►
From YouTube: GSoC 2021 Git credentials binding 2021 06 04
Description
Google Summer of Code 2021 mentoring session for the Jenkins git credentials project. Topics include ssh private key management with Java APIs and the username / password credential binding.
A
A
B
A
C
A
Was
just
asking
a
question
that
I
proposed
to
have
answered
tues
in
next
in
the
next
meeting
about
how
many
times
a
week
to
meet
during
the
coding
phase,
coding
phase
starts
next
monday
and
rishabh.
Do
I
remember
correctly
that
we
only
met
once
a
week
during
coding
phase,
but
we
used
to
face
okay
so
so
open
to
open
to
both
it's
something:
to
negotiate
with
the
mentors.
C
A
B
A
A
A
A
B
B
A
A
B
A
B
A
That,
if
I
remember
right,
there
is
actually
code
inside
the
git
plug-in
or
the
get
client
plug-in
that
does
some
very
explicit
deletion
of
remote
tags,
because
command
line
git
has
changed
its
behavior
over
its
life's
lifetime
for
that
it.
But
this
is
great.
What
you're
doing
is
good
okay,
so
you
you
clone
the
remote
repository,
delete
the
v3
tag
from
the
remote
clone
it
again,
so
that
the
deletion
is
now
recorded
locally
and
then
you're
going
to
tag
push
the
tag
and
you're
going
to
push
the
branch
named
main
as
well.
B
B
B
A
A
B
B
A
B
D
A
A
B
B
B
B
A
A
B
A
B
A
A
B
A
A
A
A
B
A
A
A
C
So
I
I
have
a
question
so
the
process
here
is
that
harshit
is
testing
the
bindings
and
password
bindings
for
the
multiple
platforms
with
multiple
executives
and
then
this
the
steps
to
be
sure
that
this
is
working.
The
first
is
the
interactive
testing
we're
doing
right
now
and
after
that,
we're
going
to
look
at
automated
tests
or
we're
going
to
look
at
adding
this
to
get
client
plugin
and
then
look
look
at
those
things.
How
are
we
sure
that
this
is
going
to
work
and
we're
not
missing
edge
cases.
C
Okay,
I
I
just
wanted
to
know
that,
since
this
is
this
is
so,
we
will
of
course
have
interactive
testing
too.
It's
kind
of
a
sanity
check.
I
assume
that
okay,
this
is
working
and
the
binding
works
for
the
commands,
but
so
you're
saying
that
you're
going
to
cover
going
to
write
automatic
test
cases
for
the
binding
in
the
gate,
clan
project.
C
A
So
so,
at
least
for
me
that
was
quite
challenging.
The
writing.
Automated
tests
for
authentication
cases
usually
means
sharing
a
credential
that
publicly
and,
and
that
for
me,
never
worked.
I
just
wasn't
willing
to
share
a
credential
publicly,
so
there
there
are
some
tests
either
in
the
git
plug-in
or
the
get
client
plug-in
that
use
a
technique
of
relying
on
the
existence
of
a
file
on
the
local
disk
to
provide
those
credentials
and
if
the
file
doesn't
exist,
the
test
is
skipped
so,
and
you
could
consider
doing
something
like
that.
Harshet.
A
There
are
also
tests
in
the
git
plug-in
that
use
a
pipeline
and
they
actually
express
pipeline
in
the
test
and
and
that
again
could
be
a
a
good
place
to
put
that
kind
of
a
a
test
where
you
say
if
this
special
file
exists
on
the
disk,
and
it
contains
a
username
password
pair
then
use
that
username
password
pair
to
create
a
jenkins,
credential
and
use
that
credential
to
run
this.
This
test.
A
But
but
for
me,
that's
that's
relatively
well.
That's
relatively
exotic
it'd
be
really
great.
If
you
could
figure
out
how
to
do
that,
but
I
would
think
at
least
for
me,
I'm
more
concerned
with
getting
you
through
username
password
and
getting
it
released
that
I
am
worrying
about.
If
you
get
detailed
test
automation
for
the
authentication
cases
now
rishabh,
you
may
have
a
different
opinion
there.
A
different
view
I
just
think
of
I
was
assuming
it's
going
to
be
quite
difficult
to
write,
authentication
test
cases.
C
That's
that's
I.
I
was
just
saying
automate
test
cases,
because
I
just
thought
that
interactive
testing,
I
think
it's
a
great
thing
to
do
and
it's
the
best
thing
to
do
right
now.
So
it's
just
that.
Sometimes
you
tend
to
miss
some
cases
and
then
we
get
bugs.
But
I
I
understand
the
case
here
and
the
writing.
Automated
test
cases
is
going
to
take
a
lot
of
considerable
time
of
our
shifts
and
we
already.
A
A
Yeah
see
for
me,
I
was
thinking
if
we
accept
that
username
password,
we
want
to
get
it
implemented
and
released
as
quickly
as
possible,
so
that
harshit
has
been
through
the
experience
of
going
all
the
way
to
shipping
code,
and
we
do
that
just
as
quickly
as
as
he
can.
After
he's
done,
his
all
the
interactive
testing.
It's
been
code,
reviewed,
etc.
A
A
Right
because
it's
got
this
problem
in
spades
right,
it
has
this
problem
everywhere
it
everything
it
does,
is
binding
a
credential,
and
how
does
how
did
jesse
write
tests?
For
that
thing?
And-
and
the
answer
is,
I
don't
know
how
he
did
it
so
but
it'd
be.
It
certainly
wouldn't
be
harmful
to
look
at
what
he
did
and
see
how
he
did
it.
C
C
It's
it's
okay!
I
I
don't.
I
don't
it's
not
like
yeah.
It
is
a
necessary
step
because,
of
course,
what
marcus
said
makes
total
sense,
so
releasing
it
releasing
the
user
password
binding
first,
which
is
sufficient.
Interactive
testing
would
be
a
great
let's
progress,
and
then
you
would
have
a
lot
of
material
for
the
phase
one
evaluations
as
well.
So
I
think
it
would
be
a
good,
a
good,
systematic
way
to
do
it,
but
yeah
good.
Look
at
the
credentials,
binding
tagging.
First,
to
estimate
that
effort.
C
C
C
C
C
A
D
C
B
C
Says
that
you,
you
create
the
private
spec.
This
is
the
way
they
have
created
the
tree
factory
as
well.
They've
used
the
bouncy
asset
provider
and
the
algorithm
is
taken
as
rsa
and
yeah
and
they
they
get
and
then
generate
the
private
key
from
this.
So
if
we
it's
just
the
matter
of
having
the
key
factor
once
you
have
the
instance
of
the
key
factor,
then
it's
it's
all
about
generating
the
private
key.
C
C
It
doesn't
support
the
existence,
very
existence
of
openness
in
its
priorities,
the
new
format,
but
this
this
leads
to.
I
think
we
could
do
it.
I'm
not
sure
why
it's
it's
not
supporting
the
encoding.
I
I
did
ask
the
same
question
in
their
mailing
chat
in
the
balancing
academy
chat,
but
I
haven't
received
a
reply.
Yet
maybe
what
you're
saying
mark
is
that
maybe
the
algorithm
is
different,
so
you're
saying
that
I
should
I
can
we
just
hit
and
try
that.
A
C
A
D
A
C
C
C
A
C
C
So
it
just
seems
like
they
did
they
do.
They
do
recognize
the
existence
of
open
message,
private
key,
and
if,
if
that's
the
case,
then
there
must
be
a
way
to
I.
I
think
there
must
be
a
way
to
get
the
keys
is
when
using
comments
but
yeah.
I
I
really
did
not
find
anyone
on
the
internet
doing
it.
So
that's
weird,
I
did
not
find
someone
using
the
private
key.
C
I
did
find
people
using
it
to
generate
openness
as
private
keys,
so
I
didn't
find
a
case
where
a
person
was
generating
open,
ssh
private
keys
using
the
key
space.
So
there
is
a
they
have
also
provided
a
util
to
encode,
a
private
key
or
power
supply
private
key
lock.
So
we,
if
you
want
to
generate
private
key,
you
would
use
input
and
this
this
works
parameter
would
create
the
same
and
it
does
recognize
the
new
algorithm
we
have.
C
This
is
something
for
me.
I
don't
want
to
waste
harshet's
time
I'll.
You
know,
spend
some
more
time
on
this
and
try
to
figure
out
that
this
can
actually
work
or
not.
If
you
know
anything
about
this,
if
you've
seen
this,
then
maybe
you
could
share
something
when
you
were
looking
at
bouncy
castle.
Okay,.
A
A
C
C
C
D
A
C
C
A
C
C
C
C
B
C
B
C
B
A
A
C
A
It
it
is
more,
it
is
much
more
expensive
to
create
a
sub
process,
run
something
and
then
come
back
than
it
is
to
do
it
native.
In
java,
it's
back
to
the
the
jget,
the
jgit
case
and
ssh
keygen
is
probably
even
shorter,
live
than
most
git
commands.
You
remember
how
we
found
that
jgit
could
clone
much
faster
on
small
repositories,
because
the
overhead
of
starting
and
stopping
the
process
was
much
less.
It
didn't
exist,
but
if
we
need
to
do
ssh
keygen,
we
need
to
do
ssh
key.
C
A
C
So
so
I
I
think
this
could
be
done
in
a
way
where
hashit's
progress
is
not
blocked.
I
I
will
look
into
it
more.
If
I
should
you
feel
like
you,
you
know
you
you
investigate,
and
you
see
something
worthwhile.
You
can
definitely
share
it
with
me
in
the
chat
with
everyone,
but
I
think
you
should
continue
with
whatever
you're
doing
and
the
plan
is
I
I
can
definitely
look
into
it
during
the
weekend,
so
it
should
not
be
permanent.