From 01d0ac9dfa9db19dbb809444950e6f06c726724a Mon Sep 17 00:00:00 2001 From: Basil Crow Date: Thu, 2 May 2024 00:03:59 -0700 Subject: [PATCH] Verify SHA256 checksum of plugin installation manager tool (#1868) --- 11/almalinux/almalinux8/hotspot/Dockerfile | 7 +++++-- 11/alpine/hotspot/Dockerfile | 7 +++++-- 11/debian/bookworm-slim/hotspot/Dockerfile | 7 +++++-- 11/debian/bookworm/hotspot/Dockerfile | 7 +++++-- 11/rhel/ubi8/hotspot/Dockerfile | 7 +++++-- 17/alpine/hotspot/Dockerfile | 7 +++++-- 17/debian/bookworm-slim/hotspot/Dockerfile | 7 +++++-- 17/debian/bookworm/hotspot/Dockerfile | 7 +++++-- 17/rhel/ubi9/hotspot/Dockerfile | 7 +++++-- 21/alpine/hotspot/Dockerfile | 7 +++++-- 21/debian/bookworm-slim/hotspot/Dockerfile | 7 +++++-- 21/debian/bookworm/hotspot/Dockerfile | 7 +++++-- 21/rhel/ubi9/hotspot/Dockerfile | 7 +++++-- docker-bake.hcl | 2 +- windows/windowsservercore/hotspot/Dockerfile | 6 ++++-- 15 files changed, 70 insertions(+), 29 deletions(-) diff --git a/11/almalinux/almalinux8/hotspot/Dockerfile b/11/almalinux/almalinux8/hotspot/Dockerfile index f580da1f78..b8ef03e224 100644 --- a/11/almalinux/almalinux8/hotspot/Dockerfile +++ b/11/almalinux/almalinux8/hotspot/Dockerfile @@ -105,9 +105,12 @@ ENV JENKINS_UC_EXPERIMENTAL=https://updates.jenkins.io/experimental ENV JENKINS_INCREMENTALS_REPO_MIRROR=https://repo.jenkins-ci.org/incrementals RUN chown -R ${user} "$JENKINS_HOME" "$REF" -ARG PLUGIN_CLI_VERSION=2.12.15 +ARG PLUGIN_CLI_VERSION=2.12.17 ARG PLUGIN_CLI_URL=https://github.com/jenkinsci/plugin-installation-manager-tool/releases/download/${PLUGIN_CLI_VERSION}/jenkins-plugin-manager-${PLUGIN_CLI_VERSION}.jar -RUN curl -fsSL ${PLUGIN_CLI_URL} -o /opt/jenkins-plugin-manager.jar +RUN curl -fsSL ${PLUGIN_CLI_URL} -o /opt/jenkins-plugin-manager.jar \ + && echo "$(curl -fsSL "${PLUGIN_CLI_URL}.sha256") /opt/jenkins-plugin-manager.jar" >/tmp/jenkins_sha \ + && sha256sum -c --strict /tmp/jenkins_sha \ + && rm -f /tmp/jenkins_sha # for main web interface: EXPOSE ${http_port} diff --git a/11/alpine/hotspot/Dockerfile b/11/alpine/hotspot/Dockerfile index e0f7d52496..e814b5eabc 100644 --- a/11/alpine/hotspot/Dockerfile +++ b/11/alpine/hotspot/Dockerfile @@ -104,9 +104,12 @@ ENV JENKINS_UC_EXPERIMENTAL=https://updates.jenkins.io/experimental ENV JENKINS_INCREMENTALS_REPO_MIRROR=https://repo.jenkins-ci.org/incrementals RUN chown -R ${user} "$JENKINS_HOME" "$REF" -ARG PLUGIN_CLI_VERSION=2.12.15 +ARG PLUGIN_CLI_VERSION=2.12.17 ARG PLUGIN_CLI_URL=https://github.com/jenkinsci/plugin-installation-manager-tool/releases/download/${PLUGIN_CLI_VERSION}/jenkins-plugin-manager-${PLUGIN_CLI_VERSION}.jar -RUN curl -fsSL ${PLUGIN_CLI_URL} -o /opt/jenkins-plugin-manager.jar +RUN curl -fsSL ${PLUGIN_CLI_URL} -o /opt/jenkins-plugin-manager.jar \ + && echo "$(curl -fsSL "${PLUGIN_CLI_URL}.sha256") /opt/jenkins-plugin-manager.jar" >/tmp/jenkins_sha \ + && sha256sum -c --strict /tmp/jenkins_sha \ + && rm -f /tmp/jenkins_sha # for main web interface: EXPOSE ${http_port} diff --git a/11/debian/bookworm-slim/hotspot/Dockerfile b/11/debian/bookworm-slim/hotspot/Dockerfile index b37e3554de..c74622bf26 100644 --- a/11/debian/bookworm-slim/hotspot/Dockerfile +++ b/11/debian/bookworm-slim/hotspot/Dockerfile @@ -114,9 +114,12 @@ ENV JENKINS_UC_EXPERIMENTAL=https://updates.jenkins.io/experimental ENV JENKINS_INCREMENTALS_REPO_MIRROR=https://repo.jenkins-ci.org/incrementals RUN chown -R ${user} "$JENKINS_HOME" "$REF" -ARG PLUGIN_CLI_VERSION=2.12.15 +ARG PLUGIN_CLI_VERSION=2.12.17 ARG PLUGIN_CLI_URL=https://github.com/jenkinsci/plugin-installation-manager-tool/releases/download/${PLUGIN_CLI_VERSION}/jenkins-plugin-manager-${PLUGIN_CLI_VERSION}.jar -RUN curl -fsSL ${PLUGIN_CLI_URL} -o /opt/jenkins-plugin-manager.jar +RUN curl -fsSL ${PLUGIN_CLI_URL} -o /opt/jenkins-plugin-manager.jar \ + && echo "$(curl -fsSL "${PLUGIN_CLI_URL}.sha256") /opt/jenkins-plugin-manager.jar" >/tmp/jenkins_sha \ + && sha256sum -c --strict /tmp/jenkins_sha \ + && rm -f /tmp/jenkins_sha # for main web interface: EXPOSE ${http_port} diff --git a/11/debian/bookworm/hotspot/Dockerfile b/11/debian/bookworm/hotspot/Dockerfile index 5aa788e61b..3fe53e5efe 100644 --- a/11/debian/bookworm/hotspot/Dockerfile +++ b/11/debian/bookworm/hotspot/Dockerfile @@ -114,9 +114,12 @@ ENV JENKINS_UC_EXPERIMENTAL=https://updates.jenkins.io/experimental ENV JENKINS_INCREMENTALS_REPO_MIRROR=https://repo.jenkins-ci.org/incrementals RUN chown -R ${user} "$JENKINS_HOME" "$REF" -ARG PLUGIN_CLI_VERSION=2.12.15 +ARG PLUGIN_CLI_VERSION=2.12.17 ARG PLUGIN_CLI_URL=https://github.com/jenkinsci/plugin-installation-manager-tool/releases/download/${PLUGIN_CLI_VERSION}/jenkins-plugin-manager-${PLUGIN_CLI_VERSION}.jar -RUN curl -fsSL ${PLUGIN_CLI_URL} -o /opt/jenkins-plugin-manager.jar +RUN curl -fsSL ${PLUGIN_CLI_URL} -o /opt/jenkins-plugin-manager.jar \ + && echo "$(curl -fsSL "${PLUGIN_CLI_URL}.sha256") /opt/jenkins-plugin-manager.jar" >/tmp/jenkins_sha \ + && sha256sum -c --strict /tmp/jenkins_sha \ + && rm -f /tmp/jenkins_sha # for main web interface: EXPOSE ${http_port} diff --git a/11/rhel/ubi8/hotspot/Dockerfile b/11/rhel/ubi8/hotspot/Dockerfile index 5d1db13c18..d996d326a9 100644 --- a/11/rhel/ubi8/hotspot/Dockerfile +++ b/11/rhel/ubi8/hotspot/Dockerfile @@ -108,9 +108,12 @@ ENV JENKINS_UC_EXPERIMENTAL=https://updates.jenkins.io/experimental ENV JENKINS_INCREMENTALS_REPO_MIRROR=https://repo.jenkins-ci.org/incrementals RUN chown -R ${user} "$JENKINS_HOME" "$REF" -ARG PLUGIN_CLI_VERSION=2.12.15 +ARG PLUGIN_CLI_VERSION=2.12.17 ARG PLUGIN_CLI_URL=https://github.com/jenkinsci/plugin-installation-manager-tool/releases/download/${PLUGIN_CLI_VERSION}/jenkins-plugin-manager-${PLUGIN_CLI_VERSION}.jar -RUN curl -fsSL ${PLUGIN_CLI_URL} -o /opt/jenkins-plugin-manager.jar +RUN curl -fsSL ${PLUGIN_CLI_URL} -o /opt/jenkins-plugin-manager.jar \ + && echo "$(curl -fsSL "${PLUGIN_CLI_URL}.sha256") /opt/jenkins-plugin-manager.jar" >/tmp/jenkins_sha \ + && sha256sum -c --strict /tmp/jenkins_sha \ + && rm -f /tmp/jenkins_sha # for main web interface: EXPOSE ${http_port} diff --git a/17/alpine/hotspot/Dockerfile b/17/alpine/hotspot/Dockerfile index 2ef262b5a2..23e4171cfa 100644 --- a/17/alpine/hotspot/Dockerfile +++ b/17/alpine/hotspot/Dockerfile @@ -105,9 +105,12 @@ ENV JENKINS_UC_EXPERIMENTAL=https://updates.jenkins.io/experimental ENV JENKINS_INCREMENTALS_REPO_MIRROR=https://repo.jenkins-ci.org/incrementals RUN chown -R ${user} "$JENKINS_HOME" "$REF" -ARG PLUGIN_CLI_VERSION=2.12.15 +ARG PLUGIN_CLI_VERSION=2.12.17 ARG PLUGIN_CLI_URL=https://github.com/jenkinsci/plugin-installation-manager-tool/releases/download/${PLUGIN_CLI_VERSION}/jenkins-plugin-manager-${PLUGIN_CLI_VERSION}.jar -RUN curl -fsSL ${PLUGIN_CLI_URL} -o /opt/jenkins-plugin-manager.jar +RUN curl -fsSL ${PLUGIN_CLI_URL} -o /opt/jenkins-plugin-manager.jar \ + && echo "$(curl -fsSL "${PLUGIN_CLI_URL}.sha256") /opt/jenkins-plugin-manager.jar" >/tmp/jenkins_sha \ + && sha256sum -c --strict /tmp/jenkins_sha \ + && rm -f /tmp/jenkins_sha # for main web interface: EXPOSE ${http_port} diff --git a/17/debian/bookworm-slim/hotspot/Dockerfile b/17/debian/bookworm-slim/hotspot/Dockerfile index 87af22387e..d909b53c77 100644 --- a/17/debian/bookworm-slim/hotspot/Dockerfile +++ b/17/debian/bookworm-slim/hotspot/Dockerfile @@ -114,9 +114,12 @@ ENV JENKINS_UC_EXPERIMENTAL=https://updates.jenkins.io/experimental ENV JENKINS_INCREMENTALS_REPO_MIRROR=https://repo.jenkins-ci.org/incrementals RUN chown -R ${user} "$JENKINS_HOME" "$REF" -ARG PLUGIN_CLI_VERSION=2.12.15 +ARG PLUGIN_CLI_VERSION=2.12.17 ARG PLUGIN_CLI_URL=https://github.com/jenkinsci/plugin-installation-manager-tool/releases/download/${PLUGIN_CLI_VERSION}/jenkins-plugin-manager-${PLUGIN_CLI_VERSION}.jar -RUN curl -fsSL ${PLUGIN_CLI_URL} -o /opt/jenkins-plugin-manager.jar +RUN curl -fsSL ${PLUGIN_CLI_URL} -o /opt/jenkins-plugin-manager.jar \ + && echo "$(curl -fsSL "${PLUGIN_CLI_URL}.sha256") /opt/jenkins-plugin-manager.jar" >/tmp/jenkins_sha \ + && sha256sum -c --strict /tmp/jenkins_sha \ + && rm -f /tmp/jenkins_sha # for main web interface: EXPOSE ${http_port} diff --git a/17/debian/bookworm/hotspot/Dockerfile b/17/debian/bookworm/hotspot/Dockerfile index 47ef0dcb2d..8989d1c633 100644 --- a/17/debian/bookworm/hotspot/Dockerfile +++ b/17/debian/bookworm/hotspot/Dockerfile @@ -114,9 +114,12 @@ ENV JENKINS_UC_EXPERIMENTAL=https://updates.jenkins.io/experimental ENV JENKINS_INCREMENTALS_REPO_MIRROR=https://repo.jenkins-ci.org/incrementals RUN chown -R ${user} "$JENKINS_HOME" "$REF" -ARG PLUGIN_CLI_VERSION=2.12.15 +ARG PLUGIN_CLI_VERSION=2.12.17 ARG PLUGIN_CLI_URL=https://github.com/jenkinsci/plugin-installation-manager-tool/releases/download/${PLUGIN_CLI_VERSION}/jenkins-plugin-manager-${PLUGIN_CLI_VERSION}.jar -RUN curl -fsSL ${PLUGIN_CLI_URL} -o /opt/jenkins-plugin-manager.jar +RUN curl -fsSL ${PLUGIN_CLI_URL} -o /opt/jenkins-plugin-manager.jar \ + && echo "$(curl -fsSL "${PLUGIN_CLI_URL}.sha256") /opt/jenkins-plugin-manager.jar" >/tmp/jenkins_sha \ + && sha256sum -c --strict /tmp/jenkins_sha \ + && rm -f /tmp/jenkins_sha # for main web interface: EXPOSE ${http_port} diff --git a/17/rhel/ubi9/hotspot/Dockerfile b/17/rhel/ubi9/hotspot/Dockerfile index 7800531f40..da3114a983 100644 --- a/17/rhel/ubi9/hotspot/Dockerfile +++ b/17/rhel/ubi9/hotspot/Dockerfile @@ -107,9 +107,12 @@ ENV JENKINS_UC_EXPERIMENTAL=https://updates.jenkins.io/experimental ENV JENKINS_INCREMENTALS_REPO_MIRROR=https://repo.jenkins-ci.org/incrementals RUN chown -R ${user} "$JENKINS_HOME" "$REF" -ARG PLUGIN_CLI_VERSION=2.12.15 +ARG PLUGIN_CLI_VERSION=2.12.17 ARG PLUGIN_CLI_URL=https://github.com/jenkinsci/plugin-installation-manager-tool/releases/download/${PLUGIN_CLI_VERSION}/jenkins-plugin-manager-${PLUGIN_CLI_VERSION}.jar -RUN curl -fsSL ${PLUGIN_CLI_URL} -o /opt/jenkins-plugin-manager.jar +RUN curl -fsSL ${PLUGIN_CLI_URL} -o /opt/jenkins-plugin-manager.jar \ + && echo "$(curl -fsSL "${PLUGIN_CLI_URL}.sha256") /opt/jenkins-plugin-manager.jar" >/tmp/jenkins_sha \ + && sha256sum -c --strict /tmp/jenkins_sha \ + && rm -f /tmp/jenkins_sha # for main web interface: EXPOSE ${http_port} diff --git a/21/alpine/hotspot/Dockerfile b/21/alpine/hotspot/Dockerfile index 9c49a07496..29c1bfd70f 100644 --- a/21/alpine/hotspot/Dockerfile +++ b/21/alpine/hotspot/Dockerfile @@ -104,9 +104,12 @@ ENV JENKINS_UC_EXPERIMENTAL=https://updates.jenkins.io/experimental ENV JENKINS_INCREMENTALS_REPO_MIRROR=https://repo.jenkins-ci.org/incrementals RUN chown -R ${user} "$JENKINS_HOME" "$REF" -ARG PLUGIN_CLI_VERSION=2.12.15 +ARG PLUGIN_CLI_VERSION=2.12.17 ARG PLUGIN_CLI_URL=https://github.com/jenkinsci/plugin-installation-manager-tool/releases/download/${PLUGIN_CLI_VERSION}/jenkins-plugin-manager-${PLUGIN_CLI_VERSION}.jar -RUN curl -fsSL ${PLUGIN_CLI_URL} -o /opt/jenkins-plugin-manager.jar +RUN curl -fsSL ${PLUGIN_CLI_URL} -o /opt/jenkins-plugin-manager.jar \ + && echo "$(curl -fsSL "${PLUGIN_CLI_URL}.sha256") /opt/jenkins-plugin-manager.jar" >/tmp/jenkins_sha \ + && sha256sum -c --strict /tmp/jenkins_sha \ + && rm -f /tmp/jenkins_sha # for main web interface: EXPOSE ${http_port} diff --git a/21/debian/bookworm-slim/hotspot/Dockerfile b/21/debian/bookworm-slim/hotspot/Dockerfile index b95dd3bae9..b05152124e 100644 --- a/21/debian/bookworm-slim/hotspot/Dockerfile +++ b/21/debian/bookworm-slim/hotspot/Dockerfile @@ -114,9 +114,12 @@ ENV JENKINS_UC_EXPERIMENTAL=https://updates.jenkins.io/experimental ENV JENKINS_INCREMENTALS_REPO_MIRROR=https://repo.jenkins-ci.org/incrementals RUN chown -R ${user} "$JENKINS_HOME" "$REF" -ARG PLUGIN_CLI_VERSION=2.12.15 +ARG PLUGIN_CLI_VERSION=2.12.17 ARG PLUGIN_CLI_URL=https://github.com/jenkinsci/plugin-installation-manager-tool/releases/download/${PLUGIN_CLI_VERSION}/jenkins-plugin-manager-${PLUGIN_CLI_VERSION}.jar -RUN curl -fsSL ${PLUGIN_CLI_URL} -o /opt/jenkins-plugin-manager.jar +RUN curl -fsSL ${PLUGIN_CLI_URL} -o /opt/jenkins-plugin-manager.jar \ + && echo "$(curl -fsSL "${PLUGIN_CLI_URL}.sha256") /opt/jenkins-plugin-manager.jar" >/tmp/jenkins_sha \ + && sha256sum -c --strict /tmp/jenkins_sha \ + && rm -f /tmp/jenkins_sha # for main web interface: EXPOSE ${http_port} diff --git a/21/debian/bookworm/hotspot/Dockerfile b/21/debian/bookworm/hotspot/Dockerfile index 31fc6c88c5..c4e9eedee7 100644 --- a/21/debian/bookworm/hotspot/Dockerfile +++ b/21/debian/bookworm/hotspot/Dockerfile @@ -114,9 +114,12 @@ ENV JENKINS_UC_EXPERIMENTAL=https://updates.jenkins.io/experimental ENV JENKINS_INCREMENTALS_REPO_MIRROR=https://repo.jenkins-ci.org/incrementals RUN chown -R ${user} "$JENKINS_HOME" "$REF" -ARG PLUGIN_CLI_VERSION=2.12.15 +ARG PLUGIN_CLI_VERSION=2.12.17 ARG PLUGIN_CLI_URL=https://github.com/jenkinsci/plugin-installation-manager-tool/releases/download/${PLUGIN_CLI_VERSION}/jenkins-plugin-manager-${PLUGIN_CLI_VERSION}.jar -RUN curl -fsSL ${PLUGIN_CLI_URL} -o /opt/jenkins-plugin-manager.jar +RUN curl -fsSL ${PLUGIN_CLI_URL} -o /opt/jenkins-plugin-manager.jar \ + && echo "$(curl -fsSL "${PLUGIN_CLI_URL}.sha256") /opt/jenkins-plugin-manager.jar" >/tmp/jenkins_sha \ + && sha256sum -c --strict /tmp/jenkins_sha \ + && rm -f /tmp/jenkins_sha # for main web interface: EXPOSE ${http_port} diff --git a/21/rhel/ubi9/hotspot/Dockerfile b/21/rhel/ubi9/hotspot/Dockerfile index 8f5aefee02..3ef60a876a 100644 --- a/21/rhel/ubi9/hotspot/Dockerfile +++ b/21/rhel/ubi9/hotspot/Dockerfile @@ -107,9 +107,12 @@ ENV JENKINS_UC_EXPERIMENTAL=https://updates.jenkins.io/experimental ENV JENKINS_INCREMENTALS_REPO_MIRROR=https://repo.jenkins-ci.org/incrementals RUN chown -R ${user} "$JENKINS_HOME" "$REF" -ARG PLUGIN_CLI_VERSION=2.12.15 +ARG PLUGIN_CLI_VERSION=2.12.17 ARG PLUGIN_CLI_URL=https://github.com/jenkinsci/plugin-installation-manager-tool/releases/download/${PLUGIN_CLI_VERSION}/jenkins-plugin-manager-${PLUGIN_CLI_VERSION}.jar -RUN curl -fsSL ${PLUGIN_CLI_URL} -o /opt/jenkins-plugin-manager.jar +RUN curl -fsSL ${PLUGIN_CLI_URL} -o /opt/jenkins-plugin-manager.jar \ + && echo "$(curl -fsSL "${PLUGIN_CLI_URL}.sha256") /opt/jenkins-plugin-manager.jar" >/tmp/jenkins_sha \ + && sha256sum -c --strict /tmp/jenkins_sha \ + && rm -f /tmp/jenkins_sha # for main web interface: EXPOSE ${http_port} diff --git a/docker-bake.hcl b/docker-bake.hcl index 625543ddc4..a1df11b645 100644 --- a/docker-bake.hcl +++ b/docker-bake.hcl @@ -77,7 +77,7 @@ variable "LATEST_LTS" { } variable "PLUGIN_CLI_VERSION" { - default = "2.12.15" + default = "2.12.17" } variable "COMMIT_SHA" { diff --git a/windows/windowsservercore/hotspot/Dockerfile b/windows/windowsservercore/hotspot/Dockerfile index 442c532e6b..61a392b4a4 100644 --- a/windows/windowsservercore/hotspot/Dockerfile +++ b/windows/windowsservercore/hotspot/Dockerfile @@ -111,9 +111,11 @@ ENV JENKINS_UC https://updates.jenkins.io ENV JENKINS_UC_EXPERIMENTAL=https://updates.jenkins.io/experimental ENV JENKINS_INCREMENTALS_REPO_MIRROR=https://repo.jenkins-ci.org/incrementals -ARG PLUGIN_CLI_VERSION=2.12.15 +ARG PLUGIN_CLI_VERSION=2.12.17 ARG PLUGIN_CLI_URL=https://github.com/jenkinsci/plugin-installation-manager-tool/releases/download/${PLUGIN_CLI_VERSION}/jenkins-plugin-manager-${PLUGIN_CLI_VERSION}.jar -RUN Invoke-WebRequest -Uri "$env:PLUGIN_CLI_URL" -OutFile C:/ProgramData/Jenkins/jenkins-plugin-manager.jar +RUN $sha256sum = [System.Text.Encoding]::UTF8.GetString((Invoke-WebRequest -Uri ($env:PLUGIN_CLI_URL + '.sha256') -UseBasicParsing).Content); ` + Invoke-WebRequest -Uri "$env:PLUGIN_CLI_URL" -OutFile C:/ProgramData/Jenkins/jenkins-plugin-manager.jar; ` + if ((Get-FileHash -Path C:/ProgramData/Jenkins/jenkins-plugin-manager.jar -Algorithm SHA256).Hash -ne $sha256sum) {exit 1} # for main web interface: EXPOSE ${http_port}