotspot_8u252b09.zip -O 'openjdk.zip'; `
+    Write-Host ('Verifying sha256 (4e2c92ba17481321eaeb1769e85eec99a774102eb80b700a201b54b130ab2768) ...'); `
+    if ((Get-FileHash openjdk.zip -Algorithm sha256).Hash -ne '4e2c92ba17481321eaeb1769e85eec99a774102eb80b700a201b54b130ab2768') { `
+            Write-Host 'FAILED!'; `
+            exit 1; `
+    }; `
+    `
+    Write-Host 'Expanding Zip ...'; `
+    Expand-Archive -Path openjdk.zip -DestinationPath C:\ ; `
+    $jdkDirectory=(Get-ChildItem -Directory | ForEach-Object { $_.FullName } | Select-String 'jdk'); `
+    Move-Item -Path $jdkDirectory C:\openjdk-8; `
+    Write-Host 'Removing openjdk.zip ...'; `
+    Remove-Item openjdk.zip -Force
 
 ARG VERSION=4.3
 LABEL Description="This is a base image, which provides the Jenkins agent executable (agent.jar)" Vendor="Jenkins project" Version="${VERSION}"
@@ -65,9 +69,9 @@ RUN [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tl
     Remove-Item GitLfs.zip -Force ; `
     & C:\mingit\cmd\git.exe lfs install
 
-
-ENV ProgramFiles="C:\Program Files"
-ENV WindowsPATH="C:\Windows\system32;C:\Windows"
+ENV ProgramFiles="C:\Program Files" `
+    WindowsPATH="C:\Windows\system32;C:\Windows" `
+    JAVA_HOME="C:\openjdk-8"
 ENV PATH="${WindowsPATH};${ProgramFiles}\PowerShell;${JAVA_HOME}\bin;C:\mingit\cmd"
 
 ARG user=jenkins

diff --git a/8/windows/windowsservercore-1809/Dockerfile b/8/windows/windowsservercore-1809/Dockerfile
@@ -55,7 +55,7 @@ ARG AGENT_HASH_FILENAME=$AGENT_FILENAME.sha1
 
 RUN net user "$env:user" /add /expire:never /passwordreq:no ; `
     net localgroup Administrators /add $env:user ; `
-    wmic useraccount WHERE Name=$env:user set PasswordExpires=false; `
+    Set-LocalUser -Name $env:user -PasswordNeverExpires 1; `
     New-Item -ItemType Directory -Path C:/ProgramData/Jenkins | Out-Null
 
 ARG AGENT_ROOT=C:/Users/$user

diff --git a/make.ps1 b/make.ps1
@@ -20,23 +20,27 @@ if(![String]::IsNullOrWhiteSpace($env:DOCKERHUB_ORGANISATION)) {
     $Organization = $env:DOCKERHUB_ORGANISATION
 }
 
-$builds = @{
-    'jdk8' = @{
-        'Folder' = '8\windows\windowsservercore-1809';
-        'Tags' = @( "windowsservercore-1809", "jdk8-windowsservercore-1809" )
-    };
-    'jdk11' = @{
-        'Folder' = '11\windows\windowsservercore-1809';
-        'Tags' = @( "jdk11-windowsservercore-1809" )
-    };
-    'nanoserver' = @{
-        'Folder' = '8\windows\nanoserver-1809';
-        'Tags' = @( "nanoserver-1809", "jdk8-nanoserver-1809" )
-    };
-    'nanoserver-jdk11' = @{
-        'Folder' = '11\windows\nanoserver-1809';
-        'Tags' = @( "jdk11-nanoserver-1809" )
-    };
+# this is the jdk version that will be used for the 'bare tag' images, e.g., jdk8-windowsservercore-1809 -> windowsserver-1809
+$defaultBuild = '8'
+$builds = @{}
+
+Get-ChildItem -Recurse -Include windows -Directory | ForEach-Object {
+    Get-ChildItem -Directory -Path $_ | Where-Object { Test-Path (Join-Path $_.FullName "Dockerfile") } | ForEach-Object {
+        $dir = $_.FullName.Replace((Get-Location), "").TrimStart("\")
+        $items = $dir.Split("\")
+        $jdkVersion = $items[0]
+        $baseImage = $items[2]
+        $basicTag = "jdk${jdkVersion}-${baseImage}" 
+        $tags = @( $basicTag )
+        if($jdkVersion -eq $defaultBuild) {
+            $tags += $baseImage
+        }
+
+        $builds[$basicTag] = @{
+            'Folder' = $dir;
+            'Tags' = $tags;
+        }        
+    }
 }
 
 if(![System.String]::IsNullOrWhiteSpace($Build) -and $builds.ContainsKey($Build)) {

diff --git a/tests/agent.Tests.ps1 b/tests/agent.Tests.ps1
@@ -17,9 +17,9 @@ if(($FOLDER -match '^(?<jdk>[0-9]+)[\\/](?<flavor>.+)$') -and (Test-Path $REAL_F
     exit 1
 }
 
-if($FLAVOR -match "nanoserver") {
+if($FLAVOR -match "nanoserver-(\d*)") {
     $AGENT_IMAGE += "-nanoserver"
-    $AGENT_CONTAINER += "-nanoserver-1809"
+    $AGENT_CONTAINER += "-nanoserver-$($Matches[1])"
     $SHELL = "pwsh.exe"
 }
 
@@ -91,6 +91,27 @@ Describe "[$JDK $FLAVOR] image has correct applications in the PATH" {
     }
 }
 
+Describe "[$JDK $FLAVOR] check user account" {
+    BeforeAll {
+        docker run -d -it --name "$AGENT_CONTAINER" -P "$AGENT_IMAGE" "$SHELL"
+        Is-AgentContainerRunning $AGENT_CONTAINER
+    }
+
+    It 'Password never expires' {
+        $exitCode, $stdout, $stderr = Run-Program 'docker.exe' "exec $AGENT_CONTAINER $SHELL -C `"if((net user jenkins | Select-String -Pattern 'Password expires') -match 'Never') { exit 0 } else { exit -1 }`""
+        $exitCode | Should -Be 0
+    }
+
+    It 'Password not required' {
+        $exitCode, $stdout, $stderr = Run-Program 'docker.exe' "exec $AGENT_CONTAINER $SHELL -C `"if((net user jenkins | Select-String -Pattern 'Password required') -match 'No') { exit 0 } else { exit -1 }`""
+        $exitCode | Should -Be 0
+    }
+
+    AfterAll {
+        Cleanup($AGENT_CONTAINER)
+    }
+}
+
 Describe "[$JDK $FLAVOR] check user access to directories" {
     BeforeAll {
         docker run -d -it --name "$AGENT_CONTAINER" -P "$AGENT_IMAGE" "$SHELL"