diff --git a/core/src/main/java/jenkins/model/Jenkins.java b/core/src/main/java/jenkins/model/Jenkins.java index bb9b8efc5e0d54b006a41bb934c9355ec9bd4619..0e1805abf108520267136d3426a8136fd70c9f45 100755 --- a/core/src/main/java/jenkins/model/Jenkins.java +++ b/core/src/main/java/jenkins/model/Jenkins.java @@ -198,6 +198,7 @@ import jenkins.InitReactorRunner; import jenkins.model.ProjectNamingStrategy.DefaultProjectNamingStrategy; import jenkins.security.ConfidentialKey; import jenkins.security.ConfidentialStore; +import jenkins.util.io.FileBoolean; import net.sf.json.JSONObject; import org.acegisecurity.AccessDeniedException; import org.acegisecurity.AcegiSecurityException; @@ -777,6 +778,10 @@ public class Jenkins extends AbstractCIBase implements ModifiableTopLevelItemGro sr.nextBytes(random); secretKey = Util.toHexString(random); secretFile.write(secretKey); + + // this marker indicates that the secret.key is generated by the version of Jenkins post SECURITY-49. + // this indicates that there's no need to rewrite secrets on disk + new FileBoolean(new File(root,"secret.key.not-so-secret")).on(); } try { diff --git a/core/src/main/java/jenkins/security/RekeySecretAdminMonitor.java b/core/src/main/java/jenkins/security/RekeySecretAdminMonitor.java index 5bdd6103147818e2d2005b56c911965664fd1ef0..a5ce72c8241c36eee06282b7a0d0b35d3bdaccf4 100644 --- a/core/src/main/java/jenkins/security/RekeySecretAdminMonitor.java +++ b/core/src/main/java/jenkins/security/RekeySecretAdminMonitor.java @@ -64,7 +64,9 @@ public class RekeySecretAdminMonitor extends AdministrativeMonitor implements St // this computation needs to be done and the value be captured, // since $JENKINS_HOME/config.xml can be saved later before the user has // actually rewritten XML files. - if (Jenkins.getInstance().isUpgradedFromBefore(new VersionNumber("1.496.*"))) + Jenkins j = Jenkins.getInstance(); + if (j.isUpgradedFromBefore(new VersionNumber("1.496.*")) + && new FileBoolean(new File(j.getRootDir(),"secret.key.not-so-secret")).isOff()) needed.on(); }