[英]Jenkins pipeline script blocking git pull due to error "SSL certificate problem: unable to get local issuer certificate" (Bitbucket)
my jenkins pipeline script is extremely simple (so far), see below我的詹金斯管道脚本非常简单(到目前为止),见下文
node{
stage('Scm Checkout'){
git credentialsId: 'git-creds', url: 'https://xx@xx/xx.git'
}
}
Error im getting is SSL certificate problem: unable to get local issuer certificate
- im pulling from a bitbucket repo.我得到的错误是
SSL certificate problem: unable to get local issuer certificate
- 我从 bitbucket 存储库中提取。
Interestingly its failing at the following line:有趣的是它在以下行失败:
git.exe fetch --tags --force --progress -- https://xx@xx/xx.git +refs/heads/*:refs/remotes/origin/* # timeout=10
however I can run this fine from git bash if I just run the following command first:但是,如果我先运行以下命令,我可以从 git bash 中正常运行:
git config --global http.sslVerify false
I saw a post elsewhere where someone was suffering from same issue and his comment was: "Adding following to gitconfig file resolved the issue"我在别处看到有人遇到同样问题的帖子,他的评论是:“将以下内容添加到 gitconfig 文件解决了问题”
{{[http] }}
sslVerify = false
This may be the solution, but Im not sure what exact steps I need to follow to achieve this这可能是解决方案,但我不确定我需要遵循哪些确切步骤来实现这一目标
Disabling ssl verification is rarely a good solution, and would only be considered for testing (to check for instance if the network connection works)禁用 ssl 验证很少是一个好的解决方案,并且只会考虑用于测试(例如检查网络连接是否有效)
It is better to define a dummy job which does git config --list
, and take note of the http.sslcainfo
path for the ca-bundle.crt.最好定义一个执行
git config --list
的虚拟作业,并记下 ca-bundle.crt 的http.sslcainfo
路径。
You can add in that bundle the certificates from bitbucket.org (using openssl s_client -showcerts -connect
).您可以将来自 bitbucket.org的证书添加到该捆绑包中(使用
openssl s_client -showcerts -connect
)。
If you want to disable ssl verification in git, and don't want to execute the git config ...
command in your pipeline, you can edit the git configuration file and add at the end of it如果你想在 git 中禁用 ssl 验证,并且不想在你的管道中执行
git config ...
命令,你可以编辑 git 配置文件并在它的末尾添加
[http]
sslVerify = false
you can do this in different files, depending on whether you want this change to apply only to the current repo, or to all the repos in the same node.您可以在不同的文件中执行此操作,具体取决于您是希望此更改仅应用于当前存储库还是同一节点中的所有存储库。 I recommend you to take a look at
git-config
man page我建议您查看
git-config
手册页
FILES
档案
... there are three files where git config will search for configuration options:... git config 将在三个文件中搜索配置选项:
$GIT_DIR/config
$GIT_DIR/配置
Repository specific configuration file.存储库特定的配置文件。 (The filename is of course relative to the repository root, not the working directory.)
(文件名当然是相对于存储库根目录,而不是工作目录。)
~/.gitconfig
~/.gitconfig
User-specific configuration file.用户特定的配置文件。 Also called "global" configuration file.
也称为“全局”配置文件。
$(prefix)/etc/gitconfig
$(前缀)/etc/gitconfig
System-wide configuration file.系统范围的配置文件。
Adding a step prior to the checkout that inserts this config in the active repo will do the trick, and only impact current repo.在结账之前添加一个步骤,将这个配置插入到活动的仓库中就可以了,并且只会影响当前的仓库。 Something in the lines of the below code should work
以下代码行中的某些内容应该可以工作
node {
stages {
stage('Pre-Checkout') {
steps {
sh "git config http.sslVerify false"
}
}
stage('Scm Checkout'){
git credentialsId: 'git-creds', url: 'https://xx@xx/xx.git'
}
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.