Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-69216

Unable to add Conan remote when custom CA cert is used in docker

    XMLWordPrintable

Details

    Description

      I am currently using a containerized pipeline to build a set of Conan packages

       

      def CONAN_CLIENT = "jenkins"
      def CONAN_REMOTE = "example"
      def CONAN_REPO = "conan-pkgs"
      pipeline {
          agent {
              docker { image 'example.com/registry/ubuntu:focal' }
          } 
          
          parameters {         
             choice(             
                name: 'PROFILE',              
                choices: ['Ubuntu20.04_x64', 'Ubuntu20.04_x86', 'Android_arm' ],                 description: 'Conan host profile'             
              )         
              choice(             
                 name: 'BUILD_TYPE',             
                 choices: [ 'Debug', 'Release' ],             
                 description: 'The optimization level to build for'         
              )         
              string(             
                 name: 'SERVER_ID',             
                 trim: true,             
                 defaultValue: 'EXAMPLE_ARTIFACTORY',             
                 description: 'The artifactory instance to use'         
               )     
            }
          stages {
              stage ('Conan configuration') {
                  steps {                 
                     rtConanClient (                     
                         id: CONAN_CLIENT                 
                     )                 
                     // Obtain an Artifactory server instance, defined in Jenkins --> Manage Jenkins --> Configure System:                 
                     rtConanRemote (                     
                          name: CONAN_REMOTE,                     
                          serverId: params.SERVER_ID,                     
                          repo: CONAN_REPO,                     
                          clientId: CONAN_CLIENT                 
                     )             
                   }
              }
              stage ('Conan install') {
                  steps {
                      sh 'mkdir -p build/conan'
                      rtConanRun (
                          clientId: CONAN_CLIENT,
                          command: "install . -if build/conan -pr:b=profiles/${BUILD_PROFILE}.jinja -pr:h=profiles/${params.PROFILE}.jinja --build -s build_type=${params.BUILD_TYPE}"
                      )
                  }
              }
              stage ('Conan upload') {
                  steps {
                      rtConanRun (
                          clientId: CONAN_CLIENT,
                          command: "upload '*' -r ${CONAN_REMOTE} --all --confirm --parallel"
                      )
                  }
              }
              stage ('Publish build info') {
                  steps {                 
                      rtPublishBuildInfo (                     
                           serverId: params.SERVER_ID                 
                      )             
                  }
              }
          }
      }
      

      The issue is that my Artifactory instance uses a certificate that's not in the default Conan `cacert.pem` file meaning I have to manually add it by doing something like `cat cert.pem >> ~/.conan/cacert.pem`. now the custom Docker image I'm using already does this but for some reason when using the Jenkinsfile-Artifactory dsl it doesn't work, yet using just plain `sh` commands work

      stage('Build and upload dependencies') {
         steps {
             withCredentials([usernamePassword(credentialsId: 'artifactory-key', usernameVariable: 'USERNAME', passwordVariable: 'PASSWORD')]) {
                 sh 'conan user "$USERNAME" -r ${params.SERVER_ID} -p "$PASSWORD"'
             } 
             sh 'mkdir -p build/conan'
             sh "conan install . -if build/conan -pr:b=profiles/${BUILD_PROFILE}.jinja -pr:h=profiles/${params.PROFILE}.jinja --build -s build_type=${params.BUILD_TYPE}"
             sh "conan upload '*' -r ${params.SERVER_ID} --all --confirm --parallel"
         }
      }
      

       

      The console output from using the plugin is

      [Conan] $ docker exec --env ******** --env ******** --env ******** --env ******** --env ******** --env ******** --env ******** --env ******** --env ******** --env ******** --env ******** --env ******** --env ******** --env ******** --env ******** --env ******** --env ******** --env ******** --env ******** --env ******** --env ******** --env ******** --env ******** --env ******** --env ******** --env ******** --env ******** --env ******** --env ******** --env ******** --env ******** --env ******** --env ******** --env ******** --env ******** --env ******** --env ******** --env ******** --env ******** db2688ca364f47fc67f153a215874ae6c8699def3f7af001c37850e761fa2419 sh -c "conan remote add example https://artifacts.example.com/artifactory/api/conan/conan-pkgs True "
      Error occurred for request GET /artifactory/api/system/version HTTP/1.1: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target.
      Failed sending usage report to Artifactory: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
      WARN: Remotes registry file missing, creating default one in /home/jenkins/workspace/Conan@tmp/artifactory/conan.tmp4868621642054372388/.conan/remotes.json
      Adding conan user 'wbehrens', server 'example'
      [Conan] $ docker exec --env ******** --env ******** --env ******** --env ******** --env ******** --env ******** --env ******** --env ******** --env ******** --env ******** --env ******** --env ******** --env ******** --env ******** --env ******** --env ******** --env ******** --env ******** --env ******** --env ******** --env ******** --env ******** --env ******** --env ******** --env ******** --env ******** --env ******** --env ******** --env ******** --env ******** --env ******** --env ******** --env ******** --env ******** --env ******** --env ******** --env ******** --env ******** --env ******** db2688ca364f47fc67f153a215874ae6c8699def3f7af001c37850e761fa2419 sh -c ********
      ERROR: HTTPSConnectionPool(host='artifacts.example.com', port=443): Max retries exceeded with url: /artifactory/api/conan/conan-pkgs/v1/ping (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1131)')))

      Attachments

        Activity

          People

            eyalbe Eyal Ben Moshe
            williambehrens William Behrens
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated: