For more comfortable management of sandboxed scripts, administrators should be able to:

      • Remove individual signatures from the list of those already approved.
      • Add signatures without waiting for them to be attempted.

          [JENKINS-22660] More flexible UI for approved signatures

          Jesse Glick added a comment -

          Currently requires manual editing of $JENKINS_HOME/scriptApproval.xml.

          Jesse Glick added a comment - Currently requires manual editing of $JENKINS_HOME/scriptApproval.xml .

          Sorin Sbarnea added a comment -

          jglick Do we need to restart Jenkins when we update scriptApproval.xml?

          Sorin Sbarnea added a comment - jglick Do we need to restart Jenkins when we update scriptApproval.xml?

          Jesse Glick added a comment -

          In principle you could reload config, pending JENKINS-23578. I have not tested it and do not plan to support it.

          Jesse Glick added a comment - In principle you could reload config, pending  JENKINS-23578 . I have not tested it and do not plan to support it.

           If it's ok, I would like to add my 2 cents on this.  After editing scriptApproval.xml, I could not get it loaded with my configurations just by clicking on "Reload Configuration from Disk". I needed to ask the sysadmin to actually do a systemctl restart jenkins.

          Leandro Solagna added a comment -  If it's ok, I would like to add my 2 cents on this.  After editing scriptApproval.xml, I could not get it loaded with my configurations just by clicking on "Reload Configuration from Disk". I needed to ask the sysadmin to actually do a systemctl restart jenkins.

          Workaround without having to hand-edit scriptApproval.xml. Run the following from the Script Console:
           

          // WARNING: before running this script, copy a backup of the approved signatures first
          def scriptApproval = org.jenkinsci.plugins.scriptsecurity.scripts.ScriptApproval.get()
          def approvals = [] + scriptApproval.getApprovedSignatures()
          approvals = approvals.flatten()
          approvals.remove '<signature to remove>'
          String[] newApprovals = new ArrayList<String>(approvals)
          scriptApproval.setApprovedSignatures newApprovals
          scriptApproval.save()
          

          Ben Hochstedler added a comment - Workaround without having to hand-edit scriptApproval.xml. Run the following from the Script Console:   // WARNING: before running this script, copy a backup of the approved signatures first def scriptApproval = org.jenkinsci.plugins.scriptsecurity.scripts.ScriptApproval.get() def approvals = [] + scriptApproval.getApprovedSignatures() approvals = approvals.flatten() approvals.remove '<signature to remove>' String [] newApprovals = new ArrayList< String >(approvals) scriptApproval.setApprovedSignatures newApprovals scriptApproval.save()

            Unassigned Unassigned
            jglick Jesse Glick
            Votes:
            18 Vote for this issue
            Watchers:
            21 Start watching this issue

              Created:
              Updated: