[JIRA] [workflow-plugin] (JENKINS-30432) "Scripts not permitted to use method" in Jenkins Workflow
Title: Message Title SCM/JIRA link daemon commented on JENKINS-30432 Re: "Scripts not permitted to use method" in Jenkins Workflow Code changed in jenkins User: Jesse Glick Path: src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/RejectedAccessException.java src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/whitelists/StaticWhitelist.java src/main/java/org/jenkinsci/plugins/scriptsecurity/scripts/ScriptApproval.java src/main/resources/org/jenkinsci/plugins/scriptsecurity/sandbox/whitelists/blacklist src/main/resources/org/jenkinsci/plugins/scriptsecurity/scripts/ScriptApproval/index.jelly src/test/java/org/jenkinsci/plugins/scriptsecurity/sandbox/whitelists/StaticWhitelistTest.java http://jenkins-ci.org/commit/script-security-plugin/0632c7531fbe585c65b19dbdaf1999e4a9a3bb2c Log: Merge pull request #24 from jglick/dangerous-signatures JENKINS-30432 Warn about dangerous signatures Compare: https://github.com/jenkinsci/script-security-plugin/compare/b8b421f6836e...0632c7531fbe Add Comment This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [workflow-plugin] (JENKINS-30432) "Scripts not permitted to use method" in Jenkins Workflow
Title: Message Title SCM/JIRA link daemon commented on JENKINS-30432 Re: "Scripts not permitted to use method" in Jenkins Workflow Code changed in jenkins User: Jesse Glick Path: src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/RejectedAccessException.java src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/whitelists/StaticWhitelist.java src/main/java/org/jenkinsci/plugins/scriptsecurity/scripts/ScriptApproval.java src/main/resources/org/jenkinsci/plugins/scriptsecurity/sandbox/whitelists/blacklist src/main/resources/org/jenkinsci/plugins/scriptsecurity/scripts/ScriptApproval/index.jelly src/test/java/org/jenkinsci/plugins/scriptsecurity/sandbox/whitelists/StaticWhitelistTest.java http://jenkins-ci.org/commit/script-security-plugin/7b524139efb32c54be946b5b3fbd6fe01c1abce5 Log: JENKINS-30432 People should not blindly approve dangerous signatures like GroovyObject.invokeMethod. Add Comment This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [workflow-plugin] (JENKINS-30432) "Scripts not permitted to use method" in Jenkins Workflow
Title: Message Title arungupta commented on JENKINS-30432 Re: "Scripts not permitted to use method" in Jenkins Workflow Can you explain in simple language on how https://github.com/javaee-samples/docker-java/blob/master/attendees/cicd/jenkins/plugins.txt would evolve? Add Comment This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [workflow-plugin] (JENKINS-30432) "Scripts not permitted to use method" in Jenkins Workflow
Title: Message Title Jesse Glick commented on JENKINS-30432 Re: "Scripts not permitted to use method" in Jenkins Workflow Well, if when testing your image in a temporary container you find that (a) updates are available, and (b) you want to use them, then accept updates from the Jenkins UI and see if that works. If so, make the corresponding edits in the versioned file and verify that the resulting image behaves as expected. I do this routinely. Add Comment This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [workflow-plugin] (JENKINS-30432) "Scripts not permitted to use method" in Jenkins Workflow
Title: Message Title Jesse Glick commented on JENKINS-30432 Re: "Scripts not permitted to use method" in Jenkins Workflow Well, you would either use Support Core (plugins/active.txt is almost right—just strip off /:(not-)?pinned$/), or simply look at /pluginManager/installed if there are only a few plugins relevant to the image. Add Comment This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [workflow-plugin] (JENKINS-30432) "Scripts not permitted to use method" in Jenkins Workflow
Title: Message Title Jesse Glick resolved as Incomplete Versions of at least the Workflow plugins and Script Security. If in doubt, install the Support Core plugin and attach a support bundle for diagnosis. Jenkins / JENKINS-30432 "Scripts not permitted to use method" in Jenkins Workflow Change By: Jesse Glick Status: Open Resolved Resolution: Incomplete Add Comment This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [workflow-plugin] (JENKINS-30432) "Scripts not permitted to use method" in Jenkins Workflow
Title: Message Title Jesse Glick commented on JENKINS-30432 Re: "Scripts not permitted to use method" in Jenkins Workflow Did you perchance install the Build Flow plugin? Or the Analysis Collector plugin? (A support bundle would let me know without having to ask.) Add Comment This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [workflow-plugin] (JENKINS-30432) "Scripts not permitted to use method" in Jenkins Workflow
Title: Message Title arungupta commented on JENKINS-30432 Re: "Scripts not permitted to use method" in Jenkins Workflow Workflow plugin is 1.10 Script Security is 1.13 Docker image is created using https://github.com/javaee-samples/docker-java/tree/master/attendees/cicd/jenkins Specifying complete list of plugins is quite painful anyway. I was hoping that it would resolve the dependencies but apparently not, related to: https://issues.jenkins-ci.org/browse/JENKINS-30361 Add Comment This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [workflow-plugin] (JENKINS-30432) "Scripts not permitted to use method" in Jenkins Workflow
