I am not able to install (anything?) with bower. I am trying to use the public GitHub and a popular library but I get error: git ls-remote --tags --heads https://github.com/jquery/jquery-dist.git", exit code of #128 fatal: unable to access 'https://github.com/jquery/jquery-dist.git/': SSL: CA certificate set, but certificate verification is disabled
Additional error details:
Output of bower -v && npm -v && node -v:
1.7.9
3.10.3
v6.5.0
Additional environment details (proxy, private registry, etc.):
I have disabled everything I know.
Steps to reproduce the issue:
bower install jqueryDescribe the results you received:
bower install jquery
bower jquery#* not-cached https://github.com/jquery/jquery-dist.git#*
bower jquery#* resolve https://github.com/jquery/jquery-dist.git#*
bower jquery#* ECMDERR Failed to execute "git ls-remote --tags --heads https://github.com/jquery/jquery-dist.git", exit code of #128 fatal: unable to access 'https://github.com/jquery/jquery-dist.git/': SSL: CA certificate set, but certificate verification is disabled
Describe the results you expected:
I expected Bower to finish the without errors.
Additional information:
Content-Type: application/x-git-upload-pack-advertisementGIT_CURL_VERBOSE=2 git ls-remote --heads https://github.com/jquery/jquery-dist.git
{
"name": "webcomp",
"authors": [
"me <[email protected]>"
],
"description": "",
"main": "",
"license": "MIT",
"homepage": "",
"private": true,
"ignore": [
"**/.*",
"node_modules",
"bower_components",
"test",
"tests"
]
}
I have realized this is the origin of my problems commit: https://github.com/bower/bower/pull/2137/commits/f0a54d0018927f8f1cf85cb6c7e12a37cea49333 from pull request 2137
My configuration is:
$ npm config get strict-ssl
true
So process.env has "GIT_SSL_NO_VERIFY":"false" however http.c seems to check only if GIT_SSL_NO_VERIFY exists. It does not check it is "true" or "false".
I have changed:
process.env.GIT_SSL_NO_VERIFY = (!config.strictSsl).toString();
to
if (!config.strictSsl) {
process.env.GIT_SSL_NO_VERIFY = 'true';
}
And now I am able to grab jquery normally: bower install jquery
I wonder if this is a configuration miss from my side? This seems to be a quite common case so I wonder how people is not having the same issue as me? cc @sheerun @pwielgolaski
I think we should fix it as you suggest.
It was unification code review suggestion.
I think the main scenario was to enable this flag, but in your case it is opposite case.
I would suggest making pull request for it.
@pwielgolaski I think trying to unify code was a good idea _providing GIT_SSL_NO_VERIFY=true and GIT_SSL_NO_VERIFY=false where opposites_. They are not.
IMO guys at git could have been written a more strict check like:
char *gitSslNoVerify = getenv("GIT_SSL_NO_VERIFY");
if (gitSslNoVerify != NULL && strcmp(gitSslNoVerify, "true") == 0) {
curl_ssl_verify = 0;
}
instead of their approach:
if (getenv("GIT_SSL_NO_VERIFY"))
curl_ssl_verify = 0;
But they didn't and everybody has to live with it.
I will make the PR :)
Most helpful comment
I have realized this is the origin of my problems commit: https://github.com/bower/bower/pull/2137/commits/f0a54d0018927f8f1cf85cb6c7e12a37cea49333 from pull request 2137
My configuration is:
So process.env has
"GIT_SSL_NO_VERIFY":"false"however http.c seems to check only ifGIT_SSL_NO_VERIFYexists. It does not check it is "true" or "false".I have changed:
to
And now I am able to grab jquery normally:
bower install jqueryI wonder if this is a configuration miss from my side? This seems to be a quite common case so I wonder how people is not having the same issue as me? cc @sheerun @pwielgolaski