July 2017 - jbosstools-issues - Jboss List Archives

[JBoss JIRA] (ERT-517) Add basic security for running images [EBZ#519581]

by Jeff Johnston (JIRA)

[ https://issues.jboss.org/browse/ERT-517?page=com.atlassian.jira.plugin.sy... ] Jeff Johnston updated ERT-517: ------------------------------ Sprint: devex #134 Jun 2017, devex #135 July 2017 (was: devex #134 Jun 2017) > Add basic security for running images [EBZ#519581] > -------------------------------------------------- > > Key: ERT-517 > URL: https://issues.jboss.org/browse/ERT-517 > Project: Eclipse Release Train > Issue Type: Task > Components: Linux Tools > Reporter: Friendly Jira Robot > Assignee: Jeff Johnston > Labels: 6.1.0, Docker, bzira > Fix For: Oxygen.1 (4.7) > > > In a blog by Daniel Walsh, it was recommended that Containers be run with readonly root fs (--readonly). That said, to run most Containers successfully, this option also required accessing /run and /tmp in tmpfs (--tmpfs /run --tmpfs /tmp). > A basic security option should be added to the Run Image Wizard to support: > --readonly --tmpfs /run --tmpfs /tmp -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 8 months

1
0
0 / 0

[JBoss JIRA] (JBDS-4454) Path to JDK needs to be updated after every update of JDK

by Nick Boldt (JIRA)

[ https://issues.jboss.org/browse/JBDS-4454?page=com.atlassian.jira.plugin.... ] Nick Boldt commented on JBDS-4454: ---------------------------------- Installing devstudio via console (no GUI) doesn't have this bug. {code} echo 1 | java -jar devstudio-11.0.0.AM2-v20170713-2124-B489-installer-standalone.jar -console mv ~/devstudio ~/devstudio-11.0.0.AM2-v20170713-2124-B489-installer-standalone{code} In fact, no -vm flag is added to devstudio.ini when I install that way: {code:title=~/devstudio-11.0.0.AM2-v20170713-2124-B489-installer-standalone/studio/devstudio.ini} -startup plugins/org.eclipse.equinox.launcher_1.4.0.v20161219-1356.jar --launcher.library plugins/org.eclipse.equinox.launcher.gtk.linux.x86_64_1.1.500.v20170531-1133 -product com.jboss.devstudio.core.product -showsplash platform\:/base/plugins/com.jboss.devstudio.core --launcher.defaultAction openFile -vmargs -Xms512m -Xmx1024m -Dosgi.instance.area.default=(a)user.home/workspace{code} But based on your screenshot, the default value pushed to your devstudio.ini was the value preloaded into the *Specific Java VM* field. So... that might be the value of *$\{JAVA_HOME}* on your system. Can you confirm? Here are my java alternatives: {code} $➔ alternatives --list | egrep "jdk|jre|java" | sort java auto /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.121-8.b14.fc24.x86_64/jre/bin/java javac auto /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.121-8.b14.fc24.x86_64/bin/javac java_sdk_1.8.0 auto /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.121-8.b14.fc24.x86_64 java_sdk_1.8.0_openjdk auto /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.121-8.b14.fc24.x86_64 java_sdk_openjdk auto /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.121-8.b14.fc24.x86_64 jaxp_parser_impl auto /usr/share/java/xerces-j2.jar jaxp_transform_impl auto /usr/share/java/xalan-j2.jar jre_1.8.0 auto /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.121-8.b14.fc24.x86_64/jre jre_1.8.0_openjdk auto /usr/lib/jvm/jre-1.8.0-openjdk-1.8.0.121-8.b14.fc24.x86_64 jre_openjdk auto /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.121-8.b14.fc24.x86_64/jre {code} And my *JAVA_HOME* is */opt/jdk1.8.0/* But when I run the installer I get this value in the Specific Java VM field: {code}/usr/lib/jvm/jre-1.8.0-openjdk-1.8.0.121-8.b14.fc24.x86_64{code} And the resulting devstudio.ini has: {code} -vm /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.121-8.b14.fc24.x86_64/bin/java{code} So, yes, this is a bug, and we should fix that. > Path to JDK needs to be updated after every update of JDK > --------------------------------------------------------- > > Key: JBDS-4454 > URL: https://issues.jboss.org/browse/JBDS-4454 > Project: Red Hat JBoss Developer Studio (devstudio) > Issue Type: Enhancement > Components: build, installer > Affects Versions: 11.0.0.AM1 > Environment: Fedora 26 > Reporter: Josef Kopriva > Assignee: Nick Boldt > Fix For: 11.0.0.GA > > Attachments: image-2017-06-30-11-01-40-783.png, screenshot-1.png > > > After every update of JDK, path to JDK in file devstudio.ini needs to be updated. This does not happening in Eclipse. > !image-2017-06-30-11-01-40-783.png|thumbnail! -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 8 months

