Spotted when starting the CI Jenkins:
Sep 19 08:45:07 contint1002 jenkins[2990468]: WARNING: [org.jenkinsci.plugins.scriptsecurity.scripts.ScriptApproval load] There are 364 deprecated approved script hashes and 0 deprecated approved classpath hashes. They will be rehashed upon next use and that may cause performance issues until all of them are converted or removed.
https://integration.wikimedia.org/ci/manage/scriptApproval/ says:
Script approvals are stored in Jenkins as the hashed value of the script. Old approvals were hashed using SHA-1, which is deprecated. Because only the hash of the script is stored, they cannot be immediately converted to use a new hash algorithm. Instead, they will be automatically rehashed when the script is next used. To minimize potential security risks, you can immediately revoke all script approvals that were hashed using SHA-1.
This will cause all jobs and features that use those scripts to fail until they are reconfigured and then approved by a Jenkins administrator.
There are some scripts approval pending as well :/
Mentioned in SAL (#wikimedia-releng) [2024-09-19T09:02:05Z] <hashar> CI Jenkins: approved 3 scripts we wrote which were pending approval at https://integration.wikimedia.org/ci/manage/scriptApproval/ # T375160
Mentioned in SAL (#wikimedia-releng) [2024-09-19T09:03:34Z] <hashar> Cleared deprecated approvals from CI Jenkins # T375160