Entity encode password

TODO: do this consistently...

Don't tell anyone, but the password wasn't xml-safe.

Author: adriaanm

recipes/_worker-config-debian.rb

@@ -12,6 +12,7 @@
 # Also, it needs to run on every reboot of the worker instance(s),
 # since jenkins's home dir is mounted on ephemeral storage (see chef/userdata/ubuntu-publish-c3.xlarge)
 
+require 'cgi'
 require 'base64'
 
 # debian is only used for publishing jobs (if we add debian nodes for public jobs, must copy stuff from _worker-config-rhel)
@@ -71,7 +72,7 @@
         variables({
           :sonatypePass    => chef_vault_item("worker-publish", "sonatype")['pass'],
           :sonatypeUser    => chef_vault_item("worker-publish", "sonatype")['user'],
-          :privateRepoPass => chef_vault_item("worker-publish", "private-repo")['pass'],
+          :privateRepoPass => CGI.escapeHTML(chef_vault_item("worker-publish", "private-repo")['pass']), # OMG more papercuts
           :privateRepoUser => chef_vault_item("worker-publish", "private-repo")['user'],
           :s3DownloadsPass => chef_vault_item("worker-publish", "s3-downloads")['pass'],
           :s3DownloadsUser => chef_vault_item("worker-publish", "s3-downloads")['user']

recipes/_worker-config-rhel.rb

@@ -7,6 +7,7 @@
 # All rights reserved - Do Not Redistribute
 #
 
+require 'cgi'
 
 node["jenkinsHomes"].each do |jenkinsHome, workerConfig|
   jenkinsUser=workerConfig["jenkinsUser"]
@@ -25,7 +26,7 @@
       sensitive true
 
       variables({
-        :privateRepoPass => chef_vault_item("worker", "private-repo-public-jobs")['pass'],
+        :privateRepoPass => CGI.escapeHTML(chef_vault_item("worker", "private-repo-public-jobs")['pass']),
         :privateRepoUser => chef_vault_item("worker", "private-repo-public-jobs")['user']
       })
     end