chef: Cookbook upload fails with: OpenSSL::OpenSSLError: password must be at least 4 bytes

Description

“OpenSSL::OpenSSLError: password must be at least 4 bytes” when attempting to upload cookbooks to OpsWorks.

Initially I wasn’t sure why the chef-dk was using the RVM version of ruby as the official documentation says ruby is embedded and should be used from /opt/chefdk

So I checked my environment variables and discovered lots of overrides for RUBY_HOME and also PATH (pointing to RVM’s ruby gem bin folders). I removed this from the env and everything started to work.

In the case where we use RVM, why would the hack below solve the problem?

My hack here /Users/me/.rvm/gems/ruby-2.4.1/gems/chef-14.2.0/lib/chef/http/authenticator.rb:95

# Pass in '' as the passphrase to avoid OpenSSL prompting on the TTY if
# given an encrypted key. This also helps if using a single file for
# both the public and private key with ssh-agent mode.
# @key = OpenSSL::PKey::RSA.new(@raw_key, "")
@key = OpenSSL::PKey::RSA.new(@raw_key, '1234')

Chef Version

Chef Development Kit Version: 3.0.44 chef-client version: 14.2.0 delivery version: master (cc1ff71724d5c36bc4bbf187a95cec4bbe81ed9c) berks version: 7.0.4 kitchen version: 1.21.2 inspec version: 2.1.72

Platform Version

macOS v10.13.5

Replication Case

Use RVM to install ruby for macOS Try to upload a cookbook to a chef server with PEM authentication (AWS OpsWorks in my case).

Stacktrace

SSL_CERT_FILE='.chef/ca_certs/opsworks-cm-ca-2016-root.pem' berks upload
E, [2018-06-20T17:14:37.585039 #80087] ERROR -- : OpenSSL::OpenSSLError: password must be at least 4 bytes
E, [2018-06-20T17:14:37.585172 #80087] ERROR -- : /Users/me/.rvm/gems/ruby-2.4.1/gems/chef-14.2.0/lib/chef/http/authenticator.rb:95:in `initialize'
/Users/me/.rvm/gems/ruby-2.4.1/gems/chef-14.2.0/lib/chef/http/authenticator.rb:95:in `new'
/Users/me/.rvm/gems/ruby-2.4.1/gems/chef-14.2.0/lib/chef/http/authenticator.rb:95:in `load_signing_key'
/Users/me/.rvm/gems/ruby-2.4.1/gems/chef-14.2.0/lib/chef/http/authenticator.rb:42:in `initialize'
/Users/me/.rvm/gems/ruby-2.4.1/gems/chef-14.2.0/lib/chef/http.rb:98:in `new'
/Users/me/.rvm/gems/ruby-2.4.1/gems/chef-14.2.0/lib/chef/http.rb:98:in `block in initialize'
/Users/me/.rvm/gems/ruby-2.4.1/gems/chef-14.2.0/lib/chef/http.rb:97:in `each'
/Users/me/.rvm/gems/ruby-2.4.1/gems/chef-14.2.0/lib/chef/http.rb:97:in `initialize'
/Users/me/.rvm/gems/ruby-2.4.1/gems/berkshelf-7.0.3/lib/berkshelf/ridley_compat.rb:26:in `initialize'
/Users/me/.rvm/gems/ruby-2.4.1/gems/berkshelf-7.0.3/lib/berkshelf/ridley_compat.rb:53:in `new'
/Users/me/.rvm/gems/ruby-2.4.1/gems/berkshelf-7.0.3/lib/berkshelf/ridley_compat.rb:53:in `new_client'
/Users/me/.rvm/gems/ruby-2.4.1/gems/berkshelf-7.0.3/lib/berkshelf.rb:172:in `ridley_connection'
/Users/me/.rvm/gems/ruby-2.4.1/gems/berkshelf-7.0.3/lib/berkshelf/uploader.rb:55:in `upload'
/Users/me/.rvm/gems/ruby-2.4.1/gems/berkshelf-7.0.3/lib/berkshelf/uploader.rb:42:in `run'
/Users/me/.rvm/gems/ruby-2.4.1/gems/berkshelf-7.0.3/lib/berkshelf/berksfile.rb:576:in `upload'
/Users/me/.rvm/gems/ruby-2.4.1/gems/berkshelf-7.0.3/lib/berkshelf/cli.rb:195:in `upload'
/Users/me/.rvm/gems/ruby-2.4.1/gems/thor-0.20.0/lib/thor/command.rb:27:in `run'
/Users/me/.rvm/gems/ruby-2.4.1/gems/thor-0.20.0/lib/thor/invocation.rb:126:in `invoke_command'
/Users/me/.rvm/gems/ruby-2.4.1/gems/thor-0.20.0/lib/thor.rb:387:in `dispatch'
/Users/me/.rvm/gems/ruby-2.4.1/gems/berkshelf-7.0.3/lib/berkshelf/cli.rb:47:in `dispatch'
/Users/me/.rvm/gems/ruby-2.4.1/gems/thor-0.20.0/lib/thor/base.rb:466:in `start'
/Users/me/.rvm/gems/ruby-2.4.1/gems/berkshelf-7.0.3/lib/berkshelf/cli.rb:23:in `execute!'
/Users/me/.rvm/gems/ruby-2.4.1/gems/berkshelf-7.0.3/bin/berks:5:in `<top (required)>'
/Users/me/.rvm/gems/ruby-2.4.1/bin/berks:23:in `load'
/Users/me/.rvm/gems/ruby-2.4.1/bin/berks:23:in `<main>'
/Users/me/.rvm/gems/ruby-2.4.1/bin/ruby_executable_hooks:15:in `eval'
/Users/me/.rvm/gems/ruby-2.4.1/bin/ruby_executable_hooks:15:in `<main>'