3

I've got a mercurial repository, which pulls in dependencies using the subrepository functionality (as defined in the .hgsub file), but I'm struggling to get this working in TeamCity.

I've enabled the mercurial_keyring extension in order to save credentials (so when TeamCity provides authentication details for the root repository, it remembers them for the subrepositories). I've added an [auth] section to mercurial.ini too:

[auth]
bitbucket.schemes = https
bitbucket.prefix = https://bitbucket.org/xyz
bitbucket.username = xyz

If I run hg clone from the command line, I get prompted for a password once, and all is good. But the initial checkout when run via TeamCity fails with

VCS root: mercurial: https://bitbucket.org/xyz/projectA {instance id=23, parent id=1}, due to error: 'cmd /c hg update -C -r 4a08f587bb1f' command failed. stderr: abort: http authorization required  stdout: pulling subrepo src\Common.Library from https://bitbucket.org/xyz/common.library

What am I missing, or am I going about this in completely the wrong way? Many thanks!

James Crowley
  • 3,911
  • 5
  • 36
  • 65
  • Have you considered storing the passwords in the mercurial.ini file? I know they will be stored in cleartext but I've had problems with the same thing you're trying now and I just gave up at some point. The TeamCity server I have is fairly secure anyway (I hope.) – Lasse V. Karlsen Jun 20 '11 at 18:40
  • @Lasse I've tried that too and I still get the same error - it doesn't seem to be passing the credentials at all. I take it you've got this working though... can you think of anything else I might be missing? thanks! – James Crowley Jun 20 '11 at 19:07
  • Did you place the settings in the right mercurial.ini file, the one for the user you're running the TeamCity agent under? – Lasse V. Karlsen Jun 20 '11 at 19:22
  • Thanks @Lasse - that was one of the issues. The other one is that TeamCity doesn't seem to pass the credentials on in the same way to the mercurial keyring - specifying explicitly in the config file works... – James Crowley Jun 21 '11 at 07:46

3 Answers3

3

It seems that passing in credentials directly from TeamCity doesn't work with mercurial_keyring, but if I specify both username and password in plaintext in the mercurial.ini file (making sure it's accessible under the account the TeamCity build agent is running under), then this works.

The mercurial.ini file can be placed under <mercurial install path>\mercurial.ini if it does not work under user path.

Not ideal, but a solution... if anyone else finds a better one, please let me know.

steenhulthin
  • 4,553
  • 5
  • 33
  • 52
James Crowley
  • 3,911
  • 5
  • 36
  • 65
0

May be it got fixed in last versions of TeamCity, but the following works for me:

  1. Configure build agent service to run under domain account with access to HG repositories (both root and subrepos)
  2. Enable mercurial_keyring on build agent and add [auth] section to mercurial config
  3. Try to clone repository manually, enter password. No need to wait until the whole repo is cloned -- it could be terminated when "requesting all changes" message is shown.
  4. Have fun -- now service will use keyring.
the_joric
  • 11,986
  • 6
  • 36
  • 57
0

Probably the [auth] section shouldn't be added at all to the mercurial.ini for the TC agent. Team City uses --config auth... options to hg. I would also recommend not to use the mercurial_keyring but to set the username and password in VCS root - this is both secure and shared between different TC agents.

Not sure about the bitbucket, but in other cases usage of https scheme can require certificates configuration. This can be configured in mercurial.ini:

[web]
cacerts =

[hostfingerprints]
# hides mercurial warnings
domain-name = ab:cd:...:01

And last part: depending on .hgsub it might be needed to use VCS checkout mode "Automatically on agent" in Team City Version Control Settings.

Ilia Barahovsky
  • 10,158
  • 8
  • 41
  • 52