Community
Q&A
Bitbucket
Questions
After upgrading the from Atlassian Bitbucket v9.4.9 to Atlassian Bitbucket v10.2.1 gettig error

After upgrading the from Atlassian Bitbucket v9.4.9 to Atlassian Bitbucket v10.2.1 gettig error

Hi Team,
We have upgraded the Bitbucket from Atlassian Bitbucket v9.4.9 to Atlassian Bitbucket v10.2.1 getting certification validation error while doing apps upgrade.

Configuration safety check failed!

Certificates Truststore Folder :

/opt/atlassian/application-data/bitbucket/shared/upmconfig/truststore

UPM TrustStore directory is empty : Installations will fail because no certificate is installed for signature verification.

Configuration status details

File or directory /opt/atlassian/application-data/bitbucket/shared/upmconfig/truststore is not readonly

File or directory /opt/atlassian/application-data/bitbucket/shared/upmconfig/truststore belongs to the current user [atlbitbucket]

followed the instructions and directory permission are same and user name is followed same. certificates has installed on recommended directory.

can you please suggest.

Regards,

Amar

1 answer

0 votes

Hallo Amar,

good catch on posting the full safety check output, that points the answer in two directions at once.

Bitbucket 10 ships with UPM 8.0, where app signing is enabled by default but no certificates are bundled with the product. So after the upgrade, the truststore folder exists but is empty, which is exactly the "UPM TrustStore directory is empty" message you are seeing. You need to populate it manually with the current Atlassian Certificates Bundle (root + intermediate). Bundle and checksums here:

https://confluence.atlassian.com/upm/updating-atlassian-certificates-bundles-1489470540.html

The second part of your output is the more important one. The safety check has two rules, and both are currently failing for you:

the user running Bitbucket must NOT own the truststore folder or anything inside it
the user running Bitbucket must NOT have write privileges on it

Your output shows both: ownership is atlbitbucket (the product user), and the folder is not read-only. Even after you drop the certificates in, UPM will keep refusing them until ownership and permissions are fixed. The fix is to chown the entire upmconfig tree to a different user (a separate admin account, not atlbitbucket), then set 755 on the directories and 644 on the files, so atlbitbucket can read but not write or own anything. Full procedure with the exact commands is here:

https://confluence.atlassian.com/upm/configuring-upm-app-signature-check-1489470544.html

One thing worth verifying from your side: you wrote that certificates were installed on the recommended directory, but the safety check still reports the folder as empty. After you copy the .crt files in, run ls -la on /opt/atlassian/application-data/bitbucket/shared/upmconfig/truststore from the atlbitbucket user and confirm they are actually visible to that user. If the parent upmconfig directory is missing the execute bit for the product user, the contents will look empty even when the files are there.

If you want a clean workaround until the chain is fixed and just need to install your apps, you can temporarily disable the check by adding atlassian.upm.signature.check.disabled=true to upmconfig/upm.properties and restarting Bitbucket, but I would treat that as short-term only.

Greetings,

Alex

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Forums

Q&A

Community resources

Support

Top groups

Community resources

Support

Learn

Community resources

Support

Events

Community resources

Support

After upgrading the from Atlassian Bitbucket v9.4.9 to Atlassian Bitbucket v10.2.1 gettig error

1 answer

Suggest an answer

Was this helpful?

Thanks!

TAGS

Atlassian Community Events