easyrsa visually hangs when run in Windows Terminal

[JLJTGR]

When using the old Windows Console Host, easyrsa functions normally. When using Windows Terminal, anything but "./easyrsa" seems to indefinitely hang, doing nothing.

Tried with a fresh download/unzip. (3.1.7)

Expected: (Windows Console Host)

Actual: (Windows Terminal)

When I encountered this issue, I had Windows Terminal as my default console... so double-clicking the .bat file opened it in Windows Terminal. But the same happens if I launch Windows Terminal manually and run the .bat manually.

With so little feedback, I can't tell if easyrsa, sh.exe or something about Windows Terminal is stuck. Pressing Ctrl-C a single time gives a > prompt that doesn't seem to do much. Pressing Ctrl-C a second time asks to terminate the batch job.

Same thing happens on a existing copy of 3.0.4 that I was actively using. Commands like ./easyrsa gen-req NAME nopass equally hang in Windows Terminal.

[TinCanTech]

Which Windblows version is that ?

[JLJTGR]

Windows 11 Home, 22H2, 22621.2861 - Windows Terminal 1.18.3181.0
Though I can get the same thing to happen on Windows 10 Home, 22H2, 19045.3803

[TinCanTech]

Sorry but Windows Terminal is not a supported interface.

[ecrist]

This is something we need to look into, but I don't have a good line for how to fix it. There are a couple things in play on this:

1. The POSiX tools we use are old and we don't have a way to build new ones. They likely will stop working on a future Windows release.
2. Windows Terminal is a completely different application than the cmd.exe we are used to. We'd likely need to rewrite significant amounts of code to get this to work. That's not likely to happen soon.
3. Windows 10 provides WSL and WSL2, which provide a bonafide Linux environment within Windows. It is likely easier and better all around to explore this avenue, and put any limited development time into that.

As always, patches are welcome from the community if some want to move the along faster.

[TinCanTech]

@JLJTGR As a first-step, please retry your wt test using Easy-RSA Version 3.1.7 (Release). When you run the command try with the --verbose option.

[JLJTGR]

--verbose does not show anything extra when run with init-pki. It shows some extra > verbose lines when run without arguments.

While it is hanging, if I type anything and press enter, it outputs ' unexpectedax error: ' and exits... but it does not show any > verbose lines.

EasyRSA Shell
# ./easyrsa init-pki --verbose
random text entry
' unexpectedax error: '

EasyRSA Shell
#

---

From what I've read... Windows Terminal is supposed to just be another chrome-layer wrapper of cmd.exe. It still launches cmd.exe in my task list and it hooks into it. So it is instead a replacement of conhost.exe rather than cmd.exe?

The parent process and parent console are different, but it's still the same cmd.exe behind it all.

That said, I know that Windows Terminal has not been without hiccups. I myself faced an issue where timeout.exe did not properly run inside of .bat files. Microsoft eventually fixed this after reports. I feel like if Microsoft is made aware of something that Windows Terminal is doing incorrectly, they may at some point fix it. But I have only the most basic of understandings of what is going wrong here.

I started here almost arbitrarily, hoping to gain some insight. Even if I gained no insight, maybe having a searchable issue would save someone else some trouble. It took me weeks to figure out why my working easyrsa setup stopped being able to generate requests/certs.

[TinCanTech]

The correct command syntax is: ./easyrsa --verbose init-pki

[JLJTGR]

The only change in behavior is that I have to press Ctrl-C to have it throw the same error and exit.

[TinCanTech]

Does the simple command ./easyrsa complete ?

[JLJTGR]

Yes, it always has.

A month or two ago, I could not get gen-req ... nopass to work... but build-client-full ... nopass did work. I was in a rush, so I didn't argue with it at the time.

The other day I could not get either one to work on the same environment. For troubleshooting, I downloaded a fresh 3.1.7 to run init-pki as the first step... and here I am. But perhaps other commands would work better. I can't decide if it's some sort of weird STDIN/OUT issue where certain commands expect different things and cause different results.

---

I have one Win11 machine and two Win10 machines that have some issue. I tried on one old Windows Server Enterprise VM that did not have the issue. Then I downloaded a newer version... and that one does have the issue.

You can get these VMs directly from Microsoft with Windows Terminal preinstalled: https://developer.microsoft.com/en-us/windows/downloads/virtual-machines/

Maybe Microsoft actually broke this recently, somehow.

