[JENKINS-57970] Add checks for available updates and known security issues in the installation script

Type: Improvement
Resolution: Fixed
Priority: Minor
Component/s: plugin-installation-manager-tool
Labels:
None

Similar Issues:
Powered by SuggestiMate

Show

See https://github.com/jenkinsci/docker/pull/668

I am using the base Dockerfile to build my own Jenkins instances, and it's difficult to update {{plugins.txt}}manually. Every time you need to launch the update center and then to go through the updates list and to update the file. And then rebuild the image until the UI is fine...

In order to simplify the use-case, I have added printing of available updates after the build (see availableUpdates). It will use the same update center as the installation logic, so the output will show only those updates which are actually applicable.

It would be great to have this functionality supported in the plugin management tool OOTB

Natasha Stopa added a comment - 2019-06-13 02:25

How are known security issues flagged in the update center .json file?

Natasha Stopa added a comment - 2019-06-13 02:25 How are known security issues flagged in the update center .json file?

Natasha Stopa added a comment - 2019-06-13 02:59 - edited

Nevermind, I think I found it under "warnings" in the json.

Natasha Stopa added a comment - 2019-06-13 02:59 - edited Nevermind, I think I found it under "warnings" in the json.

Natasha Stopa added a comment - 2019-06-13 19:45

Added basic feature to check for any security updates. I am planning on adding options for showing potential security issues for a specified list of plugins that can be displayed before the user even downloads the plugins. I think you could have a situation where plugin1 depends on plugin2 depends on plugin3 and plugin3 has security issue. In this case, maybe user would not want to/could not install any? This would mean that this path of dependencies would need to be tracked.

Natasha Stopa added a comment - 2019-06-13 19:45 Added basic feature to check for any security updates. I am planning on adding options for showing potential security issues for a specified list of plugins that can be displayed before the user even downloads the plugins. I think you could have a situation where plugin1 depends on plugin2 depends on plugin3 and plugin3 has security issue. In this case, maybe user would not want to/could not install any? This would mean that this path of dependencies would need to be tracked.

Natasha Stopa added a comment - 2019-07-24 17:47

Added a pull request for this feature:

https://github.com/jenkinsci/plugin-installation-manager-tool/pull/44

Natasha Stopa added a comment - 2019-07-24 17:47 Added a pull request for this feature: https://github.com/jenkinsci/plugin-installation-manager-tool/pull/44

Assignee:: Natasha Stopa

Reporter:: Oleg Nenashev

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2019-06-11 18:14

Updated:: 2023-02-08 13:26

Resolved:: 2019-08-05 21:37

Jenkins

Details

Description

Attachments

Activity

Collapse comment: Natasha Stopa added a comment - 2019-06-13 02:25

Expand comment: Natasha Stopa added a comment - 2019-06-13 02:25

Collapse comment: Natasha Stopa added a comment - 2019-06-13 02:59, Edited by Natasha Stopa - 2019-06-13 05:10

Expand comment: Natasha Stopa added a comment - 2019-06-13 02:59, Edited by Natasha Stopa - 2019-06-13 05:10

Collapse comment: Natasha Stopa added a comment - 2019-06-13 19:45

Expand comment: Natasha Stopa added a comment - 2019-06-13 19:45

Collapse comment: Natasha Stopa added a comment - 2019-07-24 17:47

Expand comment: Natasha Stopa added a comment - 2019-07-24 17:47

People

Dates