Steps I took to confirm it was working on my existing Ubuntu 14.04 x64 master (previously using git client plugin 1.18.0, then git client plugin 1.19.0, and now using an unreleased version of the git client plugin that is adding submodule authentication):
1. Create a new user "hasphrase" 2. Login as user "hasphrase" 3. Generate passphrase protected private key 4. Create a private git repo for that user at /var/lib/git/hasphrase/bin.git 5. Confirm other system users cannot clone that repo 6. Create multi-configuration Jenkins job attempting to use that repo, use Elastic Axis plugin and Platform Labeler plugin to run job on "windows || linux || freebsd", restrict polling to only run from linux machines 7. Confirm Jenkins job cannot read the repo (exception polling, exception building) 8. Define Jenkins credential with private key and passphrase of user "hasphrase" 9. Modify Jenkins job to use that newly defined credential 10. Confirm job can read the repo (no exception polling, linux and freebsd slaves succeed, windows slaves fail)
Steps I took to confirm it failed on a freshly constructed Docker instance (using git client plugin 1.19.0 and git plugin 2.4.0):
1. Run my [master-with-plugins Docker instance]() 2. Define job attempting to use that repo 3. Confirm job cannot read the repo (no credential defined) 4. Define new credential with the passphrase protected private key
Exception reported while defining the credential in the Docker instance:
Caused by: java.lang.NullPointerException at com.cloudbees.jenkins.plugins.sshcredentials.impl.BasicSSHUserPrivateKey.getPrivateKeys(BasicSSHUserPrivateKey.java:126) at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.createSshKeyFile(CliGitAPIImpl.java:1432) at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandWithCredentials(CliGitAPIImpl.java:1300) at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandWithCredentials(CliGitAPIImpl.java:1282) at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandWithCredentials(CliGitAPIImpl.java:1273) at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.getHeadRev(CliGitAPIImpl.java:2404) at hudson.plugins.git.UserRemoteConfig$DescriptorImpl.doCheckUrl(UserRemoteConfig.java:156) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:497) at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:298) at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:161) at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:96) at org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:121) at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53) at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:746) ... 56 more
Additional attempts included checking that the Docker instance could use a private key without passphrase (which it could), and that the prompt for the host key fingerprint was not the root reason why the job failed (it did not seem to be the root reason, since even after the private key without passphrase worked, the private key with passphrase was still prompting for the password).
When I copied the job which uses the passphrase protected key, the polling log reported there was no existing build so it scheduled a build without polling. When that job ran, it hung with a prompt in the Docker window requesting a passphrase for a temporary key file.
Enter passphrase for key '/tmp/ssh5560754303468136093key':
Future experiments might include:
1. Define the DISPLAY environment variable for Jenkins system-wide 2. Try unreleased git client plugin on Docker instance 3. Review createSshKeyFile null pointer exception 4. Implement passphrase protected private key test in CredentialsTest
|