1
0
0 / 0

[JBoss JIRA] (JBIDE-24668) Warnings after installation in Eclipse Oxygen

by Nick Boldt (JIRA)

[ https://issues.jboss.org/browse/JBIDE-24668?page=com.atlassian.jira.plugi... ] Nick Boldt commented on JBIDE-24668: ------------------------------------ Reported upstream to wst.server: Bug 520123 - Enablement expression is missing for org.jboss.tools.wtp.server.launchbar.ModuleDescriptorType - https://bugs.eclipse.org/bugs/show_bug.cgi?id=520123 > Warnings after installation in Eclipse Oxygen > --------------------------------------------- > > Key: JBIDE-24668 > URL: https://issues.jboss.org/browse/JBIDE-24668 > Project: Tools (JBoss Tools) > Issue Type: Bug > Components: upstream > Affects Versions: 4.5.0.AM2 > Environment: F26 > Eclipse Java EE IDE for Web Developers. > Version: Oxygen Release (4.7.0) > Reporter: Josef Kopriva > Priority: Minor > Fix For: 4.5.x > > > After installation of JBoss Tools (from update site http://download.jboss.org/jbosstools/oxygen/staging/updates/) in Eclipse Oxygen, there are warnings in error log: > {code:java} > eclipse.buildId=4.7.0.I20170612-0950 > java.version=1.8.0_131 > java.vendor=Oracle Corporation > BootLoader constants: OS=linux, ARCH=x86_64, WS=gtk, NL=en_US > Framework arguments: -product org.eclipse.epp.package.jee.product > Command-line arguments: -data file:/home/jkopriva/eclipse-oxygen-final/workspace/ -os linux -ws gtk -arch x86_64 -product org.eclipse.epp.package.jee.product > org.eclipse.launchbar.core > Warning > Fri Jul 14 10:00:07 CEST 2017 > Enablement expression is missing for config provider for org.jboss.tools.wtp.server.launchbar.ModuleDescriptorType > {code} > and > {code:java} > eclipse.buildId=4.7.0.I20170612-0950 > java.version=1.8.0_131 > java.vendor=Oracle Corporation > BootLoader constants: OS=linux, ARCH=x86_64, WS=gtk, NL=en_US > Framework arguments: -product org.eclipse.epp.package.jee.product > Command-line arguments: -data file:/home/jkopriva/eclipse-oxygen-final/workspace/ -os linux -ws gtk -arch x86_64 -product org.eclipse.epp.package.jee.product > org.eclipse.launchbar.core > Warning > Fri Jul 14 10:00:07 CEST 2017 > Enablement expression is missing for descriptor type org.jboss.tools.wtp.server.launchbar.ModuleDescriptorType > {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 8 months

1
0
0 / 0

[JBoss JIRA] (JBIDE-24668) Warnings after installation in Eclipse Oxygen

by Nick Boldt (JIRA)

