Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
    Mark Waite
    @MarkEWaite
    So sorry that I missed the meeting! I was called into another meeting at a different physical location and didn't have time to notify everyone that I would be away. Will be doing some testing and exploring tomorrow to interactively confirm the most recent changes.
    Rishabh Budhouliya
    @rishabhBudhouliya
    Apologies I missed the meeting too, I wasn't feeling that good this morning. @arpoch did anyone join it?
    2 replies
    Harshit Chopra
    @arpoch
    @rishabhBudhouliya , @MarkEWaite , @justinharringa:matrix.org , created my slides for the presentation, if their is something missing let me.
    https://docs.google.com/presentation/d/1LCH0dXzWka_l-WQ3SVMCXfU7w7jQENXS-bdz2E5GIgU/edit?usp=sharing
    Harshit Chopra
    @arpoch
    @MarkEWaite the commets on the PR 1104 require some investigation from side, currently I am focusing on the SSH binding so we atleast have a PR by next monday or so, will make the changes in code and Readme as well for PR 1104 in a few days.
    Mark Waite
    @MarkEWaite

    Thanks @arpoch . All my functionality tests are passing. I pushed one change to remove a spurious warning from the user interface. Would be nice if you could merge the master branch into that development branch so that I can use an incremental build in my test setup.

    I think we're very near to releasing the username / password binding. I need to investigate a behavior related to tool installation frequency on Windows agents. I don't know if the behavior is new in the current development or is a behavior that we've had since last year. I don't think it is related in any way to your changes, but I'm hesitant to merge your changes and release the plugin until I understand when that behavior was introduced

    Harshit Chopra
    @arpoch

    @rishabhBudhouliya , I was using the sshj library to accomplish the task for ssh authentication for private keys in openssh format, sadly I couldn't achieve the desired results , so I am using the
    maverick-synergy
    which works great, I am attaching the code below to show what the I have been working with

        public static void main(String[] args) throws IOException, InvalidPassphraseException {
            File f = new File("auth.key");
            String s;
            //TODO METHOD-1
            OpenSSHKeyV1KeyFile o = new OpenSSHKeyV1KeyFile();
            char[] arr = new char['passphase'];
    //        o.init(ECDSA_Joined,"",new Pass(arr));
    //        PrivateKey p = o.getPrivate();
    //        String format = p.getFormat();
    //        byte[] c = p.getEncoded();
    //        PKCS8EncodedKeySpec pk = new PKCS8EncodedKeySpec(c);
            //TODO METHOD-2
    //        OpenSSHKeyV1KeyFile o = new OpenSSHKeyV1KeyFile();
    //        o.init(UNENCRYPTED_KEY,"");
    //        OpenSSHPrivateKeySpec kp = new OpenSSHPrivateKeySpec(o.getPrivate().getEncoded());
    
            //TODO METHOD-3
    //        byte[] dec = Base64.decode(RSA_Joined);
    //        AsymmetricKeyParameter p = OpenSSHPrivateKeyUtil.parsePrivateKeyBlob(dec);
    
            SshKeyPair key = SshKeyUtils.getPrivateKey(en_RSA,"Jenkins");
            s =  SshKeyUtils.getFormattedKey(key,"");
    //        String s = Base64.toBase64String(new OpenSSHPrivateKeyFile(key.getPrivateKey().getJCEPrivateKey().getEncoded()).getFormattedKey());
            //TODO BASE64-ENCODED
            FileWriter fo = new FileWriter(f);
    //        s =Base64.toBase64String(c);
            fo.write(s);
            fo.close();
    
            //TODO PEM ENCODED
    //        PemObject po = new PemObject("",c);
    //        PemWriter pw = new PemWriter(new OutputStreamWriter(new FileOutputStream(f)));
    //        pw.writeObject(po);
    //        pw.close();
    
            //TODO notes[SPECIFY PATH OF SSH IN WINDOWS PROPERLY]
        }
    
        static class Pass implements PasswordFinder {
    
            char[] p;
    
            Pass(char[] passForKey){
                this.p = passForKey;
            }
            @Override
            public char[] reqPassword(Resource<?> resource) {
                return p;
            }
    
            @Override
            public boolean shouldRetry(Resource<?> resource) {
                return false;
            }
        }
    }

    The problem that I faced with sshj and even with bouncycastle was, the decrypted key generated is altered and isn't matching with the public key . I know this shouldn't happen may I need to dig a bit more on that.
    Also I am a bit concerned about the license of
    maverick-synergy
    maybe @MarkEWait could shed some light on that?

    Rishabh Budhouliya
    @rishabhBudhouliya
    SSH key pairs are asymmetric keys, meaning that the two associated keys serve different functions.
    The public key is used to encrypt data that can only be decrypted with the private key.
    I don't understand the problem of the decrypted key not matching with the public key
    Harshit Chopra
    @arpoch

    I don't understand the problem of the decrypted key not matching with the public key

    I think my poor choice of words might have caused some confusion, what I meant was when converting an openssh formatted private key to PEM or Base64 PKCS#8 encoded format, the private key generated when used to connect to the server(github.com) returns git@github.com: Permission denied (publickey). which I think is caused due the rejection of this key because the key generated is not a valid or is being altered in the process of decryption or altered in the process while converting into a new File Format (PEM)[Higly likely] thus not forming an invalid keypair with the public key on the server.

    Mark Waite
    @MarkEWaite
    I'll need to check with others to see if we're allowed to use an LGPL 3 library in a Jenkins plugin. Jenkins plugin code is generally licensed with the less restrictive MIT license rather than the more restrictive LGPL license.
    Mark Waite
    @MarkEWaite
    I'll miss the Friday morning mentoring session due to a conflicting meeting. I plan to attend the Tuesday morning mentoring session. My interactive testing indicates that we are ready to merge the username / password credential binding and release it. Would love to have further code review and discussion ready for the Tuesday morning session.
    4 replies
    Rishabh Budhouliya
    @rishabhBudhouliya
    I was surprised to see the GSoC midterm evaluation meetup is today! @arpoch since Mark and Justin will not be available during IST daytime, let me know if you want to have a zoom call for your demo preparation and review once.
    If you have any doubts or concerns regarding the presentation, we can set up a call. Otherwise all the very best for today! See you there at 6.30PM.
    Harshit Chopra
    @arpoch
    @rishabhBudhouliya can we have a zoom call at 4:00 PM IST today, to have a discussion on the demo I am presenting in the meetup, thinking of using push command on private repo . Also could have some discussion over SSH binding as well if time allows.
    2 replies
    @MarkEWaite the getSSHExecutable method 's scope is limited/package-private need to make it pulblic, specific to windows usecase.
    Rishabh Budhouliya
    @rishabhBudhouliya
    Great presentation @arpoch ! Enjoyed the progress made so far.
    Mark Waite
    @MarkEWaite
    I agree with @rishabhBudhouliya . Great presentation @arpoch! I propose one of the topics for the mentoring meeting is to confirm that we're ready to release git plugin 4.8.0 with git credentials binding for HTTP/HTTPS repositories.
    Rishabh Budhouliya
    @rishabhBudhouliya
    @MarkEWaite +1 on the git plugin release with Harshit's work.
    Mark Waite
    @MarkEWaite
    Git plugin latest incremental build from master branch has passed my smoke tests. I'm too tired to release tonight. Will release it tomorrow and send the social media announcement.
    Mark Waite
    @MarkEWaite
    The mvn release:prepare release:perform step is running now for git plugin 4.8.0 with the git credentials binding for username and password. Thanks @arpoch, @rishabhBudhouliya , and @justinharringa:matrix.org for great work on phase 1.
    Rishabh Budhouliya
    @rishabhBudhouliya
    wohoo! Congratulations everyone!
    Mark Waite
    @MarkEWaite
    Documentation for the 4.8.0 release is already visible at https://plugins.jenkins.io/git/#credential-binding . Release should be visible in update centers very soon.
    Harshit Chopra
    @arpoch
    @MarkEWaite, @rishabhBudhouliya , @justinharringa , great news I figured out what was causing the error with PEM file format, now we can again move on with sshj library, so I will make a PR with those change, although I was ready to make a PR with maverick-synenry but since everything seems to sorted out I will make the change.
    Justin Harringa
    @justinharringa:matrix.org
    [m]
    Awesome! Nice work!
    Harshit Chopra
    @arpoch
    Thank for pointing me I in the right direction @justinharringa:matrix.org
    Mark Waite
    @MarkEWaite
    @rishabhBudhouliya I used Google Summer of Code office hours today to create a first draft blog post for git credentials binding. Would you be willing to pull my first draft from https://github.com/MarkEWaite/jenkins.io/commits/announce-git-credentials-username-password-binding into your jenkins.io clone, make the changes that you feel should be made, then submit it as a pull request to the jenkins.io repository from your account? That makes it clear that we are both authors and allows you to make changes as needed.
    2 replies
    Harshit Chopra
    @arpoch
    The SSH binding branch is ready https://github.com/arpoch/git-plugin/tree/gitSSHPrivateKey, will make a PR tomorrow, needs some testing from my side.
    Harshit Chopra
    @arpoch
    @MarkEWaite , I cloned the jenkins-git-plugin repo to test the new binding but I am getting this message java.lang.NoSuchMethodError: No such DSL method 'GitUsernamePassword' found among steps it seems like the binding is not present, I encountered similar issue with the forked git-plugin as well, I have been working on this the whole day, I couldn't figure it out it, although when I checkout out to revision 2b5cfd1d0939a97f20c248d096f5ceeb7f76512f in my forked-git-plugin the binding is working.
    Is this something only I am encountering? I am extremelly nervous about this now.
    Mark Waite
    @MarkEWaite
    As far as I know, it is something that only you are encountering. You may need to merge the upstream master branch into your local master branch and then push your local branch to your origin repository. Steps that I usually take include:
    $ git checkout master
    $ git pull --all
    $ git merge upstream/master
    $ git push origin
    I just ran the following command at commit a707434c10bdfedcd87e7c9ca2341f1182709de1 (upstream/master in my repository)
    $ mvn clean -Dtest=GitUsernamePasswordBindingTest test
    Harshit Chopra
    @arpoch
    Well if I am encountering this then I am totally fine, will figure out this no issue then, thanks alot Mark for such a quick response, saved my day, will report back here once the issue is solved from my side.
    Mark Waite
    @MarkEWaite
    I prefer to keep origin/master and upstream/master in sync so that I can refer to 'master' in diff and have it match the upstream repository. I know others who are more rigorous and they don't bother keeping origin/master in sync with upstream/master, they just remember to diff against upstream/master
    @arpoch we have some good feedback from Tim Jacomb at https://community.jenkins.io/t/git-username-password-credentials-binding-has-released/263 . He notes that the other symbols in the Jenkins Pipeline domain specific language almost all start with a lower case letter. I think we should change the default symbol from GitUsernamePassword to gitUsernamePassword with an extra symbol at the same location for GitUsernamePassword. However, I haven't done the experiments to see the impact of changing from @Symbol("GitUsernamePassword") to @Symbol(["gitUsernamePassword", "GitUsernamePassword"])
    Harshit Chopra
    @arpoch
    It has my attention now.
    Rishabh Budhouliya
    @rishabhBudhouliya
    I will not be attending the office hours today, have to be somewhere else early in the morning. I will be working on the draft created by @MarkEWaite and make sure that I create a pull request.
    Harshit Chopra
    @arpoch
    I will be late by few minutes today for the meeting.
    Harshit Chopra
    @arpoch

    As far as I know, it is something that only you are encountering. You may need to merge the upstream master branch into your local master branch and then push your local branch to your origin repository. Steps that I usually take include:

    $ git checkout master
    $ git pull --all
    $ git merge upstream/master
    $ git push origin

    @MarkEWaite , After doing some investigation over this from my side, I don't think the issue that I encounter as described earlier, was related to this. The problem in my case was

    <parent>
        <groupId>org.jenkins-ci.plugins</groupId>
        <artifactId>plugin</artifactId>
        <version>4.20</version>
        <relativePath />
      </parent>

    Changing the version to 19 solved it, now I am curious what is causing this, according to me it is just used to specify values which are not defiend in the pom.xml of the git-plugin. If so then it needs some more work on what is causing this.
    Also I am a bit confused on why only this issue is encountered by me. Do I need to install some specific dependencies or other changes in my IDE/pom.xml.

    Harshit Chopra
    @arpoch

    @MarkEWaite , @justinharringa:matrix.org , @rishabhBudhouliya , I have created a PR for the ssh binding, please note the ssh binding does not work with RSA encrypted keys in Openssh private key/RFC4716 format I outputs this error

    sign_and_send_pubkey: signing failed: error in libcrypto
    git@github.com: Permission denied (publickey).
    fatal: Could not read from remote repository.
    
    Please make sure you have the correct access rights
    and the repository exists.

    also dsa encrypted openssh formatted key is not support by sshj library, not our issue.
    I would suggest to test with encrypted RSA key openssh formatted, and let me know if you figure out something as well.

    Mark Waite
    @MarkEWaite
    I've released git client plugin 3.9.0 with the new API to report the SSHExecutable location.
    1 reply
    Justin Harringa
    @justinharringa:matrix.org
    [m]
    One option for DSA is that we could document that DSA keys aren't supported. OpenSSH disables it by default these days. http://www.openssh.com/legacy.html
    Mark Waite
    @MarkEWaite
    +1 from me to declare that we don't support DSA keys.
    Harshit Chopra
    @arpoch
    Will be late by 5 minutes
    Harshit Chopra
    @arpoch
    SSH Binding Update
    . The decrypted rsa private key in openssh format generates a fingerprint which is not matching with public key's fingerprint
    . Binary format can't be used, will cause not a valid format error( headers will be missing)
    KasperHeyndrickx
    @KasperHeyndrickx

    Hi everyone, we're using the git plugin for a multibranch pipeline on github.

    This setup uses 'mycredentials' stored in jenkins, and works fine. However, when calling gradle release, to push a new tag, we got this error:

    Exception occurred during push: [...] not authorized

    We fixed it by using a "withcredentials" block (see below), which uses the same credentials as the git-plugin. But I was wondering if the git plugin makes these variables available as environment variables by default? Or if there's another 'cleaner' way to do this? They're the same credentials, used for the same purpose, so it feels weird to define them twice.

              stage('Release') {
                    withCredentials([usernamePassword(
                        credentialsId: 'mycredentials',
                        passwordVariable: 'GIT_PASSWORD',
                        usernameVariable: 'GIT_USER')]) {
                      sh './gradlew release -Prelease.customUsername=${GIT_USER} -Prelease.customPassword=${GIT_PASSWORD} -x test'
                  }
              }
    Mark Waite
    @MarkEWaite
    Mark Waite
    @MarkEWaite
    If the gradlew release command is using command line git to push, it may work using withCredentials([gitUsernamePassword(...)]) { }. If a variable needs to be passed on the command line, the names of the variables are listed in the git plugin documentation
    Harshit Chopra
    @arpoch
    @KasperHeyndrickx, you could check https://www.jenkins.io/doc/book/pipeline/jenkinsfile/#handling-credentials, I think this might help if you are not performing an git authentication operation and only wants env variables .
    Harshit Chopra
    @arpoch
    @MarkEWaite , @justinharringa:matrix.org , @justinharringa:matrix.org , my apologies for missing the meeting today, will assure next time to inform in advance.
    Mark Waite
    @MarkEWaite
    No problem @arpoch . @rishabhBudhouliya and I talked briefly, noted that we hadn't done any work on the credentials binding project since the previous meeting, then planned our next steps for testing and exploration. Rishabh plans to investigate more on RSA and sshj. I plan to test the current implementation and to generate private key file sample data and connection tests from my collection of computers. We think those plans won't disrupt your investigations and may help the project
    Harshit Chopra
    @arpoch
    @MarkEWaite could you please check the license for Apache mina project sshd https://github.com/apache/mina-sshd won't be an issue if taken as a dependency library
    Mark Waite
    @MarkEWaite
    The Apache Mina license is not a problem. Thanks for checking @arpoch !