Git Certificate Errors for Windows SDK Installer

[JoelProminic]

I did a test with Git on Windows, using the installation from Moonshine SDK Installer (See #449). I used Vagrant to create fresh Windows VM for this test.

Unfortunately, I got an error. I reproduced the error on the command line. I tried this repository, using the default URL recommended by the project: https://github.com/prominic/XHTMLConverterCLI.git

I see that it is looking for CAfile in Program Files, rather than the actual download location. I haven't found an environment variable to customize this yet.

I was able to work around this by using a different protocol: git://github.com/prominic/XHTMLConverterCLI.git . However, by my understanding, this will prevent changes to the clone from being pushed back to the origin (since the channel is not secured).

Note that there are a couple other Git protocols that we could support (ssh:// and https:// ): https://git-scm.com/book/en/v2/Git-on-the-Server-The-Protocols

[rat-moonshine]

Git clone protocol now suppose to accept http, https, git and ssh.

[rat-moonshine]

I'm not sure if this is something how a ssl certificate can be set, but I found this discussion at StackOverflow.

I noticed the answered command used .pem file instead of any .crt.

I tried to run the commands anyway on command-line:

C:\Users\devsena>c:\Users\devsena\Documents\MoonshineSDKs\Git\git-2.20.1\bin\git.exe config http.sslCAinfo c:\Users\devsena\Documents\MoonshineSDKs\Git\git-2.20.1\mingw64\ssl\cert.pem
fatal: not in a git directory
C:\Users\devsena>cd Desktop\testRepo
C:\Users\devsena\Desktop\testRepo>c:\Users\devsena\Documents\MoonshineSDKs\Git\git-2.20.1\bin\git.exe config http.sslCAinfo c:\Users\devsena\Documents\MoonshineSDKs\Git\git-2.20.1\mingw64\ssl\cert.pem
C:\Users\devsena\Desktop\testRepo>

But I didn't found a way to determine if this actually sets the ssl certificate path or not.

[JoelProminic]

@rat-moonshine's command was close, but it needed the --global option to work for git clone.

The configuration option is described here: https://git-scm.com/docs/git-config

http.sslCAInfo

File containing the certificates to verify the peer with when fetching or pushing over HTTPS. Can be overridden by the GIT_SSL_CAINFO environment variable.

http.sslCAPath

Path containing files with the CA certificates to verify the peer with when fetching or pushing over HTTPS. Can be overridden by the GIT_SSL_CAPATH environment variable.

I used these commands, and this resolved the errors I was getting in Moonshine. GIT_HOME should be changed based on the selected install directory.

set GIT_HOME=C:\Users\Git\git-2.20.1
%GIT_HOME%\bin\git config --global http.sslCAInfo %GIT_HOME%\mingw64\ssl\cert.pem

I think the most straightforward solution will be to have Moonshine SDK Installer run these commands after the Git "installation" completed. This should work, but if the user installs (or previously installed) Git manually, it would also change the behavior for that copy of Git.

The other options is to set the GIT_SSL_CAINFO envionment variable for each Git command executed from Moonshine. This should resolve the problem for Moonshine, but the Git installation would have limited functionality outside of Moonshine.

[rat-moonshine]

So, how you suggest we should proceed, if we want to target this for 2.0 release.

[JoelProminic]

I think we should set the global configuration value when "installing" Git, using the command I listed.

[JoelProminic]

I did some tests with the branch actions on Windows. I was able to create a new branch, but the "Switch Branch" prompt did not open for me. I noticed that this error appeared on the console for either the "New Branch" or "Switch to Branch" actions.

Error #1009
TypeError: Error #1009
        at actionScripts.utils::UtilsCore$/getEncodedForShell()
        at actionScripts.plugins.git::GitProcessManager/push()
        at actionScripts.plugins.git.model::MethodDescriptor/callMethod()
        at actionScripts.plugins.git::GitProcessManager/onWorkerValueIncoming()
        at flash.events::EventDispatcher/dispatchEvent()
        at actionScripts.locator::IDEWorker/onWorkerToMain()

I want to investigate this to see if it is related to the Windows Git install. If this is an unrelated error, we can move it to a separate issue.

[rat-moonshine]

I confirm I able to get the same output return as reported by @JoelProminic , in my Vagrant VM.

I able to get passed this problem once Moonshine ran internally the following script as suggested by Joel,

set GIT_HOME=${localGitPath}
%GIT_HOME%\bin\git config --global http.sslCAInfo %GIT_HOME%\mingw64\ssl\cert.pem

I confirm having the changes applied, I able to clone a Git repository in my Vagrant test with Moonshine without any problem.

[rat-moonshine]

I did some tests with the branch actions on Windows. I was able to create a new branch, but the "Switch Branch" prompt did not open for me. I noticed that this error appeared on the console for either the "New Branch" or "Switch to Branch" actions.

The above error looks like during 'push' command - a 'push' command executes after creating a new branch if 'Push newly created branch to remote' option is checked in the 'New Branch' creation popup.

I couldn't able to reproduce the error @JoelProminic reported as above; I tried randomly New Branch creation and Switch Branch, in my usual Windows workstation and Vagrant VM. I also tested the functionality on macOS, so far everything ran for me expectedly. I tested the functionalities with having no-config-auth-saved environment too.

(Note: In case of 'Push' action when Git credential is not present, Git opens following window on Windows Moonshine, and native login window in OSX Moonshine:

so having no authentication shouldn't be a problem in case of push action)

However, when testing on Vagrant VM, while Git -> Commit, Moonshine thrown me following error; I tested the error fires when ran manually on command-line, too.

Seeing following auth information in Commit window:

Moonshine returned console error while Commit:

I'm trying to work a fix for this keeping in our current structure.

[rat-moonshine]

I able to reproduce the non-existence of user.email and user.name problem in my usual workstation by removing those values from global gitconfig, too.

Thinking more on this, we can follow a short or detailed path for this.

Short path:
Keep things as they are now. We already providing an instruction link inside the Commit window saying 'How can I change this?' when Author:<Default>{<Default>}; This opens a popup with following message:

User can set the requisite information to global config file by following the given instruction in above link, and pass through the above problem.

Detailed path:
Since we do not have any existing design to enter Name and Email of the committer, we need to think about where and when we want to display them. The current native Git authentication window consists of two fields - username and password. Since we don't need password probably in this case, we shouldn't show this interface as it is now.

I can work on to make the authentication window 'automatically' showing username and email fields during a Commit action when auth value is - we'll need to do additional changes in the current procedure, we also need to add command to set user.name and user.email as there is no command exists in current Moonshine to set these.

Having the above process automated, we can get rid of the 'How can I change this?' link then.

[JoelProminic]

For reference: I somehow triggered a case where .gitconfig was cleared on my Windows VM. This caused an error in Moonshine:

: fatal: bad config line 1 in file C:/Users/vagrant/.gitconfig

I was able to resolve this by deleting .gitconfig. It was recreated with the http.sslCAInfo option above.

[Aszusz]

I ran into this issue today when trying to clone a git repository relying on git provided by moonshine sdk installer

: Cloning into 'royale-asjs'...
: Cloning into 'royale-asjs'...
: fatal: unable to access 'https://github.com/apache/royale-asjs/': error setting certificate verify locations:  CAfile: C:/Program Files/Git/mingw64/ssl/certs/ca-bundle.crt CApath: none

When I installed full git bash the issue went away as it installed certificate to the path above.

[JoelProminic]

I had to deal with this issue as part of other testing last week, and I confirmed that the commands reported here still work: #487 (comment)

Did we remove these commands at some point? It looks like we had this working...

[rat-moonshine]

Moonshine still has those information in its temporary env-setting file:

set GIT_HOME=^C^:^\^M^o^o^n^s^h^i^n^e^S^D^K^s^\^G^i^t^\^g^i^t^-^2^.^3^0^.^1
PATH=%FLEX_HOME%\bin;%AIR_SDK_HOME%\bin;%JAVA_HOME%\bin;%ANT_HOME%\bin;%MAVEN_HOME%\bin;%GRADLE_HOME%\bin;%GRAILS_HOME%\bin;%HAXE_HOME%;%NEKO_HOME%;%VIRTUALBOX_HOME%;%DYLD_LIBRARY_PATH%;%PATH%
"%GIT_HOME%\bin\git" config --global http.sslCAInfo "%GIT_HOME%\mingw64\ssl\cert.pem"