[ https://issues.jboss.org/browse/JBIDE-24668?page=com.atlassian.jira.plugi... ] Nick Boldt reassigned JBIDE-24668: ---------------------------------- Assignee: Nick Boldt > Warnings after installation in Eclipse Oxygen > --------------------------------------------- > > Key: JBIDE-24668 > URL: https://issues.jboss.org/browse/JBIDE-24668 > Project: Tools (JBoss Tools) > Issue Type: Bug > Components: upstream > Affects Versions: 4.5.0.AM2 > Environment: F26 > Eclipse Java EE IDE for Web Developers. > Version: Oxygen Release (4.7.0) > Reporter: Josef Kopriva > Assignee: Nick Boldt > Priority: Minor > Fix For: 4.5.x > > > After installation of JBoss Tools (from update site http://download.jboss.org/jbosstools/oxygen/staging/updates/) in Eclipse Oxygen, there are warnings in error log: > {code:java} > eclipse.buildId=4.7.0.I20170612-0950 > java.version=1.8.0_131 > java.vendor=Oracle Corporation > BootLoader constants: OS=linux, ARCH=x86_64, WS=gtk, NL=en_US > Framework arguments: -product org.eclipse.epp.package.jee.product > Command-line arguments: -data file:/home/jkopriva/eclipse-oxygen-final/workspace/ -os linux -ws gtk -arch x86_64 -product org.eclipse.epp.package.jee.product > org.eclipse.launchbar.core > Warning > Fri Jul 14 10:00:07 CEST 2017 > Enablement expression is missing for config provider for org.jboss.tools.wtp.server.launchbar.ModuleDescriptorType > {code} > and > {code:java} > eclipse.buildId=4.7.0.I20170612-0950 > java.version=1.8.0_131 > java.vendor=Oracle Corporation > BootLoader constants: OS=linux, ARCH=x86_64, WS=gtk, NL=en_US > Framework arguments: -product org.eclipse.epp.package.jee.product > Command-line arguments: -data file:/home/jkopriva/eclipse-oxygen-final/workspace/ -os linux -ws gtk -arch x86_64 -product org.eclipse.epp.package.jee.product > org.eclipse.launchbar.core > Warning > Fri Jul 14 10:00:07 CEST 2017 > Enablement expression is missing for descriptor type org.jboss.tools.wtp.server.launchbar.ModuleDescriptorType > {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 8 months

1
0
0 / 0

[JBoss JIRA] (JBIDE-24668) Warnings after installation in Eclipse Oxygen

by Nick Boldt (JIRA)

[ https://issues.jboss.org/browse/JBIDE-24668?page=com.atlassian.jira.plugi... ] Nick Boldt updated JBIDE-24668: ------------------------------- Fix Version/s: 4.5.x > Warnings after installation in Eclipse Oxygen > --------------------------------------------- > > Key: JBIDE-24668 > URL: https://issues.jboss.org/browse/JBIDE-24668 > Project: Tools (JBoss Tools) > Issue Type: Bug > Components: upstream > Affects Versions: 4.5.0.AM2 > Environment: F26 > Eclipse Java EE IDE for Web Developers. > Version: Oxygen Release (4.7.0) > Reporter: Josef Kopriva > Assignee: Nick Boldt > Priority: Minor > Fix For: 4.5.x > > > After installation of JBoss Tools (from update site http://download.jboss.org/jbosstools/oxygen/staging/updates/) in Eclipse Oxygen, there are warnings in error log: > {code:java} > eclipse.buildId=4.7.0.I20170612-0950 > java.version=1.8.0_131 > java.vendor=Oracle Corporation > BootLoader constants: OS=linux, ARCH=x86_64, WS=gtk, NL=en_US > Framework arguments: -product org.eclipse.epp.package.jee.product > Command-line arguments: -data file:/home/jkopriva/eclipse-oxygen-final/workspace/ -os linux -ws gtk -arch x86_64 -product org.eclipse.epp.package.jee.product > org.eclipse.launchbar.core > Warning > Fri Jul 14 10:00:07 CEST 2017 > Enablement expression is missing for config provider for org.jboss.tools.wtp.server.launchbar.ModuleDescriptorType > {code} > and > {code:java} > eclipse.buildId=4.7.0.I20170612-0950 > java.version=1.8.0_131 > java.vendor=Oracle Corporation > BootLoader constants: OS=linux, ARCH=x86_64, WS=gtk, NL=en_US > Framework arguments: -product org.eclipse.epp.package.jee.product > Command-line arguments: -data file:/home/jkopriva/eclipse-oxygen-final/workspace/ -os linux -ws gtk -arch x86_64 -product org.eclipse.epp.package.jee.product > org.eclipse.launchbar.core > Warning > Fri Jul 14 10:00:07 CEST 2017 > Enablement expression is missing for descriptor type org.jboss.tools.wtp.server.launchbar.ModuleDescriptorType > {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 8 months

1
0
0 / 0

[JBoss JIRA] (JBIDE-24668) Warnings after installation in Eclipse Oxygen

by Nick Boldt (JIRA)

[ https://issues.jboss.org/browse/JBIDE-24668?page=com.atlassian.jira.plugi... ] Nick Boldt updated JBIDE-24668: ------------------------------- Component/s: upstream (was: build) > Warnings after installation in Eclipse Oxygen > --------------------------------------------- > > Key: JBIDE-24668 > URL: https://issues.jboss.org/browse/JBIDE-24668 > Project: Tools (JBoss Tools) > Issue Type: Bug > Components: upstream > Affects Versions: 4.5.0.AM2 > Environment: F26 > Eclipse Java EE IDE for Web Developers. > Version: Oxygen Release (4.7.0) > Reporter: Josef Kopriva > Priority: Minor > > After installation of JBoss Tools (from update site http://download.jboss.org/jbosstools/oxygen/staging/updates/) in Eclipse Oxygen, there are warnings in error log: > {code:java} > eclipse.buildId=4.7.0.I20170612-0950 > java.version=1.8.0_131 > java.vendor=Oracle Corporation > BootLoader constants: OS=linux, ARCH=x86_64, WS=gtk, NL=en_US > Framework arguments: -product org.eclipse.epp.package.jee.product > Command-line arguments: -data file:/home/jkopriva/eclipse-oxygen-final/workspace/ -os linux -ws gtk -arch x86_64 -product org.eclipse.epp.package.jee.product > org.eclipse.launchbar.core > Warning > Fri Jul 14 10:00:07 CEST 2017 > Enablement expression is missing for config provider for org.jboss.tools.wtp.server.launchbar.ModuleDescriptorType > {code} > and > {code:java} > eclipse.buildId=4.7.0.I20170612-0950 > java.version=1.8.0_131 > java.vendor=Oracle Corporation > BootLoader constants: OS=linux, ARCH=x86_64, WS=gtk, NL=en_US > Framework arguments: -product org.eclipse.epp.package.jee.product > Command-line arguments: -data file:/home/jkopriva/eclipse-oxygen-final/workspace/ -os linux -ws gtk -arch x86_64 -product org.eclipse.epp.package.jee.product > org.eclipse.launchbar.core > Warning > Fri Jul 14 10:00:07 CEST 2017 > Enablement expression is missing for descriptor type org.jboss.tools.wtp.server.launchbar.ModuleDescriptorType > {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 8 months

1
0
0 / 0

[JBoss JIRA] (JBIDE-22436) Intermittent NullPointerException upon opening helloworld, kitchensink cheat sheets in JBDS

by Nick Boldt (JIRA)

[ https://issues.jboss.org/browse/JBIDE-22436?page=com.atlassian.jira.plugi... ] Nick Boldt updated JBIDE-22436: ------------------------------- Priority: Minor (was: Major) > Intermittent NullPointerException upon opening helloworld, kitchensink cheat sheets in JBDS > ------------------------------------------------------------------------------------------- > > Key: JBIDE-22436 > URL: https://issues.jboss.org/browse/JBIDE-22436 > Project: Tools (JBoss Tools) > Issue Type: Bug > Components: project-examples, upstream > Affects Versions: 4.3.1.Final > Reporter: Michal Jurc > Assignee: Snjezana Peco > Priority: Minor > Fix For: 4.5.x > > Attachments: JBIDE-22436-10.0-helloworld.log, JBIDE-22436-9.1-helloworld.log, helloworld-cheatsheet.xml, jbds104-cheat-sheet-npe.log, kitchensink-cheatsheet.xml, npe-jbds11-fedora26-x64.log, org.jboss.tools.cheatsheet.test.zip > > > After finishing the import of {{helloworld}} and {{kitchensink}} quickstarts, the user is prompted whether the cheat sheet for the project should be opened. Upon opening it, JBDS 9.0 and 9.1 produces the following error message: > {quote}An error has occurred. See error log for more details. > java.lang.NullPointerException{quote} > The detailed error log produces the same message. > The quickstarts and their cheat sheets work even after the prompt with NullPointerException message. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 8 months

1
0
0 / 0

[JBoss JIRA] (JBIDE-22436) Intermittent NullPointerException upon opening helloworld, kitchensink cheat sheets in JBDS

by Nick Boldt (JIRA)

