Script Security Plugin

[Tomasz Szandała]

Greetings,
I have started working on a Jenkins configuration as a code - create a bunch of init scripts, put them to JENKINS_HOME and run Jenkins.war (2.32+)

But I've met a problem:

ERROR: Build step failed with exception
org.jenkinsci.plugins.scriptsecurity.scripts.UnapprovedUsageException: script not yet approved for use
        at org.jenkinsci.plugins.scriptsecurity.scripts.ScriptApproval.using(ScriptApproval.java:459)
        at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SecureGroovyScript.evaluate(SecureGroovyScript.java:170)
        at hudson.plugins.groovy.SystemGroovy.run(SystemGroovy.java:95)
        at hudson.plugins.groovy.SystemGroovy.perform(SystemGroovy.java:59)
        at hudson.tasks.BuildStepMonitor$1.perform(BuildStepMonitor.java:20)
        at hudson.model.AbstractBuild$AbstractBuildExecution.perform(AbstractBuild.java:779)
        at hudson.model.Build$BuildExecution.build(Build.java:206)
        at hudson.model.Build$BuildExecution.doRun(Build.java:163)
        at hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:534)
        at hudson.model.Run.execute(Run.java:1728)
        at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43)
        at hudson.model.ResourceController.execute(ResourceController.java:98)
        at hudson.model.Executor.run(Executor.java:405)
Build step 'Execute system Groovy script' marked build as failure



I have tried writting a script, that installs plugins to also enable Permissive whitelist, but error still occurs:
import jenkins.model.Jenkins

def pm = Jenkins.instance.pluginManager
def uc = Jenkins.instance.updateCenter
uc.updateAllSites()
def deployed = false

def plugins = [
// list of plugins
]

plugins.each {
    println "Checking ${it}"
  if (! pm.getPlugin(it)) {
    deployment = uc.getPlugin(it).deploy()
    deployment.get()
    deployed = true
  }
}

if (deployed) {
    Jenkins.instance.restart()
}
org.jenkinsci.plugins.permissivescriptsecurity.PermissiveWhitelist.enabled=true


But this doesn't help...

How to get rid of this problem?

[Robert Sandell]

The init scripts should not be guarded by script security. From the stack trace it looks like you are running your script in a Freestyle project with a script build step, and those are guarded by script security.

You should ask on the Jenkins users list for these kinds of questions.

/B

--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-dev+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/96659875-4d1b-4bc8-85ff-fc43537805ac%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

Robert Sandell

Software Engineer

CloudBees Inc.