Failing under Widnows

[AgainPsychoX]

Describe the bug

Under Windows, installing the certs fail. In order to access C:\Program Files\* admin privileges are required. On the other hand, why would it install

Reproduction

1. Use the plugin under Windows without admin

System Info

Output of npx envinfo --system --npmPackages vite,@vitejs/plugin-vue --binaries --browsers:

  System:
    OS: Windows 10 10.0.19043
    CPU: (12) x64 Intel(R) Core(TM) i7-8750H CPU @ 2.20GHz
    Memory: 3.81 GB / 15.85 GB
  Binaries:
    Node: 16.3.0 - C:\Program Files\nodejs\node.EXE
    npm: 7.21.0 - C:\Program Files\nodejs\npm.CMD
  Browsers:
    Chrome: 92.0.4515.159
    Edge: Spartan (44.19041.1023.0), Chromium (92.0.902.84)
    Internet Explorer: 11.0.19041.1

Used package manager: npm

Logs

First time error (without vite --debug flag but still)

error when starting dev server:
Created a new local CA 💥
The local CA is now installed in the system trust store! ⚡️
Note: Firefox support is not available on your platform. ℹ️
ERROR: failed to execute "keytool -importcert": exit status 1

Certificate was added to keystore
keytool error: java.io.FileNotFoundException: C:\Program Files\Java\jdk1.8.0_211\jre\lib\security\cacerts (Odmowa dost�pu)

    at ChildProcess.exithandler (node:child_process:326:12)
    at ChildProcess.emit (node:events:394:28)
    at ChildProcess.emit (node:domain:470:12)
    at maybeClose (node:internal/child_process:1067:16)
    at Process.ChildProcess._handle.onexit (node:internal/child_process:301:5)

Second try error:

  vite:config bundled config file loaded in 238ms +0ms
  vite:plugin:mkcert The hosts changed from [undefined] to [localhost,192.168.55.6,127.0.0.1], start regenerate certificate +0ms
error when starting dev server:
Error: Command failed: C:\Users\PsychoX\.vite-plugin-mkcert\mkcert.exe -install -key-file C:\Users\PsychoX\.vite-plugin-mkcert\certs\dev.key -cert-file C:\Users\PsychoX\.vite-plugin-mkcert\certs\dev.pem localhost 192.168.55.6 127.0.0.1
The local CA is already installed in the system trust store! 👍
Note: Firefox support is not available on your platform. ℹ️
ERROR: failed to execute "keytool -importcert": exit status 1

Certificate was added to keystore
keytool error: java.io.FileNotFoundException: C:\Program Files\Java\jdk1.8.0_211\jre\lib\security\cacerts (Odmowa dost�pu)

    at ChildProcess.exithandler (node:child_process:326:12)
    at ChildProcess.emit (node:events:394:28)
    at ChildProcess.emit (node:domain:470:12)
    at maybeClose (node:internal/child_process:1067:16)
    at Process.ChildProcess._handle.onexit (node:internal/child_process:301:5)

---

[AgainPsychoX]

After a bit of investigation, I realized its mkcert the admin rights. If it's called only on (re)generating the certs - so, once or rarely - I think the plugin should just start it as elevated process.

Powershell could be used to run process elevated:

util.promisify(child_process.exec)(`Start-Process cmd -Verb RunAs -Wait -ArgumentList '/c cd ${process.cwd()} && cmd'`, {shell: 'powershell.exe'})
.then(x => console.log(x)) // supports waiting for finish too

• If user was not elevated, the UAC dialog appears. If user agrees to elevate, the process run. On disagree, exception is fired.
• If user was already elevated, there is no dialog, everything runs smoothly.
• There is small issue with this solution: additional terminal window will appear for a time the elevated process is running (but it's better than not working at all).

I will try to create pull request in few hours or a day. If I haven't it means I forgot.

[AgainPsychoX]

I am having issues with PNPM you are using... A lot of ERR_PNPM_FETCH_404 errors... It seems PNPM is ignoring how registry works (it try to download https://registry.npmjs.org/speedometer/download/speedometer-1.0.0.tgz when registry tells the tarball is at https://registry.npmjs.org/speedometer/-/speedometer-1.0.0.tgz). I don't think it directly your fault, but I can't really contribute.

See https://github.com/pnpm/pnpm/issues/3744

[liuweiGL]

keytool error: java.io.FileNotFoundException: C:\Program Files\Java\jdk1.8.0_211\jre\lib\security\cacerts (Odmowa dost�pu)

Please try again after remove jdk environment setting.

[liuweiGL]

I don't see any logs related to the permission problem.

[AgainPsychoX]

Yeah, that works too (but it removes the variable for whole vite instead only mkcert):

cross-env JAVA_HOME= vite

Shouldn't it be added when using the binary then? Like:

const env = Object.assign({}, process.env);
env.JAVA_HOME = '';
util.promisify(child_process.exec)('cmd', {env});

---

It says "Access denied" ("Odmowa dostępu" in Polish) in the log

keytool error: java.io.FileNotFoundException: C:\Program Files\Java\jdk1.8.0_211\jre\lib\security\cacerts (Odmowa dost�pu)

_{Sorry for closing, miss-click ;_;}

[AgainPsychoX]

@liuweiGL Can hiding JAVA_HOME be added if its running on Windows? utils.ts, around like 62:

export const exec = async (cmd: string) => {
  if (process.platform === 'win32') {
    const env = Object.assign({}, process.env)
    env.JAVA_HOME = ''
    return await util.promisify(child_process.exec)(cmd, {env})
  }
  else {
    return await util.promisify(child_process.exec)(cmd)
  }
}

If you can add that it would be nice. (I can't use PNPM anyway so I can't do it myself)

[liuweiGL]

I am sorry, i hope the plugin sticks to its responsibilities and keeps it simple and clean.

[AgainPsychoX]

So I should unset JAVA_HOME for whole building process? It's so messy...

[liuweiGL]

You are right, we don't need support install into java cacerts file.

I will take your advice, thank you.