[bug]: create-custom-origin not able to handle existing certificate file

[fooman]

Describe the bug create-custom-origin can't read existing cert file on Macos

To reproduce Create 1st project - observe it works including running yarn run buildpack create-custom-origin . (this was with PWA Studio 5) Create 2nd project (this was with PWA Studio 6 beta.2). Run yarn run buildpack create-custom-origin . errors with

yarn run v1.22.0
$ webpack-dev-server --progress --color --env.mode development
  ⚠  Default value for CHECKOUT_BRAINTREE_TOKEN has changed in PWA Studio Buildpack v5.1.0-beta.2, due to confusion about whether developers should provide their own Braintree tokens for their own sites. An example value is provided instead for development purposes.
     Old value: sandbox_8yrzsvtm_s2bg8fs563crhqzk
     New value: undefined
     This project is using the old default value for CHECKOUT_BRAINTREE_TOKEN. Check to make sure the change does not cause regressions.
Password:
Error: [pwa-buildpack:Utilities:configureHost.js] Could not setup development domain:
Error: Command failed: openssl ca -config "/var/folders/qy/4rtp02216ms19g9nd7lsr5yc0000gn/T/tmp-36361rLtcH3RH7KdY.tmp" -in "/Users/kristof/Library/Application Support/devcert/domains/example-create-3xw8h.local.pwadev/certificate-signing-request.csr" -out "/Users/kristof/Library/Application Support/devcert/domains/example-create-3xw8h.local.pwadev/certificate.crt" -keyfile "/var/folders/qy/4rtp02216ms19g9nd7lsr5yc0000gn/T/tmp-36361cTH2jfGTs7LG.tmp" -cert "/Users/kristof/Library/Application Support/devcert/certificate-authority/certificate.cert" -days 825 -batch
Using configuration from /var/folders/qy/4rtp02216ms19g9nd7lsr5yc0000gn/T/tmp-36361rLtcH3RH7KdY.tmp
Error opening CA certificate /Users/kristof/Library/Application Support/devcert/certificate-authority/certificate.cert
4536032876:error:02FFF00D:system library:func(4095):Permission denied:/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-47.11.1/libressl-2.8/crypto/bio/bss_file.c:255:fopen('/Users/kristof/Library/Application Support/devcert/certificate-authority/certificate.cert', 'r')
4536032876:error:20FFF002:BIO routines:CRYPTO_internal:system lib:/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-47.11.1/libressl-2.8/crypto/bio/bss_file.c:257:
unable to load certificate

    at checkExecSyncError (child_process.js:629:11)
    at Object.execSync (child_process.js:666:13)
    at run (/Users/kristof/Projects/Test_Project/tmp-pwa-create/example-create/node_modules/devcert/dist/utils.js:22:28)
    at Object.openssl (/Users/kristof/Projects/Test_Project/tmp-pwa-create/example-create/node_modules/devcert/dist/utils.js:12:12)
    at constants_1.withDomainCertificateConfig (/Users/kristof/Projects/Test_Project/tmp-pwa-create/example-create/node_modules/devcert/dist/certificates.js:34:25)
    at Object.withDomainCertificateConfig (/Users/kristof/Projects/Test_Project/tmp-pwa-create/example-create/node_modules/devcert/dist/constants.js:45:5)
    at certificate_authority_1.withCertificateAuthorityCredentials (/Users/kristof/Projects/Test_Project/tmp-pwa-create/example-create/node_modules/devcert/dist/certificates.js:33:25)
    at Object.<anonymous> (/Users/kristof/Projects/Test_Project/tmp-pwa-create/example-create/node_modules/devcert/dist/certificate-authority.js:52:15)
    at Generator.next (<anonymous>)
    at fulfilled (/Users/kristof/Projects/Test_Project/tmp-pwa-create/example-create/node_modules/tslib/tslib.js:110:62)
    at configureHost (/Users/kristof/Projects/Test_Project/tmp-pwa-create/example-create/node_modules/@magento/pwa-buildpack/lib/Utilities/configureHost.js:229:15)
✨  Done in 26.26s.

Expected behavior Multiple custom origins should be possible.

Possible solutions The sudo check seems to happen only after checking for alreadyProvisioned certificates but the previously created file belongs to the root user.

 ls -al /Users/kristof/Library/Application\ Support/devcert/certificate-authority/certificate.cert
-rw-------  1 root  staff  1119  3 Sep  2019 /Users/kristof/Library/Application Support/devcert/certificate-authority/certificate.cert

Workaround: Making the cert file readable with sudo chmod 644 /Users/kristof/Library/Application\ Support/devcert/certificate-authority/certificate.cert lets the command succeed.

Please complete the following device information:

• Device [e.g. iPhone6, PC, Mac, Pixel3]: Mac
• OS [e.g. iOS8.1, Windows 10]: Catalina
• Browser [e.g. Chrome, Safari]:
• Browser Version [e.g. 22]:
• Magento Version: 2.3.3
• PWA Studio Version: 6.0.0-beta2
• NPM version npm -v: 6.13.4
• Node Version node -v: v10.18.1

Please let us know what packages this bug is in regards to:

• [ ] venia-concept
• [ ] venia-ui
• [x] pwa-buildpack
• [ ] peregrine
• [ ] pwa-devdocs
• [ ] upward-js
• [ ] upward-spec
• [x] create-pwa

[awilcoxa]

created in Jira backlog for grooming/prioritization

[awilcoxa]

Marked P2S3

[kevintunchan]

For Mac, delete 'devcert' folder in /Users/usrs/Library/Application Support/devcert and run 'sudo yarn run buildpack create-custom-origin '

[zetlen]

@fooman This seems like a feature request for devcert, which has an upgrade process that ought to reconcile permissions problems for previous versions.

[fooman]

@zetlen I believe it's a buildpack issue. If memory serves me right this call here https://github.com/magento/pwa-studio/blob/develop/packages/pwa-buildpack/lib/Utilities/configureHost.js#L69 fails as it also requires sudo privileges. Moving this line up https://github.com/magento/pwa-studio/blob/develop/packages/pwa-buildpack/lib/Utilities/configureHost.js#L71 to before should solve it.

[davemacaulay]

We're tracking this bug internally with the following ticket: https://jira.corp.magento.com/browse/PWA-504

[PrakashLakhara]

I am getting "not a valid domain name" when I run yarn buildpack create-custom-origin packages/venia-concept Logs:

https://github.com/browserslist/browserslist#browsers-data-updating
Creating a local development domain requires temporary administrative privileges.
Please enter the password for Prakash on DESKTOP-AGHGK7Q.
  (×)  [pwa-buildpack:Utilities:configureHost.js] Could not setup development domain:
     Error: "magento-venia-concept-viwo-.local.pwadev" is not a valid domain name.

     at Object.<anonymous> (C:\Users\Prakash\Desktop\pwa-studio\node_modules\devcert\dist\index.js:39:19)

     at Generator.next (<anonymous>)

     at C:\Users\Prakash\Desktop\pwa-studio\node_modules\devcert\node_modules\tslib\tslib.js:115:75

     at new Promise (<anonymous>)

     at Object.__awaiter (C:\Users\Prakash\Desktop\pwa-studio\node_modules\devcert\node_modules\tslib\tslib.js:111:16)

     at Object.certificateFor (C:\Users\Prakash\Desktop\pwa-studio\node_modules\devcert\dist\index.js:34:20)

     at C:\Users\Prakash\Desktop\pwa-studio\packages\pwa-buildpack\lib\Utilities\configureHost.js:95:47

     at processTicksAndRejections (internal/process/task_queues.js:95:5)
  (×)  Error: [pwa-buildpack:Utilities:configureHost.js] Could not setup development domain:
     Error: "magento-venia-concept-viwo-.local.pwadev" is not a valid domain name.

     at Object.<anonymous> (C:\Users\Prakash\Desktop\pwa-studio\node_modules\devcert\dist\index.js:39:19)

     at Generator.next (<anonymous>)

     at C:\Users\Prakash\Desktop\pwa-studio\node_modules\devcert\node_modules\tslib\tslib.js:115:75

     at new Promise (<anonymous>)

     at Object.__awaiter (C:\Users\Prakash\Desktop\pwa-studio\node_modules\devcert\node_modules\tslib\tslib.js:111:16)

     at Object.certificateFor (C:\Users\Prakash\Desktop\pwa-studio\node_modules\devcert\dist\index.js:34:20)

     at C:\Users\Prakash\Desktop\pwa-studio\packages\pwa-buildpack\lib\Utilities\configureHost.js:95:47

     at processTicksAndRejections (internal/process/task_queues.js:95:5)
error Command failed with exit code 1.
info Visit https://yarnpkg.com/en/docs/cli/run for documentation about this command.

[ankits789]

i am getting the same issue you are getting did you found the solution for this @PrakashLakhara ??

[baiciluigi]

Hi, set the value for CUSTOM_ORIGIN_ADD_UNIQUE_HASH to false and it should work.