installer: configure http.sslCAInfo in "system-wide" config

Git for Windows has that very special thing that the "system-wide" config actually only extends to the current Git for Windows in use. The reason: Git's design assumes a Unix environment where there is a single top-level `/etc/` directory. This is not true for Windows, where there simply is no equivalent for the `/etc/` directory. Instead, we have a `<GIT>\mingw64\etc\gitconfig` that is used by the `git.exe` installed into the same location. We *also* have a `C:\ProgramData\Git\config` whose purpose is to hold configuration that extends to more than just Git for Windows: JGit, libgit2-based software, portable Git all read from there (or at least are supposed to). We have to be careful not to write anything into the ProgramData config that is private to Git for Windows. And the SSL certificates that are used by Git for Windows' own copy of cURL is pretty private. So let's configure it in Git for Windows' "system-wide" config instead of in ProgramData. This fixes git-for-windows/git#531 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
git-for-windows · Apr 4, 2017 · 1de64e1 · 1de64e1
1 parent 57a1744
commit 1de64e1
Showing 1 changed file with 6 additions and 2 deletions.
diff --git a/installer/install.iss b/installer/install.iss
@@ -1852,10 +1852,14 @@ begin
         if not Exec(AppDir+'\{#MINGW_BITNESS}\bin\git.exe','config --system pack.packsizelimit 2g',AppDir,SW_HIDE,ewWaitUntilTerminated,i) then
             LogError('Unable to limit packsize to 2GB');
 #endif
+        Cmd:=AppDir+'/';
+        StringChangeEx(Cmd,'\','/',True);
+        if not Exec(AppDir+'\bin\bash.exe','-c "value=\"$(git config -f config http.sslcainfo)\" && case \"$value\" in \"'+Cmd+'\"/*|\"C:/Program Files/Git/\"*|\"c:/Program Files/Git/\"*) git config -f config --unset http.sslcainfo;; esac"',ProgramData+'\Git',SW_HIDE,ewWaitUntilTerminated,i) then
+            LogError('Unable to delete http.sslCAInfo from ProgramData config');
         Cmd:='http.sslCAInfo "'+AppDir+'/{#MINGW_BITNESS}/ssl/certs/ca-bundle.crt"';
         StringChangeEx(Cmd,'\','/',True);
-        if not Exec(AppDir+'\{#MINGW_BITNESS}\bin\git.exe','config -f config '+Cmd,
-                ProgramData+'\Git',SW_HIDE,ewWaitUntilTerminated,i) then
+        if not Exec(AppDir+'\{#MINGW_BITNESS}\bin\git.exe','config --system '+Cmd,
+                AppDir,SW_HIDE,ewWaitUntilTerminated,i) then
             LogError('Unable to configure SSL CA info: ' + Cmd);
     end;