Branch: refs/heads/master
Home: https://github.com/jenkinsci/jenkins
Commit: c4d6fa2f20a12898b6f2e5daf74e41866b5853ae
https://github.com/jenkinsci/jenkins/commit/c4d6fa2f20a12898b6f2e5daf74e41866b5853ae
Author: James Nord <[email protected]>
Date: 2023-10-05 (Thu, 05 Oct 2023)
Changed paths:
M core/src/main/java/hudson/model/UsageStatistics.java
M core/src/main/resources/hudson/model/UsageStatistics/global.groovy
M core/src/main/resources/hudson/model/UsageStatistics/global.properties
M
core/src/main/resources/hudson/model/UsageStatistics/help-usageStatisticsCollected.jelly
Log Message:
-----------
[JEP-237] Disable usage stats in fips mode (#8483)
* [JEP-237] disable UsageStats in FIPS mode
UsageStatistics is so close to being FIPS-140 compliant but fails at the
last hurdle.
We can not encrypt with RSA but we can perform key wrap. The output does
separate the key and data, by creating a new Key for encrypting the data
and that key is encrypted with RSA. If only the RSA cipher was created with
Cipher.WRAP_MODE (or Cipher.UNWRAP_MODE) instead of CIPHER.ENCRYPT_MODE (or
CIPHER.DECRYPT_MODE) we would be fine, alas it is not and changing this
would mean a change on the backend and to be able to continue to support
both whilst older versions are in the wild.
The goal of JEP-237 is not to fix all non compliant issues, so here we
just ensure that in FIPS mode the usage statistics are disabled.
Updates the UI in the global config page to adapt to usagestats being fully
disabled by system property or partially disabled by the FIPS property
Co-authored-by: Daniel Beck <[email protected]>
--
You received this message because you are subscribed to the Google Groups
"Jenkins Commits" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/jenkinsci-commits/jenkinsci/jenkins/push/refs/heads/master/81af97-c4d6fa%40github.com.
