Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-33843

It's not possible to disable/uninstall optional dependencies

    XMLWordPrintable

    Details

    • Similar Issues:
    • Released As:
      2.181

      Description

      The plugin manager UI does not allow disabling or removing optional dependencies, i.e. dependencies that are declared by plugins to be not strictly necessary for their use.

      This should be possible, maybe with a warning that not all features of the depending plugin will be available afterwards.

        Attachments

          Issue Links

            Activity

            danielbeck Daniel Beck created issue -
            rtyler R. Tyler Croy made changes -
            Field Original Value New Value
            Workflow JNJira [ 169838 ] JNJira + In-Review [ 183659 ]
            danielbeck Daniel Beck made changes -
            Labels 2.0 2.0-beta 2.0 2.0-beta newbie-friendly
            danielbeck Daniel Beck made changes -
            Link This issue is duplicated by JENKINS-44013 [ JENKINS-44013 ]
            teilo James Nord made changes -
            Summary It's not possible to disable optional dependencies It's not possible to disable/uninstall optional dependencies
            teilo James Nord made changes -
            Description The plugin manager UI does not allow disabling optional dependencies, i.e. dependencies that are declared by plugins to be not strictly necessary for their use.

            This should be possible, maybe with a warning that not all features of the depending plugin will be available afterwards.
            The plugin manager UI does not allow disabling or removing optional dependencies, i.e. dependencies that are declared by plugins to be not strictly necessary for their use.

            This should be possible, maybe with a warning that not all features of the depending plugin will be available afterwards.
            Hide
            jglick Jesse Glick added a comment -

            Workaround (untested): touch $JENKINS_HOME/plugins/unwanted.jpi.disabled

            Show
            jglick Jesse Glick added a comment - Workaround (untested): touch $JENKINS_HOME/plugins/unwanted.jpi.disabled
            jglick Jesse Glick made changes -
            Link This issue relates to JENKINS-39598 [ JENKINS-39598 ]
            mheinzerling Martin Heinzerling made changes -
            Link This issue is duplicated by JENKINS-45906 [ JENKINS-45906 ]
            danielbeck Daniel Beck made changes -
            Link This issue is duplicated by JENKINS-46930 [ JENKINS-46930 ]
            io39d io39d made changes -
            Attachment image-2017-10-26-07-43-31-928.png [ 40129 ]
            Hide
            io39d io39d added a comment - - edited

            The Plugin Active Choices was fixed in the scope of the security advisories and the plugin Scriptler was declared optional. However the plugin cannot be removed via the plugin manager after Actives Choices has been updated. But the workaround worked, thanks Jesse Glick

            Btw we use Jenkins version 2.85

            Show
            io39d io39d added a comment - - edited The Plugin Active Choices was fixed in the scope of the security advisories and the plugin Scriptler was declared optional. However the plugin cannot be removed via the plugin manager after Actives Choices has been updated. But the workaround worked, thanks Jesse Glick Btw we use Jenkins version 2.85
            Hide
            pjdarton pjdarton added a comment -

            "Me too"
            Found this fault report while googling for much the same issue - I've got a fresh install of LTS Jenkins 2.89.1 and I wanted to remove a plugin I'd just added ... only to find that I couldn't because the DSL plugin "needed" it (the DSL plugin does not need it, it's an optional dependency).

            Opinion: While it's really nice that Jenkins now warns me that I shouldn't remove X because Y needs it, this "hand holding" has gone too far the other way to the point where it's actually damaging our ability to do plugin administration via the WebUI.
            I would suggest that, until Jenkins can differentiate between a hard dependency and an optional dependency, the UI should merely warn that disabling/removing a plugin may affect <list> other plugins.
            Actual prevention of a perfectly valid use-case (of disabling/uninstalling a plugin that isn't wanted or required) is an unpleasant regression of core functionality.

            i.e. I would suggest that what's required here is to:

            1. Urgently make this a warning instead of an absolute refusal, and also back-port that change to the LTS branch.  That'll give us back the necessary functionality.
            2. Enhance the dependency algorithm to differentiate between hard dependencies and soft dependencies, and enhance the warning to distinguish between the two as well.
            3. Restore the current "disable the Uninstall button and the Enabled checkbox" functionality but only where there are hard dependencies (and even then, it'd be nice to have a "I know what I'm doing! Do it anyway." option).

