microsoft / azure-pipelines-agent

Azure Pipelines Agent 🚀
MIT License
1.72k stars 866 forks source link

Enable git to use SChannel during configure with 2.136.1 is not working as expected (.gitconfig file issue) #1739

Closed ManojCN closed 5 years ago

ManojCN commented 6 years ago

Agent Version and Platform

Version of your agent - 2.136.1 Platform - Windows

OS of the machine running the agent - Windows

Version - On-Prem TFS 2017.3.1

What's not working? Enable git to use SChannel during configuration with agent (ver. 2.136.1) is not working as expected. command used: ./config.cmd --gituseschannel

Issue found at: .gitconfig file (default) [core] symlinks = false autocrlf = true [color] diff = auto status = auto branch = auto interactive = true [pack] packSizeLimit = 2g [help] format = html [http] sslCAinfo = /ssl/certs/ca-bundle.crt [diff "astextplain"] textconv = astextplain [rebase] autosquash = true

http configuration is not replaced during configuration, instead it is using the default configuration

what is expected: .gitconfig file (fixed) [core] symlinks = false autocrlf = true [color] diff = auto status = auto branch = auto interactive = true [pack] packSizeLimit = 2g [help] format = html [http] sslBackend = schannel [diff "astextplain"] textconv = astextplain [rebase] autosquash = true

Is the above configuration expected or even without http configuration? (either of them are working fine using schannel)

Agent and Worker's Diagnostic Logs

Log using default .gitconfig file: 2018-08-01T04:59:29.4266295Z ##[section]Starting: Get Sources 2018-08-01T04:59:29.4625047Z Syncing repository: MyRepo (TfsGit) 2018-08-01T04:59:29.4684046Z Prepending Path environment variable with directory containing 'git.exe'. 2018-08-01T04:59:29.4760164Z ##[command]git version 2018-08-01T04:59:29.6078457Z git version 2.17.1.windows.2 2018-08-01T04:59:29.6257666Z ##[command]git config --get remote.origin.url 2018-08-01T04:59:29.7111495Z ##[command]git clean -fdx 2018-08-01T04:59:29.8025458Z ##[command]git reset --hard HEAD 2018-08-01T04:59:29.8927930Z HEAD is now at 4efc639 adding new web project 2018-08-01T04:59:29.9014287Z ##[command]git submodule foreach git clean -fdx 2018-08-01T04:59:31.4953744Z ##[command]git submodule foreach git reset --hard HEAD 2018-08-01T04:59:32.9191695Z ##[command]git config gc.auto 0 2018-08-01T04:59:32.9952847Z ##[command]git config --get-all http.https://tfs-qa.it.net:8443/tfs/Test/TIN2961-Manoj/_git/MyRepo.extraheader 2018-08-01T04:59:33.0676394Z ##[command]git config --get-all http.proxy 2018-08-01T04:59:33.1487026Z ##[command]git -c http.extraheader="AUTHORIZATION: bearer ***" -c http.sslbackend="schannel" fetch --tags --prune --progress --no-recurse-submodules origin 2018-08-01T04:59:33.3385500Z fatal: unable to access 'https://tfs-qa.it.net:8443/tfs/Test/TIN2961-Manoj/_git/MyRepo/': schannel: CertGetCertificateChain trust error CERT_TRUST_IS_UNTRUSTED_ROOT 2018-08-01T04:59:33.3615430Z ##[error]Git fetch failed with exit code: 128 2018-08-01T04:59:33.3649159Z ##[section]Finishing: Get Sources

log using fixed .gitconfig file: 2018-08-01T04:54:31.4530246Z ##[section]Starting: Get Sources 2018-08-01T04:54:31.4897080Z Syncing repository: MyRepo (TfsGit) 2018-08-01T04:54:31.4953607Z Prepending Path environment variable with directory containing 'git.exe'. 2018-08-01T04:54:31.5029929Z ##[command]git version 2018-08-01T04:54:31.6211759Z git version 2.17.1.windows.2 2018-08-01T04:54:31.6390320Z ##[command]git config --get remote.origin.url 2018-08-01T04:54:31.7221618Z ##[command]git clean -fdx 2018-08-01T04:54:31.8090516Z ##[command]git reset --hard HEAD 2018-08-01T04:54:31.8951032Z HEAD is now at 4efc639 adding new web project 2018-08-01T04:54:31.9031250Z ##[command]git submodule foreach git clean -fdx 2018-08-01T04:54:33.3653908Z ##[command]git submodule foreach git reset --hard HEAD 2018-08-01T04:54:34.8213231Z ##[command]git config gc.auto 0 2018-08-01T04:54:34.9029561Z ##[command]git config --get-all http.https://tfs-qa.it.net:8443/tfs/Test/TIN2961-Manoj/_git/MyRepo.extraheader 2018-08-01T04:54:34.9761618Z ##[command]git config --get-all http.proxy 2018-08-01T04:54:35.0537530Z ##[command]git -c http.extraheader="AUTHORIZATION: bearer " -c http.sslbackend="schannel" fetch --tags --prune --progress --no-recurse-submodules origin 2018-08-01T04:54:35.6265371Z ##[command]git checkout --progress --force 4efc639de308fe69bb51e41949d8ce70b9387768 2018-08-01T04:54:35.7545991Z HEAD is now at 4efc639 adding new web project 2018-08-01T04:54:35.7710305Z ##[command]git submodule sync --recursive 2018-08-01T04:54:37.1715580Z ##[command]git -c http.https://tfs-qa.it.net:8443.extraheader="AUTHORIZATION: bearer " -c http.sslbackend="schannel" submodule update --init --force --recursive 2018-08-01T04:54:38.6138714Z ##[section]Finishing: Get Sources

So team, let me know if this is to be handled manually when ever the agent is configured or can we expect some fix?

TingluoHuang commented 6 years ago

https://github.com/git-for-windows/git/issues/1698

TingluoHuang commented 6 years ago

looks like an issue with git for windows, i am trying to test a workaround while waiting for a fix from git.

TingluoHuang commented 6 years ago

@ManojCN thanks for finding this great information, i need to package 2.18 git into the agent in order to get this fix, however the process of getting legal approval for packaging git 2.18 is still running, i am waiting on that.

ManojCN commented 6 years ago

@TingluoHuang thanks for the quick response and identifying the fix. Looking forward for the update further.

AdrianSanguineti commented 6 years ago

Is there any progress on this issue? I just ran into this issue with version 2.139.1 of the agent. Rolled back to the previous version I was using (2.134.2) and the issue went away. I can see 2.139.1 is still using 2.17.1.windows.2.

TingluoHuang commented 6 years ago

the git version updates is in the next agent version release that i am working on right now.

AdrianSanguineti commented 6 years ago

@TingluoHuang, awesome to hear. I will keep a look out for the next version.

blakeduffey commented 6 years ago

Is this still broken in 2.140.2?

TingluoHuang commented 6 years ago

yes, 2.140.2 is still broken, 2.141.0 has the updated git package, we will start validate 2.141.0 next week and release that to VSTS service.

philip-reed commented 5 years ago

Is the GitUsesSChannel flag live now? I'm getting the following when trying to use it in 2.141.1

image

TingluoHuang commented 5 years ago

@philip-reed you might have a typo. schannel not sshannel :)

philip-reed commented 5 years ago

@TingluoHuang Thanks. Just spotted a minute after I posted the question. My apologies.

TingluoHuang commented 5 years ago

cool, i am going to close this issue as the 2.141.1 (contain newer version git that has the fix) agent has released to the service. please let me know if something else is needed.