axion-release-plugin
axion-release-plugin copied to clipboard
allegro
Unable to use latest axion with ssh-agent
Hi. I'm are using axion for some time in many projects. Recently I needed to update gradle to 7 from 6 and this required update of axion to latest version (1.13.X).
Unfortunately that causes problem with git communication. Since ssh public/private keys are used with ssh-agent (jenkins driven) we get into series of error all leading to same thing: Auth Failed.
Depending on slight build.gradle changes debug messages are different:
com.jcraft.jsch.agentproxy.AgentProxyException: java.io.IOException: failed to fctrl usocket: -1
at com.jcraft.jsch.agentproxy.connector.SSHAgentConnector.
or
java.lang.UnsatisfiedLinkError: 'int shadow.com.sun.jna.Native.sizeof(int)'
at shadow.com.sun.jna.Native.sizeof(Native Method)
at shadow.com.sun.jna.Native.
Setup and version:
- git ssh, remote repo (ssh://[email protected]:7999/sth.git)
- public key on repo, private key added using ssh-add -K /Users/you/.ssh/id_rsa
- java version 8 or 11
- gradle version 7.1.1 or 7.2
- axion version 1.13.X (1,2,3)
Here is sample, very simple project (any git remote repo needs to be added) axionTest.zip
https://github.com/allegro/axion-release-plugin/pull/416/files this should fix a lot of issues, maybe you would like to work a bit with this pr? :)
Hi it's a RSA key. How to proceed with mentioned PR? What is there to be done?
It's half-way there.
The goal is to replace org.eclipse.jgit.ssh.jsch with org.apache.sshd.sshd-git
which should be drop-in replacement. It has support for more algorithms and ciphers that should fix few problem (support for gitlab, ecds keys and few other things).
I unblocked myself with release.customKey switch (instead of sshagent) so I'm on the bright side now:);. For PR, sure I can try to put some effort here. I would like to start with a test for my case (ssh-agent communication). Can You direct me a beat?
@JaroslawJarmolowicz-TomTom I had same error after update axion to 1.13.3: shadow.org.eclipse.jgit.api.errors.TransportException: Auth fail. As you suggested I used release.customKey parameter instead of sshagent but directly in gradle command based on https://axion-release-plugin.readthedocs.io/en/latest/configuration/authorization/#ssh-keypassword:
./gradlew release -Prelease.disableChecks -Prelease.pushTagsOnly -Prelease.customKeyFile=${key} -Prelease.customKeyPassword=${passphrase}
But now I have an error: shadow.org.eclipse.jgit.api.errors.TransportException: push not permitted. Is there any workaround for it?
My mistake, I did not change access key permission from read to read/write, so release.customKey solves the problem :+1:
Yeah just a workaround is working. Main issue remains :(
The JNA UnsatisfiedLinkError failure is actually due to axion being prefixed to everything, which causes symbol lookup to fail. By simply removing the relocateShadowJar task and the dependency from shadowJar, ssh-agent via socket started working again.
@jskillin-idt thanks for debugging the issue, do you want to make an pr? I'm ok with dropping shadow plugin if it's making problems to users
Oh, I apologize. I did not get back to this issue. Sorry about that. It appears a resolution is already in progress.
#460 removes the shadow plugin as it was not fully applied and causing challenges