Jenkins 管道脚本由于错误“SSL 证书问题:无法获取本地颁发者证书”而阻止 git pull (Bitbucket)
[英]Jenkins pipeline script blocking git pull due to error "SSL certificate problem: unable to get local issuer certificate" (Bitbucket)
问题描述
my jenkins pipeline script is extremely simple (so far), see below
我的詹金斯管道脚本非常简单(到目前为止),见下文
node{
stage('Scm Checkout'){
git credentialsId: 'git-creds', url: 'https://xx@xx/xx.git'
}
}
Error im getting is SSL certificate problem: unable to get local issuer certificate - im pulling from a bitbucket repo.我得到的错误是SSL certificate problem: unable to get local issuer certificate - 我从 bitbucket 存储库中提取。
Interestingly its failing at the following line:有趣的是它在以下行失败:
git.exe fetch --tags --force --progress -- https://xx@xx/xx.git +refs/heads/*:refs/remotes/origin/* # timeout=10
however I can run this fine from git bash if I just run the following command first:但是,如果我先运行以下命令,我可以从 git bash 中正常运行:
git config --global http.sslVerify false
I saw a post elsewhere where someone was suffering from same issue and his comment was: "Adding following to gitconfig file resolved the issue"我在别处看到有人遇到同样问题的帖子,他的评论是:“将以下内容添加到 gitconfig 文件解决了问题”
{{[http] }}
sslVerify = false
This may be the solution, but Im not sure what exact steps I need to follow to achieve this这可能是解决方案,但我不确定我需要遵循哪些确切步骤来实现这一目标
2 个解决方案
解决方案1
1 2020-01-29 05:47:05
Disabling ssl verification is rarely a good solution, and would only be considered for testing (to check for instance if the network connection works)禁用 ssl 验证很少是一个好的解决方案,并且只会考虑用于测试(例如检查网络连接是否有效)
It is better to define a dummy job which does git config --list , and take note of the http.sslcainfo path for the ca-bundle.crt.最好定义一个执行git config --list的虚拟作业,并记下 ca-bundle.crt 的http.sslcainfo路径。
You can add in that bundle the certificates from bitbucket.org (using openssl s_client -showcerts -connect ).您可以将来自 bitbucket.org的证书添加到该捆绑包中(使用openssl s_client -showcerts -connect )。
解决方案2
0 已采纳 2020-01-29 16:09:44
If you want to disable ssl verification in git, and don't want to execute the git config ... command in your pipeline, you can edit the git configuration file and add at the end of it如果你想在 git 中禁用 ssl 验证,并且不想在你的管道中执行git config ...命令,你可以编辑 git 配置文件并在它的末尾添加
[http]
sslVerify = false
you can do this in different files, depending on whether you want this change to apply only to the current repo, or to all the repos in the same node.您可以在不同的文件中执行此操作,具体取决于您是希望此更改仅应用于当前存储库还是同一节点中的所有存储库。 I recommend you to take a look at git-config man page我建议您查看git-config手册页
FILES
... there are three files where git config will search for configuration options:$GIT_DIR/config
Repository specific configuration file.~/.gitconfig
User-specific configuration file.$(prefix)/etc/gitconfig
System-wide configuration file.
Adding a step prior to the checkout that inserts this config in the active repo will do the trick, and only impact current repo.在结账之前添加一个步骤,将这个配置插入到活动的仓库中就可以了,并且只会影响当前的仓库。 Something in the lines of the below code should work以下代码行中的某些内容应该可以工作
node {
stages {
stage('Pre-Checkout') {
steps {
sh "git config http.sslVerify false"
}
}
stage('Scm Checkout'){
git credentialsId: 'git-creds', url: 'https://xx@xx/xx.git'
}
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.