Skip to content
Release-drafter

Fix permissions issues while reading keys in PKCS#1 format (#3289) #45

Sign in to view logs

Fix permissions issues while reading keys in PKCS#1 format (#3289)

Fix permissions issues while reading keys in PKCS#1 format (#3289) #45

Triggered via push September 5, 2023 19:37
@willyborankinwillyborankin
pushed 1034cef
main
Status Success
Total duration 58s
Artifacts
This run and associated checks have been archived and are scheduled for deletion. Learn more about checks retention

release-drafter.yml

on: push
update_release_draft
44s
update_release_draft
Fit to window
Zoom out
Zoom in

Annotations

2 errors
update_release_draft
Resource not accessible by integration { name: 'HttpError', id: '6089010541', status: 403, response: { url: 'https://api.github.com/repos/willyborankin/security/releases', status: 403, headers: { 'access-control-allow-origin': '*', 'access-control-expose-headers': 'ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, X-GitHub-SSO, X-GitHub-Request-Id, Deprecation, Sunset', connection: 'close', 'content-encoding': 'gzip', 'content-security-policy': "default-src 'none'", 'content-type': 'application/json; charset=utf-8', date: 'Tue, 05 Sep 2023 19:38:50 GMT', 'referrer-policy': 'origin-when-cross-origin, strict-origin-when-cross-origin', server: 'GitHub.com', 'strict-transport-security': 'max-age=31536000; includeSubdomains; preload', 'transfer-encoding': 'chunked', vary: 'Accept-Encoding, Accept, X-Requested-With', 'x-accepted-github-permissions': 'contents=write', 'x-content-type-options': 'nosniff', 'x-frame-options': 'deny', 'x-github-api-version-selected': '2022-11-28', 'x-github-media-type': 'github.v3; format=json', 'x-github-request-id': '0C02:9074:285289:51F1EC:64F783C9', 'x-ratelimit-limit': '1000', 'x-ratelimit-remaining': '993', 'x-ratelimit-reset': '1693946288', 'x-ratelimit-resource': 'core', 'x-ratelimit-used': '7', 'x-xss-protection': '0' }, data: { message: 'Resource not accessible by integration', documentation_url: 'https://docs.github.com/rest/releases/releases#create-a-release' } }, request: { method: 'POST', url: 'https://api.github.com/repos/willyborankin/security/releases', headers: { accept: 'application/vnd.github.v3+json', 'user-agent': 'probot/12.2.5 octokit-core.js/3.5.1 Node.js/16.20.1 (linux; x64)', authorization: 'token [REDACTED]', 'content-type': 'application/json; charset=utf-8' }, body: '{"target_commitish":"refs/heads/main","name":"Version (set version here)","tag_name":"","body":"Compatible with OpenSearch (set version here).\\n* No changes\\n","draft":true,"prerelease":false}', request: {} }, event: { id: '6089010541', name: 'push', payload: { after: '1034cef92eaa20a360c4863106f96b0ae06ab1af', base_ref: null, before: '3af850e38d2b272421a6f523376613c2607058bd', commits: [ { author: { email: 'cwperx@amazon.com', name: 'Craig Perkins', username: 'cwperks' }, committer: { email: 'noreply@github.com', name: 'GitHub', username: 'web-flow' }, distinct: true, id: 'fd3a143be713a31c278386a21bd2236542101b7d', message: 'Use version of org.apache.commons:commons-lang3 defined in core (#3306)\n' + '\n' + 'Use version of org.apache.commons:commons-lang3 defined in core\r\n' + '\r\n' + 'Signed-off-by: Craig Perkins <cwperx@amazon.com>', timestamp: '2023-09-05T10:14:31-05:00', tree_id: '912724beac3a78cc83f6465d662e88f5b0b4bfd1', url: 'https://github.com/willyborankin/security/commit/fd3a143be713a31c278386a21bd2236542101b7d' }, { author: { email: '49699333+dependabot[bot]@users.noreply.github.com', name: 'dependabot[bot]', username: 'dependabot[bot]' }, committer: { email: 'noreply@github.com', name: 'GitHub', username: 'web-flow' }, distinct: true, id: '49ebf4ad778b03bea9dcca5f1a3ad11cedfd8799', message: 'dependabot: bump tibdex/github-app-token from 1.8.0 to 1.8.2 (#3297)\n' + '\n' + 'Bumps\r\n' + '[tibdex/github-app-token](https://github.
update_release_draft
HttpError: Resource not accessible by integration at /home/runner/work/_actions/release-drafter/release-drafter/v5/dist/index.js:8462:21 at processTicksAndRejections (node:internal/process/task_queues:96:5) at async Job.doExecute (/home/runner/work/_actions/release-drafter/release-drafter/v5/dist/index.js:30793:18) { name: 'AggregateError', event: { id: '6089010541', name: 'push', payload: { after: '1034cef92eaa20a360c4863106f96b0ae06ab1af', base_ref: null, before: '3af850e38d2b272421a6f523376613c2607058bd', commits: [ { author: { email: 'cwperx@amazon.com', name: 'Craig Perkins', username: 'cwperks' }, committer: { email: 'noreply@github.com', name: 'GitHub', username: 'web-flow' }, distinct: true, id: 'fd3a143be713a31c278386a21bd2236542101b7d', message: 'Use version of org.apache.commons:commons-lang3 defined in core (#3306)\n' + '\n' + 'Use version of org.apache.commons:commons-lang3 defined in core\r\n' + '\r\n' + 'Signed-off-by: Craig Perkins <cwperx@amazon.com>', timestamp: '2023-09-05T10:14:31-05:00', tree_id: '912724beac3a78cc83f6465d662e88f5b0b4bfd1', url: 'https://github.com/willyborankin/security/commit/fd3a143be713a31c278386a21bd2236542101b7d' }, { author: { email: '49699333+dependabot[bot]@users.noreply.github.com', name: 'dependabot[bot]', username: 'dependabot[bot]' }, committer: { email: 'noreply@github.com', name: 'GitHub', username: 'web-flow' }, distinct: true, id: '49ebf4ad778b03bea9dcca5f1a3ad11cedfd8799', message: 'dependabot: bump tibdex/github-app-token from 1.8.0 to 1.8.2 (#3297)\n' + '\n' + 'Bumps\r\n' + '[tibdex/github-app-token](https://github.com/tibdex/github-app-token)\r\n' + 'from 1.8.0 to 1.8.2.\r\n' + '\r\n' + 'Signed-off-by: dependabot[bot] <support@github.com>\r\n' + 'Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>', timestamp: '2023-09-05T12:37:20-05:00', tree_id: 'feef589ca8eed3dfcca11b02d7fb22f940ff4f9a', url: 'https://github.com/willyborankin/security/commit/49ebf4ad778b03bea9dcca5f1a3ad11cedfd8799' }, { author: { email: 'cwperx@amazon.com', name: 'Craig Perkins', username: 'cwperks' }, committer: { email: 'noreply@github.com', name: 'GitHub', username: 'web-flow' }, distinct: true, id: '1034cef92eaa20a360c4863106f96b0ae06ab1af', message: 'Fix permissions issues while reading keys in PKCS#1 format (#3289)\n' + '\n' + '### Description\r\n' + '\r\n' + 'Netty has logic to use the BouncyCastlePemReader if BouncyCastle is\r\n' + 'located on the class path. The BouncyCastle provider loaded properly in\r\n' + 'netty, but was failing to read the private key with permissions issues\r\n' + 'that failed silently. With netty, if one PemReader fails they will fall\r\n' + 'back to the next which is only capable of reading keys in the PKCS#8\r\n' + 'format.\r\n' + '\r\n' + 'The regression in PKCS#1 keys happened when bouncycastle was upgraded\r\n' + 'from jdk15on to jdk15to18.\r\n' + '\r\n' + 'This PR adds permissions to ensure that netty can read the PKCS#1 keys.\r\n' + '\r\n' + 'This PR also cleans up the policy file to have a single entry for\r\n' + '`permission java.util.PropertyPermission "*","read,write";` because the\r\n' + 'other ent