Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

jenkins: 2.138.1 -> 2.138.2 #48312

Merged
merged 2 commits into from Oct 13, 2018
Merged

jenkins: 2.138.1 -> 2.138.2 #48312

merged 2 commits into from Oct 13, 2018

Conversation

bchallenor
Copy link
Contributor

Motivation for this change

Multiple security vulnerabilities in Jenkins 2.145 and earlier, and LTS 2.138.1 and earlier

https://jenkins.io/security/advisory/2018-10-10/

Things done

I also added an update script for Jenkins. Let me know if this should be a separate PR.

  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nox --run "nox-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Fits CONTRIBUTING.md.

@bchallenor
Copy link
Contributor Author

@coconnor @fpletz @earldouglas

@bchallenor
Copy link
Contributor Author

An alternative to this upgrade script would be to rely on nixpkgs-update from @ryantm. But there are two problems with this AFAICS:

  1. We'd need to build from source (we might consider this a good thing though?)
  2. Repology does not distinguish the stable (LTS) Jenkins channel so this might force us to track the weekly channel instead

@fpletz
Copy link
Member

fpletz commented Oct 13, 2018

We can also just package both versions like with nginx so repology will also pick up the weekly build version.

@fpletz
Copy link
Member

fpletz commented Oct 13, 2018

@GrahamcOfBorg build jenkins

@GrahamcOfBorg
Copy link

Success on x86_64-linux (full log)

Attempted: jenkins

Partial log (click to expand)

  /nix/store/x842lb8i7ml9nsqfc3piqvw0jqgqwkw3-jenkins-2.138.2.drv
building '/nix/store/5yaz456sa8dmfivzbp14brbvff9153vd-jenkins.war.drv'...

trying http://mirrors.jenkins.io/war-stable/2.138.2/jenkins.war
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   252  100   252    0     0   2423      0 --:--:-- --:--:-- --:--:--  2423
100 72.2M  100 72.2M    0     0  40.1M      0  0:00:01  0:00:01 --:--:-- 49.3M
building '/nix/store/x842lb8i7ml9nsqfc3piqvw0jqgqwkw3-jenkins-2.138.2.drv'...
/nix/store/057kc92pnbr77mh85jdqg53qlmmanfj7-jenkins-2.138.2

@GrahamcOfBorg
Copy link

Success on x86_64-darwin (full log)

Attempted: jenkins

Partial log (click to expand)

  /nix/store/fvcshkrlnv5wf691s3rn87xjmxd9cm0x-jenkins-2.138.2.drv
building '/nix/store/flmi13g28zmz92bx4q38yp6h10azcppi-jenkins.war.drv'...

trying http://mirrors.jenkins.io/war-stable/2.138.2/jenkins.war
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   252  100   252    0     0    288      0 --:--:-- --:--:-- --:--:--   288
100 72.2M  100 72.2M    0     0  17.5M      0  0:00:04  0:00:04 --:--:-- 26.1M
building '/nix/store/fvcshkrlnv5wf691s3rn87xjmxd9cm0x-jenkins-2.138.2.drv'...
/nix/store/2gsy5r31j0ir7i7d532cicq8kpdjskap-jenkins-2.138.2

@GrahamcOfBorg
Copy link

Success on aarch64-linux (full log)

Attempted: jenkins

Partial log (click to expand)

  /nix/store/mavzy5vlbgfak2ih7j1qxvmimdbpng4c-jenkins-2.138.2.drv
building '/nix/store/ssgiccplgxxq36qwb5ry8jn50vskg39y-jenkins.war.drv'...

trying http://mirrors.jenkins.io/war-stable/2.138.2/jenkins.war
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   252  100   252    0     0   1726      0 --:--:-- --:--:-- --:--:--  1726
100 72.2M  100 72.2M    0     0   119M      0 --:--:-- --:--:-- --:--:--  167M
building '/nix/store/mavzy5vlbgfak2ih7j1qxvmimdbpng4c-jenkins-2.138.2.drv'...
/nix/store/3bnyfxjnc02dcxbn13k3l3c9jh9kznzz-jenkins-2.138.2

@fpletz fpletz merged commit 63c116b into NixOS:master Oct 13, 2018
@bchallenor bchallenor deleted the jenkins branch October 13, 2018 12:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
1.severity: security 8.has: package (update) 10.rebuild-darwin: 1-10 10.rebuild-linux: 1-10
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@bchallenor @fpletz @GrahamcOfBorg