Jenkins Git 集成 - 如何禁用 SSL 证书验证
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/41930608/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Jenkins Git integration - How to disable SSL certificate validation
提问by Sona Shetty
I am getting the below error while creating a job from Jenkins. How do I disable certificate validation in Jenkins?
从 Jenkins 创建工作时出现以下错误。如何在 Jenkins 中禁用证书验证?
From Git Bash I can use git config --global http.sslVerify falsecommand to disable it, but not sure how to use it from Jenkins.
从 Git Bash 我可以使用git config --global http.sslVerify false命令来禁用它,但不确定如何从 Jenkins 使用它。
Error:
错误:
Failed to connect to repository : Command "C:\Program Files (x86)\Git\cmd\git.exe ls-remote -h url ofmy repository.git HEAD" returned status code 128:
stdout:
stderr: fatal: unable to access 'url of my git/': SSL certificate problem: self signed certificate in certificate chain
回答by JamesD
Best option is to add the self-signed certificate to your certificate store
最好的选择是将自签名证书添加到您的证书存储中
Obtain the server certificate tree This can be done using chrome.
获取服务器证书树 这可以使用 chrome 来完成。
Navigate to be server address. Click on the padlock icon and view the certificates. Export all of the certificate chain as base64 encoded files (PEM) format.
Add the certificates to the trust chain of your GIT trust config file In Git bash on the the machine running the job run the following:
导航到服务器地址。单击挂锁图标并查看证书。将所有证书链导出为 base64 编码文件 (PEM) 格式。
将证书添加到您的 GIT 信任配置文件的信任链中 在运行作业的机器上的 Git bash 中运行以下命令:
"git config --list".
“git 配置 --list”。
find the http.sslcainfoconfiguration this shows where the certificate trust file is located.
3. Copy all the certificates into the trust chain file including the "- -BEGIN- -"and the "- -END- -". Make sure you add the ROOT certificate Chain to the certificates file
找到http.sslcainfo显示证书信任文件所在位置的配置。3. 将所有证书复制到信任链文件中,包括"- -BEGIN- -"和"- -END- -"。确保将 ROOT 证书链添加到证书文件中
This should solve your issue with the self-signed certificates and using GIT.
这应该可以解决您使用自签名证书和使用 GIT 的问题。
NOT RECOMMENDED
不建议
The other way is to remote into your slave and run the following:
另一种方法是远程进入您的从站并运行以下命令:
git config --global http.sslVerify false
git config --global http.sslVerify false
This will save into the global config that this instance never does SSL verification, this is NOT recommended, it should be used only when testing and then disabled again. It should be done properly as above.
这将保存到全局配置中,此实例从不进行 SSL 验证,不推荐这样做,仅应在测试时使用,然后再次禁用。它应该像上面那样正确地完成。
回答by ravi creed
Create Freestyle project and Add "Windows Batch Command" and add the
创建 Freestyle 项目并添加“Windows 批处理命令”并添加
git config http.sslVerify false or git config --config http.sslVerify false
git config http.sslVerify false 或 git config --config http.sslVerify false
Once this is done, save it and build the job
完成后,保存并构建作业
Now your jenkin is configured to as not to do ssl verification. After the successful build now you can remove the batch command build step and edit the same project for your configuration.
现在您的 jenkin 配置为不进行 ssl 验证。现在成功构建后,您可以删除批处理命令构建步骤并为您的配置编辑相同的项目。
回答by Semih Kekül
Login or switch to jenkins user; for switching run this command on terminal:
登录或切换到 jenkins 用户;要切换在终端上运行此命令:
su - jenkins
And then run
然后运行
git config --global http.sslVerify false
回答by Hem? Vidal
You can use JGit and can fix it by creating a .gitconfigfile in JENKINS_HOMEwith this lines:
您可以使用 JGit 并可以通过在JENKINS_HOME 中使用以下行创建.gitconfig文件来修复它:
[http]
sslVerify = false
回答by Hyman Wu
to supplement, I've stuck on this for few hours, here's what i've found for SSL related
作为补充,我已经坚持了几个小时,这是我发现的与 SSL 相关的内容
add
添加
-Dorg.jenkinsci.plugins.getclient.GitClient.untrustedSSL=true
as parameter as java jnlp command,
作为 java jnlp 命令的参数,
and to set GIT_SSL_NO_VERIFY=true as environment variable, so the start slave command at slave side now looks like (not sure if some parameteres are duplicate)
并将 GIT_SSL_NO_VERIFY=true 设置为环境变量,因此从端的 start slave 命令现在看起来像(不确定某些参数是否重复)
export GIT_SSL_NO_VERIFY=true
java -Dorg.jenkinsci.plugins.getclient.GitClient.untrustedSSL=true -jar slave.jar -jnlpUrl ${jenkins_url}/computer/${slave_name}/slave-agent.jnlp -secret ${secret} -noCertificateCheck
you may need the same
你可能需要同样的
-noCertificateCheck
while trying to call jenkins-cli.jar
在尝试调用 jenkins-cli.jar 时
(up to https://blog.csdn.net/froghui/article/details/39641221)
(最多https://blog.csdn.net/froghui/article/details/39641221)
since everytime the jenkins slave initiazted a git operation, it's a clean env, that handled by jenkins git plugin
因为每次 jenkins slave 启动一个 git 操作,它都是一个干净的环境,由 jenkins git 插件处理
回答by Clayn
I had the same problem. First i used Git using a Shell Script that disabled the SSL Verification before the clone or pull.
我有同样的问题。首先,我使用在克隆或拉取之前禁用 SSL 验证的 Shell 脚本使用 Git。
Later i switched to using JGit instead which works as expected (though its not recommended to use). However with JGit you some features such as shallow clones are not supported.
后来我改用 JGit 而不是它按预期工作(尽管不推荐使用)。但是,JGit 不支持某些功能,例如浅层克隆。
Afair i didn't have to install anything to use JGit
Afair 我不需要安装任何东西来使用 JGit
回答by Harshavardhan
Set the environment variable in windows,
在windows中设置环境变量,
GIT_HOME=pathtill the bin folder of your git installation and then add it to the path variable.
GIT_HOME=path直到 git 安装的 bin 文件夹,然后将其添加到路径变量中。
