aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPaul Sokolovsky <paul.sokolovsky@linaro.org>2013-09-02 21:59:07 +0300
committerPaul Sokolovsky <paul.sokolovsky@linaro.org>2013-09-02 21:59:07 +0300
commit3c4dcd611265cf31a7fb185d4fe1689b615a0dc7 (patch)
treeede84a975daec2b8e14444755df934c3eb6403f4
parent3be69abea242e106e24b5326f6f3757680f80aa3 (diff)
lp:1163979 Upgrade Jenkins config handling to 1.480.2 and higher.
Diffstat
-rwxr-xr-xmonitor_ec2_build_slaves.py47
1 files changed, 39 insertions, 8 deletions
diff --git a/monitor_ec2_build_slaves.py b/monitor_ec2_build_slaves.py
index 5d97a89..a75df89 100755
--- a/monitor_ec2_build_slaves.py
+++ b/monitor_ec2_build_slaves.py
@@ -61,6 +61,8 @@ BUILD_RUN_TIMES = [
ACTIVE_REGION = "us-east-1"
JENKINS_HOME = "/var/lib/jenkins/"
+JENKINS_HOME = "/home/pfalcon/devel/linaro/jenkins-config-android-build.linaro.org/"
+#JENKINS_HOME = "/home/pfalcon/devel/linaro/jenkins-config-ci.linaro.org/"
# This maps EC2 key name used to start a slave to the owning master instance
KEY_NAME_TO_MASTER = {
@@ -71,19 +73,48 @@ KEY_NAME_TO_MASTER = {
log = logging.getLogger("monitor")
-def get_cleartext(s):
- import base64
- import hashlib
- from Crypto.Cipher import AES
- key = open(JENKINS_HOME + "secret.key").read()
+import base64
+import hashlib
+from Crypto.Cipher import AES
+
+MAGIC = "::::MAGIC::::"
+
+
+def get_master_aes():
+ key = open(JENKINS_HOME + "secrets/master.key").read()
digest = hashlib.sha256(key)
aes = AES.new(digest.digest()[0:128 / 8])
+ return aes
+
+
+def decrypt(aes, s):
+ clear = aes.decrypt(s)
+ clear = clear.rstrip()
+ i = clear.rindex("::::MAGIC::::")
+ # clear text may still have non-zero padding, that's
+ # why weird handling below
+ tailer = clear[i:]
+ clear = clear[:i]
+ assert len(tailer) <= len(MAGIC) + 3
+ return clear
+
+
+def get_subkey_aes(name):
+ aes = get_master_aes()
+ s = open(JENKINS_HOME + "secrets/" + name).read()
+ util_key = decrypt(aes, s)
+ aes = AES.new(util_key[0:128 / 8])
+ return aes
+
+
+def get_config_val(key_name, s):
+ aes = get_subkey_aes(key_name)
clear = aes.decrypt(base64.b64decode(s))
clear = clear.rstrip()
- if not clear.endswith("::::MAGIC::::"):
+ if not clear.endswith(MAGIC):
return None
- clear = clear[:-len("::::MAGIC::::")]
+ clear = clear[:-len(MAGIC)]
return clear
@@ -92,7 +123,7 @@ def get_credentials():
nodes = tree.xpath("//hudson.plugins.ec2.EC2Cloud/accessId")
access_id = nodes[0].text
nodes = tree.xpath("//hudson.plugins.ec2.EC2Cloud/secretKey")
- secret_key = get_cleartext(nodes[0].text)
+ secret_key = get_config_val("hudson.util.Secret", nodes[0].text)
return access_id, secret_key
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-23 22:51:19 +0000