From Fedora Project Wiki

Jenkins

Jenkins logo.png

This wiki page shows progress of packaging Jenkins in Fedora.

Tasks

  • create packaging guidelines for Java web applications
  • package all necessary dependencies
  • port jenkins-core to jnr-posix 2.x (msrb)
  • port maven-hpi-plugin to jetty 9
    • currently uses jetty 6
    • low priority, only "run" mojo requires jetty
  • port maven-hpi-plugin to maven-archiver 2.5 (msrb)
    • currently uses 2.0 (+plexus-archiver 1.0-alpha4) which is like 7 years old
    • done, testing needed [1]
  • stapler requires forked/slightly modified version of dom4j library (msrb)
    • TODO find workaround
    • looks like original author tried to push his changes to upstream: [2] (no response)
    • prepared patch (dirty hack)
  • jenkins-remoting bundles Base64 implementation (msrb)
    • replace with JDK implementation
    • done, testing needed, possibly upstreamable.
  • jenkins-remoting bundles class (TeeOutputStream) from apache-commons-io (msrb)
    • replace with proper dependency on commons-io
    • done, probably not upstreamable (new dependency)
  • jenkins-commons-jelly, update dependencies (msrb)
    • uses very old libraries, it doesn't build in Fedora without hacking pom file
    • uses jaxen 1.1.1, 7 years old, latest jaxen 1.1.6 is not available from Maven central (reported upstream [3])
    • prepared patch, waiting for jaxen, probably upstreamable [4]
  • j-interop, probably needed to enslave Windows machines
    • bundles several other projects in j-interopdeps/
    • namely: jarapac, gnu crypto, jtds, iwombat
  • jenkins uses acegisecurity
    • used for authentication and security related stuff, last release 5 years ago ([5])
    • acegisecurity became springsecurity [6]
    • Jenkins upstream doesn't want to upgrade without good reason ([7],[8]), looks like plugins rely on that old library
    • fedora definitely wants to use springsecurity -> port Jenkins to use it
    • convince upstream to use it too (or start discussion on OSGi?)
      • subtask: springsecurity is not in Fedora, but gil prepared package(s) long time ago -> do the reviews:
      • 882477, 882475, 882476, 882474
  • TODO - what else?

Packaging

# Package Version Review request Packager Comments URL
1 jenkins-ci-pom 1.30 msrb unknown license, reported upstream by mizdebsk [9] parent POM

URL: [10]

2 localizer 1.15 [11]
Pass pass
msrb URL: [12]
3 stapler 1.207 [13]
Pass pass
msrb URL: [14]
4 maven-hpi-plugin 1.95 [15]
Pass pass
msrb requires jetty 6 from some reason Maven plugin for building Jenkins plugins

URL: [16]

5 tiger-types 1.4 [17]
Pass pass
msrb packaged by gil long time ago URL: [18]
6 annotation-indexer 1.4 [19]
Pass pass
msrb URL: [20]
7 metainf-services 1.4 [21]
Pass pass
msrb URL: [22]
8 jinterop-proxy 1.1 msrb URL: [23]
9 memory-monitor 1.7 [24]
Pass pass
msrb URL: [25]
10 commons-jelly:commons-jelly-tags-xml URL: ?
11 access-modifier-annotation 1.4 [26]
Pass pass
msrb URL: [27]
12 org.springframework:spring-dao 2.5 probably our springframework-tx package,

but Jenkins uses older version (2.5, we have 3.1)

URL: ?
13 libpam4j 1.7 [28]
Pass pass
msrb URL: [29]
14 woodstox 3.2.9 already in fedora, package woodstock-core

(we have newer version, req.:3.2.9, we have:4.1.2

URL: [30]
15 jbcrypt 0.3m already in fedora

(different namespace)

URL: [31]
16 org.jvnet.hudson:xstream 1.4.4-jenkins-2 we already have xstream in fedora

Jenkins uses forked version

URL: [32]
17 org.jvnet.libzfs:libzfs 0.5 solaris specific, we won't need this URL: [33]
18 org.jenkins-ci:trilead-ssh2 build214-jenkins-1 we already have trilead-ssh2,

Jenkins uses patched version

URL: [34]
19 windows-remote-command 1.3 looks windows specific, we won't probably need this URL: [35]
20 jfree:jcommon 1.0.12 already in fedora under different namespace

(org.jfree:jcommon:1.0.18)