Title: Message Title arungupta commented on JENKINS-30432 Re: "Scripts not permitted to use method" in Jenkins Workflow Dependency resolution is really messy and need to be cleaned up. I hope you don't expect developers to know each and every possible combination to work. If some combinations don't work, then an error should be thrown in the console, or a message be displayed. Can you help me create an exact list of plugins.txt? Or is this the only change required? A PR will be really useful. Add Comment This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [workflow-plugin] (JENKINS-30432) "Scripts not permitted to use method" in Jenkins Workflow
Title: Message Title Jesse Glick commented on JENKINS-30432 Re: "Scripts not permitted to use method" in Jenkins Workflow If some combinations don't work, then an error should be thrown in the console That is exactly what JENKINS-21486 proposes. Note that this only affects people constructing plugin sets from a config file; the UI already forces you to upgrade dependencies where required (except in a few corner cases). Add Comment This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [workflow-plugin] (JENKINS-30432) "Scripts not permitted to use method" in Jenkins Workflow
Title: Message Title arungupta commented on JENKINS-30432 Re: "Scripts not permitted to use method" in Jenkins Workflow For a Docker image, how would the list of plugins be created otherwise? Add Comment This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [workflow-plugin] (JENKINS-30432) "Scripts not permitted to use method" in Jenkins Workflow
Title: Message Title arungupta commented on JENKINS-30432 Re: "Scripts not permitted to use method" in Jenkins Workflow Jenkins version: 1.609.2 Workflow: https://github.com/arun-gupta/javaee7-docker-workflow/blob/master/Jenkinsfile What else is needed? Add Comment This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [workflow-plugin] (JENKINS-30432) "Scripts not permitted to use method" in Jenkins Workflow
Title: Message Title Jesse Glick reopened an issue Jenkins / JENKINS-30432 "Scripts not permitted to use method" in Jenkins Workflow Change By: Jesse Glick Resolution: Incomplete Status: Resolved Reopened Add Comment This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [workflow-plugin] (JENKINS-30432) "Scripts not permitted to use method" in Jenkins Workflow
Title: Message Title Jesse Glick resolved as Not A Defect Workflow 1.10 requires script-security 1.15 and will not work with the old version you have installed. I am not sure how you managed to get into that configuration, since Plugin Manager will force you to update script-security, but perhaps you hand-assembled your plugin list from Dockerfile and neglected to verify that plugin dependencies were satisfied. Jenkins / JENKINS-30432 "Scripts not permitted to use method" in Jenkins Workflow Change By: Jesse Glick Status: Reopened Resolved Resolution: Not A Defect Add Comment This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [workflow-plugin] (JENKINS-30432) "Scripts not permitted to use method" in Jenkins Workflow
Title: Message Title Jesse Glick commented on JENKINS-30432 Re: "Scripts not permitted to use method" in Jenkins Workflow Basically yet another manifestation of JENKINS-21486. Add Comment This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [workflow-plugin] (JENKINS-30432) "Scripts not permitted to use method" in Jenkins Workflow
Title: Message Title arungupta commented on JENKINS-30432 Re: "Scripts not permitted to use method" in Jenkins Workflow Worked around by going to Manage Jenkins -> In-process Script Approval, and clicking on "Approve" button for invokeMethod. Weird, but worked! Add Comment This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [workflow-plugin] (JENKINS-30432) "Scripts not permitted to use method" in Jenkins Workflow
Title: Message Title Jesse Glick commented on JENKINS-30432 Re: "Scripts not permitted to use method" in Jenkins Workflow No, do not approve that. It would be security risk. Delete approvals. Something is wrong but there is not enough information here to diagnose what. No software versions even. Add Comment This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [workflow-plugin] (JENKINS-30432) "Scripts not permitted to use method" in Jenkins Workflow
Title: Message Title arungupta created an issue Jenkins / JENKINS-30432 "Scripts not permitted to use method" in Jenkins Workflow Issue Type: Bug Assignee: Jesse Glick Components: workflow-plugin Created: 13/Sep/15 11:13 PM Priority: Minor Reporter: arungupta Inlining the script https://github.com/arun-gupta/javaee7-docker-workflow/blob/master/Jenkinsfile in Jenkins workflow builds the project successfully. But referring as a SCM script gives the following error: First time build. Skipping changelog. Running: Allocate node : Start Running on master in /var/jenkins_home/jobs/hello2/workspace Running: Allocate node : Body : Start Running: Allocate node : Body : End Running: Allocate node : End Running: End of Workflow org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException: Scripts not permitted to use method groovy.lang.GroovyObject invokeMethod java.lang.String java.lang.Object at org.jenkinsci.plugins.scriptsecurity.sandbox.whitelists.StaticWhitelist.rejectMethod(StaticWhitelist.java:150) at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SandboxInterceptor.onMethodCall(SandboxInterceptor.java:77) at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SandboxInterceptor.onMethodCall(SandboxInterceptor.java:60) at org.kohsuke.groovy.sandbox.impl.Checker$1.call(Checker.java:103) at org.kohsuke.groovy.sandbox.impl.Checker.checkedCall(Checker.java:100) at com.cloudbees.groovy.cps.sandbox.SandboxInvoker.methodCall(SandboxInvoker.java:15) at WorkflowScript.run(WorkflowScript:2) at Unknown.Unknown(Unknown) at __cps.transform__(Native Method) at com.cloudbees.groovy.cps.impl.ContinuationGroup.methodCall(ContinuationGroup.java:69) at