            FYI Where I work, we have a lot of people running Jenkins who do not have filesystem access to the server that's running their Jenkins service - they have admin-access to the Jenkins WebUI, but not the underlying server's filesystem - so the suggested workaround isn't going to be easy for those folks. We also have a security dept mandating that we use Jenkins 2.46.2 or later, so we can't use a version of Jenkins that doesn't have this bug either.

            My guess (also untested) is that one could also work around this by using the Script Console and telling it to run code like this:

            final String pluginToRemove = 'Foo'
            final String pluginDir = Jenkins.getInstance().pluginManager.rootDir
            final File pluginFile = new File(pluginDir, pluginToRemove + '.hpi')
            if (pluginFile.delete()) {
            println( pluginFile + ' deleted.' )
            }

            Show
            pjdarton pjdarton added a comment - "Me too" Found this fault report while googling for much the same issue - I've got a fresh install of LTS Jenkins 2.89.1 and I wanted to remove a plugin I'd just added ... only to find that I couldn't because the DSL plugin "needed" it (the DSL plugin does not need it, it's an optional dependency). Opinion: While it's really nice that Jenkins now warns me that I shouldn't remove X because Y needs it, this "hand holding" has gone too far the other way to the point where it's actually damaging our ability to do plugin administration via the WebUI. I would suggest that, until Jenkins can differentiate between a hard dependency and an optional dependency, the UI should merely warn that disabling/removing a plugin may affect <list> other plugins. Actual prevention of a perfectly valid use-case (of disabling/uninstalling a plugin that isn't wanted or required) is an unpleasant regression of core functionality. i.e. I would suggest that what's required here is to: Urgently make this a warning instead of an absolute refusal, and also back-port that change to the LTS branch.  That'll give us back the necessary functionality. Enhance the dependency algorithm to differentiate between hard dependencies and soft dependencies, and enhance the warning to distinguish between the two as well. Restore the current "disable the Uninstall button and the Enabled checkbox" functionality but only where there are hard dependencies (and even then, it'd be nice to have a "I know what I'm doing! Do it anyway." option). FYI Where I work, we have a lot of people running Jenkins who do not have filesystem access to the server that's running their Jenkins service - they have admin-access to the Jenkins WebUI, but not the underlying server's filesystem - so the suggested workaround isn't going to be easy for those folks. We also have a security dept mandating that we use Jenkins 2.46.2 or later, so we can't use a version of Jenkins that doesn't have this bug either. My guess (also untested) is that one could also work around this by using the  Script Console and telling it to run code like this: final String pluginToRemove = 'Foo' final String pluginDir = Jenkins.getInstance().pluginManager.rootDir final File pluginFile = new File(pluginDir, pluginToRemove + '.hpi') if (pluginFile.delete()) { println( pluginFile + ' deleted.' ) }
            vivek Vivek Pandey made changes -
            Link This issue relates to JENKINS-50885 [ JENKINS-50885 ]
            Hide
            netappbluedevil NetAppBlueDevil added a comment - - edited

            +1

             

            Trying to simplify by removing unneeded plugins is just not possible.  I don't even know why the Green Balls plugin has the LDAP plugin listed as an optional dependency, but it means I can't drop the LDAP one.

            Show
            netappbluedevil NetAppBlueDevil added a comment - - edited +1   Trying to simplify by removing unneeded plugins is just not possible.  I don't even know why the Green Balls plugin has the LDAP plugin listed as an optional dependency, but it means I can't drop the LDAP one.
            jglick Jesse Glick made changes -
            Assignee Jesse Glick [ jglick ]
            Hide
            jglick Jesse Glick added a comment -

            pjdarton

            Enhance the dependency algorithm to differentiate between hard dependencies and soft dependencies

            Jenkins has long made that distinction. It just was not being honored in this feature.

            it'd be nice to have a "I know what I'm doing! Do it anyway." option

            Would be useless since Jenkins core will refuse to even load a plugin which is missing a hard dependency.


            NetAppBlueDevil

            I don't even know why the Green Balls plugin has the LDAP plugin listed as an optional dependency

            This is because it was a plugin split out of core, and for compatibility reasons these are made implicit optional dependencies of all other plugins which were built against a version of core predating that split.

            But this brings up an important point. Why are these implicit dependencies optional? Well, in the vast majority of cases the old plugin was not actually using the detached functionality, so we do not want to prevent the split plugin from being disabled or uninstalled if it is obviously unused. There are a few cases where something was detached which a number of other plugins actually relied on—the most prominent cases being maven-plugin, matrix-project, and junit—and so there is some risk that an admin would accidentally disable an “optional” dep that was actually critical to some still-enabled plugin’s functioning, typically seen as a NoClassDefFoundError at runtime. Those cases which are not already mitigated by use of @Extension(optional = true) or other defensive coding patterns can be addressed merely by releasing a downstream plugin update which builds against a newer version of Jenkins core: the Maven build will fail until the split plugin is added as a dependency to the POM, causing it to appear as a hard dependency in the binary plugin’s manifest.

            Show
            jglick Jesse Glick added a comment - pjdarton Enhance the dependency algorithm to differentiate between hard dependencies and soft dependencies Jenkins has long made that distinction. It just was not being honored in this feature. it'd be nice to have a "I know what I'm doing! Do it anyway." option Would be useless since Jenkins core will refuse to even load a plugin which is missing a hard dependency. NetAppBlueDevil I don't even know why the Green Balls plugin has the LDAP plugin listed as an optional dependency This is because it was a plugin split out of core , and for compatibility reasons these are made implicit optional dependencies of all other plugins which were built against a version of core predating that split. But this brings up an important point. Why are these implicit dependencies optional? Well, in the vast majority of cases the old plugin was not actually using the detached functionality, so we do not want to prevent the split plugin from being disabled or uninstalled if it is obviously unused. There are a few cases where something was detached which a number of other plugins actually relied on—the most prominent cases being maven-plugin , matrix-project , and junit —and so there is some risk that an admin would accidentally disable an “optional” dep that was actually critical to some still-enabled plugin’s functioning, typically seen as a NoClassDefFoundError at runtime. Those cases which are not already mitigated by use of @Extension(optional = true) or other defensive coding patterns can be addressed merely by releasing a downstream plugin update which builds against a newer version of Jenkins core: the Maven build will fail until the split plugin is added as a dependency to the POM, causing it to appear as a hard dependency in the binary plugin’s manifest.
            jglick Jesse Glick made changes -
            Status Open [ 1 ] In Progress [ 3 ]
            Hide
            jglick Jesse Glick added a comment -

            The following example

            Jenkins.instance.pluginManager.plugins.sort(false, {it.shortName}).each {p ->
              println(p.shortName);
              println("  dependencies:");
              println("    unspecified: ${p.dependencies*.shortName.sort()}");
              println("    optional: ${p.optionalDependencies*.shortName.sort()}");
              println("    mandatory: ${(p.dependencies - p.optionalDependencies)*.shortName.sort()}");
              println("  dependents:");
              println("    unspecified: ${p.dependents.sort()}");
              println("    optional: ${p.optionalDependents.sort()}");
              println("    mandatory: ${(p.dependents - p.optionalDependents).sort()}");
            }; null
            

            reveals a mess:

            antisamy-markup-formatter
              dependencies:
                unspecified: [bouncycastle-api, command-launcher, jdk-tool, junit]
                optional: [bouncycastle-api, command-launcher, jdk-tool, junit]
                mandatory: []
              dependents:
                unspecified: [greenballs, uno-choice]
                optional: []
                mandatory: [greenballs, uno-choice]
            bouncycastle-api
              dependencies:
                unspecified: [command-launcher, jdk-tool]
                optional: [command-launcher, jdk-tool]
                mandatory: []
              dependents:
                unspecified: [antisamy-markup-formatter, credentials, external-monitor-job, greenballs, junit, ldap, mailer, matrix-project, windows-slaves]
                optional: []
                mandatory: [antisamy-markup-formatter, credentials, external-monitor-job, greenballs, junit, ldap, mailer, matrix-project, windows-slaves]
            command-launcher
              dependencies:
                unspecified: [jdk-tool, script-security]
                optional: [jdk-tool]
                mandatory: [script-security]
              dependents:
                unspecified: [antisamy-markup-formatter, bouncycastle-api, config-file-provider, credentials, external-monitor-job, greenballs, junit, ldap, mailer, matrix-project, scm-api, ssh-credentials, structs, uno-choice, windows-slaves]
                optional: []
                mandatory: [antisamy-markup-formatter, bouncycastle-api, config-file-provider, credentials, external-monitor-job, greenballs, junit, ldap, mailer, matrix-project, scm-api, ssh-credentials, structs, uno-choice, windows-slaves]
            config-file-provider
              dependencies:
                unspecified: [command-launcher, credentials, jdk-tool, ssh-credentials, structs, token-macro]
                optional: [cloudbees-folder, command-launcher, jdk-tool]
                mandatory: [credentials, ssh-credentials, structs, token-macro]
              dependents:
                unspecified: [job-dsl]
                optional: [job-dsl]
                mandatory: []
            credentials
              dependencies:
                unspecified: [bouncycastle-api, command-launcher, jdk-tool, structs]
                optional: [bouncycastle-api, command-launcher, jdk-tool]
                mandatory: [structs]
              dependents:
                unspecified: [config-file-provider, ssh-credentials]
                optional: []
                mandatory: [config-file-provider, ssh-credentials]
            display-url-api
              dependencies:
                unspecified: [jdk-tool]
                optional: [jdk-tool]
                mandatory: []
              dependents:
                unspecified: [mailer]
                optional: []
                mandatory: [mailer]
            external-monitor-job
              dependencies:
                unspecified: [bouncycastle-api, command-launcher, jdk-tool]
                optional: [bouncycastle-api, command-launcher, jdk-tool]
                mandatory: []
              dependents:
                unspecified: [greenballs]
                optional: []
                mandatory: [greenballs]
            greenballs
              dependencies:
                unspecified: [antisamy-markup-formatter, bouncycastle-api, command-launcher, external-monitor-job, jdk-tool, junit, ldap, mailer, matrix-auth, matrix-project, pam-auth, windows-slaves]
                optional: [antisamy-markup-formatter, bouncycastle-api, command-launcher, external-monitor-job, jdk-tool, junit, ldap, mailer, matrix-auth, matrix-project, pam-auth, windows-slaves]
                mandatory: []
              dependents:
                unspecified: []
                optional: []
                mandatory: []
            jdk-tool
              dependencies:
                unspecified: []
                optional: []
                mandatory: []
              dependents:
                unspecified: [antisamy-markup-formatter, bouncycastle-api, command-launcher, config-file-provider, credentials, display-url-api, external-monitor-job, greenballs, junit, ldap, mailer, matrix-project, scm-api, script-security, ssh-credentials, structs, uno-choice, windows-slaves]
                optional: []
                mandatory: [antisamy-markup-formatter, bouncycastle-api, command-launcher, config-file-provider, credentials, display-url-api, external-monitor-job, greenballs, junit, ldap, mailer, matrix-project, scm-api, script-security, ssh-credentials, structs, uno-choice, windows-slaves]
            job-dsl
              dependencies:
                unspecified: [config-file-provider, script-security, structs]
                optional: [config-file-provider, configuration-as-code, managed-scripts, vsphere-cloud]
                mandatory: [script-security, structs]
              dependents:
                unspecified: []
                optional: []
                mandatory: []
            junit
              dependencies:
                unspecified: [bouncycastle-api, command-launcher, jdk-tool, script-security, structs, workflow-api, workflow-step-api]
                optional: [bouncycastle-api, command-launcher, jdk-tool]
                mandatory: [script-security, structs, workflow-api, workflow-step-api]
              dependents:
