Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-21783

Do not store SVN credentials when option "Specify SCM login/password" is selected

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Critical
    • Resolution: Not A Defect
    • Component/s: m2release-plugin
    • Labels:
      None
    • Environment:
      M2 Release Plugin (0.13.0)
      Jenkins 1.547
    • Similar Issues:

      Description

      In our corporate environment the policy for user account passwords is to change them every 3 months.
      In one of our Maven projects we have the M2 release plugin configured so that the Maven release Subversion operations are performed in the context of the user by enabling the option "Specify SCM login/password".
      This led to the issue that the command line tools of Subversion persisted the credentials in the file C:\Users\jenkins.HOSTNAME\AppData\Roaming\Subversion\auth\svn.simple.
      When the Subversion plugin was doing the next update this operation was done with the new credentials. After the user had to change its password the Windows build node still had the old credentials stored and was performing every 5 minute Subversion check with the wrong password.
      Unfortunately we also have a policy that locks an account after 5 failed attempts, locking the user's account after 25 minutes.

      Maven release plugin already has the option --no-auth-cache added since Maven 2.1 (http://jira.codehaus.org/browse/MRELEASE-497) in order to suppress this behavior.

      The question is, does the M2 Release Plugin (0.13.0) perform an SVN command line option as well or how could it happen that the credentials were persisted, as described above?

        Attachments

          Activity

          Hide
          teilo James Nord added a comment -

          The release plugin does not interact with subversion or any other scm.

          It changes the goals used to build the job to the release goals and unites maven using that.

          If credentials are getting cached them there may be sole configuration that is missing from you pom to prevent this.

          Show
          teilo James Nord added a comment - The release plugin does not interact with subversion or any other scm. It changes the goals used to build the job to the release goals and unites maven using that. If credentials are getting cached them there may be sole configuration that is missing from you pom to prevent this.
          Hide
          mirumpf Michael Rumpf added a comment -

          OK, sounds reasonable. I'm going to resolve the ticket and check how to configure the Maven build in order not to store any credentials.

          Show
          mirumpf Michael Rumpf added a comment - OK, sounds reasonable. I'm going to resolve the ticket and check how to configure the Maven build in order not to store any credentials.

            People

            • Assignee:
              teilo James Nord
              Reporter:
              mirumpf Michael Rumpf
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: