[Bug] Invalid format : Can't connect to new Bitbucket projects after upgrade to 2.x

Question

[Bug] Invalid format : Can't connect to new Bitbucket projects after upgrade to 2.x

leewillis77 opened this issue 3 years ago · comments

Lee Willis commented 3 years ago

Expected behavior

When a new project is setup and SSH keys configured, build clones repository successfully.

Actual behavior

When a new project is setup, and SSH keys configured, the build fails with the following error:

Cloning into '<PHP_CENSOR_PATH>/runtime/builds/14/2315_f67f6a5d'...
Load key "/tmp/key_NpOwTO": invalid format
git@bitbucket.org: Permission denied (publickey).
fatal: Could not read from remote repository.

Note: Existing projects are unaffected.

The only difference I can see between a working, and non-working project is for the old (working) projects, the private key is marked as:
-----BEGIN RSA PRIVATE KEY-----

For new (failing) projects, the private key is marked:
-----BEGIN OPENSSH PRIVATE KEY-----

Steps to reproduce

Create a new project
Copy generated public key into Bitbucket access keys
Attempt to build project

Environment

PHP Censor version: 2.0.1
Operating System: Ubuntu 20.04.1
PHP version: 7.4.13
MySQL/PostgreSQL version: 8.0.23

Lee Willis commented 3 years ago

Thanks!

Lee Willis · Answer 1 · Tue Feb 16 2021 21:32:58 GMT+0800 (China Standard Time)

After a bit of investigation, I think the issue is that the private key is generated and stored with \r\n style newlines.

The following SQL update resolved the issue for me:
update projects set ssh_private_key = REPLACE(ssh_private_key, '\r', '') where id = 15;

Dmitry Khomutov · Answer 2 · Wed Feb 17 2021 00:06:56 GMT+0800 (China Standard Time)

@leewillis77 Thank you for the detailed report with investigation and workaround! I will try to fix it as soon as posible.

Dmitry Khomutov · Answer 3 · Sun Feb 21 2021 23:55:03 GMT+0800 (China Standard Time)

Fixed in branch 2.0-ssh-key-fix. @leewillis77 Could you test fix with your case please?

Lee Willis · Answer 4 · Mon Feb 22 2021 17:09:16 GMT+0800 (China Standard Time)

I'm afraid that, the keys generated there don't work either (although they no longer appear to have \r characters in). They give the same "invalid format" error as the original report.

Here's the steps I'm following:

Go to Admin Options » Add Project
Choose "Bitbucket (Git)"
Enter repository name, title and default branch
Click "Save Project"
Copy "public key"
Got to Bitbucket, and click on Repository Settings » Access Keys
Click "Add key", enter a label, and paste in the public key
Head back to php-censor, and click "Build now"

Dmitry Khomutov · Answer 5 · Tue Mar 02 2021 01:10:25 GMT+0800 (China Standard Time)

@leewillis77 Could you test your case on branch 2.0-ssh-key-fix again please? I guess I fix problem and now I can't reproduce it. For testing you should create new project with new key or edit/save any old project before use key. Thanks!

Lee Willis · Answer 6 · Tue Mar 02 2021 01:34:32 GMT+0800 (China Standard Time)

Confirmed working here. Thanks!

Dmitry Khomutov · Answer 7 · Wed Mar 10 2021 00:11:31 GMT+0800 (China Standard Time)

Merged into branches release-1.3, release-2.0 and master. It will be released in versions 1.3.2 and 2.0.2.