"iv undefined" in openssl invocation

0.01s$ openssl aes-256-cbc -K $encrypted_42099b4af021_key -iv $encrypted_42099b4af021_iv -in ka.json.enc -out ka.json -d

180iv undefined

181The command "openssl aes-256-cbc -K $encrypted_42099b4af021_key -iv $encrypted_42099b4af021_iv -in ka.json.enc -out ka.json -d" failed and exited with 1 during .

The script in .travis.yml is

before_install:
  - openssl aes-256-cbc -K $encrypted_42099b4af021_key -iv $encrypted_42099b4af021_iv -in ka.json.enc -out ka.json -d
  - curl https://sdk.cloud.google.com |  bash > /dev/null;

what is it i am missing.

This means that the $encrypted_42099b4af021_iv variable doesn’t exist so the -iv argument gets no parameter.

(If this is not enough, I need to see your build to be able to say anything else.)

Here is the .travis.yaml

anguage: generic
sudo: required
services:
  - docker
env:
  global:
   - SHA=$(git rev-parse HEAD)
   - CLOUDSDK_CORE_DISABLE_PROMPTS=1
before_install:
  - openssl aes-256-cbc -K $encrypted_42099b4af021_key -iv $encrypted_42099b4af021_iv -in ka.json.enc -out ka.json -d
  - curl https://sdk.cloud.google.com |  bash > /dev/null;

At firts on 12/24/2019, it did’nt worked . After 3 runs, i gave a break to myself and retried after 3 hours , twice it worked on 12/24/2019 but today it is not working

Looks like at times it is working . IF you have multiple images, please check which one is working and which is not.

Hi -

I am facing the exact same issue :slight_smile:
0.01s$ openssl aes-256-cbc -K $encrypted_9f3b5599b056_key -iv $encrypted_9f3b5599b056_iv -in service-account.json.enc -out service-account.json -d

200iv undefined

201The command “openssl aes-256-cbc -K $encrypted_9f3b5599b056_key -iv $encrypted_9f3b5599b056_iv -in service-account.json.enc -out service-account.json -d” failed and exited with 1 during .

202

203Your build has been stopped.

Any luck?

Check if your build is getting this encrypted variable. E.g. PR builds don’t have access to encrypted variables (unless the PR branch is from the same repository).

1 Like

So what’s the solution to the PRs from forks in github?

@abhisekp To not use encrypted files, or a least not use them in external PR builds. Anything that you give external PRs access to is effectively public information because they contain untrusted code.


An external pull request can be detected in build logic with this Bash condition (see https://docs.travis-ci.com/user/environment-variables/#default-environment-variables):

[[ $TRAVIS_PULL_REQUEST != "false" && $TRAVIS_PULL_REQUEST_SLUG != "$TRAVIS_REPO_SLUG" ]]
1 Like