|
Steps I took to confirm it was working on my existing Ubuntu 14.04 x64
master (previously using git client plugin 1.18.0, then git client
plugin 1.19.0, and now using an unreleased version of the git client
plugin that is adding submodule authentication):
1. Create a new user "hasphrase"
2. Login as user "hasphrase"
3. Generate passphrase protected private key
4. Create a private git repo for that user at /var/lib/git/hasphrase/bin.git
5. Confirm other system users cannot clone that repo
6. Create multi-configuration Jenkins job attempting to use that repo, use Elastic Axis plugin and Platform Labeler plugin to run job on "windows || linux || freebsd", restrict polling to only run from linux machines
7. Confirm Jenkins job cannot read the repo (exception polling, exception building)
8. Define Jenkins credential with private key and passphrase of user "hasphrase"
9. Modify Jenkins job to use that newly defined credential
10. Confirm job can read the repo (no exception polling, linux and freebsd slaves succeed, windows slaves fail)
Steps I took to confirm it failed on a freshly constructed Docker
instance (using git client plugin 1.19.0 and git plugin 2.4.0):
1. Run my [master-with-plugins Docker instance]()
2. Define job attempting to use that repo
3. Confirm job cannot read the repo (no credential defined)
4. Define new credential with the passphrase protected private key
Exception reported while defining the credential in the Docker
instance:
Caused by: java.lang.NullPointerException
at com.cloudbees.jenkins.plugins.sshcredentials.impl.BasicSSHUserPrivateKey.getPrivateKeys(BasicSSHUserPrivateKey.java:126)
at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.createSshKeyFile(CliGitAPIImpl.java:1432)
at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandWithCredentials(CliGitAPIImpl.java:1300)
at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandWithCredentials(CliGitAPIImpl.java:1282)
at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandWithCredentials(CliGitAPIImpl.java:1273)
at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.getHeadRev(CliGitAPIImpl.java:2404)
at hudson.plugins.git.UserRemoteConfig$DescriptorImpl.doCheckUrl(UserRemoteConfig.java:156)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:497)
at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:298)
at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:161)
at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:96)
at org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:121)
at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53)
at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:746)
... 56 more
Additional attempts included checking that the Docker instance could
use a private key without passphrase (which it could), and that the
prompt for the host key fingerprint was not the root reason why the
job failed (it did not seem to be the root reason, since even after
the private key without passphrase worked, the private key with
passphrase was still prompting for the password).
When I copied the job which uses the passphrase protected key, the
polling log reported there was no existing build so it scheduled a
build without polling. When that job ran, it hung with a prompt in the
Docker window requesting a passphrase for a temporary key file.
Enter passphrase for key '/tmp/ssh5560754303468136093key':
Future experiments might include:
1. Define the DISPLAY environment variable for Jenkins system-wide
2. Try unreleased git client plugin on Docker instance
3. Review createSshKeyFile null pointer exception
4. Implement passphrase protected private key test in CredentialsTest
|
