Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-44127

Private key authenticated git checkout fails if '%' is in path to workspace

    XMLWordPrintable

Details

    Description

      Git-Branches with a Feature-Slash, e.g. US/story or hotfix/fix-fast cause the following error: 

       

      Obtained Jenkinsfile from 91c49cef39716aff75766ce6ed268d1d7d93bbff
      [Pipeline] node
      Running on HAL 9000 in /var/jenkins/workspace/routing/dev%2Fjenkins-integration
      [Pipeline] {
      [Pipeline] stage
      [Pipeline] { (Declarative: Checkout SCM)
      [Pipeline] checkout
       > git rev-parse --is-inside-work-tree # timeout=10
      Fetching changes from the remote Git repository
       > git config remote.origin.url ssh://git@code.logiball.de/loc/routing.git # timeout=10
      Fetching upstream changes from ssh://git@code.logiball.de/loc/routing.git
       > git --version # timeout=10
      using GIT_SSH to set credentials Test
       > git fetch --tags --progress ssh://git@code.logiball.de/loc/routing.git +refs/heads/*:refs/remotes/origin/*
      ERROR: Error fetching remote repo 'origin'
      hudson.plugins.git.GitException: Failed to fetch from ssh://git@code.logiball.de/loc/routing.git
      	at hudson.plugins.git.GitSCM.fetchFrom(GitSCM.java:809)
      	at hudson.plugins.git.GitSCM.retrieveChanges(GitSCM.java:1076)
      	at hudson.plugins.git.GitSCM.checkout(GitSCM.java:1107)
      	at org.jenkinsci.plugins.workflow.steps.scm.SCMStep.checkout(SCMStep.java:109)
      	at org.jenkinsci.plugins.workflow.steps.scm.SCMStep$StepExecutionImpl.run(SCMStep.java:83)
      	at org.jenkinsci.plugins.workflow.steps.scm.SCMStep$StepExecutionImpl.run(SCMStep.java:73)
      	at org.jenkinsci.plugins.workflow.steps.AbstractSynchronousNonBlockingStepExecution$1$1.call(AbstractSynchronousNonBlockingStepExecution.java:47)
      	at hudson.security.ACL.impersonate(ACL.java:260)
      	at org.jenkinsci.plugins.workflow.steps.AbstractSynchronousNonBlockingStepExecution$1.run(AbstractSynchronousNonBlockingStepExecution.java:44)
      	at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
      	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
      	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
      	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
      	at java.lang.Thread.run(Thread.java:745)
      Caused by: hudson.plugins.git.GitException: Command "git fetch --tags --progress ssh://git@code.logiball.de/loc/routing.git +refs/heads/*:refs/remotes/origin/*" returned status code 128:
      stdout: 
      stderr: percent_expand: unknown key %2
      fatal: Could not read from remote repository.
      
      Please make sure you have the correct access rights
      and the repository exists.
      
      	at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandIn(CliGitAPIImpl.java:1877)
      	at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandWithCredentials(CliGitAPIImpl.java:1596)
      	at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.access$300(CliGitAPIImpl.java:71)
      	at org.jenkinsci.plugins.gitclient.CliGitAPIImpl$1.execute(CliGitAPIImpl.java:348)
      	at org.jenkinsci.plugins.gitclient.RemoteGitImpl$CommandInvocationHandler$1.call(RemoteGitImpl.java:153)
      	at org.jenkinsci.plugins.gitclient.RemoteGitImpl$CommandInvocationHandler$1.call(RemoteGitImpl.java:146)
      	at hudson.remoting.UserRequest.perform(UserRequest.java:153)
      	at hudson.remoting.UserRequest.perform(UserRequest.java:50)
      	at hudson.remoting.Request$2.run(Request.java:336)
      	at hudson.remoting.InterceptingExecutorService$1.call(InterceptingExecutorService.java:68)
      	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
      	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
      	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
      	at java.lang.Thread.run(Thread.java:745)
      	at ......remote call to HAL 9000(Native Method)
      	at hudson.remoting.Channel.attachCallSiteStackTrace(Channel.java:1545)
      	at hudson.remoting.UserResponse.retrieve(UserRequest.java:253)
      	at hudson.remoting.Channel.call(Channel.java:830)
      	at org.jenkinsci.plugins.gitclient.RemoteGitImpl$CommandInvocationHandler.execute(RemoteGitImpl.java:146)
      	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
      	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      	at java.lang.reflect.Method.invoke(Method.java:498)
      	at org.jenkinsci.plugins.gitclient.RemoteGitImpl$CommandInvocationHandler.invoke(RemoteGitImpl.java:132)
      	at com.sun.proxy.$Proxy92.execute(Unknown Source)
      	at hudson.plugins.git.GitSCM.fetchFrom(GitSCM.java:807)
      	... 13 more

      Branches - not containing a slash in the name - work without problems. Hopefully this bug can be fixed soon.

      markewaite says a "%" character embedded in the temporary directory name will cause ssh authentication to fail. The root cause is that ssh has a concept of "percent expansion" (or tokens as they are called in the OpenBSD man page).

      Attachments

        Issue Links

          Activity

            sweynson Sven Friedrich added a comment - - edited

            I should mention that the problem is caused by -Djenkins.branch.WorkspaceLocatorImpl.PATH_MAX=0 in your jenkins.xml. We removed the setting and it works fine.

            sweynson Sven Friedrich added a comment - - edited I should mention that the problem is caused by -Djenkins.branch.WorkspaceLocatorImpl.PATH_MAX=0 in your jenkins.xml. We removed the setting and it works fine.
            markewaite Mark Waite added a comment -

            Thanks sweynson, that clarifies why I could see the problem on Windows, but not see it on Linux. I wasn't using that setting, so I assume the Windows machine used '%' in the path to the workspace, while the Linux machine did not.

            markewaite Mark Waite added a comment - Thanks sweynson , that clarifies why I could see the problem on Windows, but not see it on Linux. I wasn't using that setting, so I assume the Windows machine used '%' in the path to the workspace, while the Linux machine did not.
            markewaite Mark Waite added a comment -

            I've created a pull request which includes a fix for this. The pull request build is available for test now. Could you test it within the next few days and report results?

            I'd like to release either Saturday 20 May 2017 or Tuesday 23 May 2017.

            markewaite Mark Waite added a comment - I've created a pull request which includes a fix for this. The pull request build is available for test now. Could you test it within the next few days and report results? I'd like to release either Saturday 20 May 2017 or Tuesday 23 May 2017.

            I'm currently busy, as we have updated our jenkins now, but i will try to do so. 
             

            sweynson Sven Friedrich added a comment - I'm currently busy, as we have updated our jenkins now, but i will try to do so.   
            jglick Jesse Glick added a comment -

            Right, if you disable WorkspaceLocatorImpl then you lose protection against funny names in branch characters.

            jglick Jesse Glick added a comment - Right, if you disable WorkspaceLocatorImpl then you lose protection against funny names in branch characters.

            Code changed in jenkins
            User: Mark Waite
            Path:
            src/test/java/org/jenkinsci/plugins/gitclient/CredentialsTest.java
            http://jenkins-ci.org/commit/git-client-plugin/5c74414a6ef50488e9006d83f127a69b6a7b8da0
            Log:
            Test special characters in credentials workspace path

            JENKINS-44041 - Windows authenticated git checkout fails if '(' or ')' in path to workspace
            JENKINS-43931 - Windows authenticated git checkout fails if ' ' in path to workspace
            JENKINS-44127 - Authenticated git checkout fails if '%' in path to workspace (Windows & Linux)

            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Mark Waite Path: src/test/java/org/jenkinsci/plugins/gitclient/CredentialsTest.java http://jenkins-ci.org/commit/git-client-plugin/5c74414a6ef50488e9006d83f127a69b6a7b8da0 Log: Test special characters in credentials workspace path JENKINS-44041 - Windows authenticated git checkout fails if '(' or ')' in path to workspace JENKINS-43931 - Windows authenticated git checkout fails if ' ' in path to workspace JENKINS-44127 - Authenticated git checkout fails if '%' in path to workspace (Windows & Linux)

            Code changed in jenkins
            User: Mark Waite
            Path:
            src/main/java/org/jenkinsci/plugins/gitclient/CliGitAPIImpl.java
            http://jenkins-ci.org/commit/git-client-plugin/8a2ddf222f4463e2458e387121bf8d4c7840c37a
            Log:
            Fix special characters bugs in credentials workspace path

            JENKINS-44041 - Windows authenticated git checkout fails if '(' or ')' in path to workspace
            JENKINS-43931 - Windows authenticated git checkout fails if ' ' in path to workspace
            JENKINS-44127 - Authenticated git checkout fails if '%' in path to workspace (Windows & Linux)

            Also safeguards against use for "`" (grave) in a workspace path.
            Jenkins already guards against that, but the added safety check is low
            cost and passes the credentials tests.

            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Mark Waite Path: src/main/java/org/jenkinsci/plugins/gitclient/CliGitAPIImpl.java http://jenkins-ci.org/commit/git-client-plugin/8a2ddf222f4463e2458e387121bf8d4c7840c37a Log: Fix special characters bugs in credentials workspace path JENKINS-44041 - Windows authenticated git checkout fails if '(' or ')' in path to workspace JENKINS-43931 - Windows authenticated git checkout fails if ' ' in path to workspace JENKINS-44127 - Authenticated git checkout fails if '%' in path to workspace (Windows & Linux) Also safeguards against use for "`" (grave) in a workspace path. Jenkins already guards against that, but the added safety check is low cost and passes the credentials tests.
            markewaite Mark Waite added a comment -

            Fixed in git client plugin 2.4.6 released 24 May 2017

            markewaite Mark Waite added a comment - Fixed in git client plugin 2.4.6 released 24 May 2017

            People

              markewaite Mark Waite
              sweynson Sven Friedrich
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: