search

fsprojects / ProjectScaffold

A prototypical .NET solution (file system layout and tooling), recommended for F# projects
http://fsprojects.github.io/ProjectScaffold
The Unlicense
515 stars 154 forks source link

Don't run mozroots automatically; ask instead #236

Closed rmunn closed 8 years ago

rmunn commented 8 years ago

One of the most common reasons for the Paket bootstrapper to fail on Linux is if the Mono installation is brand-new -- because out of the box, Mono does not trust any X.509 root certificates. Therefore, GitHub's SSL certificate won't be trusted and Paket won't be downloaded.

The fix most often recommended is to run:

mozroots --import --sync

which imports the entire root SSL certificate store trusted by the Mozilla project. This is over 100 certificates, so not everyone will want to run this command. (And we certainly shouldn't be running it for them.) But we should suggest it, because not everyone knows about the mozroots command. In particular, if someone is new to F# and Mono, this suggestion might save them hours of frustrated Google searches.

Note that the Mono project has said (in the certmgr manpage) that there is no guarantee that certificate store locations will stay the same between Mono releases, and that "The only safe way to interact with certificate stores is to use the certmgr tool." So instead of checking the ~/.config/.mono/certs directory, we use certmgr to count the number of trusted X.509 certificates. We compare to 1 rather than 0 because the word "X.509" will appear once in the header of certmgr's output even on a system with no trusted root certs.

This fixes #235.

forki commented 8 years ago

but now we don't do it at all?!

rmunn commented 8 years ago

but now we don't do it at all?!

My thought was that we'd let the user run mozroots manually, then re-run the build script. But you're absolutely right: it would be better to ask a y/n question, and run mozroots --import --sync automatically if the user agrees. That way the script will succeed on the first try.

I'll update my PR with a yes/no prompt.

rmunn commented 8 years ago

The build failure on Travis is a Paket error message:

Could not find hash for https://api.github.com/repos/fsharp/FAKE/commits/master

I'm pretty sure that my PR didn't cause this build failure, since the current master branch build is failing too (and was failing before my PR):

https://travis-ci.org/fsprojects/ProjectScaffold/builds/103284520

Any project committers want to figure out what's going on with the Travis build?

sergey-tihon commented 8 years ago

I have the similar issue with FsUnit

The only error that I see in the log

error: (0, 0) Assembly Microsoft.Build.Utilities.v12.0, Version=12.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a' referencesMicrosoft.Build.Framework, Version=12.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a' which has a higher version number than imported assembly `Microsoft.Build.Framework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a'

Thought how to fix it? @tpetricek @forki

sergey-tihon commented 8 years ago

The same error on ProjectScaffol/master - https://travis-ci.org/fsprojects/ProjectScaffold#L1246

forki commented 8 years ago

@sergey-tihon can you run paket update? there was a FCS bug. it's fixed now and I hope it solves your issue.