Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-57970

Add checks for available updates and known security issues in the installation script

    Details

    • Similar Issues:

      Description

      See https://github.com/jenkinsci/docker/pull/668

      I am using the base Dockerfile to build my own Jenkins instances, and it's difficult to update {{plugins.txt}}manually. Every time you need to launch the update center and then to go through the updates list and to update the file. And then rebuild the image until the UI is fine...

      In order to simplify the use-case, I have added printing of available updates after the build (see availableUpdates). It will use the same update center as the installation logic, so the output will show only those updates which are actually applicable.

       

      It would be great to have this functionality supported in the plugin management tool OOTB

        Attachments

          Activity

          Hide
          stopalopa Natasha Stopa added a comment -

          How are known security issues flagged in the update center .json file? 

          Show
          stopalopa Natasha Stopa added a comment - How are known security issues flagged in the update center .json file? 
          Hide
          stopalopa Natasha Stopa added a comment - - edited

          Nevermind, I think I found it under "warnings" in the json. 

          Show
          stopalopa Natasha Stopa added a comment - - edited Nevermind, I think I found it under "warnings" in the json. 
          Hide
          stopalopa Natasha Stopa added a comment -

          Added basic feature to check for any security updates.  I am planning on adding options for showing potential security issues for a specified list of plugins that can be displayed before the user even downloads the plugins.  I think you could have a situation where plugin1 depends on plugin2 depends on plugin3  and plugin3 has security issue. In this case, maybe user would not want to/could not install any? This would mean that this path of dependencies would need to be tracked.

          Show
          stopalopa Natasha Stopa added a comment - Added basic feature to check for any security updates.  I am planning on adding options for showing potential security issues for a specified list of plugins that can be displayed before the user even downloads the plugins.  I think you could have a situation where plugin1 depends on plugin2 depends on plugin3  and plugin3 has security issue. In this case, maybe user would not want to/could not install any? This would mean that this path of dependencies would need to be tracked.
          Hide
          stopalopa Natasha Stopa added a comment -
          Show
          stopalopa Natasha Stopa added a comment - Added a pull request for this feature:  https://github.com/jenkinsci/plugin-installation-manager-tool/pull/44

            People

            • Assignee:
              stopalopa Natasha Stopa
              Reporter:
              oleg_nenashev Oleg Nenashev
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: