[JIRA] (JENKINS-57461) Pipeline checkout stage fails with "java.io.IOException: Unable to serialize"

14 views
Skip to first unread message

markusschulte83@gmail.com (JIRA)

unread,
May 14, 2019, 11:08:02 AM5/14/19
to jenkinsc...@googlegroups.com
Markus Schulte created an issue
 
Jenkins / Bug JENKINS-57461
Pipeline checkout stage fails with "java.io.IOException: Unable to serialize"
Issue Type: Bug Bug
Assignee: Mark Waite
Components: git-client-plugin
Created: 2019-05-14 15:07
Environment: Jenkins ver. 2.164.3 with OpenJDK "11.0.3+1-Debian-1bpo91"
git-client-plugin v2.7.7 and v3.0.0-beta9
Jenkins slave running OpenJDK11
Priority: Minor Minor
Reporter: Markus Schulte

Hi,

 

I have an automated Jenkins setup. While provisioning, I add as part of init.groovy.d an SSH key as a new SSH key as credentials to the Jenkins master (new BasicSSHUserPrivateKey(..., new BasicSSHUserPrivateKey.FileOnMasterPrivateKeySource(sshKeyPath))). Furthermore, I add a job using this credentials, and I setup Jenkins slaves automatically.

 

When running my job the first time (which will run on a slave), I get the following exception

java.io.NotSerializableException: com.cloudbees.jenkins.plugins.sshcredentials.impl.BasicSSHUserPrivateKey$FileOnMasterPrivateKeySource
 at java.base/java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1185)
 at java.base/java.io.ObjectOutputStream.defaultWriteFields(ObjectOutputStream.java:1553)
 at java.base/java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1510)
 at java.base/java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1433)
 at java.base/java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1179)
 at java.base/java.io.ObjectOutputStream.writeArray(ObjectOutputStream.java:1379)
 at java.base/java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1175)
 at java.base/java.io.ObjectOutputStream.defaultWriteFields(ObjectOutputStream.java:1553)
 at java.base/java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1510)
 at java.base/java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1433)
 at java.base/java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1179)
 at java.base/java.io.ObjectOutputStream.writeObject(ObjectOutputStream.java:349)
 at hudson.remoting.UserRequest._serialize(UserRequest.java:264)
 at hudson.remoting.UserRequest.serialize(UserRequest.java:273)
Caused: java.io.IOException: Unable to serialize UserRPCRequest:org.jenkinsci.plugins.gitclient.GitClient.addCredentials[java.lang.String,com.cloudbees.plugins.credentials.common.StandardCredentials](25)
 at hudson.remoting.UserRequest.serialize(UserRequest.java:275)
 at hudson.remoting.UserRequest.<init>(UserRequest.java:101)
 at hudson.remoting.Channel.call(Channel.java:955)
 at hudson.remoting.RemoteInvocationHandler.invoke(RemoteInvocationHandler.java:283)
Caused: hudson.remoting.RemotingSystemException
 at hudson.remoting.RemoteInvocationHandler.invoke(RemoteInvocationHandler.java:299)
 at com.sun.proxy.$Proxy82.addCredentials(Unknown Source)
 at org.jenkinsci.plugins.gitclient.RemoteGitImpl.addCredentials(RemoteGitImpl.java:200)
 at hudson.plugins.git.GitSCM.createClient(GitSCM.java:845)
 at hudson.plugins.git.GitSCM.createClient(GitSCM.java:813)
 at hudson.plugins.git.GitSCM.checkout(GitSCM.java:1186)
 at org.jenkinsci.plugins.workflow.steps.scm.SCMStep.checkout(SCMStep.java:120)
 at org.jenkinsci.plugins.workflow.steps.scm.SCMStep$StepExecutionImpl.run(SCMStep.java:90)
 at org.jenkinsci.plugins.workflow.steps.scm.SCMStep$StepExecutionImpl.run(SCMStep.java:77)
 at org.jenkinsci.plugins.workflow.steps.SynchronousNonBlockingStepExecution.lambda$start$0(SynchronousNonBlockingStepExecution.java:47)
 at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)
 at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
 at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
 at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
 at java.base/java.lang.Thread.run(Thread.java:834

 

Reloading or restarting Jenkins solves the problem.
Add Comment Add Comment
 
This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d)

mark.earl.waite@gmail.com (JIRA)

unread,
Jun 30, 2019, 12:03:01 PM6/30/19
to jenkinsc...@googlegroups.com
Mark Waite commented on Bug JENKINS-57461
 
Re: Pipeline checkout stage fails with "java.io.IOException: Unable to serialize"

I am not entirely sure what is meant in the FileOnMaster javadoc when it says:

Deprecated.

This approach has security vulnerability and should be migrated to BasicSSHUserPrivateKey.DirectEntryPrivateKeySource

Does the same problem happen when using DirectEntryPrivateKeySource?

mark.earl.waite@gmail.com (JIRA)

unread,
Jul 2, 2019, 3:01:02 PM7/2/19
to jenkinsc...@googlegroups.com
Mark Waite edited a comment on Bug JENKINS-57461
I am not entirely sure what is meant in the [FileOnMaster javadoc|https://javadoc.jenkins.io/plugin/ssh-credentials/com/cloudbees/jenkins/plugins/sshcredentials/impl/BasicSSHUserPrivateKey.FileOnMasterPrivateKeySource.html] when it says:

 bq. {quote} *Deprecated*.
bq. This approach has security vulnerability and should be migrated to BasicSSHUserPrivateKey.DirectEntryPrivateKeySource
 {quote}

Does the same problem happen when using DirectEntryPrivateKeySource?

mark.earl.waite@gmail.com (JIRA)

unread,
Aug 24, 2019, 12:53:01 PM8/24/19
to jenkinsc...@googlegroups.com
Mark Waite edited a comment on Bug JENKINS-57461
I am not entirely sure what is meant in This technique for loading private key files from the Jenkins master has been deprecated as part of [ SECURITY-440 - arbitrary file read vulnerability|https://jenkins.io/security/advisory/2018-06-25/#SECURITY-440].  The [ FileOnMaster javadoc|https://javadoc.jenkins.io/plugin/ssh-credentials/com/cloudbees/jenkins/plugins/sshcredentials/impl/BasicSSHUserPrivateKey.FileOnMasterPrivateKeySource.html] when it says:

{quote}*Deprecated*.
This approach has security vulnerability and should be migrated to BasicSSHUserPrivateKey.DirectEntryPrivateKeySource
{quote}

Does the same problem happen when using DirectEntryPrivateKeySource?

mark.earl.waite@gmail.com (JIRA)

unread,
Aug 24, 2019, 12:54:02 PM8/24/19
to jenkinsc...@googlegroups.com
Mark Waite edited a comment on Bug JENKINS-57461
This [~schultemarkus], this technique for loading private key files from the Jenkins master has been deprecated as part of [SECURITY-440 - arbitrary file read vulnerability|https://jenkins.io/security/advisory/2018-06-25/#SECURITY-440].  The [FileOnMaster javadoc|https://javadoc.jenkins.io/plugin/ssh-credentials/com/cloudbees/jenkins/plugins/sshcredentials/impl/BasicSSHUserPrivateKey.FileOnMasterPrivateKeySource.html] says:

{quote}*Deprecated*.
This approach has security vulnerability and should be migrated to BasicSSHUserPrivateKey.DirectEntryPrivateKeySource
{quote}

Does the same problem happen when using DirectEntryPrivateKeySource?
Add Comment Add Comment
 

mark.earl.waite@gmail.com (JIRA)

unread,
Aug 24, 2019, 12:55:03 PM8/24/19
to jenkinsc...@googlegroups.com
Mark Waite assigned an issue to Unassigned
 
Change By: Mark Waite
Assignee: Mark Waite

mark.earl.waite@gmail.com (JIRA)

unread,
Feb 9, 2020, 4:37:03 AM2/9/20
to jenkinsc...@googlegroups.com
Mark Waite resolved as Won't Fix
 

Resolving as won't fix since the specific technique for creating private key credentials has been deprecated and the submitter has not replied if the same condition exists for non-deprecated methods for creating the private key credentials.
Change By: Mark Waite
Status: Open Resolved
Resolution: Won't Fix
This message was sent by Atlassian Jira (v7.13.6#713006-sha1:cc4451f)
Atlassian logo
Reply all
Reply to author
Forward
0 new messages