                unspecified: [antisamy-markup-formatter, greenballs, matrix-project]
                optional: []
                mandatory: [antisamy-markup-formatter, greenballs, matrix-project]
            ldap
              dependencies:
                unspecified: [bouncycastle-api, command-launcher, jdk-tool, mailer]
                optional: [bouncycastle-api, command-launcher, jdk-tool]
                mandatory: [mailer]
              dependents:
                unspecified: [greenballs]
                optional: []
                mandatory: [greenballs]
            mailer
              dependencies:
                unspecified: [bouncycastle-api, command-launcher, display-url-api, jdk-tool]
                optional: [bouncycastle-api, command-launcher, jdk-tool]
                mandatory: [display-url-api]
              dependents:
                unspecified: [greenballs, ldap]
                optional: []
                mandatory: [greenballs, ldap]
            matrix-auth
              dependencies:
                unspecified: []
                optional: [cloudbees-folder, configuration-as-code]
                mandatory: []
              dependents:
                unspecified: [greenballs]
                optional: []
                mandatory: [greenballs]
            matrix-project
              dependencies:
                unspecified: [bouncycastle-api, command-launcher, jdk-tool, junit, script-security]
                optional: [bouncycastle-api, command-launcher, jdk-tool]
                mandatory: [junit, script-security]
              dependents:
                unspecified: [greenballs]
                optional: []
                mandatory: [greenballs]
            pam-auth
              dependencies:
                unspecified: []
                optional: []
                mandatory: []
              dependents:
                unspecified: [greenballs]
                optional: []
                mandatory: [greenballs]
            scm-api
              dependencies:
                unspecified: [command-launcher, jdk-tool, structs]
                optional: [command-launcher, jdk-tool]
                mandatory: [structs]
              dependents:
                unspecified: [workflow-api]
                optional: []
                mandatory: [workflow-api]
            script-security
              dependencies:
                unspecified: [jdk-tool]
                optional: [jdk-tool]
                mandatory: []
              dependents:
                unspecified: [command-launcher, job-dsl, junit, matrix-project, uno-choice]
                optional: []
                mandatory: [command-launcher, job-dsl, junit, matrix-project, uno-choice]
            ssh-credentials
              dependencies:
                unspecified: [command-launcher, credentials, jdk-tool]
                optional: [command-launcher, jdk-tool]
                mandatory: [credentials]
              dependents:
                unspecified: [config-file-provider]
                optional: []
                mandatory: [config-file-provider]
            structs
              dependencies:
                unspecified: [command-launcher, jdk-tool]
                optional: [command-launcher, jdk-tool]
                mandatory: []
              dependents:
                unspecified: [config-file-provider, credentials, job-dsl, junit, scm-api, token-macro, workflow-api, workflow-step-api]
                optional: []
                mandatory: [config-file-provider, credentials, job-dsl, junit, scm-api, token-macro, workflow-api, workflow-step-api]
            token-macro
              dependencies:
                unspecified: [structs, workflow-step-api]
                optional: []
                mandatory: [structs, workflow-step-api]
              dependents:
                unspecified: [config-file-provider]
                optional: []
                mandatory: [config-file-provider]
            uno-choice
              dependencies:
                unspecified: [antisamy-markup-formatter, command-launcher, jdk-tool, script-security]
                optional: [command-launcher, jdk-tool, scriptler]
                mandatory: [antisamy-markup-formatter, script-security]
              dependents:
                unspecified: []
                optional: []
                mandatory: []
            windows-slaves
              dependencies:
                unspecified: [bouncycastle-api, command-launcher, jdk-tool]
                optional: [bouncycastle-api, command-launcher, jdk-tool]
                mandatory: []
              dependents:
                unspecified: [greenballs]
                optional: []
                mandatory: [greenballs]
            workflow-api
              dependencies:
                unspecified: [scm-api, structs, workflow-step-api]
                optional: []
                mandatory: [scm-api, structs, workflow-step-api]
              dependents:
                unspecified: [junit]
                optional: []
                mandatory: [junit]
            workflow-step-api
              dependencies:
                unspecified: [structs]
                optional: []
                mandatory: [structs]
              dependents:
                unspecified: [junit, token-macro, workflow-api]
                optional: []
                mandatory: [junit, token-macro, workflow-api]
            

            First of all, dependencies usually includes those entries in optionalDependencies, but not in all cases.

            More to the point for this issue, dependents in fact includes optional dependents. Also, optionalDependents for detached plugins lacks implied optional dependencies.

            Also I think I saw that some of the values change from a Jenkins session in which a plugin is newly installed from the update center and dynamically loaded to a session after the restart.

            I am removing the newbie-friendly label since it seems to be anything but: the GUI actually looks OK, it is the data model which is all wrong.

            Show
            jglick Jesse Glick added a comment - The following example Jenkins.instance.pluginManager.plugins.sort( false , {it.shortName}).each {p -> println(p.shortName); println( " dependencies:" ); println( " unspecified: ${p.dependencies*.shortName.sort()}" ); println( " optional: ${p.optionalDependencies*.shortName.sort()}" ); println( " mandatory: ${(p.dependencies - p.optionalDependencies)*.shortName.sort()}" ); println( " dependents:" ); println( " unspecified: ${p.dependents.sort()}" ); println( " optional: ${p.optionalDependents.sort()}" ); println( " mandatory: ${(p.dependents - p.optionalDependents).sort()}" ); }; null reveals a mess: antisamy-markup-formatter dependencies: unspecified: [bouncycastle-api, command-launcher, jdk-tool, junit] optional: [bouncycastle-api, command-launcher, jdk-tool, junit] mandatory: [] dependents: unspecified: [greenballs, uno-choice] optional: [] mandatory: [greenballs, uno-choice] bouncycastle-api dependencies: unspecified: [command-launcher, jdk-tool] optional: [command-launcher, jdk-tool] mandatory: [] dependents: unspecified: [antisamy-markup-formatter, credentials, external-monitor-job, greenballs, junit, ldap, mailer, matrix-project, windows-slaves] optional: [] mandatory: [antisamy-markup-formatter, credentials, external-monitor-job, greenballs, junit, ldap, mailer, matrix-project, windows-slaves] command-launcher dependencies: unspecified: [jdk-tool, script-security] optional: [jdk-tool] mandatory: [script-security] dependents: unspecified: [antisamy-markup-formatter, bouncycastle-api, config-file-provider, credentials, external-monitor-job, greenballs, junit, ldap, mailer, matrix-project, scm-api, ssh-credentials, structs, uno-choice, windows-slaves] optional: [] mandatory: [antisamy-markup-formatter, bouncycastle-api, config-file-provider, credentials, external-monitor-job, greenballs, junit, ldap, mailer, matrix-project, scm-api, ssh-credentials, structs, uno-choice, windows-slaves] config-file-provider dependencies: unspecified: [command-launcher, credentials, jdk-tool, ssh-credentials, structs, token-macro] optional: [cloudbees-folder, command-launcher, jdk-tool] mandatory: [credentials, ssh-credentials, structs, token-macro] dependents: unspecified: [job-dsl] optional: [job-dsl] mandatory: [] credentials dependencies: unspecified: [bouncycastle-api, command-launcher, jdk-tool, structs] optional: [bouncycastle-api, command-launcher, jdk-tool] mandatory: [structs] dependents: unspecified: [config-file-provider, ssh-credentials] optional: [] mandatory: [config-file-provider, ssh-credentials] display-url-api dependencies: unspecified: [jdk-tool] optional: [jdk-tool] mandatory: [] dependents: unspecified: [mailer] optional: [] mandatory: [mailer] external-monitor-job dependencies: unspecified: [bouncycastle-api, command-launcher, jdk-tool] optional: [bouncycastle-api, command-launcher, jdk-tool] mandatory: [] dependents: unspecified: [greenballs] optional: [] mandatory: [greenballs] greenballs dependencies: unspecified: [antisamy-markup-formatter, bouncycastle-api, command-launcher, external-monitor-job, jdk-tool, junit, ldap, mailer, matrix-auth, matrix-project, pam-auth, windows-slaves] optional: [antisamy-markup-formatter, bouncycastle-api, command-launcher, external-monitor-job, jdk-tool, junit, ldap, mailer, matrix-auth, matrix-project, pam-auth, windows-slaves] mandatory: [] dependents: unspecified: [] optional: [] mandatory: [] jdk-tool dependencies: unspecified: [] optional: [] mandatory: [] dependents: unspecified: [antisamy-markup-formatter, bouncycastle-api, command-launcher, config-file-provider, credentials, display-url-api, external-monitor-job, greenballs, junit, ldap, mailer, matrix-project, scm-api, script-security, ssh-credentials, structs, uno-choice, windows-slaves] optional: [] mandatory: [antisamy-markup-formatter, bouncycastle-api, command-launcher, config-file-provider, credentials, display-url-api, external-monitor-job, greenballs, junit, ldap, mailer, matrix-project, scm-api, script-security, ssh-credentials, structs, uno-choice, windows-slaves] job-dsl dependencies: unspecified: [config-file-provider, script-security, structs] optional: [config-file-provider, configuration-as-code, managed-scripts, vsphere-cloud] mandatory: [script-security, structs] dependents: unspecified: [] optional: [] mandatory: [] junit dependencies: unspecified: [bouncycastle-api, command-launcher, jdk-tool, script-security, structs, workflow-api, workflow-step-api] optional: [bouncycastle-api, command-launcher, jdk-tool] mandatory: [script-security, structs, workflow-api, workflow-step-api] dependents: unspecified: [antisamy-markup-formatter, greenballs, matrix-project] optional: [] mandatory: [antisamy-markup-formatter, greenballs, matrix-project] ldap dependencies: unspecified: [bouncycastle-api, command-launcher, jdk-tool, mailer] optional: [bouncycastle-api, command-launcher, jdk-tool] mandatory: [mailer] dependents: unspecified: [greenballs] optional: [] mandatory: [greenballs] mailer dependencies: unspecified: [bouncycastle-api, command-launcher, display-url-api, jdk-tool] optional: [bouncycastle-api, command-launcher, jdk-tool] mandatory: [display-url-api] dependents: unspecified: [greenballs, ldap] optional: [] mandatory: [greenballs, ldap] matrix-auth dependencies: unspecified: [] optional: [cloudbees-folder, configuration-as-code] mandatory: [] dependents: unspecified: [greenballs] optional: [] mandatory: [greenballs] matrix-project dependencies: unspecified: [bouncycastle-api, command-launcher, jdk-tool, junit, script-security] optional: [bouncycastle-api, command-launcher, jdk-tool] mandatory: [junit, script-security] dependents: unspecified: [greenballs] optional: [] mandatory: [greenballs] pam-auth dependencies: unspecified: [] optional: [] mandatory: [] dependents: unspecified: [greenballs] optional: [] mandatory: [greenballs] scm-api dependencies: unspecified: [command-launcher, jdk-tool, structs] optional: [command-launcher, jdk-tool] mandatory: [structs] dependents: unspecified: [workflow-api] optional: [] mandatory: [workflow-api] script-security dependencies: unspecified: [jdk-tool] optional: [jdk-tool] mandatory: [] dependents: unspecified: [command-launcher, job-dsl, junit, matrix-project, uno-choice] optional: [] mandatory: [command-launcher, job-dsl, junit, matrix-project, uno-choice] ssh-credentials dependencies: unspecified: [command-launcher, credentials, jdk-tool] optional: [command-launcher, jdk-tool] mandatory: [credentials] dependents: unspecified: [config-file-provider] optional: [] mandatory: [config-file-provider] structs dependencies: unspecified: [command-launcher, jdk-tool] optional: [command-launcher, jdk-tool] mandatory: [] dependents: unspecified: [config-file-provider, credentials, job-dsl, junit, scm-api, token-macro, workflow-api, workflow-step-api] optional: [] mandatory: [config-file-provider, credentials, job-dsl, junit, scm-api, token-macro, workflow-api, workflow-step-api] token-macro dependencies: unspecified: [structs, workflow-step-api] optional: [] mandatory: [structs, workflow-step-api] dependents: unspecified: [config-file-provider] optional: [] mandatory: [config-file-provider] uno-choice dependencies: unspecified: [antisamy-markup-formatter, command-launcher, jdk-tool, script-security] optional: [command-launcher, jdk-tool, scriptler] mandatory: [antisamy-markup-formatter, script-security] dependents: unspecified: [] optional: [] mandatory: [] windows-slaves dependencies: unspecified: [bouncycastle-api, command-launcher, jdk-tool] optional: [bouncycastle-api, command-launcher, jdk-tool] mandatory: [] dependents: unspecified: [greenballs] optional: [] mandatory: [greenballs] workflow-api dependencies: unspecified: [scm-api, structs, workflow-step-api] optional: [] mandatory: [scm-api, structs, workflow-step-api] dependents: unspecified: [junit] optional: [] mandatory: [junit] workflow-step-api dependencies: unspecified: [structs] optional: [] mandatory: [structs] dependents: unspecified: [junit, token-macro, workflow-api] optional: [] mandatory: [junit, token-macro, workflow-api] First of all, dependencies usually includes those entries in optionalDependencies , but not in all cases. More to the point for this issue, dependents in fact includes optional dependents. Also, optionalDependents for detached plugins lacks implied optional dependencies. Also I think I saw that some of the values change from a Jenkins session in which a plugin is newly installed from the update center and dynamically loaded to a session after the restart. I am removing the newbie-friendly label since it seems to be anything but: the GUI actually looks OK, it is the data model which is all wrong.
            jglick Jesse Glick made changes -
            Labels 2.0 2.0-beta newbie-friendly
            Hide
            jglick Jesse Glick added a comment -

            At least the optionalDependents field was introduced in JENKINS-27177. It seems that the use of dependents to mean all dependencies predated that. Hard to tell what the original intent was, since the Javadoc does not specify; some of this seems to date to Jenkins 2.0.

            Show
            jglick Jesse Glick added a comment - At least the optionalDependents field was introduced in JENKINS-27177 . It seems that the use of dependents to mean all dependencies predated that. Hard to tell what the original intent was, since the Javadoc does not specify; some of this seems to date to Jenkins 2.0.
            jglick Jesse Glick made changes -
            Link This issue relates to JENKINS-27177 [ JENKINS-27177 ]
            Hide
            jglick Jesse Glick added a comment -

            At least some of the confusing overlap is old.

            Show
            jglick Jesse Glick added a comment - At least some of the confusing overlap is old .
            jglick Jesse Glick made changes -
            Remote Link This issue links to "jenkins #4001 (Web Link)" [ 22732 ]
            jglick Jesse Glick made changes -
            Status In Progress [ 3 ] In Review [ 10005 ]
            jglick Jesse Glick made changes -
            Labels lts-candidate
            Hide
            costescuandrei Andrei Costescu added a comment -

            Great news that this is resolved. Which version will have this fixed?

            (I see it in Jenkins ver. 2.164.2 where I can't uninstall Static Analysis Utilities 1.96 (which has a security warning and is end-of-life) due to an optional dependency to it from Email Extension Plugin 2.66 which I still use)

            Show
            costescuandrei Andrei Costescu added a comment - Great news that this is resolved. Which version will have this fixed? (I see it in Jenkins ver. 2.164.2 where I can't uninstall Static Analysis Utilities 1.96 (which has a security warning and is end-of-life) due to an optional dependency to it from Email Extension Plugin 2.66 which I still use)
            Hide
            danielbeck Daniel Beck added a comment -

            Are you sure? analysis-core 1.96 should not have a security warning, we fixed that issue.

            Show
            danielbeck Daniel Beck added a comment - Are you sure? analysis-core 1.96 should not have a security warning, we fixed that issue.
            Hide
            jglick Jesse Glick added a comment -

            Andrei Costescu the fix is still open for review. If and when the fix is merged, this issue will be closed with details. In the meantime, see the *.disabled workaround above.

            Show
            jglick Jesse Glick added a comment - Andrei Costescu the fix is still open for review. If and when the fix is merged, this issue will be closed with details. In the meantime, see the *.disabled workaround above.
            medianick Nick Jones made changes -
            Attachment screenshot-1.png [ 46956 ]
            Hide
            medianick Nick Jones added a comment -

            Daniel Beck FWIW, analysis-core 1.96 still shows the security warning:

            We first saw the warning with 1.95 installed, upgraded, and still see it.

            Show
            medianick Nick Jones added a comment - Daniel Beck FWIW, analysis-core 1.96 still shows the security warning: We first saw the warning with 1.95 installed, upgraded, and still see it.
            Hide
            danielbeck Daniel Beck added a comment -

            Nick Jones Thanks. Looks like I typoed the versions regex, fixed in https://github.com/jenkins-infra/update-center2/pull/273

             

            Show
            danielbeck Daniel Beck added a comment - Nick Jones Thanks. Looks like I typoed the versions regex, fixed in https://github.com/jenkins-infra/update-center2/pull/273  
            jglick Jesse Glick made changes -
            Released As 2.181
            Resolution Fixed [ 1 ]
            Status In Review [ 10005 ] Resolved [ 5 ]
            olivergondza Oliver Gondža made changes -
            Labels lts-candidate 2.176.2-rejected lts-candidate
            Hide
            olivergondza Oliver Gondža added a comment -

            I am postponing backport of this fix to give it some more soaking time.

            Show
            olivergondza Oliver Gondža added a comment - I am postponing backport of this fix to give it some more soaking time.
            olivergondza Oliver Gondža made changes -
            Labels 2.176.2-rejected lts-candidate 2.176.2-rejected 2.176.3-fixed
            Hide
            medianick Nick Jones added a comment -

            In case it's helpful to anyone else (as I've just gone through this to uninstall Mask Passwords due to SECURITY-157), Jesse Glick's workaround disables the optional dependency in question (mask-passwords.jpi in my case), after which point the Uninstall button in the Manage Plugins page will enable, and the plugin can be uninstalled as desired.

            Show
            medianick Nick Jones added a comment - In case it's helpful to anyone else (as I've just gone through this to uninstall Mask Passwords due to SECURITY-157 ), Jesse Glick 's workaround disables the optional dependency in question ( mask-passwords.jpi in my case), after which point the Uninstall button in the Manage Plugins page will enable, and the plugin can be uninstalled as desired.
            Hide
            reitzmichnicht Michael Düsterhus added a comment -

            This change seems to allow now to also uninstall/disable implied plugins. So release 2.176.2 introduced with JENKINS-57528 the change that all implied plugins are also installed, and now I can uninstall them again manually?

            Show
            reitzmichnicht Michael Düsterhus added a comment - This change seems to allow now to also uninstall/disable implied plugins. So release 2.176.2 introduced with JENKINS-57528 the change that all implied plugins are also installed, and now I can uninstall them again manually?
            Hide
            jglick Jesse Glick added a comment -

            Or disable them, yes. Really it might be better for Docker image users to have an alternate distribution of jenkins.war without any detached plugins.

            Show
            jglick Jesse Glick added a comment - Or disable them, yes. Really it might be better for Docker image users to have an alternate distribution of jenkins.war without any detached plugins.

              People

              Assignee:
              jglick Jesse Glick
              Reporter:
              danielbeck Daniel Beck
              Votes:
              20 Vote for this issue
              Watchers:
              23 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: