Closed driesvints closed 2 years ago
@NasirNobin do you have any thoughts here?
@driesvints can you check (maybe the second monitor if you have) and see if there's any password prompt? (Can't think of another reason for this behavior at the moment)
There's no password prompt.
I tried downgrading to Valet v2 but the same issues persist. I didn't had these issues before upgrading to Valet v3 🤔
I'm having the exact same issue. I get the security
password prompt a few times, and then it hangs on the "Installing nginx directory..." step. Here is the call stack:
If I stop the process and run it again, it hangs at the same place. The same thing happens if I reboot and run the command.
I added a bunch of info()
calls throughout the install process to see what is happening, and this is where it is failing:
\Valet\Site::resecureForNewConfiguration()
loops through the secured sites
\Valet\Site::unsecure()
is called and completes\Valet\Site::secure()
is called\Valet\Site::unsecure()
is called (again) and completes\Valet\Site::createCa()
is called
\Valet\Site::createCertificate()
is called\Valet\Site::trustCertificate()
, which is where the process hangs foreverThe command that is hanging is:
sudo security add-trusted-cert -d -r trustAsRoot -k /Library/Keychains/System.keychain "/Users/scott/.config/valet/Certificates/domain.test.crt"
I ran the same command manually and it still hangs (see the screenshot above), so it isn't necessarily being caused by Valet. I'm not sure if it has something to do with how it's being called by Valet, however.
To help track what is happening, here is the pertinent output that I added to the install process:
Valet\Nginx::installNginxDirectory() - START
Installing nginx directory...
Valet\Nginx::rewriteSecureNginxFiles() - START
Valet\Site::resecureForNewConfiguration() - START
Valet\Site::resecureForNewConfiguration() - START URL: domain.test
Valet\Site::unsecure() - START URL: domain.test
Valet\CommandLine::runCommand() - START CMD: sudo security delete-certificate -c "domain.test" /Library/Keychains/System.keychain
Valet\CommandLine::runCommand() - END CMD: sudo security delete-certificate -c "domain.test" /Library/Keychains/System.keychain
Valet\CommandLine::runCommand() - START CMD: sudo security delete-certificate -c "*.domain.test" /Library/Keychains/System.keychain
Valet\CommandLine::runCommand() - END CMD: sudo security delete-certificate -c "*.domain.test" /Library/Keychains/System.keychain
Valet\CommandLine::runCommand() - START CMD: sudo security find-certificate -e "domain.test@laravel.valet" -a -Z | grep SHA-1 | sudo awk '{system("security delete-certificate -Z '$NF' /Library/Keychains/System.keychain")}'
Valet\CommandLine::runCommand() - END CMD: sudo security find-certificate -e "domain.test@laravel.valet" -a -Z | grep SHA-1 | sudo awk '{system("security delete-certificate -Z '$NF' /Library/Keychains/System.keychain")}'
Valet\Site::unsecure() - END URL: domain.test
Valet\Site::secure() - START URL: domain.test
Valet\Site::unsecure() - START URL: domain.test
Valet\CommandLine::runCommand() - START CMD: sudo security delete-certificate -c "domain.test" /Library/Keychains/System.keychain
Valet\CommandLine::runCommand() - END CMD: sudo security delete-certificate -c "domain.test" /Library/Keychains/System.keychain
Valet\CommandLine::runCommand() - START CMD: sudo security delete-certificate -c "*.domain.test" /Library/Keychains/System.keychain
Valet\CommandLine::runCommand() - END CMD: sudo security delete-certificate -c "*.domain.test" /Library/Keychains/System.keychain
Valet\CommandLine::runCommand() - START CMD: sudo security find-certificate -e "domain.test@laravel.valet" -a -Z | grep SHA-1 | sudo awk '{system("security delete-certificate -Z '$NF' /Library/Keychains/System.keychain")}'
Valet\CommandLine::runCommand() - END CMD: sudo security find-certificate -e "domain.test@laravel.valet" -a -Z | grep SHA-1 | sudo awk '{system("security delete-certificate -Z '$NF' /Library/Keychains/System.keychain")}'
Valet\Site::unsecure() - END URL: domain.test
Valet\Site::createCa() - START
Valet\Site::createCertificate() - START URL: domain.test
Valet\CommandLine::runCommand() - START CMD: sudo -u "scott" openssl genrsa -out "/Users/scott/.config/valet/Certificates/domain.test.key" 2048
Valet\CommandLine::runCommand() - END CMD: sudo -u "scott" openssl genrsa -out "/Users/scott/.config/valet/Certificates/domain.test.key" 2048
Valet\CommandLine::runCommand() - START CMD: sudo -u "scott" openssl req -new -key "/Users/scott/.config/valet/Certificates/domain.test.key" -out "/Users/scott/.config/valet/Certificates/domain.test.csr" -subj "/C=/ST=/O=/localityName=/commonName=domain.test/organizationalUnitName=/emailAddress=domain.test@laravel.valet/" -config "/Users/scott/.config/valet/Certificates/domain.test.conf"
Valet\CommandLine::runCommand() - END CMD: sudo -u "scott" openssl req -new -key "/Users/scott/.config/valet/Certificates/domain.test.key" -out "/Users/scott/.config/valet/Certificates/domain.test.csr" -subj "/C=/ST=/O=/localityName=/commonName=domain.test/organizationalUnitName=/emailAddress=domain.test@laravel.valet/" -config "/Users/scott/.config/valet/Certificates/domain.test.conf"
Valet\CommandLine::runCommand() - START CMD: sudo -u "scott" openssl x509 -req -sha256 -days 396 -CA "/Users/scott/.config/valet/CA/LaravelValetCASelfSigned.pem" -CAkey "/Users/scott/.config/valet/CA/LaravelValetCASelfSigned.key" -CAserial "/Users/scott/.config/valet/CA/LaravelValetCASelfSigned.srl" -in "/Users/scott/.config/valet/Certificates/domain.test.csr" -out "/Users/scott/.config/valet/Certificates/domain.test.crt" -extensions v3_req -extfile "/Users/scott/.config/valet/Certificates/domain.test.conf"
Valet\CommandLine::runCommand() - END CMD: sudo -u "scott" openssl x509 -req -sha256 -days 396 -CA "/Users/scott/.config/valet/CA/LaravelValetCASelfSigned.pem" -CAkey "/Users/scott/.config/valet/CA/LaravelValetCASelfSigned.key" -CAserial "/Users/scott/.config/valet/CA/LaravelValetCASelfSigned.srl" -in "/Users/scott/.config/valet/Certificates/domain.test.csr" -out "/Users/scott/.config/valet/Certificates/domain.test.crt" -extensions v3_req -extfile "/Users/scott/.config/valet/Certificates/domain.test.conf"
Valet\CommandLine::runCommand() - START CMD: sudo security add-trusted-cert -d -r trustAsRoot -k /Library/Keychains/System.keychain "/Users/scott/.config/valet/Certificates/domain.test.crt"
To get back to where I can actually use my local environment, I had to:
valet unsecure --all
~/.config/valet/Nginx
~/.config/valet/Certificates
valet restart
Your local sites will not be secured, so you'll need to remember to use http://
instead of https://
. I can't secure any new sites because they always hang at the \Valet\Site::trustCertificate()
step. I can at least work now though! 😂
There's definitely something wonky going on here, and it might be a macOS issue, given that the problem seems to lie with the auth prompt for /usr/bin/security
. You're definitely supposed to get an auth prompt for each certificate that is supposed to be trusted.
What version of macOS are you guys on by the way? (Might be a recent issue, hence why you maybe didn't encounter this before...)
Monterey 12.3
I couldn't reproduce this on my MBP 2020 M1 & 2021 M1 Pro models both running 12.3.
@driesvints what's the model/year of your MacBook?
I just tried running valet install
on my system and it also worked here, also on Monterey 12.3. (M1 Mac mini here.)
I did get multiple Touch ID prompts, one for every domain. I also spotted a .DS_Store
certificate being generated after looking in Keychain Access, but I'm assuming that's unrelated to this issue.
MacBook Pro M1 Max from 2021.
I'm running Monterey 12.3 on a MacBook Pro (16-inch, 2019).
After a reboot (I'm assuming because it clears auth) I get Touch ID prompts for the first few certs, and then it hangs. If I kill the install process and run it again, it hangs on the first one.
Can anyone try this and confirm if this solves anything?
security authorizationdb read com.apple.trust-settings.admin > ~/.config/valet/apple-trust-settings > /dev/null 2>& 1
sudo security authorizationdb write com.apple.trust-settings.admin allow > /dev/null 2>& 1
valet install
sudo security authorizationdb write com.apple.trust-settings.admin < ~/.config/valet/apple-trust-settings > /dev/null 2>& 1
For me, it does get rid of the prompt. Then again enables the prompt. Snippet taken from https://github.com/laravel/valet/discussions/1135
also, anyone having this issue please share the output of this command, it might help us track down the underlying issue.
security authorizationdb read com.apple.trust-settings.admin
@driesvints @squatto
@NasirNobin - Your steps above worked for me. I had it where it was stuck asking for a password constantly before running them.
If it will help, when I run your command I get the following (Please note this is after getting V3 installed):
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>class</key>
<string>rule</string>
<key>comment</key>
<string>For modifying Trust Settings in the Admin domain. Requires entitlement or admin authentication.</string>
<key>created</key>
<real>607242072.973809</real>
<key>k-of-n</key>
<integer>1</integer>
<key>modified</key>
<real>670364736.28937805</real>
<key>rule</key>
<array>
<string>entitled</string>
<string>authenticate-admin</string>
</array>
<key>version</key>
<integer>1</integer>
</dict>
</plist>
YES (0)
@NasirNobin here is my output:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>class</key>
<string>rule</string>
<key>comment</key>
<string>For modifying Trust Settings in the Admin domain. Requires entitlement or admin authentication.</string>
<key>created</key>
<real>609969267.73147702</real>
<key>k-of-n</key>
<integer>1</integer>
<key>modified</key>
<real>657799143.00014901</real>
<key>rule</key>
<array>
<string>entitled</string>
<string>authenticate-admin</string>
</array>
<key>version</key>
<integer>1</integer>
</dict>
</plist>
YES (0)
@NasirNobin running those commands doesn't fix the issue for me. It still gets stuck on the security
command. I tried it with both valet install
and valet secure <site>
with the same result.
Had the same thing. For what it's worth adding my experience:
Tried the commands in https://github.com/laravel/valet/issues/1224#issuecomment-1083565247. Still got stuck on valet install. Did a restart. Install worked.
Can anyone try this and confirm if this solves anything?
Unfortunately, it still hangs on the "Installing nginx directory..." step.
also, anyone having this issue please share the output of this command, it might help us track down the underlying issue.
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>class</key>
<string>rule</string>
<key>comment</key>
<string>For modifying Trust Settings in the Admin domain. Requires entitlement or admin authentication.</string>
<key>created</key>
<real>658955694.10467303</real>
<key>k-of-n</key>
<integer>1</integer>
<key>modified</key>
<real>658955694.10467303</real>
<key>rule</key>
<array>
<string>entitled</string>
<string>authenticate-admin</string>
</array>
<key>version</key>
<integer>1</integer>
</dict>
</plist>
YES (0)
Did a restart. Install worked.
Can anyone who has this issue try rebooting their Mac and try again?
Just to be clear, what I did was first run the set of commands up until valet install
. Then did a restart. Ran install. And finished off with the final command for good measure.
My thinking was something with auth tied to the user that would clear/flush on restart (probably logout too?).
Or that was just a big coincidence... :)
It finally worked for me after a restart. It's odd because I tried that before and it didn't work before. Anyway, thanks all to help debug this one! :)
@driesvints Just curious, did you authenticate using fingerprint when it got stuck? Just did this upgrade on another machine and opted for typing the password, and except for all the prompts in #1226, that worked. While mine with the fingerprint got stuck.
I indeed used fingerprint.
@ErikBernskiold Like Dries, I had the same issue — and eventually figured out the only way past it was by not using TouchID, as I described in #1226. Keychain Access would also become completely unresponsive.
I had the same symptoms and I was using Touch ID. For me, the resolution was to open up System Preferences and open the "Apple ID" panel. There was a warning about Apple ID needing to sign-in. Once I cleared this warning Valet started working again.
Description:
When I try to run
valet install
, the commands hangs and stops at "Installing nginx directory...". When I runvalet secure
on a site, the command also hangs and stops.This started to happen with the v3 upgrade. I have no idea what's going on...
Steps To Reproduce:
Run either
valet secure
orvalet install
.Diagnosis
sw_vers
valet --version
cat ~/.config/valet/config.json
cat ~/.composer/composer.json
composer global diagnose
composer global outdated
ls -al /etc/sudoers.d/
brew config
brew services list
brew list --formula --versions | grep -E "(php|nginx|dnsmasq|mariadb|mysql|mailhog|openssl)(@\d\..*)?\s"
brew outdated
brew tap
php -v
which -a php
php --ini
nginx -v
curl --version
php --ri curl
~/.composer/vendor/laravel/valet/bin/ngrok version
~/.composer/vendor/laravel/valet/bin/ngrok-arm version
ls -al ~/.ngrok2
brew info nginx
brew info php
brew info openssl
openssl version -a
openssl ciphers
sudo nginx -t
which -a php-fpm
/opt/homebrew/opt/php/sbin/php-fpm -v
sudo /opt/homebrew/opt/php/sbin/php-fpm -y /opt/homebrew/etc/php/8.1/php-fpm.conf --test
ls -al ~/Library/LaunchAgents | grep homebrew
ls -al /Library/LaunchAgents | grep homebrew
ls -al /Library/LaunchDaemons | grep homebrew
ls -al /Library/LaunchDaemons | grep "com.laravel.valet."
ls -aln /etc/resolv.conf
cat /etc/resolv.conf
ifconfig lo0
sh -c 'echo "------\n/opt/homebrew/etc/nginx/valet/valet.conf\n---\n"; cat /opt/homebrew/etc/nginx/valet/valet.conf | grep -n "# valet loopback"; echo "\n------\n"'
sh -c 'for file in ~/.config/valet/dnsmasq.d/*; do echo "------\n~/.config/valet/dnsmasq.d/$(basename $file)\n---\n"; cat $file; echo "\n------\n"; done'
sh -c 'for file in ~/.config/valet/nginx/*; do echo "------\n~/.config/valet/nginx/$(basename $file)\n---\n"; cat $file | grep -n "# valet loopback"; echo "\n------\n"; done'