[
https://issues.apache.org/jira/browse/KNOX-3310?focusedWorklogId=1017622&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-1017622
]
ASF GitHub Bot logged work on KNOX-3310:
----------------------------------------
Author: ASF GitHub Bot
Created on: 28/Apr/26 07:15
Start Date: 28/Apr/26 07:15
Worklog Time Spent: 10m
Work Description: smolnar82 opened a new pull request, #1216:
URL: https://github.com/apache/knox/pull/1216
[KNOX-3310](https://issues.apache.org/jira/browse/KNOX-3310) - Fixing
ALIAS_PASSPHRASE issues while importing custom certs.
## What changes were proposed in this pull request?
This PR fixes a bug in the Docker entrypoint script and improves logging
during the security initialization phase.
Changes
- Bug Fix: Removed the redundant `ALIAS_PASSPHRASE` assignment within
`importMultipleCerts`. This prevents the script from exiting prematurely (due
to set -e) when a keystore password file is not provided.
- Logging Improvements:
- Added explicit logging to show which file is being used to set the
`ALIAS_PASSPHRASE`.
- Added logging to indicate when the script falls back to using the
`MASTER_SECRET`.
- Documentation: Added a comment to the `importMultipleCerts` function to
clarify its dependency on the pre-initialized `ALIAS_PASSPHRASE` variable.
Impact
- Stability: Prevents startup failures in default configurations where
`KEYSTORE_PASSWORD_FILE` is not used.
- Observability: Makes it much easier to debug keystore/truststore
password issues by looking at the container logs.
## How was this patch tested?
Still needed to be tested in k8s clusters.
## Integration Tests
N/A
## UI changes
N/A
Issue Time Tracking
-------------------
Worklog Id: (was: 1017622)
Remaining Estimate: 0h
Time Spent: 10m
> Fix redundant and buggy ALIAS_PASSPHRASE assignment in gateway-entrypoint.sh
> ----------------------------------------------------------------------------
>
> Key: KNOX-3310
> URL: https://issues.apache.org/jira/browse/KNOX-3310
> Project: Apache Knox
> Issue Type: Bug
> Components: docker
> Affects Versions: 3.0.0
> Reporter: Sandor Molnar
> Assignee: Sandor Molnar
> Priority: Critical
> Fix For: 3.0.0
>
> Time Spent: 10m
> Remaining Estimate: 0h
>
> The importMultipleCerts function in gateway-entrypoint.sh contained a
> redundant assignment of ALIAS_PASSPHRASE. This assignment was problematic for
> several reasons:
> 1. *Redundancy:* The variable is already correctly initialized at lines
> 140–147 with proper fallback logic to MASTER_SECRET.
> 2. *Fragility:* Because set -e is active, the line /bin/cat
> "${KEYSTORE_PASSWORD_FILE}" would cause the entire entrypoint script to exit
> immediately if KEYSTORE_PASSWORD_FILE was not provided or was empty.
> 3. *Lack of Fallback:* This specific assignment lacked the logic to use
> MASTER_SECRET as a fallback, which the global assignment handles correctly.
>
> Removing this line ensures the function uses the already correctly
> initialized global variable and prevents unnecessary container crashes.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
