Uploaded image for project: 'Bamboo Data Center'
  1. Bamboo Data Center
  2. BAM-20946

Invalid passphrase value can cause Bamboo to not start up

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Low Low
    • 7.1.0, 7.0.6
    • 6.10.3
    • Bamboo Specs
    • None

      Issue Summary

      Providing a passphrase encrypted by another Bamboo instance can break repositories and cause Bamboo to not start up.

      Steps to Reproduce

      1. Encode some text by Specs > Bamboo specs encryption dialog
      2. Try to create a new repo using the UI with an ssh key for access
      3. In the ssh key passphrase field of the created new linked repo UI enter the value from step 1.

      Expected Results

      Bamboo should invalidate repository creation

      Actual Results

      It will result in broken repo list and a server that won't start up any more.

      The below exception is thrown in the atlassian-bamboo.log file when Bamboo is restarted and the instance will not start up:

      2020-04-21 08:02:09,526 INFO \[localhost-startStop-1] \[CachedRepositoryDefinitionManagerImpl] Repository cache initialising...
      ...
      2020-04-21 08:02:10,781 INFO \[localhost-startStop-1] \[SecretEncryptionServiceImpl] Can't decrypt data. It's possible data was encrypted by different cipher. Run Bamboo with system property \-Dbamboo.security.decryption.ignore.errors=true to ignore this error
      2020-04-21 08:02:10,782 FATAL \[localhost-startStop-1] \[BambooContainer] Cannot start Bamboo
      java.lang.RuntimeException: org.bouncycastle.crypto.InvalidCipherTextException: pad block corrupted
      

      Workaround

      The repository with the bad encryption will need to be removed from the database (VCS_LOCATION). Please raise a support ticket for further help.

            [BAM-20946] Invalid passphrase value can cause Bamboo to not start up

            James Williams made changes -
            Remote Link Original: This issue links to "BDEV-15990 (Jira)" [ 485751 ] New: This issue links to "BDEV-15990 (Hello Jira)" [ 485751 ]
            Jan Majkutewicz (Inactive) made changes -
            Resolution New: Fixed [ 1 ]
            Status Original: Waiting for Release [ 12075 ] New: Closed [ 6 ]
            Alexey Chystoprudov made changes -
            Status Original: In Progress [ 3 ] New: Waiting for Release [ 12075 ]
            Alexey Chystoprudov made changes -
            Link New: This issue relates to BAM-20969 [ BAM-20969 ]
            Alexey Chystoprudov made changes -
            Fix Version/s New: 7.1.0 [ 91519 ]
            Fix Version/s New: 7.0.5 [ 92010 ]
            Alexey Chystoprudov made changes -
            Status Original: Short Term Backlog [ 12074 ] New: In Progress [ 3 ]
            Alexey Chystoprudov made changes -
            Assignee New: Alexey Chystoprudov [ achystoprudov ]
            Alexey Chystoprudov made changes -
            Description Original: h3. Issue Summary
            Importing specs code with repository definition and using encrypted secret from the exported server as passphrase can break repositories and cause Bamboo to not start up

            h3. Steps to Reproduce
            1. Export a spec from another Bamboo server which includes an SVN repo definition using an ssh key for access to the repo
            2. Try to create a new repo using the UI with an ssh key for access
            3. In the ssh key passphrase field of the created new linked repo UI enter the encrypted secret for the ssh key passphrase from the other server.

            h3. Expected Results
            Bamboo should invalidate the import

            h3. Actual Results
            It will result in broken repo list and a server that won't start up any more.

            The below exception is thrown in the atlassian-bamboo.log file when Bamboo is restarted and the instance will not start up:
            {noformat}
            2020-04-21 08:02:09,526 INFO \[localhost-startStop-1] \[CachedRepositoryDefinitionManagerImpl] Repository cache initialising...
            ...
            2020-04-21 08:02:10,781 INFO \[localhost-startStop-1] \[SecretEncryptionServiceImpl] Can't decrypt data. It's possible data was encrypted by different cipher. Run Bamboo with system property \-Dbamboo.security.decryption.ignore.errors=true to ignore this error
            2020-04-21 08:02:10,782 FATAL \[localhost-startStop-1] \[BambooContainer] Cannot start Bamboo
            java.lang.RuntimeException: org.bouncycastle.crypto.InvalidCipherTextException: pad block corrupted
            {noformat}

            h3. Workaround
            The repository with the bad encryption will need to be removed from the database (VCS_LOCATION). Please raise a support ticket for further help.
            New: h3. Issue Summary

            Providing a passphrase encrypted by another Bamboo instance can break repositories and cause Bamboo to not start up.
            h3. Steps to Reproduce

            1. Encode some text by Specs > Bamboo specs encryption dialog
             2. Try to create a new repo using the UI with an ssh key for access
             3. In the ssh key passphrase field of the created new linked repo UI enter the value from step 1.
            h3. Expected Results

            Bamboo should invalidate repository creation
            h3. Actual Results

            It will result in broken repo list and a server that won't start up any more.

            The below exception is thrown in the atlassian-bamboo.log file when Bamboo is restarted and the instance will not start up:
            {noformat}
            2020-04-21 08:02:09,526 INFO \[localhost-startStop-1] \[CachedRepositoryDefinitionManagerImpl] Repository cache initialising...
            ...
            2020-04-21 08:02:10,781 INFO \[localhost-startStop-1] \[SecretEncryptionServiceImpl] Can't decrypt data. It's possible data was encrypted by different cipher. Run Bamboo with system property \-Dbamboo.security.decryption.ignore.errors=true to ignore this error
            2020-04-21 08:02:10,782 FATAL \[localhost-startStop-1] \[BambooContainer] Cannot start Bamboo
            java.lang.RuntimeException: org.bouncycastle.crypto.InvalidCipherTextException: pad block corrupted
            {noformat}
            h3. Workaround

            The repository with the bad encryption will need to be removed from the database (VCS_LOCATION). Please raise a support ticket for further help.
            Alexey Chystoprudov made changes -
            Summary Original: Incorrect passphrase value can cause Bamboo to not start up New: Invalid passphrase value can cause Bamboo to not start up
            Alexey Chystoprudov made changes -
            Summary Original: Importing specs from a different Bamboo instance can cause Bamboo to not start up New: Incorrect passphrase value can cause Bamboo to not start up

              achystoprudov Alexey Chystoprudov
              roliveira@atlassian.com Ricardo
              Affected customers:
              0 This affects my team
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: