[JIRA] (JENKINS-57970) Add checks for available updates and known security issues in the installation script

1 view
Skip to first unread message

o.v.nenashev@gmail.com (JIRA)

unread,
Jun 11, 2019, 2:15:02 PM6/11/19
to jenkinsc...@googlegroups.com
Oleg Nenashev created an issue
 
Jenkins / Improvement JENKINS-57970
Add checks for available updates and known security issues in the installation script
Issue Type: Improvement Improvement
Assignee: Natasha Stopa
Components: plugin-installation-manager-tool
Created: 2019-06-11 18:14
Priority: Minor Minor
Reporter: Oleg Nenashev

See https://github.com/jenkinsci/docker/pull/668

I am using the base Dockerfile to build my own Jenkins instances, and it's difficult to update {{plugins.txt}}manually. Every time you need to launch the update center and then to go through the updates list and to update the file. And then rebuild the image until the UI is fine...

In order to simplify the use-case, I have added printing of available updates after the build (see availableUpdates). It will use the same update center as the installation logic, so the output will show only those updates which are actually applicable.

 

It would be great to have this functionality supported in the plugin management tool OOTB
Add Comment Add Comment
 
This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d)

natasha.stopa@gmail.com (JIRA)

unread,
Jun 12, 2019, 10:26:02 PM6/12/19
to jenkinsc...@googlegroups.com
Natasha Stopa commented on Improvement JENKINS-57970
 
Re: Add checks for available updates and known security issues in the installation script

How are known security issues flagged in the update center .json file? 

natasha.stopa@gmail.com (JIRA)

unread,
Jun 12, 2019, 11:00:03 PM6/12/19
to jenkinsc...@googlegroups.com

Nevermind, I think I found it. It looks like under "signature", there's an array of warnings. 

natasha.stopa@gmail.com (JIRA)

unread,
Jun 13, 2019, 1:11:02 AM6/13/19
to jenkinsc...@googlegroups.com
Natasha Stopa edited a comment on Improvement JENKINS-57970
Nevermind, I think I found it . It looks like under " signature", there's an array of warnings " in the json

natasha.stopa@gmail.com (JIRA)

unread,
Jun 13, 2019, 3:46:02 PM6/13/19
to jenkinsc...@googlegroups.com

Added basic feature to check for any security updates.  I am planning on adding options for showing potential security issues for a specified list of plugins that can be displayed before the user even downloads the plugins.  I think you could have a situation where plugin1 depends on plugin2 depends on plugin3  and plugin3 has security issue. In this case, maybe user would not want to/could not install any? This would mean that this path of dependencies would need to be tracked.

natasha.stopa@gmail.com (JIRA)

unread,
Jun 13, 2019, 3:46:02 PM6/13/19
to jenkinsc...@googlegroups.com
Natasha Stopa started work on Improvement JENKINS-57970
 
Change By: Natasha Stopa
Status: Open In Progress

natasha.stopa@gmail.com (JIRA)

unread,
Jul 24, 2019, 1:48:03 PM7/24/19
to jenkinsc...@googlegroups.com

natasha.stopa@gmail.com (JIRA)

unread,
Aug 5, 2019, 5:38:01 PM8/5/19
to jenkinsc...@googlegroups.com
Change By: Natasha Stopa
Status: In Review Resolved
Resolution: Fixed

natasha.stopa@gmail.com (JIRA)

unread,
Aug 5, 2019, 5:38:02 PM8/5/19
to jenkinsc...@googlegroups.com
Change By: Natasha Stopa
Status: In Progress Review
Reply all
Reply to author
Forward
0 new messages