Uploaded image for project: 'Infrastructure'
  1. Infrastructure
  2. INFRA-1057

Archive of all hpi files in the update center

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      I am running a data analysis experiment to achieve the following goals:

      • If plugins in the update center can be installed (all direct dependencies exist, are not corrupted)
      • Developing a new algorithm to check for update center consistency so that when a user asks for a plugin to be installed, all its transitive dependencies actually exist and the Jenkins instance is not bricked.
      • Developing a new algorithm for plugin dependency resolution
        • Direct version decedents (new, safer behaviour)
        • update to latest of installed (current behaviour)
      • Build reports for plugin developers on how valid their dependency chains are
      • Build tooling for the security team to analyse what parts of the ecosystem are depending on plugins with known vulnerabilities

      I would like a snapshot of all the HPIs available via the update center, including all back versions of each plugin and their sha1/md5 checksum files to verify the above goals.

      There is some code already written but I'd like to prove it out using real data before proposing it to the developer list.

        Attachments

          Activity

          Hide
          rtyler R. Tyler Croy added a comment -

          I believe you can walk through https://repo.jenkins-ci.org/releases/org/jenkins-ci/plugins/ yourself and get all this information.

          Show
          rtyler R. Tyler Croy added a comment - I believe you can walk through https://repo.jenkins-ci.org/releases/org/jenkins-ci/plugins/ yourself and get all this information.
          Hide
          jamesdumay James Dumay added a comment - - edited

          I have a copy of /releases but it is by no means a complete archive. There seems to be some org/jvnet releases that are somewhere else - not able to find them.

          Show
          jamesdumay James Dumay added a comment - - edited I have a copy of /releases but it is by no means a complete archive. There seems to be some org/jvnet releases that are somewhere else - not able to find them.
          Show
          danielbeck Daniel Beck added a comment - James Dumay wget -r http://updates.jenkins-ci.org/download/plugins/ ?

            People

            • Assignee:
              Unassigned
              Reporter:
              jamesdumay James Dumay
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated: