Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
    Mark Waite
    @MarkEWaite
    In the README.adoc file
    Mark Waite
    @MarkEWaite

    Looking forward to the git credentials binding project office hours in about 30 minutes. I've spent an hour or two testing the most recent build and have good results to share.

    1. So long as I define the correct gitToolName, Pipeline and Freestyle jobs are working great in all the tests that I have run
    2. If I fail to define gitToolName, the job fails (Freestyle and Pipeline)

    Great work @arpoch !

    Mark Waite
    @MarkEWaite
    Shame on me for confusing one meeting with another. Docs office hours starts in a few minutes. Git credentials is tomorrow. Talk to you all tomorrow. Sorry for the mistaken calendar reading
    1 reply
    Harshit Chopra
    @arpoch
    1. If I fail to define gitToolName, the job fails (Freestyle and Pipeline)
    I believe the scenario of leaving git tool name input empty is not a valid behavior thus requires a check to ensure that at-least the git tool input contain Default.
    image.png
    Justin Harringa
    @justinharringa:matrix.org
    [m]
    Hey I'm sorry for the late notice but I have had some things come up and can't make it. Hopefully Mark has you set for the meet
    Mark Waite
    @MarkEWaite
    Meeting notes are in https://docs.google.com/document/d/1gZneYIDWrT5S-1ACG641wfvxs7vnDC0RCYqy-EuuhwY/edit?usp=sharing . Looks good to release a version of git client plugin with the new API and git plugin with the username / password credentials binding implementation
    Mark Waite
    @MarkEWaite
    @arpoch and @rishabhBudhouliya I've investigated further and I believe the logic is now implemented (with tests) that will allow gitToolName to be an optional argument and to use default if an invalid value is provided. See MarkEWaite/git-plugin@4f8e4d8
    Harshit Chopra
    @arpoch
    @MarkEWaite I believe you wanted something like this... for the git tool name selection
    2 replies
    image.png
    Harshit Chopra
    @arpoch
    I have a doubt now. The doFillGitToolItems in GitSCM provides us with names of the git tools available for the user to choose from. Could we use the same logic but return a gitTool instance instead and check it's type and decide on whether to proceed authentication or not, will it still require resolveGitTool method usage. When using resolveGitTool method we check for a node specific gitTool but if the user is the one selecting the gitTool then would it be too assumptious to say that they must have configured it on the agents as well.
    Mark Waite
    @MarkEWaite
    I think it is still best to not require the user select the correct gitTool.
    It helps us that they recommend a git tool and we should prefer that git tool, but I don't think we should fail if they provided a git tool and their sh, bat, or powershell can find a command line git to use
    Rishabh Budhouliya
    @rishabhBudhouliya
    I think the approach Harshit is describing depends on a critical factor:
    Does the doFillGitToolItems provide all the git installations or only the git installations present in the current running node? (be it a controller or an agent machine)
    And I agree with Mark's advice, we should minimise the responsibility given to a user and work for the optimal solution under the given constraints
    Harshit Chopra
    @arpoch

    Does the doFillGitToolItems provide all the git installations or only the git installations present in the current running node? (be it a controller or an agent machine)

    I believe it returns all the git tools listed under Git in Global Tool Config.

    Mark Waite
    @MarkEWaite
    Git client plugin 3.8.0 has been released with the new API for the git credentials binding. Should be able to update the dependency in the git plugin pull request so that it requires a released version. Thanks for your great results @arpoch
    Harshit Chopra
    @arpoch
    Will be late to the meeting by 5-10 mins today
    Harshit Chopra
    @arpoch
    we could start the meeting now
    Mark Waite
    @MarkEWaite
    So sorry that I missed the meeting! I was called into another meeting at a different physical location and didn't have time to notify everyone that I would be away. Will be doing some testing and exploring tomorrow to interactively confirm the most recent changes.
    Rishabh Budhouliya
    @rishabhBudhouliya
    Apologies I missed the meeting too, I wasn't feeling that good this morning. @arpoch did anyone join it?
    2 replies
    Harshit Chopra
    @arpoch
    @rishabhBudhouliya , @MarkEWaite , @justinharringa:matrix.org , created my slides for the presentation, if their is something missing let me.
    https://docs.google.com/presentation/d/1LCH0dXzWka_l-WQ3SVMCXfU7w7jQENXS-bdz2E5GIgU/edit?usp=sharing
    Harshit Chopra
    @arpoch
    @MarkEWaite the commets on the PR 1104 require some investigation from side, currently I am focusing on the SSH binding so we atleast have a PR by next monday or so, will make the changes in code and Readme as well for PR 1104 in a few days.
    Mark Waite
    @MarkEWaite

    Thanks @arpoch . All my functionality tests are passing. I pushed one change to remove a spurious warning from the user interface. Would be nice if you could merge the master branch into that development branch so that I can use an incremental build in my test setup.

    I think we're very near to releasing the username / password binding. I need to investigate a behavior related to tool installation frequency on Windows agents. I don't know if the behavior is new in the current development or is a behavior that we've had since last year. I don't think it is related in any way to your changes, but I'm hesitant to merge your changes and release the plugin until I understand when that behavior was introduced

    Harshit Chopra
    @arpoch

    @rishabhBudhouliya , I was using the sshj library to accomplish the task for ssh authentication for private keys in openssh format, sadly I couldn't achieve the desired results , so I am using the
    maverick-synergy
    which works great, I am attaching the code below to show what the I have been working with

        public static void main(String[] args) throws IOException, InvalidPassphraseException {
            File f = new File("auth.key");
            String s;
            //TODO METHOD-1
            OpenSSHKeyV1KeyFile o = new OpenSSHKeyV1KeyFile();
            char[] arr = new char['passphase'];
    //        o.init(ECDSA_Joined,"",new Pass(arr));
    //        PrivateKey p = o.getPrivate();
    //        String format = p.getFormat();
    //        byte[] c = p.getEncoded();
    //        PKCS8EncodedKeySpec pk = new PKCS8EncodedKeySpec(c);
            //TODO METHOD-2
    //        OpenSSHKeyV1KeyFile o = new OpenSSHKeyV1KeyFile();
    //        o.init(UNENCRYPTED_KEY,"");
    //        OpenSSHPrivateKeySpec kp = new OpenSSHPrivateKeySpec(o.getPrivate().getEncoded());
    
            //TODO METHOD-3
    //        byte[] dec = Base64.decode(RSA_Joined);
    //        AsymmetricKeyParameter p = OpenSSHPrivateKeyUtil.parsePrivateKeyBlob(dec);
    
            SshKeyPair key = SshKeyUtils.getPrivateKey(en_RSA,"Jenkins");
            s =  SshKeyUtils.getFormattedKey(key,"");
    //        String s = Base64.toBase64String(new OpenSSHPrivateKeyFile(key.getPrivateKey().getJCEPrivateKey().getEncoded()).getFormattedKey());
            //TODO BASE64-ENCODED
            FileWriter fo = new FileWriter(f);
    //        s =Base64.toBase64String(c);
            fo.write(s);
            fo.close();
    
            //TODO PEM ENCODED
    //        PemObject po = new PemObject("",c);
    //        PemWriter pw = new PemWriter(new OutputStreamWriter(new FileOutputStream(f)));
    //        pw.writeObject(po);
    //        pw.close();
    
            //TODO notes[SPECIFY PATH OF SSH IN WINDOWS PROPERLY]
        }
    
        static class Pass implements PasswordFinder {
    
            char[] p;
    
            Pass(char[] passForKey){
                this.p = passForKey;
            }
            @Override
            public char[] reqPassword(Resource<?> resource) {
                return p;
            }
    
            @Override
            public boolean shouldRetry(Resource<?> resource) {
                return false;
            }
        }
    }

    The problem that I faced with sshj and even with bouncycastle was, the decrypted key generated is altered and isn't matching with the public key . I know this shouldn't happen may I need to dig a bit more on that.
    Also I am a bit concerned about the license of
    maverick-synergy
    maybe @MarkEWait could shed some light on that?

    Rishabh Budhouliya
    @rishabhBudhouliya
    SSH key pairs are asymmetric keys, meaning that the two associated keys serve different functions.
    The public key is used to encrypt data that can only be decrypted with the private key.
    I don't understand the problem of the decrypted key not matching with the public key
    Harshit Chopra
    @arpoch

    I don't understand the problem of the decrypted key not matching with the public key

    I think my poor choice of words might have caused some confusion, what I meant was when converting an openssh formatted private key to PEM or Base64 PKCS#8 encoded format, the private key generated when used to connect to the server(github.com) returns git@github.com: Permission denied (publickey). which I think is caused due the rejection of this key because the key generated is not a valid or is being altered in the process of decryption or altered in the process while converting into a new File Format (PEM)[Higly likely] thus not forming an invalid keypair with the public key on the server.

