New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Regression: versions later than 1.8.1 no longer derive credentials from ssh-agent
#226
Comments
Doing a little bit of digging here, I suspect the first culprit is this commit where for a push (without explicit credentials configured through
and within TransportOpUtil.configure() we see:
I've seen this log mention
|
Thanks for reporting this! I suspected, that removing GrGit might lead to some problems in scenarios that we don't use at Allegro. I will try to fix it using pure JGit during the weekend. I will reach out if i have more questions (or need additional testing?) |
No worries. Note that when I dug further under the hood, the GrGit JschAgentProxySessionFactory class gets used, which is non-trivial. I think this probably warrants some thought at a high level from the maintainers of the repo as to how you want to proceed. For example, do you want to:
@adamdubiel I'm happy to leave it in your hands, let me know if I can be of further help, in testing or otherwise. |
I know all those classes :) Unfortunately i did not write all necessary SSH tests back in the days, so i have to pay the debt now. |
@adamdubiel any update, and can I be any of any help? |
@adamdubiel 3 months on, is there any chance of an update on this, please? |
Update: no progress so far, although i would love to get some time to fix it. Is staying on 1.8.x a huge pain for you? |
@adamdubiel it's just that a number of teams keep bumping into this bug on our CI servers (which use |
Okay, i get it :) Maybe you find it annoying enough to create a PR? I know |
Out of curiosity, what was the driver for dropping |
I had multiple cases of dependencies clash with different versions of GrGit on classpath. I figured out that all the basic operations in JGit are actually easy to perform. I was using JGit in a lot of places anyway due to performance concerns and GrGit not exposing all the APIs. Sadly the agent integration suffered, but this is the only downside of not using GrGit. |
I've been watching this ticket for awhile now and figured I would chime in. We've been having this issue with Jenkins since Would having I'd personally work on a PR myself but my groovy is shit. (hence the reason I wrote our internal plugin in scala) Anyway, I'm just wondering what options are available to alleviate the issue those us using sshagent are having without Regardless |
So i had a couple of hours on the train and decided to tackle this issue. I basically took a look at how @k3mist would you be willing to try it out? Funny thing, newest rc versions of Just like before |
@adamdubiel I will give it a run as soon as I get some time this week and I'll report back. Work is crazy right now so I'll try my best to get to it before Friday. Thank you for taking a shot at this! |
@adamdubiel I'll try and give some feedback this week as well if I have the chance. Thanks for taking the time to put together a candidate fix; apologies I never managed to make the time myself. |
Great! Waiting for the news then :) |
@adamdubiel Nice job man! Published the branch build to our nexus snapshot repo and then pulled it into our pipeline plugin Everything looks good! jenkins stages |
Yeah :) How about the amount of logging - not too much? Looks like you run it with |
Logging looked fine/normal. Yeah we run all tasks with |
I just released |
I was on vaca and now just getting a chance to respond. Thanks so much for this @adamdubiel !! |
Hi @adamdubiel, thanks for the work! But I'm afraid it seems I am still getting the very same error also when using version |
@edgarvonk do you mind creating a new issue for this? I don't know what is the error :) |
My team was able to figure out the issue is actually with the keys that are generated using OpenSSH versions after 7.8. If the key is generated using openssh7.4(like mine was) or openssl, the issue goes away. So whatever jgit is doing to load the key seems to be not supported. |
Aha, yes, @hgaglani that seems to be the issue.. We downgraded back to 1.8.1 and with that also the new SSH keys work. I believe this is now being tackled in #270 right @adamdubiel ? |
Scenario:
axion-release
as follows:ssh-agent
(via Jenkinssshagent
pipeline step). They're not in, for example, the~/.ssh/id-rsa
file.Previous behaviour
With
axion-release
version1.8.1
, thepushRelease
task works just fine and tags are pushed to the repo.Regression
With version
1.8.2
onwards, the following error occurs:Next steps
I can see there's been a number of changes since 1.8.1 in the area of how Git is used by the plugin. So unpicking it may prove to be a little gnarly.
The text was updated successfully, but these errors were encountered: