Hudson (Jenkins) and Git HTTP authentication


I run a Hudson, (now Jenkins) CI server on windows XP.
The Jenkins git plugin is broken if you have repositories that use HTTP auth (See: http://issues.hudson-ci.org/browse/HUDSON-3807, http://issues.hudson-ci.org/browse/HUDSON-7091).

If you try to run a build on a job with a repo using HTTP auth, the process will hang at the repository checkout, as GIT is waiting for a password to be entered. Fortunately, you can set the credentials for the server access in a netrc file placed in your home directory.

Find your home directory:

  • If you are running Jenkins as the user you are currently logged in as:
    • Commonly, the home directory that GIT will use can be found by going start->Run and typing a “.” in the run dialog (without the quotes). On windows XP this is “C:\Documents and Settings\Administrator”
    • To be extra sure, you should open the GIT bash, type “cd” to go back to your home directory, and then enter “pwd” to show the current path.
  • If you are running Jenkins as a service
    • Create a new Execute Shell build step. Execute the command:
      echo $HOME
    • Run the build and examine the output to see where $HOME is located

Create the _netrc file:
On linux, this file is actually .netrc, however I found that on windows its using the underscore notation. When creating the _netrc file, ensure that your editor is saving the file using unix-line-endings. If you are using a tool like notepad++ this can be set by going Edit -> EOL Conversion -> UNIX Format.

_netrc contents:

machine <server name>
       login <server username>
       password <server password>

Where <server name> is the name of the server that hosts your GIT repository, and the username and password correspond to valid HTTP credentials. See the netrc page in references below for additional examples.

Verify the _netrc settings work by attempting to download the HEAD from the repository using curl:

curl --netrc --location -v http://<server_name>/<git_repo>.git/HEAD

This should return something like “ref: refs/heads/master“. If you get an authentication failed message, be sure to scroll up in the console to verify if curl was able to find the server entry in _netrc.

Gotachas:

  • If you specify the address to the GIT repository in Hudson in http://<username>@<server> notation, the _netrc data will not be picked up. This is because of the “<username>@” prefix
  • I had to modify the git executable I was using, as the default wasn’t picking up the _netrc file
    • Under Manage Hudson -> Configure -> Git Installation, point the default executable to the git.cmd script. Mine was at C:\Program Files\Git\cmd

References:
http://www.kernel.org/pub/software/scm/git/docs/howto/setup-git-server-over-http.txt
http://www.mavetju.org/unix/netrc.php

, ,

  1. #1 by Robert Reiz on May 22, 2011 - 8:50 pm

    THX. But that’s a pretty shitty workarround. The GIT Plugin in Hudson should offer to type in username and password. I not really like this half ready plugins!

  2. #2 by Jakub Holy on July 4, 2011 - 4:32 am

    Thanks a lot, that was very useful! The gotchas should have been little more emphasized though so even a lazy reader would notice them before running into them :-) Regards, Jakub

  3. #3 by Rodolfo on July 5, 2011 - 2:47 pm

    My scenario was a bit different and your suggestions didn’t work so I wanted to share what was my problem here in case someone else faces the same situation.

    I am running Hudson in Master/Slave mode, with the Master running in Linux and one of the slaves running in Windows.

    The problem for me was that the environment variable %HOME% was not recognized by Hudson when trying to access the _netrc file.

    In order to make it work, I had to change the configuration of the node and add the environment variable in there.

    Done!

  4. #4 by rajiv nandivada on January 3, 2013 - 4:38 pm

    One more thing, the HOME environment variable is not present on Windows. I had to create it for the curl command to work properly.

  5. #5 by David Falkner on June 4, 2013 - 9:51 pm

    New to Git, new to Jenkins, was floundering. This page really helped me get started. Excellent detail. Thanks!

  6. #6 by Gaow on August 6, 2013 - 3:02 am

    Well, using stash 2.6.0 I had an error : “Note that Stash does not support Git’s legacy HTTP transport protocol” … -_-

    And by the way, but despite what you said, the “http://user@server/repo_git” notation work with the .netrc authentication (on Linux – Fedora 15) ; maybe it doesn’t work on windows only ?

  7. #7 by Gaow on August 6, 2013 - 3:11 am

    … I just found out what was wrong ^^

    Ok, Stash 2.6.0 does not work with your curl http notation, but using the .netrc file, I can just do a git clone http://:port/ and it works perfectly, automatically using my user ^^

(will not be published)