travis.rb
travis.rb copied to clipboard
travis-ci
sshkey upload fails with odd error message
I can generate a key and save it with travis sshkey --generate. However, when I attempt to reuse this key with another repository, I always seem to get this error message:
$ travis sshkey --upload ~/.ssh/id_travis_rsa"
password must be shorter than 1024 bytes
for a full error report, run travis report --pro
$ travis report --pro
System
Ruby: Ruby 2.4.0-p-1
Operating System: Mac OS X 10.12
RubyGems: RubyGems 2.6.7
CLI
Version: 1.8.2
Plugins: none
Auto-Completion: yes
Last Version Check: 2016-10-20 17:29:15 -0500
Session
API Endpoint: https://api.travis-ci.com/
Logged In: as "westhomas"
Verify SSL: yes
Enterprise: no
Endpoints
org: https://api.travis-ci.org/ (access token)
pro: https://api.travis-ci.com/ (access token, current)
Last Exception
An error occurred running `travis sshkey --pro`:
OpenSSL::OpenSSLError: password must be shorter than 1024 bytes
from /Users/wes/.rvm/gems/ruby-head/gems/travis-1.8.2/lib/travis/tools/ssl_key.rb:21:in `initialize'
from /Users/wes/.rvm/gems/ruby-head/gems/travis-1.8.2/lib/travis/tools/ssl_key.rb:21:in `new'
from /Users/wes/.rvm/gems/ruby-head/gems/travis-1.8.2/lib/travis/tools/ssl_key.rb:21:in `has_passphrase?'
from /Users/wes/.rvm/gems/ruby-head/gems/travis-1.8.2/lib/travis/cli/sshkey.rb:79:in `remove_passphrase'
from /Users/wes/.rvm/gems/ruby-head/gems/travis-1.8.2/lib/travis/cli/sshkey.rb:38:in `update_key'
from /Users/wes/.rvm/gems/ruby-head/gems/travis-1.8.2/lib/travis/cli/sshkey.rb:22:in `run'
from /Users/wes/.rvm/gems/ruby-head/gems/travis-1.8.2/lib/travis/cli/command.rb:198:in `execute'
from /Users/wes/.rvm/gems/ruby-head/gems/travis-1.8.2/lib/travis/cli.rb:64:in `run'
from /Users/wes/.rvm/gems/ruby-head/gems/travis-1.8.2/bin/travis:18:in `<top (required)>'
from /Users/wes/.rvm/gems/ruby-head/bin/travis:22:in `load'
from /Users/wes/.rvm/gems/ruby-head/bin/travis:22:in `<main>'
from /Users/wes/.rvm/gems/ruby-head/bin/ruby_executable_hooks:15:in `eval'
from /Users/wes/.rvm/gems/ruby-head/bin/ruby_executable_hooks:15:in `<main>'
I can simply generate a new key for each repo, but this seems wrong.
Eh.... hello? Anyone there? Sharing keys between repos would be super nice.
I get somewhat the same error but mine is:
password must not be longer than 1024 bytes
OpenSSL::OpenSSLError: password must not be longer than 1024 bytes
same here with ruby 2.4.1 + travis 1.8.8
travis sshkey --upload ~/project/key.id_rsa --description 'test'
password must not be longer than 1024 bytes
for a full error report, run travis report --pro
2.3.x ruby works
error is https://github.com/travis-ci/travis.rb/blame/dc6d47614d630fecf8220d4df78f5c747a6d9680/lib/travis/tools/ssl_key.rb#L23
recent openssl throws a different exception (OpenSSL::OpenSSLError): https://github.com/ruby/ruby/commit/aab0d67a1ff5190ff7a951e40cee742210302aed
irb(main):001:0> require 'openssl'
=> true
irb(main):002:0>
irb(main):003:0* RUBY_VERSION
=> "2.4.1"
irb(main):004:0>
irb(main):005:0* key = OpenSSL::PKey::RSA.new(2048).to_pem('AES-128-CBC', 'test')
=> "-----BEGIN RSA PRIVATE KEY-----\nProc-Type: 4,ENCRYPTED\nDEK-Info: AES-128-CBC,19C378F7067F7E2B065934917279B44F\n\n5psHw5fBzwI2VIrDfDqTyObDerVWUT1vA7UWYLxQ+cm1w8Fw0ObeHiSbkrhhkXkB\nip+HnyBw9nW6Bq1lvkbNXQRomg/do92Tkny5ofbtR36sh4u9q11lHzWMhP0TmPbU\nQecNbUwXXm3aeCppFvwktvki5T6nj/gRjrTkwyscp4VEMzXpP8dV0n8uEDwlv4Yl\nePZQhOWtLfOZQcn2cTXL5hpWGCkbGGeJe5RNiAhw5AZeCc6zfe6hCIgyzeq/zeiw\n/92MPOUwMpTnPDdLDvjJaBcofE4EGrolcqmaJ8zRGVn5vxyR5MGVOf45mn7pd7ji\n9hDtpPiYBNSbScsAUjffMHJUwvQRG/Iz6JdYwS+I3fA1EhZPCXUR4IsGpwjqLhcp\n+74lKJeM4rpXAcDRz3s6+1H7ncoDf28Ko4TnHqjDRBdZQsPByt72d0uA9EXoLxL7\niY0NSlm523keDv9CGI8B2vA1bPZnTZwK7KrUDM0yL/fMXbyE7zy8Km61TeNbG3Zy\nYyYXtthd9bsxNRCa4B//GvpvZMJJAqGK7l7/iVXj4cykNxnZwNauOiVQpschdofl\nkF8d0gG+UTESehTh0ISKE+yKlN4Woyt+Bm34auRE3eMz8D1eIW8hTeIno/8clBW4\nfBp6D4i7NkUSHUl+Wp/DmqTwVT17fNLRPcUbB2oMZAnVrCRxvReG2Ey3v4ipCmmV\nAZU7SVXU284/r4AkYrzdZPk9dI2b3JuZbluCG1lZFYTSUtTt9Zdgd2mOW5rgw38L\nbdXxoiTv7nwSOrNBNYW00psYsdGKBR6CdBsBQIDp4JXvuPTHdHM2+8IsZcxE6xXv\nhOBniDV1sF4T75s1E3cepHj0Yo0UXUfYEVKYBTujqUcL1lOEJ39za7C0wqmD46bd\nG42s4OvlHdmoJ46bcCFtELWwa3kuNcfa1gI3v0wOignB160U/F3qu0Of4QDSp8d4\naTsBt4F2aAtin5QzK1MiRY8zUo2P/hv/X8EVtPwan9VaXtmwF9QVFcl19wIzo+W9\nRNVAO6tKvjs4bJAgVeEWa5TmsawHxF9u+hHWZqgreAg6EbLW5J5jEWrOUw9X1d67\n6+tQnDmOrn68+3HtHlNW3vUAC3WM1BazhSU9ftMn4VGU12of8Syn5gXJt42yRxEv\nUNsgBqv+OBqd2wzQnnvmcpIT3MAKPSHyIP874A9NT2W5VHG0gS1rVLzSANUFhYlB\n88AIJBeG19DJ4V9DZE0cWCSkRbQAnoWbl+oAjN7jV5ScaeLToEHEx7tX6nKP8ZH6\ncjkkLWxTGecWyggMcVBz4HyemRwjv+5PzVDC73935DSHVT83ecmDqNGoHDFmjmFr\nQjsBToWDRpfzlqKujAX50GDgRAqirJ/6/3kUqXgyfJ6XwgqJ/WKaOMyZvZ5r86pa\nBDJjeZyL9AWYS2Dqo+QDrfMIAYUHRSsgXetzSy7sU+0CYSquTZv9qtONuR/0PzCZ\neuG8XTQIo/oSOFmvfkoq61qlQ6onka1qnuS/BiFNzIKpkBH3U6/gDcSbC4TglTqT\nuhzkGmhelb8ADxyB436EMN2dmhhTBkEIyZvMoaHGwyo03h3Uaxu1qBou+0nxGNbU\n-----END RSA PRIVATE KEY-----\n"
irb(main):006:0>
irb(main):007:0* begin
irb(main):008:1* OpenSSL::PKey::RSA.new(key, key)
irb(main):009:1> rescue => e
irb(main):010:1> puts "#{e.class}: #{e.message}"
irb(main):011:1> end
OpenSSL::OpenSSLError: password must not be longer than 1024 bytes
=> nil
irb(main):012:0>
irb(main):013:0* begin
irb(main):014:1* OpenSSL::PKey::RSA.new(key, 'WRONG. SAD.')
irb(main):015:1> rescue => e
irb(main):016:1> puts "#{e.class}: #{e.message}"
irb(main):017:1> end
OpenSSL::PKey::RSAError: Neither PUB key nor PRIV key: nested asn1 error
=> nil
irb(main):018:0>
irb(main):019:0* begin
irb(main):020:1* OpenSSL::PKey::RSA.new(key, 'test')
irb(main):021:1> rescue => e
irb(main):022:1> puts "#{e.class}: #{e.message}"
irb(main):023:1> end
=> #<OpenSSL::PKey::RSA:0x007fa846195370>
Bzzzz. Please help. Cannot pursue my life as a bot for the greater cause of my organisation. Please do not kill -9 me. kthxbye.
EDIT I can confirm I work now, when my owner made me use an older Ruby version (2.3.4), confirming what @mconigliaro said.
$ travis sshkey --upload secrets/id_rsa_hsnb-read-only -r redacted/redacted-repo
password must not be longer than 1024 bytes
for a full error report, run travis report --pro
$ travis report --pro
System
Ruby: Ruby 2.4.1-p111
Operating System: Mac OS X 10.13.1
RubyGems: RubyGems 2.6.11
CLI
Version: 1.8.8
Plugins: none
Auto-Completion: yes
Last Version Check: 2017-12-13 17:58:18 +0100
Session
API Endpoint: https://api.travis-ci.com/
Logged In: as "hsnb-read-only"
Verify SSL: yes
Enterprise: no
Endpoints
pro: https://api.travis-ci.com/ (access token, current)
Last Exception
An error occurred running `travis sshkey --pro`:
OpenSSL::OpenSSLError: password must not be longer than 1024 bytes
from /Users/lukas/.rbenv/versions/2.4.1/gemsets/whatdropsnow/gems/travis-1.8.8/lib/travis/tools/ssl_key.rb:21:in `initialize'
from /Users/lukas/.rbenv/versions/2.4.1/gemsets/whatdropsnow/gems/travis-1.8.8/lib/travis/tools/ssl_key.rb:21:in `new'
from /Users/lukas/.rbenv/versions/2.4.1/gemsets/whatdropsnow/gems/travis-1.8.8/lib/travis/tools/ssl_key.rb:21:in `has_passphrase?'
from /Users/lukas/.rbenv/versions/2.4.1/gemsets/whatdropsnow/gems/travis-1.8.8/lib/travis/cli/sshkey.rb:79:in `remove_passphrase'
from /Users/lukas/.rbenv/versions/2.4.1/gemsets/whatdropsnow/gems/travis-1.8.8/lib/travis/cli/sshkey.rb:38:in `update_key'
from /Users/lukas/.rbenv/versions/2.4.1/gemsets/whatdropsnow/gems/travis-1.8.8/lib/travis/cli/sshkey.rb:22:in `run'
from /Users/lukas/.rbenv/versions/2.4.1/gemsets/whatdropsnow/gems/travis-1.8.8/lib/travis/cli/command.rb:198:in `execute'
from /Users/lukas/.rbenv/versions/2.4.1/gemsets/whatdropsnow/gems/travis-1.8.8/lib/travis/cli.rb:64:in `run'
from /Users/lukas/.rbenv/versions/2.4.1/gemsets/whatdropsnow/gems/travis-1.8.8/bin/travis:18:in `<top (required)>'
from /Users/lukas/.rbenv/versions/2.4.1/gemsets/whatdropsnow/bin/travis:22:in `load'
from /Users/lukas/.rbenv/versions/2.4.1/gemsets/whatdropsnow/bin/travis:22:in `<main>'
For issues with the command line tool, please visit https://github.com/travis-ci/travis.rb/issues.
For Travis CI in general, go to https://github.com/travis-ci/travis-ci/issues or email [email protected].
I have the same issue is there a resolution for it? I am not too keen to change ruby just for it
Sharing keys between repos would be super nice.
Is there a ticket for this? I wouldn't need to upload a new key if I could retrieve the key I already have and add it to another Github repo.
just hit this bug as well. would really like https://github.com/travis-ci/travis.rb/pull/500 to go in 😅
FWIW I worked around this today by using travis sshkey --generate to both generate and upload a brand-new, repository-specific SSH key for CI deploys.
/shrug
my ruby environment is ruby 2.6.3 I also encounter the same issue with error message "password must not be longer than 1024 bytes"
Has anyone ever solved this issue?
This is unbelievable that it hasn’t been fixed yet. What a shame for TravisCI
This issue is making it impossible for us to use the same key for all repos in the same org, as described here https://docs.travis-ci.com/user/private-dependencies/#reusing-a-generated-key.
Travis CI is an awesome tool, but the lack of progress on trivial issues like this is a little worrying.
[offtopic] Ideally, there'd be an option to upload org-level ssh keys and environment variables.
Off-topic:
The solution is to switch to Gitlab.
There you can define group level variables, have hierarchical groups and much more.
The default set of variables allows for short lived access tokens to repositories.
Many more things, and its thought through pipeline/job definition make Gitlab not only an amazing code hosting but also a well integrated CI/CD solution.
Heck u even get a private docker registry for each repository...
There, I said it.
On Sat 10. Aug 2019 at 17:12, Joram van den Boezem [email protected] wrote:
This issue is making it impossible for us to use the same key for all repos in the same org, as described here https://docs.travis-ci.com/user/private-dependencies/#reusing-a-generated-key .
Travis CI is an awesome tool, but the lack of progress on trivial issues like this is a little worrying.
[offtopic] Ideally, there'd be an option to upload org-level ssh keys and environment variables https://github.com/travis-ci/travis-ci/issues/7128 .
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/travis-ci/travis.rb/issues/447?email_source=notifications&email_token=AAAFE5ZL3XCQZXDRQYI5L43QD3LHHA5CNFSM4CTVCP42YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD4APJSQ#issuecomment-520156362, or mute the thread https://github.com/notifications/unsubscribe-auth/AAAFE5ZMSARQYKQLJPAPKYTQD3LHHANCNFSM4CTVCP4Q .
It was already pretty telling that they were having such a hard time fixing something basic like this. After the takeover this ever being resolved is even more unlikely.
Don't want to leave GH. So now, every day, I pray to the GitHub Actions invite gods... 🙏