    Mark Waite
    @MarkEWaite
    I'll need to check with others to see if we're allowed to use an LGPL 3 library in a Jenkins plugin. Jenkins plugin code is generally licensed with the less restrictive MIT license rather than the more restrictive LGPL license.
    Mark Waite
    @MarkEWaite
    I'll miss the Friday morning mentoring session due to a conflicting meeting. I plan to attend the Tuesday morning mentoring session. My interactive testing indicates that we are ready to merge the username / password credential binding and release it. Would love to have further code review and discussion ready for the Tuesday morning session.
    4 replies
    Rishabh Budhouliya
    @rishabhBudhouliya
    I was surprised to see the GSoC midterm evaluation meetup is today! @arpoch since Mark and Justin will not be available during IST daytime, let me know if you want to have a zoom call for your demo preparation and review once.
    If you have any doubts or concerns regarding the presentation, we can set up a call. Otherwise all the very best for today! See you there at 6.30PM.
    Harshit Chopra
    @arpoch
    @rishabhBudhouliya can we have a zoom call at 4:00 PM IST today, to have a discussion on the demo I am presenting in the meetup, thinking of using push command on private repo . Also could have some discussion over SSH binding as well if time allows.
    2 replies
    @MarkEWaite the getSSHExecutable method 's scope is limited/package-private need to make it pulblic, specific to windows usecase.
    Rishabh Budhouliya
    @rishabhBudhouliya
    Great presentation @arpoch ! Enjoyed the progress made so far.
    Mark Waite
    @MarkEWaite
    I agree with @rishabhBudhouliya . Great presentation @arpoch! I propose one of the topics for the mentoring meeting is to confirm that we're ready to release git plugin 4.8.0 with git credentials binding for HTTP/HTTPS repositories.
    Rishabh Budhouliya
    @rishabhBudhouliya
    @MarkEWaite +1 on the git plugin release with Harshit's work.
    Mark Waite
    @MarkEWaite
    Git plugin latest incremental build from master branch has passed my smoke tests. I'm too tired to release tonight. Will release it tomorrow and send the social media announcement.
    Mark Waite
    @MarkEWaite
    The mvn release:prepare release:perform step is running now for git plugin 4.8.0 with the git credentials binding for username and password. Thanks @arpoch, @rishabhBudhouliya , and @justinharringa:matrix.org for great work on phase 1.
    Rishabh Budhouliya
    @rishabhBudhouliya
    wohoo! Congratulations everyone!
    Mark Waite
    @MarkEWaite
    Documentation for the 4.8.0 release is already visible at https://plugins.jenkins.io/git/#credential-binding . Release should be visible in update centers very soon.
    Harshit Chopra
    @arpoch
    @MarkEWaite, @rishabhBudhouliya , @justinharringa , great news I figured out what was causing the error with PEM file format, now we can again move on with sshj library, so I will make a PR with those change, although I was ready to make a PR with maverick-synenry but since everything seems to sorted out I will make the change.
    Justin Harringa
    @justinharringa:matrix.org
    [m]
    Awesome! Nice work!
    Harshit Chopra
    @arpoch
    Thank for pointing me I in the right direction @justinharringa:matrix.org
    Mark Waite
    @MarkEWaite
    @rishabhBudhouliya I used Google Summer of Code office hours today to create a first draft blog post for git credentials binding. Would you be willing to pull my first draft from https://github.com/MarkEWaite/jenkins.io/commits/announce-git-credentials-username-password-binding into your jenkins.io clone, make the changes that you feel should be made, then submit it as a pull request to the jenkins.io repository from your account? That makes it clear that we are both authors and allows you to make changes as needed.
    2 replies
    Harshit Chopra
    @arpoch
    The SSH binding branch is ready https://github.com/arpoch/git-plugin/tree/gitSSHPrivateKey, will make a PR tomorrow, needs some testing from my side.
    Harshit Chopra
    @arpoch
    @MarkEWaite , I cloned the jenkins-git-plugin repo to test the new binding but I am getting this message java.lang.NoSuchMethodError: No such DSL method 'GitUsernamePassword' found among steps it seems like the binding is not present, I encountered similar issue with the forked git-plugin as well, I have been working on this the whole day, I couldn't figure it out it, although when I checkout out to revision 2b5cfd1d0939a97f20c248d096f5ceeb7f76512f in my forked-git-plugin the binding is working.
    Is this something only I am encountering? I am extremelly nervous about this now.
    Mark Waite
    @MarkEWaite
    As far as I know, it is something that only you are encountering. You may need to merge the upstream master branch into your local master branch and then push your local branch to your origin repository. Steps that I usually take include:
    $ git checkout master
    $ git pull --all
    $ git merge upstream/master
    $ git push origin
    I just ran the following command at commit a707434c10bdfedcd87e7c9ca2341f1182709de1 (upstream/master in my repository)
    $ mvn clean -Dtest=GitUsernamePasswordBindingTest test
    Harshit Chopra
    @arpoch
    Well if I am encountering this then I am totally fine, will figure out this no issue then, thanks alot Mark for such a quick response, saved my day, will report back here once the issue is solved from my side.
    Mark Waite
    @MarkEWaite
    I prefer to keep origin/master and upstream/master in sync so that I can refer to 'master' in diff and have it match the upstream repository. I know others who are more rigorous and they don't bother keeping origin/master in sync with upstream/master, they just remember to diff against upstream/master