[TinCanTech]

Does command make-varscomplete ?

[JLJTGR]

Yes. It spits out a few pages of config.

I can also put it into a file successfully:

EasyRSA Shell
# ./easyrsa make-vars >varstest

EasyRSA Shell
#

[TinCanTech]

Can you try a few openssl commands, within the easyrsa shell ?

Something like openssl enc -A -in easyrsa.

[JLJTGR]

Inside of the shell(sh.exe), it just hangs indefinitely.
Outside in the Windows Terminal, it spits out the contents of the easyrsa file.

[TinCanTech]

Thanks for testing.

If you can get wt to work with openssl then maybe there is hope ..

[TinCanTech]

FTR: Easy-RSA tooling for Windows is ancient. All further effort should go into implementing suitable, long term alternatives. I prefer busybox-for-windows.

[TinCanTech]

Something like openssl enc -A -in easyrsa.

Should be openssl enc -a -in easyrsa.

[TinCanTech]

@ecrist

For discussion:

This is something we need to look into

Windows Terminal is not even a default Windows application.

Please explain this new "need" ?

[JLJTGR]

Sorry I haven't been as responsive.

Should be openssl enc -a -in easyrsa.

In sh.exe, it hangs like the other commands. In Windows Terminal or Console Host, it outputs a base64 block.

---

Windows Terminal is not even a default Windows application.
Please explain this new "need" ?

As an outsider's perspective, I just want other users to know that there's inexplicably an issue with running easyrsa in Windows Terminal. If it could be fixed here, great... if it could be brought to Microsoft's attention and they think they did something wrong, then also great. (I'm willing to go to the Windows Terminal GitHub if I can figure out something intelligent to tell them.) But at minimum, I wanted to save my peers the trouble that I went through by having no reports of issues at all. Coming here is that visibility, where it would get lost in the Windows Terminal GitHub... since why would one automatically think that is the cause?

I feel like power-users are being increasingly prodded towards Windows Terminal and I would not be surprised if it was the future that Microsoft wants. Easyrsa is absolutely power-user territory if not higher, so bumping into Windows Terminal isn't strange. If you consider the development VMs that Microsoft already provides, Windows Terminal has become a "default Windows application". Running a .bat file in these VMs runs Windows Terminal as the cmd.exe host. So I see this as a danger on the horizon.

[TinCanTech]

I believe we have found the root cause of the problem:

• Windows 11
• Link-to: Windows: Introduce 'Non-Admin' mode #1073 (comment)

The problem is that, due to reasons unknown, Windows 11 is blocking/ignoring many POSIX commands made by tools which Easy-RSA uses.

Most notably, POSIX shell command read does not accept any input when running on Windows 11.

This is a permanent deal-breaker for Easy-RSA with mksh on Windows 11.

Alternatives to mksh are being considered. IE. busybox-for-windows, which may or may not be hindered in the same way. Lots of testing will be required ..

This issue will remain open for visibility, however, there is nothing that current Easy-RSA can do to solve this problem on Windows 11.

[JLJTGR]

I'm confused... I already said the same exact problem happens on Windows 10 Home, 22H2, 19045.3803. If I don't use Windows Terminal, it works "fine" on Windows 11.

[TinCanTech]

If I don't use Windows Terminal, it works "fine" on Windows 11.

There are conflicting reports, regarding Windows 11, detailed in the link above.

The problems apparently related to Windows Terminal are most likely due to the OS not the terminal interface.

Follow-up: #1075

[TinCanTech]

if anybody wants to report #1075 to Microsoft then please do.

[TinCanTech]

Status:

• Initial issue was misidentified - Windows Terminal is not the cause.
• Issue reported to Microsoft - Marked as closed and fixed.
• Subsequent issues have been correctly identified. EasyRSA on Windows 11 with mksh hangs #1075

[JLJTGR]

How can Windows Terminal not be the cause? This issue only happens on certain versions of Windows Terminal on both Windows 10 and Windows 11. It does not happen with older conhost.exe on Windows 11.

Supposedly canary versions of Windows Terminal fixes the issue, but that is not yet Live. I would have preferred this remained open and visible to people until Microsoft's fix is actually available to everyone. Closing it just invites people to make duplicate reports.

[TinCanTech]

@JLJTGR Your claim is refuted by both Microsoft and EasyRSA, details are included here in this issue.

At this time, NO issues with Windows-Terminal have been identified for any version of Windows.

#1078