Menu
Started to play around with Jenkins. Created new job and entered SVN repository URL. Pressed build and jenkins successfully checked-out my repository. My repository has not got anonymous access. No clue, how Jenkins managed to checked-out repository.
Running on Windows XP + Tomcat6 + Jenkins war file.
Probably Jenkins managed to read password from system properties ? Right now trying to find this configuration file, where it store password-s or settings
UPDATE
Not sure, but looks like, Jenkins read SVN credentials from tortoise svn cache. When i cleaned cache, can't access repository anymore from Jenkins
435
Windows can be found either in : C:\Users\%USERNAME%\AppData\Subversion\auth\svn. simple C:\Users\%USERNAME%\AppData\Roaming\Subversion\auth\svn.
Next to the Repository URL text box click the question mark. In that box will be the following text: "click this link and specify different credential". Click on that link to open the Subversion Authentication page. On that page enter the root of the repository URL, enter the login and password to use and click OK.
The Jenkins Subversion plugin uses SvnKit as the subversion client and doesn't require a native client to be available on the host. Setting up a CI server with Jenkins and Subversion is limited to a very minimal installation process: just run the Jenkins WAR and you're done.
Now create a Jenkins build job. Select New Item, give the build project a name such as svn-tomcat-demo, select Maven project, and click OK. Under source code management, select Subversion and enter your SVN repository URL and credential. Please download the sample code and check the code into your SVN server.
Indeed, it takes it from Subversion cache. At least, right now I know, that it's not good idea, to save passwords
Subversion will look in the $HOME/.subversion file for credentials, but it also stores the password under each job in a file called subversion.credentials.
Usually, your Jenkins machine isn't accessible to mere mortals and you can make the Jenkins $HOME directory owned by another user. This way, you can use your OS's security features to prevent people from peeking in at your Jenkins credentials.
Another possibility is to make the Subversion checkout user for Jenkins a read-only user. That will allow Jenkins to checkout the code, but if someone snags the Jenkins Subversion account, they won't be able to make changes.
If you also use Jenkins to tag your Subversion builds, you can use a pre-commit hook to allow Jenkins to create a tag, but not be able to do anything else.
That should ease your security concerns. If you think about it, Jenkins has to be able to store its subversion account and password, or else it won't be able to automatically checkout the code for a build.
185
credentials.xml, in default, it's under ~/.jenkins/
25
Indeed, it takes it from Subversion cache. At least, right now I know, that it's not good idea, to save passwords
38
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
