OneDev
Dashboards
Projects
Global Views
Code Search
server
Code
Pull Requests
Issues
List
Boards
Iterations
Builds
Packages
Statistics
Child Projects
Audit Log
OneDev 14.1.3
Documentation Support & Bug Report RESTful API Incompatibilities License Agreement Check Update
Projects onedev server Issues OD-2629
Git fetch fails after upgrading Docker image from 13.1.0 to 13.1.4 due to BouncyCastle jar conflicts (OD-2629)
Thomas Pierrard opened 2 months ago

After upgrading the OneDev Docker image from 13.1.0 to 13.1.4, Git fetches via SSH stopped working. The web portal runs fine, but any Git operation fails with the following errors in the logs:

2025-12-11 10:03:57,190 WARN  [sshd-SshServer[53dfdeb2](port=6611)-nio2-thread-1] o.a.s.s.session.ServerSessionImpl exceptionCaught(ServerSessionImpl[null@/192.168.10.94:58351])[state=Opened] SecurityException: class "org.bouncycastle.crypto.EncapsulatedSecretGenerator"'s signer information does not match signer information of other classes in the same package
2025-12-11 10:06:04,715 WARN  [sshd-SshServer[53dfdeb2](port=6611)-nio2-thread-2] o.a.s.s.session.ServerSessionImpl exceptionCaught(ServerSessionImpl[null@/192.168.10.79:63137])[state=Opened] SecurityException: class "org.bouncycastle.crypto.EncapsulatedSecretGenerator"'s signer information does not match signer information of other classes in the same package
2025-12-11 10:06:26,854 WARN  [sshd-SshServer[53dfdeb2](port=6611)-nio2-thread-2] o.a.s.s.session.ServerSessionImpl exceptionCaught(ServerSessionImpl[null@/192.168.10.79:63138])[state=Opened] SecurityException: class "org.bouncycastle.crypto.EncapsulatedSecretGenerator"'s signer information does not match signer information of other classes in the same package

Git fetch itself failed with:

$ git fetch -v
Connection closed by 192.168.11.240 port 6611
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.

Inside the Docker image, the lib folder contained BouncyCastle 1.69 jars alongside the newer 1.83 jars, which caused a signer mismatch.

Backed-up jars (moved out to fix the issue):

org.bouncycastle.bcprov-jdk15on-1.69.jar
org.bouncycastle.bcutil-jdk15on-1.69.jar

Other jars that were left in place but not backed up:

org.bouncycastle.bcpg-jdk15on-1.69.jar
org.bouncycastle.bcpkix-jdk15on-1.69.jar
org.bouncycastle.bcprov-jdk18on-1.83.jar
org.bouncycastle.bctls-jdk18on-1.83.jar
org.bouncycastle.bcutil-jdk18on-1.83.jar

Resolution:

  • Moved the two older 1.69 jars to a backup folder inside the container.
  • Kept the other jars intact.
  • Restarted the container.

After this, Git fetch works again, and SSH connections no longer produce the SecurityException.

Is there something I missed while updating my docker image ?

History
  • Robin Shen changed fields 2 months ago
    Name Previous Value Current Value 
    Type
    		 
    Question
    		 
    Bug
    Affected Versions
    		 empty 
    13.1.4
  • Robin Shen referenced from other issue 2 months ago
    SSH connection fails after update to 13.1.4 (OD-2630)
    Closed
  • OneDev commented 2 months ago

    State changed as code fixing the issue is committed (5d9e1d8a)

  • OneDev changed state to 'Closed' 2 months ago
    Previous Value Current Value 
    Open
    		 
    Closed
  • OneDev commented 2 months ago

    State changed as build OD-6872 is successful

  • OneDev changed state to 'Released' 2 months ago
    Previous Value Current Value 
    Closed
    		 
    Released
issue 1/1
Type
Bug
Priority
Normal
Assignee
Robin Shen
Affected Versions
13.1.4
Labels
No labels
Issue Votes (0)
Login to vote
Watchers (3)
Reference
OD-2629
Please wait...
Connection lost or session expired, reload to recover
Page is in error, reload to recover