GitLab + Fedora 30 => InvalidSalt

Nyaran · May 17, 2019, 8:15am

from: GitLab + Fedora 30 => InvalidSalt (#61857) · Issues · GitLab.org / GitLab FOSS · GitLab

Hello,

Recenlty I update to Fedora 30 and now I’m unable to log to any account on my Gitlab, any attemp returns a HTTP 500

Here is the log from gitlab-ctl tail

{“method”:“POST”,“path”:“/gitlab/users/sign_in”,“format”:“html”,“controller”:“SessionsController”,“action”:“new”,“status”:500,“error”:“BCrypt::Errors::InvalidSalt: invalid salt “,“duration”:39.46,“view”:0.0,“db”:4.64,“time”:“2019-05-15T14:05:26.186Z”,“params”:[{“key”:“utf8”,“value”:“✓”},{“key”:“authenticity_token”,“value”:”[FILTERED]”},{“key”:“user”,“value”:{“login”:“[FILTERED]”,“password”:“[FILTERED]”,“remember_me”:“0”}}],“remote_ip”:“[FILTERED]”,“user_id”:null,“username”:null,“ua”:“Mozilla/5.0 (X11; Linux x86_64; rv:67.0) Gecko/20100101 Firefox/67.0”,“queue_duration”:20.92,“correlation_id”:null}

I also tried to change the password from gitlab-rails console doing

user = User.first
user.password = 'MyTest1234'

Then I get the following output:

Traceback (most recent call last):
13: from bin/rails:4:in <main>' 12: from bin/rails:4:in require’
11: from /opt/gitlab/embedded/lib/ruby/gems/2.5.0/gems/railties-5.0.7.2/lib/rails/commands.rb:18:in <top (required)>' 10: from /opt/gitlab/embedded/lib/ruby/gems/2.5.0/gems/railties-5.0.7.2/lib/rails/commands/commands_tasks.rb:49:in run_command!’
9: from /opt/gitlab/embedded/lib/ruby/gems/2.5.0/gems/railties-5.0.7.2/lib/rails/commands/commands_tasks.rb:78:in console' 8: from /opt/gitlab/embedded/lib/ruby/gems/2.5.0/gems/railties-5.0.7.2/lib/rails/commands/console_helper.rb:9:in start’
7: from /opt/gitlab/embedded/lib/ruby/gems/2.5.0/gems/railties-5.0.7.2/lib/rails/commands/console.rb:65:in start' 6: from (irb):3 5: from /opt/gitlab/embedded/lib/ruby/gems/2.5.0/gems/devise-4.4.3/lib/devise/models/database_authenticatable.rb:47:in password=’
4: from /opt/gitlab/embedded/lib/ruby/gems/2.5.0/gems/devise-4.4.3/lib/devise/models/database_authenticatable.rb:167:in password_digest' 3: from /opt/gitlab/embedded/lib/ruby/gems/2.5.0/gems/devise-4.4.3/lib/devise/encryptor.rb:11:in digest’
2: from /opt/gitlab/embedded/lib/ruby/gems/2.5.0/gems/bcrypt-3.1.12/lib/bcrypt/password.rb:46:in create' 1: from /opt/gitlab/embedded/lib/ruby/gems/2.5.0/gems/bcrypt-3.1.12/lib/bcrypt/engine.rb:54:in hash_secret’
BCrypt::Errors::InvalidSalt (invalid salt)

I also do the following checks:

Install a fresh Fedora 30 (on VirtualBox) and then install gitlab-ce: Same errors
Install a fresh Fedora 29 (on VirtualBox) and then install gitlab-ce: Everything works
- Update to Fedora 30: Same errors

So, at least one of the changes on Fedora 30 breaks gitlab-ce:

After some research I found this: Changes/Replace glibc libcrypt with libxcrypt - Fedora Project Wiki

I investigate all as I can, but I don’t know how to make gitlab-ce works again on my Fedora 30 installation.

Any help?

Gitlab version: 11.10.4

Thanks

MartB · June 10, 2019, 7:14pm

Same issue here, did you find a fix?

Nyaran · June 11, 2019, 5:57am

No lucky, I have the installation updated to latest version, but the problem persists.

I suspect the problem is in bundled Ruby binaries. The last weekend, I tried to move all the gems from gitlab to an external Ruby installation and tried to generate a salt (as described here: https://gitlab.com/gitlab-org/gitlab-ce/issues/61857#note_171912852) and it works, so the problem is not with the gems, is with some other binaries (maybe bundled Ruby?).

Next time I have some of free time I will to try the same but with Ruby binaries and dependencies.

Nyaran · June 29, 2019, 4:14pm

Finally solved after an update in libxcrypt: