Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

don't set the GIT_SSL_CAINFO when an external Git is used #87

Closed
shiftkey opened this issue Apr 19, 2017 · 6 comments
Closed

don't set the GIT_SSL_CAINFO when an external Git is used #87

shiftkey opened this issue Apr 19, 2017 · 6 comments
Assignees
@shiftkey
Labels
Linux

Comments

@shiftkey
Copy link
Member

If you're using dugite on Linux but want to use an external Git, you won't have the dugite-native distribution and it's CA bundle available. This means this file might not exist on disk.

If a LOCAL_GIT_DIRECTORY is defined as per #85, we should not set GIT_SSL_CAINFO and instead assume the user has their GIT_SSL_CAINFO environment variable set to point to their own bundle.
@shiftkey shiftkey added the Linux label Apr 19, 2017
@shiftkey shiftkey mentioned this issue Apr 19, 2017
Merged
@kittaakos
Copy link
Contributor

After resolving #113, I have managed to use an external Git executable for cloning public repositories on both OS X and Windows. Unfortunately, it still fails on Linux. I can see such errors on the CI:

GitError: Cloning into '/tmp/d-11784-3076-1xxin47.zddvqs38fr'...
fatal: unable to access 'https://github.com/TypeFox/dugite-extra.git/': Problem with the SSL CA cert (path? access rights?)

The same test happily passes when I do not use an external Git executable but the one shipped with dugite.

What do you think, does my error somehow related to this ticket? Thanks in advance for your kind help!

@shiftkey
Copy link
Member Author

shiftkey commented Sep 4, 2017

@kittaakos yeah, this is related to your setup. Thanks for uncovering it!

The bundled certificates referred to here come from the upstream curl project.

I think the changes around using an external Git now break these lines (because you're using LOCAL_GIT_DIRECTORY rather than the inbuilt Git directory):

dugite/lib/git-environment.ts

Lines 102 to 103 in a2f6b82

const sslCABundle = `${gitDir}/ssl/cacert.pem`
env.GIT_SSL_CAINFO = sslCABundle

What if we did something like this inside that last Linux conditional?

if (process.platform === 'linux') {
  // when building Git for Linux and then running it from
  // an arbitrary location, you should set PREFIX for the
  // process to ensure that it knows how to resolve things
  env.PREFIX = gitDir

  // if the user hasn't specified their own certificate bundle
  if (!process.env.GIT_SSL_CAINFO) {
    // resolve the path to the original Git directory
    const distroPath = ...
    
    // bypass whatever certificates might be set and use
    // the bundle included in the distribution
    const sslCABundle = `${distroPath}/ssl/cacert.pem`
    env.GIT_SSL_CAINFO = sslCABundle
  }
}

@shiftkey shiftkey mentioned this issue Sep 5, 2017
Merged
1 task
@shiftkey shiftkey self-assigned this Sep 5, 2017
kittaakos added a commit to kittaakos/dugite that referenced this issue Sep 5, 2017
@kittaakos
desktopGH-87: Made initial changes to be able to run tests with exter…
f0ff0aa 
…nal Git.

Signed-off-by: Akos Kitta <kittaakos@gmail.com>
@kittaakos kittaakos mentioned this issue Sep 5, 2017
Closed
kittaakos added a commit to kittaakos/dugite that referenced this issue Sep 5, 2017
@kittaakos
desktopGH-87: Adjusted function name. Fixed broken condition in tests.
8d906a7 
Also got rid of the semicolon.

Signed-off-by: Akos Kitta <kittaakos@gmail.com>
kittaakos added a commit to kittaakos/dugite that referenced this issue Sep 5, 2017
@kittaakos
desktopGH-87: Minor code cleanup.
3ec99a5 
Signed-off-by: Akos Kitta <kittaakos@gmail.com>
kittaakos added a commit to kittaakos/dugite that referenced this issue Sep 7, 2017
@kittaakos
desktopGH-87: Made initial changes to be able to run tests with exter…
acdc331 
…nal Git.

Signed-off-by: Akos Kitta <kittaakos@gmail.com>
kittaakos added a commit to kittaakos/dugite that referenced this issue Sep 7, 2017
@kittaakos
desktopGH-87: Adjusted function name. Fixed broken condition in tests.
4fc250b 
Also got rid of the semicolon.

Signed-off-by: Akos Kitta <kittaakos@gmail.com>
kittaakos added a commit to kittaakos/dugite that referenced this issue Sep 7, 2017
@kittaakos
desktopGH-87: Minor code cleanup.
4c459dd 
Signed-off-by: Akos Kitta <kittaakos@gmail.com>
kittaakos added a commit to kittaakos/dugite that referenced this issue Sep 7, 2017
@kittaakos
Merge branch 'desktopGH-87' of https://github.com/kittaakos/dugite.git
103cb0e 
…into desktopGH-87
@kittaakos kittaakos mentioned this issue Sep 12, 2017
Closed
@ShubhamManuSharma
Copy link

ShubhamManuSharma commented Jul 12, 2018
edited
Loading

hello sir,
I am stuck in quite similar problem as i can seen here,
The main Issue is pipeline stuck. As i am pasting the stuck section of pipeline. The question is,
Is it the same problem due to GIT_SSL_CAINFO variable setting??

++ export GIT_SSL_CAINFO=/home/gitlab-runner/builds/541451b1/1/buildroot_source/buildroot.tmp/GIT_SSL_CAINFO
++ GIT_SSL_CAINFO=/home/gitlab-runner/builds/541451b1/1/buildroot_source/buildroot.tmp/GIT_SSL_CAINFO
++ mkdir -p /home/gitlab-runner/builds/541451b1/1/buildroot_source/buildroot.tmp/git-template
++ rm -r -f /home/gitlab-runner/builds/541451b1/1/buildroot_source/buildroot
++ git config -f /home/gitlab-runner/builds/541451b1/1/buildroot_source/buildroot.tmp/git-template/config fetch.recurseSubmodules false
++ echo 'Cloning repository...'
Cloning repository...
++ git clone --no-checkout https://gitlab-ci-token:xxxxxxxxxxxxxxxxxxxx@git.inventum.in/buildroot_source/buildroot.git /home/gitlab-runner/builds/541451b1/1/buildroot_source/buildroot --template /home/gitlab-runner/builds/541451b1/1/buildroot_source/buildroot.tmp/git-template
Cloning into '/home/gitlab-runner/builds/541451b1/1/buildroot_source/buildroot'...
++ cd /home/gitlab-runner/builds/541451b1/1/buildroot_source/buildroot
++ echo 'Checking out 07939291 as sched...'
Checking out 07939291 as sched...
++ git checkout -f -q 079392912e17290f3de1167b42072db42293ee88
++ echo 'Skipping Git submodules setup'
Skipping Git submodules setup

  • exit 0
    ERROR: Job failed: execution took longer than 2h0m0s seconds

@shiftkey
Copy link
Member Author

Is it the same problem due to GIT_SSL_CAINFO variable setting??

@ShubhamManuSharma I'm not sure where this value is coming from:

++ export GIT_SSL_CAINFO=/home/gitlab-runner/builds/541451b1/1/buildroot_source/buildroot.tmp/GIT_SSL_CAINFO

From the Git documentation:

http.sslCAInfo::
	File containing the certificates to verify the peer with when
	fetching or pushing over HTTPS. Can be overridden by the
	`GIT_SSL_CAINFO` environment variable.

This should point to a file on disk containing certificates that can be used, but it doesn't look like a valid file.

@shiftkey
Copy link
Member Author

@ShubhamManuSharma actually, I think you'll need to talk with GitLab runner support as it seems that the Git operations are successful and the job times out somewhere in the pipeline:

exit 0
ERROR: Job failed: execution took longer than 2h0m0s seconds

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@shiftkey shiftkey

Labels
Linux
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@shiftkey @kittaakos @ShubhamManuSharma and others