Details
-
Bug
-
Resolution: Fixed
-
Medium
-
2.6.2, 3.0
-
None
Description
There is a static block in com.atlassian.bamboo.setup.DefaultBootstrapManager that uses SecureRandom in a way that blocks for entropy:
private static final String fingerprint;
static
{
String serverFingerprint;
try
{
serverFingerprint = String.valueOf(SecureRandom.getInstance("SHA1PRNG").nextLong());
}
catch (NoSuchAlgorithmException e)
{
log.warn("SHA1PRNG algorithm not found. Using alternative fingerprint strategy", e);
serverFingerprint = String.valueOf(System.currentTimeMillis());
}
fingerprint = serverFingerprint;
}
On the new hosted platform, no entropy is available, so Bamboo never starts up.
Bamboo should use the com.atlassian.security.random classes to generate the server fingerprint in a way that doesn't block for entropy. E.g.:
serverFingerprint = String.valueOf(DefaultSecureRandomService.getInstance().nextLong());