URL: ?
21 org.kohsuke:trilead-putty-extension 1.2 [36]
Pass pass
msrb not 100% sure if needed, but debian guys have this

and it's really simple package

URL: [37]
22 akuma 1.9 [38]
Pass pass
msrb URL: [39]
23 commons-jelly:commons-jelly-tags-fmt URL: ?
24 net.java.sezpoz:sezpoz 1.9 [40]
Pass pass
msrb needed URL: [41]
25 org.jvnet.hudson:jtidy jtidy package is already in fedora,

jenkins uses patched version

URL: [42]
26 org.kohsuke:asm3 this should be only renamed asm3, see [43] URL: ?
27 org.jruby.ext.posix:jna-posix 1.0.3 msrb needed, but jna-posix upstream is dead

replacement is called jnr-posix, we already have this package in Fedora, but patching Jenkins will be needed (this might be upstreamable)

URL: [44]
28 org.jenkins-ci:crypto-util 1.1 [45]
Pass pass
msrb URL: [46]
29 xmlpull:xmlpull xpp3 package in fedora URL: [47]
30 org.jenkins-ci:commons-jelly 1.1-jenkins-20120928 [48]
Pass pass
msrb URL: [49]
31 org.kohsuke.jinterop:j-interop msrb URL: [50]
32 com.sun.solaris:embedded_su4j 1.1 sounds solaris specific, probably not needed URL: [51]
33 org.jenkins-ci:jmdns 3.4.0 [52]
Pass pass
msrb needed, Jenkins uses patched version

(update: forked on github, but no changes have been made so far)

URL: [53] [54]
34 org.jvnet.winp:winp 1.6 sounds windows specific, not needed URL: ?
35 org.jenkins-ci:commons-jexl looks like our version works just fine URL: ?
36 org.jvnet.robust-http-client:robust-http-client 1.2 [55]
Pass pass
msrb needed URL: [56]
37 jfree:jfreechart 1.0.9 already in fedora under different namespace

(org.jfree:jfreechart:1.0.14)

URL: ?
38 org.jvnet.hudson.dom4j:dom4j patched dom4j used in Jenkins,

required by stapler-jelly, our dom4j doesn't work with it

URL: [57]
39 org.jvnet.hudson:commons-jelly-tags-define URL: ?
40 org.jenkins-ci.main:cli this is artifact from jenkins tarball URL: ?
41 org.kohsuke:windows-package-checker 1.1 probably not needed

it looks out for windows reserved words in package names

URL: [58]
42 org.kohsuke:owasp-html-sanitizer r88 [59]
Pass pass
msrb project uses Makefile...

review request: [60]

URL: [61] [62]
43 org.codehaus.groovy:groovy-all needed, already in fedora URL: ?
44 org.kohsuke.jinterop:j-interopdeps msrb part of the j-interop package URL: ?
45 org.acegisecurity:acegi-security needed, now called spring-security [[63]] URL: ?
46 org.jenkins-ci.main:remoting 2.23 [64]
Pass pass
msrb packaged URL: [65]
47 org.jenkins-ci:jinterop-wmi windows related, not needed URL: [66]
48 org.jenkins-ci:version-number 1.1 [67]
Pass pass
msrb needed URL: [68]
49 org.kohsuke.stapler:json-lib URL: [69]
50 com.infradna.tool:bridge-method-annotation 1.4 [70]
Pass pass
msrb needed

it's an artifact from bridge-method-injector

URL: [71] [72]
51 org.jvnet.hudson:activation URL: ?
52 org.kohsuke.stapler:stapler-adjunct-zeroclipboard 1.0.7-2 javascript + .swf files (:/) URL: [73]
53 org.jvnet.hudson:task-reactor 1.2 [74]
Pass pass
msrb needed, we can safely use latest version 1.3 URL: [75]
54 findbugs:annotations already in fedora URL: ?
55 org.jenkins-ci:core-annotation-processors msrb URL: [76]
56 com.sun.winsw:winsw 1.10 windows specific, not needed

(scope is 'provided' anyway)

URL: [77]
57 maven-jellydoc-plugin 1.5 msrb not needed URL: [78]
58 maven-stapler-plugin 1.16 msrb needed URL: [79]
59 stapler-adjunct-timeline 1.4 URL: [80]
60 stapler-adjunct-codemirror 1.2 URL: [81]
61 org.zeroturnaround:jr-sdk 2.1.1 msrb needed by stapler-jrebel

update: but it looks like stapler-jrebel is not actually needed

URL: ?
62 kohsuke-pom 5 [82]
Pass pass
msrb needed by many projects URL: [83]