[ https://issues.jboss.org/browse/JBIDE-22436?page=com.atlassian.jira.plugi... ] Nick Boldt commented on JBIDE-22436: ------------------------------------ Downgrading severity because "The quickstarts and their cheat sheets work even after the prompt with NullPointerException message." so this isn't blocking productivity - it's just annoying. > Intermittent NullPointerException upon opening helloworld, kitchensink cheat sheets in JBDS > ------------------------------------------------------------------------------------------- > > Key: JBIDE-22436 > URL: https://issues.jboss.org/browse/JBIDE-22436 > Project: Tools (JBoss Tools) > Issue Type: Bug > Components: project-examples, upstream > Affects Versions: 4.3.1.Final > Reporter: Michal Jurc > Assignee: Snjezana Peco > Fix For: 4.5.x > > Attachments: JBIDE-22436-10.0-helloworld.log, JBIDE-22436-9.1-helloworld.log, helloworld-cheatsheet.xml, jbds104-cheat-sheet-npe.log, kitchensink-cheatsheet.xml, npe-jbds11-fedora26-x64.log, org.jboss.tools.cheatsheet.test.zip > > > After finishing the import of {{helloworld}} and {{kitchensink}} quickstarts, the user is prompted whether the cheat sheet for the project should be opened. Upon opening it, JBDS 9.0 and 9.1 produces the following error message: > {quote}An error has occurred. See error log for more details. > java.lang.NullPointerException{quote} > The detailed error log produces the same message. > The quickstarts and their cheat sheets work even after the prompt with NullPointerException message. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 8 months

1
0
0 / 0

[JBoss JIRA] (JBIDE-24642) Please include sha256 checksums in announcements

by Nick Boldt (JIRA)

[ https://issues.jboss.org/browse/JBIDE-24642?page=com.atlassian.jira.plugi... ] Nick Boldt updated JBIDE-24642: ------------------------------- Fix Version/s: 4.5.0.Final (was: LATER) > Please include sha256 checksums in announcements > ------------------------------------------------ > > Key: JBIDE-24642 > URL: https://issues.jboss.org/browse/JBIDE-24642 > Project: Tools (JBoss Tools) > Issue Type: Feature Request > Components: build, website > Reporter: Jesper Skov > Assignee: Nick Boldt > Fix For: 4.5.0.Final > > > I would like to be able to verify checksums on downloaded JBoss artifacts - both EAP and eclipse-related binaries. > Or even better, verify a signature. > Today, when I want to use a JBossTools release, I would download > http://download.jboss.org/jbosstools/static/oxygen/development/updates/co... > And my only opportunity to verify the file is by downloading the sha256 file that lies next to it: > http://download.jboss.org/jbosstools/static/oxygen/development/updates/co... > If a hacker manages to replace the updatesite archive with compromised files, I assume they will have the brains to also update the checksum file next to it. > So the current checksum can really only be used to verify the integrity of the downloaded file. > Not that its contents is untampered. > If the jar-files in the archive were signed, it would be less of an issue... > Signed artifacts would be best. But would probably take some effort to put in place. > A simpler remedy would be to include the checksums in the announcement. This would give an additional factor of security for those who care about that. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 8 months

1
0
0 / 0

[JBoss JIRA] (JBIDE-24642) Please include sha256 checksums in announcements

by Nick Boldt (JIRA)

[ https://issues.jboss.org/browse/JBIDE-24642?page=com.atlassian.jira.plugi... ] Nick Boldt resolved JBIDE-24642. -------------------------------- Resolution: Done > Please include sha256 checksums in announcements > ------------------------------------------------ > > Key: JBIDE-24642 > URL: https://issues.jboss.org/browse/JBIDE-24642 > Project: Tools (JBoss Tools) > Issue Type: Feature Request > Components: build, website > Reporter: Jesper Skov > Assignee: Nick Boldt > Fix For: 4.5.0.Final > > > I would like to be able to verify checksums on downloaded JBoss artifacts - both EAP and eclipse-related binaries. > Or even better, verify a signature. > Today, when I want to use a JBossTools release, I would download > http://download.jboss.org/jbosstools/static/oxygen/development/updates/co... > And my only opportunity to verify the file is by downloading the sha256 file that lies next to it: > http://download.jboss.org/jbosstools/static/oxygen/development/updates/co... > If a hacker manages to replace the updatesite archive with compromised files, I assume they will have the brains to also update the checksum file next to it. > So the current checksum can really only be used to verify the integrity of the downloaded file. > Not that its contents is untampered. > If the jar-files in the archive were signed, it would be less of an issue... > Signed artifacts would be best. But would probably take some effort to put in place. > A simpler remedy would be to include the checksums in the announcement. This would give an additional factor of security for those who care about that. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 8 months

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jbosstools-issues July 2017