Details
-
Bug
-
Resolution: Fixed
-
Medium
-
2.6.2, 3.0
-
None
Description
There is a static block in com.atlassian.bamboo.setup.DefaultBootstrapManager that uses SecureRandom in a way that blocks for entropy:
private static final String fingerprint; static { String serverFingerprint; try { serverFingerprint = String.valueOf(SecureRandom.getInstance("SHA1PRNG").nextLong()); } catch (NoSuchAlgorithmException e) { log.warn("SHA1PRNG algorithm not found. Using alternative fingerprint strategy", e); serverFingerprint = String.valueOf(System.currentTimeMillis()); } fingerprint = serverFingerprint; }
On the new hosted platform, no entropy is available, so Bamboo never starts up.
Bamboo should use the com.atlassian.security.random classes to generate the server fingerprint in a way that doesn't block for entropy. E.g.:
serverFingerprint = String.valueOf(DefaultSecureRandomService.getInstance().nextLong());