Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-73504

Unable to use a remote git repository which uses SHA256 hashing

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Minor Minor
    • git-client-plugin
    • None

      Hi,

      I'm trying to set up a new build job which need to do a checkout from a forgejo/gitea repository.
      This repository was created with a SHA256 hash algorithm.

      When the jenkins buildjob runs for the first time it creates a local repositiory using the following command:

      git init /buildsystem/.jenkins/....
      

      This command creates the local repository with the default hash algorithm, SHA1.
      Because of this, it is incompatible with the remote repo, resulting in the following error when fetching the repo.

      fatal: mismatched algorithms: client sha1; server sha256
      

      The complete build output: jenkins_git_sha256.txt

      Is SHA256 hashing supported, and if not, can it be added?
      The local repo creation should be done with the following command:

      git init --object-format=sha256 /buildsystem/.jenkins/....
      

      Regards,

      Tom

          [JENKINS-73504] Unable to use a remote git repository which uses SHA256 hashing

          Mark Waite added a comment -

          SHA256 object format is not yet supported by the git plugin. I don't have any immediate plans to add support for SHA256 object format. The last time I read information about SHA256 object format, it seemed like the git community was still trying to find the path that they want to follow for wider adoption of SHA256 object format.

          You're welcome to start a pull request to add an option to use SHA256 object format. I suspect there will be many places that need to change in many plugins.

          Short term, you could replace the use of the git plugin in your Pipeline with shell commands wrapped in a withCredentials block. That gives you complete control of command line git and its arguments.

          Mark Waite added a comment - SHA256 object format is not yet supported by the git plugin. I don't have any immediate plans to add support for SHA256 object format. The last time I read information about SHA256 object format, it seemed like the git community was still trying to find the path that they want to follow for wider adoption of SHA256 object format. You're welcome to start a pull request to add an option to use SHA256 object format. I suspect there will be many places that need to change in many plugins. Short term, you could replace the use of the git plugin in your Pipeline with shell commands wrapped in a withCredentials block. That gives you complete control of command line git and its arguments.

          Johannes added a comment -

          I, too, stumbled this error message.

          SHA256 in Git was introduced several years ago. Do you see any chance of getting this implemented? Since Git 2.42 (from somewhere around August 2023) this is not an experimental feature anymore and no breaking changes are expected to be implemented (see https://github.com/git/git/blob/master/Documentation/RelNotes/2.42.0.txt).

           

          May I please ask you to take another look at it?

          Johannes added a comment - I, too, stumbled this error message. SHA256 in Git was introduced several years ago. Do you see any chance of getting this implemented? Since Git 2.42 (from somewhere around August 2023) this is not an experimental feature anymore and no breaking changes are expected to be implemented (see https://github.com/git/git/blob/master/Documentation/RelNotes/2.42.0.txt).   May I please ask you to take another look at it?

          Mark Waite added a comment -

          @derdeagle

          May I please ask you to take another look at it?

          I don't plan to look at it. The major git hosting providers do not support SHA-256 checksums. Local repositories and self-hosted repositories can use SHA-256 if they are running sufficiently new enough versions of command line git, but most Jenkins users are accessing repositories from a git hosting provider like GitHub, GitLab, Bitbucket, Gitea, or Assembla and won't have any chance to use SHA-256 until the hosting providers have implemented support for it.

          Now that we've dropped support for Red Hat Enterprise Linux 7 and its derivatives, we no longer need to worry about compatibility with command line git 1.8. However, the Jenkins project still supports Ubuntu 20 and it provides git 2.25 with no support for SHA-256.

          We still support many other operating systems with git versions that treat SHA-256 support as experimental, including:

          • Debian 11 - git 2.30
          • Debian 12 - git 2.39
          • openSUSE 15 - git 2.35
          • Ubuntu 22 - git 2.34

          If someone wants to submit a pull request to the git client plugin to add support for SHA-256, I'm willing to consider the pull request, so long as the pull request does not break existing users, includes automated tests, and has been well tested with the command line git versions that are common on the operating systems that Jenkins supports.

          Mark Waite added a comment - @ derdeagle May I please ask you to take another look at it? I don't plan to look at it. The major git hosting providers do not support SHA-256 checksums. Local repositories and self-hosted repositories can use SHA-256 if they are running sufficiently new enough versions of command line git, but most Jenkins users are accessing repositories from a git hosting provider like GitHub, GitLab, Bitbucket, Gitea, or Assembla and won't have any chance to use SHA-256 until the hosting providers have implemented support for it. Now that we've dropped support for Red Hat Enterprise Linux 7 and its derivatives, we no longer need to worry about compatibility with command line git 1.8. However, the Jenkins project still supports Ubuntu 20 and it provides git 2.25 with no support for SHA-256. We still support many other operating systems with git versions that treat SHA-256 support as experimental, including: Debian 11 - git 2.30 Debian 12 - git 2.39 openSUSE 15 - git 2.35 Ubuntu 22 - git 2.34 If someone wants to submit a pull request to the git client plugin to add support for SHA-256, I'm willing to consider the pull request, so long as the pull request does not break existing users, includes automated tests, and has been well tested with the command line git versions that are common on the operating systems that Jenkins supports.

            Unassigned Unassigned
            toms Tom
            Votes:
            1 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated: