I have an issue with a pipeline that used to work before upgrading my self-hosted Windows agent.
The pipeline is for a DotNet Core project, it first gets latest version from our Azure Repos.
At first, I add the error message ‘unable to get local issuer certificate’ when cloning the repo, I fixed it but copying the certificates from the previous version of the agent to the new version.
Then it needs to authenticate to NuGet before building the solution :
- task: NuGetAuthenticate#0
inputs:
nuGetServiceConnections: 'Our-NuGet-ServiceConnection'
forceReinstallCredentialProvider: true
Here are the logs I get:
[section]Starting: Step 1: Authenticate with NuGet
[debug]Using node path: ***externals\node10\bin\node.exe
[debug]agent.TempDirectory=***_work\_temp
[debug]loading inputs and endpoints
[debug]loading ENDPOINT_AUTH_65dabc10-b00d-4b6e-850e-3a1ac2104576
[debug]loading ENDPOINT_AUTH_PARAMETER_65dabc10-b00d-4b6e-850e-3a1ac2104576_APITOKEN
[debug]loading ENDPOINT_AUTH_PARAMETER_SYSTEMVSSCONNECTION_ACCESSTOKEN
[debug]loading ENDPOINT_AUTH_SCHEME_65dabc10-b00d-4b6e-850e-3a1ac2104576
[debug]loading ENDPOINT_AUTH_SCHEME_SYSTEMVSSCONNECTION
[debug]loading ENDPOINT_AUTH_SYSTEMVSSCONNECTION
[debug]loading INPUT_FORCEREINSTALLCREDENTIALPROVIDER
[debug]loading INPUT_NUGETSERVICECONNECTIONS
[debug]loading SECRET_SCRIPTSREPOSITORY
[debug]loading SECRET_SYSTEM_ACCESSTOKEN
[debug]loaded 10
[debug]Agent.ProxyUrl=http://proxy.***:443
[debug]Agent.ProxyUsername=undefined
[debug]Agent.ProxyPassword=undefined
[debug]Agent.ProxyBypassList=["***","localhost","127.0.0.1"]
[debug]expose agent proxy configuration.
[debug]Agent.CAInfo=undefined
[debug]Agent.ClientCert=undefined
[debug]Agent.SkipCertValidation=undefined
[debug]check path : ***_work\_tasks\NuGetAuthenticate_f5fd8599-ccfa-4d6e-b965-4d14bed7097b\0.181.0\node_modules\azure-pipelines-tasks-artifacts-common\module.json
[debug]adding resource file: ***_work\_tasks\NuGetAuthenticate_f5fd8599-ccfa-4d6e-b965-4d14bed7097b\0.181.0\node_modules\azure-pipelines-tasks-artifacts-common\module.json
[debug]system.culture=en-US
[debug]Resource file has already set to: ***_work\_tasks\NuGetAuthenticate_f5fd8599-ccfa-4d6e-b965-4d14bed7097b\0.181.0\node_modules\azure-pipelines-tasks-artifacts-common\module.json
[debug]check path : ***_work\_tasks\NuGetAuthenticate_f5fd8599-ccfa-4d6e-b965-4d14bed7097b\0.181.0\task.json
[debug]adding resource file: ***_work\_tasks\NuGetAuthenticate_f5fd8599-ccfa-4d6e-b965-4d14bed7097b\0.181.0\task.json
[debug]system.culture=en-US
[debug]forceReinstallCredentialProvider=true
Installing the Azure Artifacts Credential Provider (.NET Core) to 'C:\Users\***\.nuget\plugins\netcore\CredentialProvider.Microsoft'. This credential provider is compatible with dotnet SDK 2.1.400 or later.
[debug]Removing 'C:\Users\***\.nuget\plugins\netcore\CredentialProvider.Microsoft' before copying from '***_work\_tasks\NuGetAuthenticate_f5fd8599-ccfa-4d6e-b965-4d14bed7097b\0.181.0\CredentialProviderV2\plugins\netcore\CredentialProvider.Microsoft' since overwrite is enabled
[debug]Copying from '***_work\_tasks\NuGetAuthenticate_f5fd8599-ccfa-4d6e-b965-4d14bed7097b\0.181.0\CredentialProviderV2\plugins\netcore\CredentialProvider.Microsoft' to 'C:\Users\***\.nuget\plugins\netcore\CredentialProvider.Microsoft'
Installing the Azure Artifacts Credential Provider (.NET Framework) to 'C:\Users\***\.nuget\plugins\netfx\CredentialProvider.Microsoft'. This credential provider is compatible with nuget.exe 4.8.0.5385 or later, and MSBuild 15.8.166.59604 or later.
[debug]Removing 'C:\Users\***\.nuget\plugins\netfx\CredentialProvider.Microsoft' before copying from '***_work\_tasks\NuGetAuthenticate_f5fd8599-ccfa-4d6e-b965-4d14bed7097b\0.181.0\CredentialProviderV2\plugins\netfx\CredentialProvider.Microsoft' since overwrite is enabled
[debug]Copying from '***_work\_tasks\NuGetAuthenticate_f5fd8599-ccfa-4d6e-b965-4d14bed7097b\0.181.0\CredentialProviderV2\plugins\netfx\CredentialProvider.Microsoft' to 'C:\Users\***\.nuget\plugins\netfx\CredentialProvider.Microsoft'
[debug]nuGetServiceConnections=65dabc10-b00d-4b6e-850e-3a1ac2104576
[debug]65dabc10-b00d-4b6e-850e-3a1ac2104576=https://***.pkgs.visualstudio.com/33706eec-15bf-48db-846e-65c72f09c4c4/_packaging/**artifactfeed**/nuget/v3/index.json
[debug]65dabc10-b00d-4b6e-850e-3a1ac2104576 exists true
[debug]65dabc10-b00d-4b6e-850e-3a1ac2104576 auth scheme = Token
[debug]Found token service connection for package source https://***.pkgs.visualstudio.com/33706eec-15bf-48db-846e-65c72f09c4c4/_packaging/**artifactfeed**/nuget/v3/index.json
[debug]Finding the URI for the packaging service
[debug]Getting credentials for local feeds
[debug]SYSTEMVSSCONNECTION exists true
[debug]Got auth token
[debug]System.TeamFoundationCollectionUri=https://dev.azure.com/***/
[debug]System.ServerType=Hosted
[debug]Agent.ProxyUrl=http://proxy.***:443
[debug]Agent.ProxyUsername=undefined
[debug]Agent.ProxyPassword=undefined
[debug]Agent.ProxyBypassList=["***","localhost","127.0.0.1"]
[debug]Getting URI for area ID B3BE7473-68EA-4A81-BFC7-9530BAAA19AD from https://dev.azure.com/***/
[debug]Failed to obtain the service URI for area ID B3BE7473-68EA-4A81-BFC7-9530BAAA19AD
[debug]unable to get local issuer certificate
[debug]Error: unable to get local issuer certificate
at TLSSocket.onConnectSecure (_tls_wrap.js:1088:34)
at TLSSocket.emit (events.js:198:13)
at TLSSocket._finishInit (_tls_wrap.js:666:8)
Could you please help ?
Thanks,
Claude
Related
Attempting to migrate to yarn 2.0 and run into a problem with private npm packages resulting in
YN0001: │ GotError: unable to get local issuer certificate
Got around this in yarn 1.x with the strict-ssl: false config setting. Is there a way of doing something similar in the new .yarnrc.yml? Couldn't find anything related in the docs.
My .yarnrc.yml:
yarnPath: .yarn/releases/yarn-sources.js
npmScopes:
companyName:
npmRegistryServer: "https://www.myget.org/F/companyName/npm"
Our sonarqube server is behind http basic authentication and local runner fails with 401 error. Is it somehow possible to provide credentials to it? AOfficial docs shows how to provide sonarqube's internal user...
UPD #1:
sonarqube: v5.3,
sonar-runner: v2.5
Debug log of runner:
INFO: Scanner configuration file: /Users/user/Documents/Projects/Project1/sonar-scanner-2.5/conf/sonar-runner.properties
INFO: Project configuration file: /Users/user/Documents/Projects/Project1/sonar-project.properties
INFO: SonarQube Scanner 2.5
INFO: Java 1.8.0_45 Oracle Corporation (64-bit)
INFO: Mac OS X 10.11.3 x86_64
INFO: Error stacktraces are turned on.
DEBUG: cache: /Users/user/.sonar/ws_cache/https%3A%2F%2Fexample.com%2Fsonar%2F/global
INFO: User cache: /Users/user/.sonar/cache
DEBUG: Extract sonar-runner-batch in temp...
DEBUG: Get bootstrap index...
DEBUG: Download: https://example.com/sonar/batch_bootstrap/index
INFO: ------------------------------------------------------------------------
INFO: EXECUTION FAILURE
INFO: ------------------------------------------------------------------------
INFO: Total time: 1.171s
INFO: Final Memory: 5M/245M
INFO: ------------------------------------------------------------------------
ERROR: Error during SonarQube Scanner execution
org.sonar.runner.impl.RunnerException: Unable to execute SonarQube
at org.sonar.runner.impl.IsolatedLauncherFactory$1.run(IsolatedLauncherFactory.java:100)
at org.sonar.runner.impl.IsolatedLauncherFactory$1.run(IsolatedLauncherFactory.java:87)
at java.security.AccessController.doPrivileged(Native Method)
at org.sonar.runner.impl.IsolatedLauncherFactory.createLauncher(IsolatedLauncherFactory.java:87)
at org.sonar.runner.impl.IsolatedLauncherFactory.createLauncher(IsolatedLauncherFactory.java:83)
at org.sonar.runner.api.EmbeddedRunner.doStart(EmbeddedRunner.java:249)
at org.sonar.runner.api.EmbeddedRunner.start(EmbeddedRunner.java:187)
at org.sonar.runner.api.EmbeddedRunner.start(EmbeddedRunner.java:182)
at org.sonarsource.scanner.cli.Main.execute(Main.java:75)
at org.sonarsource.scanner.cli.Main.main(Main.java:66)
Caused by: java.lang.IllegalStateException: Fail to download libraries from server
at org.sonar.runner.impl.Jars.downloadFiles(Jars.java:93)
at org.sonar.runner.impl.Jars.download(Jars.java:70)
at org.sonar.runner.impl.JarDownloader.download(JarDownloader.java:40)
at org.sonar.runner.impl.IsolatedLauncherFactory$1.run(IsolatedLauncherFactory.java:91)
... 9 more
Caused by: java.lang.IllegalStateException: Status returned by url [https://example.com/sonar/batch_bootstrap/index] is not valid: [401]
at org.sonar.runner.impl.ServerConnection.callUrl(ServerConnection.java:186)
at org.sonar.runner.impl.ServerConnection.downloadString(ServerConnection.java:121)
at org.sonar.runner.impl.ServerConnection.tryServerFirst(ServerConnection.java:148)
at org.sonar.runner.impl.ServerConnection.download(ServerConnection.java:112)
at org.sonar.runner.impl.Jars.downloadFiles(Jars.java:78)
... 12 more
No it doesn't look like sonar-runner supports proxy authentication. SonarQube has built-in access control so I'm not sure why you'd need proxy authentication on top of that. Maybe you could disable proxy authentication for SonarQube's URL.
The sonar-runner, even if configured with credentials, does not use these to make it's first call to the server. The endpoint is /batch/index. You have to allow public access to that endpoint. For all other urls basic auth is fine.
More details about my working setup in my answer here: https://stackoverflow.com/a/60132667/1838233
I've tried that setup with the runner and a sonar-project.properties file containing:
sonar.host.url=https://myserver/sonar/
sonar.login=${env.SONARUSER}
sonar.password=${env.SONARPWD}
and could access Sonar behind Apache basic auth that way.
I have been looking for this too and failed to find any options to allow this. One use case I can think of for needing this is you have the sonar client running on the far end of a GCP IAP away from the sonar server. You'd need to have the client pass through the initial proxy to get to the sonar server. Even if the sonar server supports this auth natively you need some way for the client to pass an auth header.
This is for scenarios where you either don't trust sonar or you don't trust the deployment of sonar by some novice, but you do trust a zero-trust protected proxy by gcp's platform
I am running gradle (version 2.5) behind a proxy server which does not require authentication. I have set the following in gradle.properties
systemProp.http.proxyHost=rilproxy.in.ril.com
systemProp.http.proxyPort=8080
However I am getting the following exception which complains that proxy server requires authentication. Does gradle expect some dummy value in case there is no proxyUser and proxyPassword. I have confirmed with dont have any authentication credentials for proxy server and this is working fine if I set the same for Ivy build.
Parallel execution with configuration on demand is an incubating feature.
FAILURE: Build failed with an exception.
* What went wrong:
A problem occurred configuring root project 'liferay-plugins-sdk-6.2'.
> Could not resolve all dependencies for configuration ':classpath'.
> Could not resolve commons-codec:commons-codec:1.9.
Required by:
:liferay-plugins-sdk-6.2:unspecified
> Could not resolve commons-codec:commons-codec:1.9.
> Could not get resource 'http://cdn.repository.liferay.com/nexus/content/groups/public/com
mons-codec/commons-codec/1.9/commons-codec-1.9.pom'.
> Could not GET 'http://cdn.repository.liferay.com/nexus/content/groups/public/commons-c
odec/commons-codec/1.9/commons-codec-1.9.pom'. Received status code 407 from server: Proxy Authentic
ation Required ( Forefront TMG requires authorization to fulfill the request. Access to the Web Prox
y filter is denied. )
I am working on a project for a native iOS app using xcode to develop the project, but including both MobileFirst Platform Foundation capabilities and mobile data capabilities from Bluemix. We are using a shared git repository on IBM DevOps services (jazzhub) to share project source code and work collaboratively on it.
Most of the native apps I have built in the past have been on my own, so this is my first attempt to collaborate using git/xcode working together.
All that is just context for the issue, which is a project using the above environment on my collegues mac build/runs fine. Once I git clone the project and try to run it on my mac I am getting the following error:
*** Assertion failure in -[KeychainItemWrapper writeToKeychain], /tmp/builds/bld-00-20141218-1823-2824648/worklight-ios/framework-xcode-project/NativeSDK-Sources/WorkLight/KeychainItemWrapper.m:311
2015-01-31 13:16:27.657 IBMBankNativeApp[88827:11348297] *** Terminating app due to uncaught exception 'NSInternalInconsistencyException', reason: 'Couldn't add the Keychain Item.'
Above this message in the xcode log I see a secussful initialization of the Bluemix and the call to initialize the MFP connection:
2015-01-31 13:16:27.439 NativeApp[88827:11348297] INFO: IBMBluemix initialization successful.
IBMBluemix SDK Version: 1.0.1.20141124-1240
BlueMix Target: https://mybank.mybluemix.net
applicationId: ea36d23f-....
2015-01-31 13:16:27.530 NativeApp[88827:11348297] IBMData SDK initialization successful.
2015-01-31 13:16:27.580 NativeApp[88827:11348297] ViewController - connectToServer - Initializing ...
2015-01-31 13:16:27.591 NativeApp[88827:11348297] [DEBUG] [WL_CONFIG] -[WLConfig init] in WLConfig.m:68 :: {
"application id" = NativeiOSApi;
"application version" = "1.0";
environment = iOSnative;
host = "192.168.0.17";
platformVersion = "6.3.0.00.20141218-1823";
port = 10080;
protocol = http;
wlServerContext = "/MFProject/";
wlUid = "wY/mbnwKTDDYQUvuQCdSgg==";
}
Before the MFP callback for initialization of the connection the application terminates with the keychain error.
I did not add the keychain access to the project, I'm using cocoapods to set-up bluemix support and wonder if that somehow is adding the keychain support?
I tried removing and running, removing then re-adding they keychain support in the project capabilities, all with the same error.
Is there something checked in and replicated by git that shouldn't be?
Thanks in advance!
Verify that the following Key exists under the Root key in both entitlements-debug.plist and entitlements-release.plist:
Key: keychain-access-groups
Type: Array
Inside the above Key:
Key: Item 0
Type: String
Value: $(AppIdentifierPrefix)worklight.group
# pkg publisher
PUBLISHER TYPE STATUS URI
solaris (preferred) origin online http://pkg.oracle.com/solaris/release/
#
# pkg install gcc-3
pkg: 0/1 catalogs successfully updated:
Unable to contact valid package repository
Encountered the following error(s):
Unable to contact any configured publishers.
This is likely a network configuration problem.
Framework stall:
URL: 'http://pkg.oracle.com/solaris/release'. (happened 4 times)
Found the Answer:
It was adding the proxy settings to profile
export http_proxy=http://URL:port
If you what to use the repository also in the non-globale zone it is better to use the pkg set-publisher --proxy option because the zone pkg proxy does not know your enviroment. Without the proxy option the repository works in globale zone but not in non globale zone.