Git client plugin 2.8.4 to git client plugin provided only one change, a fix for SECURITY-1534 <https://jenkins.io/security/advisory/2019-09-12/#SECURITY-1534>. That is a remote code execution risk from authenticated git commands when using repository names that look like options to command line git. If your command line git is 2.8.0 or newer, then that change prefixes the repository URL argument with a '--' to inform command line git that no further options will be passed on the command line and that all remaining command line arguments are operands.
Git client plugin 2.8.4 calls 'git fetch https://yourhost/your-repo your-refspec' Git client plugin 2.8.5 calls 'git fetch -- https://yourhost/your-repo your-refspec' Note the extra argument '--' that precedes the URL in the fetch command. The log file you provided shows that you are using a command line git that is 2.8.0 or newer. You may want to confirm that with `git --version` to be certain, but that's what the git client thinks it is detecting. You might try using "C:\Program Files\Git\bin\git.exe" instead of " C:\Program Files\Git\bin\git.exe" as the git executable, in case the command line argument processing in your version of command line git is different between the 'cmd\git.exe' and bin\git.exe'. If your command line git is an older version (before git 2.20), you might consider updating command line git to the most recent Git for Windows, 2.23.0. On Sun, Oct 20, 2019 at 8:34 PM Patrick van der Velde < petrikvanderve...@gmail.com> wrote: > Hi > > Our setup > > Server: > - Jenkins 2.190.1 > - Ubuntu 16.04.5 > > Agent > - Jenkins swarm slave > - Windows 2016 > > Source control: > - GIT on TFS2018 > > When running with git-client plugin 2.8.6 we get the following error in > the build log > > Running as SYSTEM > [EnvInject] - Loading node environment variables. > Building remotely on BUILDAGENT (tool_nuget tool_powershell swarm > role_generators team_development tool_msbuild tool_git) in workspace > C:\ops\jenkins\workspace\testproduct12---b4eb99a4 > [WS-CLEANUP] Deleting project workspace... > [WS-CLEANUP] Deferred wipeout is used... > using credential sandboxuser > Cloning the remote Git repository > Cloning repository > http://tfshostname:8080/tfs/projectcollection/sandbox/_git/testproduct123 > > C:\Program Files\Git\cmd\git.exe init > C:\ops\jenkins\workspace\testproduct12---b4eb99a4 # timeout=10 > Fetching upstream changes from > http://tfshostname:8080/tfs/projectcollection/sandbox/_git/testproduct123 > > C:\Program Files\Git\cmd\git.exe --version # timeout=10 > using GIT_ASKPASS to set credentials User to access the sandbox > project and the repos inside it. > > C:\Program Files\Git\cmd\git.exe fetch --tags --progress -- > http://tfshostname:8080/tfs/projectcollection/sandbox/_git/testproduct123 > +refs/heads/*:refs/remotes/origin/* > ERROR: Error cloning remote repo 'origin' > hudson.plugins.git.GitException: Command "C:\Program > Files\Git\cmd\git.exe fetch --tags --progress -- > http://tfshostname:8080/tfs/projectcollection/sandbox/_git/testproduct123 > +refs/heads/*:refs/remotes/origin/*" returned status code 128: > stdout: > stderr: fatal: Authentication failed for ' > http://tfshostname:8080/tfs/projectcollection/sandbox/_git/testproduct123/ > ' > > at > org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandIn(CliGitAPIImpl.java:2172) > at > org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandWithCredentials(CliGitAPIImpl.java:1864) > at > org.jenkinsci.plugins.gitclient.CliGitAPIImpl.access$500(CliGitAPIImpl.java:78) > at > org.jenkinsci.plugins.gitclient.CliGitAPIImpl$1.execute(CliGitAPIImpl.java:545) > at > org.jenkinsci.plugins.gitclient.CliGitAPIImpl$2.execute(CliGitAPIImpl.java:758) > at > org.jenkinsci.plugins.gitclient.RemoteGitImpl$CommandInvocationHandler$1.call(RemoteGitImpl.java:153) > at > org.jenkinsci.plugins.gitclient.RemoteGitImpl$CommandInvocationHandler$1.call(RemoteGitImpl.java:146) > at hudson.remoting.UserRequest.perform(UserRequest.java:212) > at hudson.remoting.UserRequest.perform(UserRequest.java:54) > at hudson.remoting.Request$2.run(Request.java:369) > at > hudson.remoting.InterceptingExecutorService$1.call(InterceptingExecutorService.java:72) > at java.util.concurrent.FutureTask.run(FutureTask.java:266) > at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) > at hudson.remoting.Engine$1.lambda$newThread$0(Engine.java:93) > at java.lang.Thread.run(Thread.java:748) > Suppressed: hudson.remoting.Channel$CallSiteStackTrace: Remote > call to JNLP4-connect connection from 172.17.35.148/172.17.35.148:49717 > at > hudson.remoting.Channel.attachCallSiteStackTrace(Channel.java:1743) > at > hudson.remoting.UserRequest$ExceptionResponse.retrieve(UserRequest.java:357) > at hudson.remoting.Channel.call(Channel.java:957) > at > org.jenkinsci.plugins.gitclient.RemoteGitImpl$CommandInvocationHandler.execute(RemoteGitImpl.java:146) > at sun.reflect.GeneratedMethodAccessor447.invoke(Unknown > Source) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:498) > at > org.jenkinsci.plugins.gitclient.RemoteGitImpl$CommandInvocationHandler.invoke(RemoteGitImpl.java:132) > at com.sun.proxy.$Proxy73.execute(Unknown Source) > at hudson.plugins.git.GitSCM.retrieveChanges(GitSCM.java:1152) > at hudson.plugins.git.GitSCM.checkout(GitSCM.java:1192) > at hudson.scm.SCM.checkout(SCM.java:504) > at > hudson.model.AbstractProject.checkout(AbstractProject.java:1208) > at > hudson.model.AbstractBuild$AbstractBuildExecution.defaultCheckout(AbstractBuild.java:574) > at > jenkins.scm.SCMCheckoutStrategy.checkout(SCMCheckoutStrategy.java:86) > at > hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:499) > at hudson.model.Run.execute(Run.java:1815) > at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43) > at > hudson.model.ResourceController.execute(ResourceController.java:97) > at hudson.model.Executor.run(Executor.java:429) > ERROR: Error cloning remote repo 'origin' > Retrying after 10 seconds > using credential sandboxuser > > C:\Program Files\Git\cmd\git.exe rev-parse --is-inside-work-tree # > timeout=10 > Fetching changes from the remote Git repository > > C:\Program Files\Git\cmd\git.exe config remote.origin.url > http://tfshostname:8080/tfs/projectcollection/sandbox/_git/testproduct123 > # timeout=10 > Fetching upstream changes from > http://tfshostname:8080/tfs/projectcollection/sandbox/_git/testproduct123 > > C:\Program Files\Git\cmd\git.exe --version # timeout=10 > using GIT_ASKPASS to set credentials User to access the sandbox > project and the repos inside it. > > C:\Program Files\Git\cmd\git.exe fetch --tags --progress -- > http://tfshostname:8080/tfs/projectcollection/sandbox/_git/testproduct123 > +refs/heads/*:refs/remotes/origin/* > ERROR: Error fetching remote repo 'origin' > hudson.plugins.git.GitException: Failed to fetch from > http://tfshostname:8080/tfs/projectcollection/sandbox/_git/testproduct123 > at hudson.plugins.git.GitSCM.fetchFrom(GitSCM.java:894) > at hudson.plugins.git.GitSCM.retrieveChanges(GitSCM.java:1161) > at hudson.plugins.git.GitSCM.checkout(GitSCM.java:1192) > at hudson.scm.SCM.checkout(SCM.java:504) > at hudson.model.AbstractProject.checkout(AbstractProject.java:1208) > at > hudson.model.AbstractBuild$AbstractBuildExecution.defaultCheckout(AbstractBuild.java:574) > at > jenkins.scm.SCMCheckoutStrategy.checkout(SCMCheckoutStrategy.java:86) > at > hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:499) > at hudson.model.Run.execute(Run.java:1815) > at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43) > at > hudson.model.ResourceController.execute(ResourceController.java:97) > at hudson.model.Executor.run(Executor.java:429) > Caused by: hudson.plugins.git.GitException: Command "C:\Program > Files\Git\cmd\git.exe fetch --tags --progress -- > http://tfshostname:8080/tfs/projectcollection/sandbox/_git/testproduct123 > +refs/heads/*:refs/remotes/origin/*" returned status code 128: > stdout: > stderr: fatal: Authentication failed for ' > http://tfshostname:8080/tfs/projectcollection/sandbox/_git/testproduct123/ > ' > > at > org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandIn(CliGitAPIImpl.java:2172) > at > org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandWithCredentials(CliGitAPIImpl.java:1864) > at > org.jenkinsci.plugins.gitclient.CliGitAPIImpl.access$500(CliGitAPIImpl.java:78) > at > org.jenkinsci.plugins.gitclient.CliGitAPIImpl$1.execute(CliGitAPIImpl.java:545) > at > org.jenkinsci.plugins.gitclient.RemoteGitImpl$CommandInvocationHandler$1.call(RemoteGitImpl.java:153) > at > org.jenkinsci.plugins.gitclient.RemoteGitImpl$CommandInvocationHandler$1.call(RemoteGitImpl.java:146) > at hudson.remoting.UserRequest.perform(UserRequest.java:212) > at hudson.remoting.UserRequest.perform(UserRequest.java:54) > at hudson.remoting.Request$2.run(Request.java:369) > at > hudson.remoting.InterceptingExecutorService$1.call(InterceptingExecutorService.java:72) > at java.util.concurrent.FutureTask.run(FutureTask.java:266) > at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) > at hudson.remoting.Engine$1.lambda$newThread$0(Engine.java:93) > at java.lang.Thread.run(Thread.java:748) > Suppressed: hudson.remoting.Channel$CallSiteStackTrace: Remote > call to JNLP4-connect connection from 172.17.35.148/172.17.35.148:49717 > at > hudson.remoting.Channel.attachCallSiteStackTrace(Channel.java:1743) > at > hudson.remoting.UserRequest$ExceptionResponse.retrieve(UserRequest.java:357) > at hudson.remoting.Channel.call(Channel.java:957) > at > org.jenkinsci.plugins.gitclient.RemoteGitImpl$CommandInvocationHandler.execute(RemoteGitImpl.java:146) > at sun.reflect.GeneratedMethodAccessor447.invoke(Unknown > Source) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:498) > at > org.jenkinsci.plugins.gitclient.RemoteGitImpl$CommandInvocationHandler.invoke(RemoteGitImpl.java:132) > at com.sun.proxy.$Proxy74.execute(Unknown Source) > at hudson.plugins.git.GitSCM.fetchFrom(GitSCM.java:892) > at hudson.plugins.git.GitSCM.retrieveChanges(GitSCM.java:1161) > at hudson.plugins.git.GitSCM.checkout(GitSCM.java:1192) > at hudson.scm.SCM.checkout(SCM.java:504) > at > hudson.model.AbstractProject.checkout(AbstractProject.java:1208) > at > hudson.model.AbstractBuild$AbstractBuildExecution.defaultCheckout(AbstractBuild.java:574) > at > jenkins.scm.SCMCheckoutStrategy.checkout(SCMCheckoutStrategy.java:86) > at > hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:499) > at hudson.model.Run.execute(Run.java:1815) > at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43) > at > hudson.model.ResourceController.execute(ResourceController.java:97) > at hudson.model.Executor.run(Executor.java:429) > ERROR: Error fetching remote repo 'origin' > Retrying after 10 seconds > using credential sandboxuser > > C:\Program Files\Git\cmd\git.exe rev-parse --is-inside-work-tree # > timeout=10 > Fetching changes from the remote Git repository > > C:\Program Files\Git\cmd\git.exe config remote.origin.url > http://tfshostname:8080/tfs/projectcollection/sandbox/_git/testproduct123 > # timeout=10 > Fetching upstream changes from > http://tfshostname:8080/tfs/projectcollection/sandbox/_git/testproduct123 > > C:\Program Files\Git\cmd\git.exe --version # timeout=10 > using GIT_ASKPASS to set credentials User to access the sandbox > project and the repos inside it. > > C:\Program Files\Git\cmd\git.exe fetch --tags --progress -- > http://tfshostname:8080/tfs/projectcollection/sandbox/_git/testproduct123 > +refs/heads/*:refs/remotes/origin/* > ERROR: Error fetching remote repo 'origin' > hudson.plugins.git.GitException: Failed to fetch from > http://tfshostname:8080/tfs/projectcollection/sandbox/_git/testproduct123 > at hudson.plugins.git.GitSCM.fetchFrom(GitSCM.java:894) > at hudson.plugins.git.GitSCM.retrieveChanges(GitSCM.java:1161) > at hudson.plugins.git.GitSCM.checkout(GitSCM.java:1192) > at hudson.scm.SCM.checkout(SCM.java:504) > at hudson.model.AbstractProject.checkout(AbstractProject.java:1208) > at > hudson.model.AbstractBuild$AbstractBuildExecution.defaultCheckout(AbstractBuild.java:574) > at > jenkins.scm.SCMCheckoutStrategy.checkout(SCMCheckoutStrategy.java:86) > at > hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:499) > at hudson.model.Run.execute(Run.java:1815) > at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43) > at > hudson.model.ResourceController.execute(ResourceController.java:97) > at hudson.model.Executor.run(Executor.java:429) > Caused by: hudson.plugins.git.GitException: Command "C:\Program > Files\Git\cmd\git.exe fetch --tags --progress -- > http://tfshostname:8080/tfs/projectcollection/sandbox/_git/testproduct123 > +refs/heads/*:refs/remotes/origin/*" returned status code 128: > stdout: > stderr: fatal: Authentication failed for ' > http://tfshostname:8080/tfs/projectcollection/sandbox/_git/testproduct123/ > ' > > at > org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandIn(CliGitAPIImpl.java:2172) > at > org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandWithCredentials(CliGitAPIImpl.java:1864) > at > org.jenkinsci.plugins.gitclient.CliGitAPIImpl.access$500(CliGitAPIImpl.java:78) > at > org.jenkinsci.plugins.gitclient.CliGitAPIImpl$1.execute(CliGitAPIImpl.java:545) > at > org.jenkinsci.plugins.gitclient.RemoteGitImpl$CommandInvocationHandler$1.call(RemoteGitImpl.java:153) > at > org.jenkinsci.plugins.gitclient.RemoteGitImpl$CommandInvocationHandler$1.call(RemoteGitImpl.java:146) > at hudson.remoting.UserRequest.perform(UserRequest.java:212) > at hudson.remoting.UserRequest.perform(UserRequest.java:54) > at hudson.remoting.Request$2.run(Request.java:369) > at > hudson.remoting.InterceptingExecutorService$1.call(InterceptingExecutorService.java:72) > at java.util.concurrent.FutureTask.run(FutureTask.java:266) > at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) > at hudson.remoting.Engine$1.lambda$newThread$0(Engine.java:93) > at java.lang.Thread.run(Thread.java:748) > Suppressed: hudson.remoting.Channel$CallSiteStackTrace: Remote > call to JNLP4-connect connection from 172.17.35.148/172.17.35.148:49717 > at > hudson.remoting.Channel.attachCallSiteStackTrace(Channel.java:1743) > at > hudson.remoting.UserRequest$ExceptionResponse.retrieve(UserRequest.java:357) > at hudson.remoting.Channel.call(Channel.java:957) > at > org.jenkinsci.plugins.gitclient.RemoteGitImpl$CommandInvocationHandler.execute(RemoteGitImpl.java:146) > at sun.reflect.GeneratedMethodAccessor447.invoke(Unknown > Source) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:498) > at > org.jenkinsci.plugins.gitclient.RemoteGitImpl$CommandInvocationHandler.invoke(RemoteGitImpl.java:132) > at com.sun.proxy.$Proxy74.execute(Unknown Source) > at hudson.plugins.git.GitSCM.fetchFrom(GitSCM.java:892) > at hudson.plugins.git.GitSCM.retrieveChanges(GitSCM.java:1161) > at hudson.plugins.git.GitSCM.checkout(GitSCM.java:1192) > at hudson.scm.SCM.checkout(SCM.java:504) > at > hudson.model.AbstractProject.checkout(AbstractProject.java:1208) > at > hudson.model.AbstractBuild$AbstractBuildExecution.defaultCheckout(AbstractBuild.java:574) > at > jenkins.scm.SCMCheckoutStrategy.checkout(SCMCheckoutStrategy.java:86) > at > hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:499) > at hudson.model.Run.execute(Run.java:1815) > at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43) > at > hudson.model.ResourceController.execute(ResourceController.java:97) > at hudson.model.Executor.run(Executor.java:429) > ERROR: Error fetching remote repo 'origin' > Finished: FAILURE > > When running with git-client plugin 2.8.4 it works fine. > > I suspect 2.8.5 was the version that broke things because nothing > important seems to have changed in 2.8.6. > > Can somebody let me know what the best course of action is? > > Thanks > > Petrik > > -- > You received this message because you are subscribed to the Google Groups > "Jenkins Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to jenkinsci-users+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/jenkinsci-users/53a6f448-03de-4931-86b1-c27a809ed24c%40googlegroups.com > <https://groups.google.com/d/msgid/jenkinsci-users/53a6f448-03de-4931-86b1-c27a809ed24c%40googlegroups.com?utm_medium=email&utm_source=footer> > . > -- Thanks! Mark Waite -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/CAO49JtH0NXzjrJALFuNZPZ9kqJ5BdDZTy8xi8mz6KQtCT1ruzA%40mail.gmail.com.
