| CARVIEW |
Select Language
HTTP/2 200
date: Sat, 11 Oct 2025 13:00:56 GMT
content-type: text/html; charset=utf-8
cache-control: max-age=0, private, must-revalidate
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com github.githubassets.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com wss://alive-staging.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com release-assets.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com marketplace-screenshots.githubusercontent.com/ copilotprodattachments.blob.core.windows.net/github-production-copilot-attachments/ github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/
link: ; rel=preload; as=fetch; crossorigin=use-credentials
referrer-policy: no-referrer-when-downgrade
server-timing: issue_layout-fragment;desc="issue_layout fragment";dur=185.522152,issue_conversation_content-fragment;desc="issue_conversation_content fragment";dur=724.367505,nginx;desc="NGINX";dur=0.810915,glb;desc="GLB";dur=139.55184
strict-transport-security: max-age=31536000; includeSubdomains; preload
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, X-Requested-With, Accept,Accept-Encoding, Accept, X-Requested-With
x-content-type-options: nosniff
x-frame-options: deny
x-voltron-version: aab62e3
x-xss-protection: 0
server: github.com
content-encoding: gzip
accept-ranges: bytes
set-cookie: _gh_sess=VnnEsqi7q%2B4vp23L%2F3BbyBqXqdwaI3pgTiUQ7Rl3W0O%2FC4Vu5HmUyKGvo1TdC9JOrFW3agXlaOUIwuA8PweQPifc6xVjFAYANM2XRv3idGpeOkSSbxtss%2B6nTVtzEM4MwPwrAB%2Bu6T3rDGlFVl%2FOC2mDGOaSCqIRr6%2BY1MoKoyob6qFMmCT3mHKkaDo18MXQTCSEBbm1mfsQaQfj1A5l0HkN5jJMy7we6CLOVUS6taiRMpJ2Fv%2FNOyjs1JHSgO35Rh0nsyhz8%2FJGZLqZNNmqVQ%3D%3D--6w7oBgq4jT5aEgpg--Bg8Nt6UAKX6JS43WvwkZXA%3D%3D; Path=/; HttpOnly; Secure; SameSite=Lax
set-cookie: _octo=GH1.1.1485952089.1760187655; Path=/; Domain=github.com; Expires=Sun, 11 Oct 2026 13:00:55 GMT; Secure; SameSite=Lax
set-cookie: logged_in=no; Path=/; Domain=github.com; Expires=Sun, 11 Oct 2026 13:00:55 GMT; HttpOnly; Secure; SameSite=Lax
x-github-request-id: C350:9DC1D:6CF61F:90B93C:68EA5507
`encrypt-file` overwrites previous secure keys when invoked from same working folder and causes file decryption failures when used with multiple files Β· Issue #627 Β· travis-ci/travis.rb Β· GitHub
No one assignedNo labelsNo typeNo projectsNo milestoneNone yetNo branches or pull requests
Skip to content
Navigation Menu
{{ message }}
-
Notifications
You must be signed in to change notification settings - Fork 410
Closed
Description
When calling travis encrypt-file for multiple files, from the same folder, it causes the cli to overwrite the secure variable that is used for the file.
This causes problems as mentioned in both #239 and #583 --
The trouble seems to be caused here -- https://github.com/travis-ci/travis.rb/blob/master/lib/travis/cli/encrypt_file.rb#L73-L82
As this code creates or updates the secure environment variable for encryption based from the working folder Dir.pwd that travis-cli is being executed from, instead of the full path of the file that is being encrypted.
@env_prefix ||= "encrypted_#{Digest.hexencode(Digest::SHA1.digest(Dir.pwd)[0..5])}"As a result, calling the encrypt-file from the same working directory results in overwritten key and iv values and causes Travis the issue seen --
bad decrypt
140043714328224:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:evp_enc.c:539:
The command "openssl aes-256-cbc -K $encrypted_xxxxxxxxxxxx_key -iv $encrypted_xxxxxxxxxxxx_iv -in file.enc -out file -d" failed and exited with 1 during .
There is a mention of the env variables being overwritten in the documentation; however, there is no mention of the conditions which cause the values to be overwritten.
Rather than using the working directory for this behavior, which is both undocumented and unintuitive, it would make the most sense if the input_path was used for generating env for the key and iv values. It seems doubtful that this behavior would be done intentionally, as it would be extremely easy to circumvent the behavior by simply running the cli from a different working folder, like so:
base-project$ travis encrypt-file file1 --add
base-project$ mkdir -p tmp1
base-project$ cd tmp1
base-project/tmp1$ travis encrypt-file ../file2 --add
base-project/tmp1$ cd ..
base-project$ rmdir tmp1
base-project$ mkdir -p tmp2
base-project$ cd tmp2
base-project/tmp2$ travis encrypt-file ../file3 --add
base-project/tmp2$ cd ..
base-project$ rmdir tmp2...and so on...
It is a simple fix to -- https://github.com/travis-ci/travis.rb/blob/master/lib/travis/cli/encrypt_file.rb -- to correct the behavior to use the input_path. See pull request #628.
sbellem, lenaschimmel, chronosis, icaropires and niccokunzmannsbellem and chronosis
Metadata
Metadata
Assignees
Labels
No labels
Type
Projects
Milestone
Relationships
Development
Issue actions
You canβt perform that action at this time.