From 1de64e1482498754439baf719914a9197d6f0f6d Mon Sep 17 00:00:00 2001 From: Johannes Schindelin Date: Tue, 4 Apr 2017 13:21:17 +0200 Subject: [PATCH] installer: configure http.sslCAInfo in "system-wide" config Git for Windows has that very special thing that the "system-wide" config actually only extends to the current Git for Windows in use. The reason: Git's design assumes a Unix environment where there is a single top-level `/etc/` directory. This is not true for Windows, where there simply is no equivalent for the `/etc/` directory. Instead, we have a `\mingw64\etc\gitconfig` that is used by the `git.exe` installed into the same location. We *also* have a `C:\ProgramData\Git\config` whose purpose is to hold configuration that extends to more than just Git for Windows: JGit, libgit2-based software, portable Git all read from there (or at least are supposed to). We have to be careful not to write anything into the ProgramData config that is private to Git for Windows. And the SSL certificates that are used by Git for Windows' own copy of cURL is pretty private. So let's configure it in Git for Windows' "system-wide" config instead of in ProgramData. This fixes https://github.com/git-for-windows/git/issues/531 Signed-off-by: Johannes Schindelin --- installer/install.iss | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/installer/install.iss b/installer/install.iss index 70f1c4c49b..08cef6f610 100644 --- a/installer/install.iss +++ b/installer/install.iss @@ -1852,10 +1852,14 @@ begin if not Exec(AppDir+'\{#MINGW_BITNESS}\bin\git.exe','config --system pack.packsizelimit 2g',AppDir,SW_HIDE,ewWaitUntilTerminated,i) then LogError('Unable to limit packsize to 2GB'); #endif + Cmd:=AppDir+'/'; + StringChangeEx(Cmd,'\','/',True); + if not Exec(AppDir+'\bin\bash.exe','-c "value=\"$(git config -f config http.sslcainfo)\" && case \"$value\" in \"'+Cmd+'\"/*|\"C:/Program Files/Git/\"*|\"c:/Program Files/Git/\"*) git config -f config --unset http.sslcainfo;; esac"',ProgramData+'\Git',SW_HIDE,ewWaitUntilTerminated,i) then + LogError('Unable to delete http.sslCAInfo from ProgramData config'); Cmd:='http.sslCAInfo "'+AppDir+'/{#MINGW_BITNESS}/ssl/certs/ca-bundle.crt"'; StringChangeEx(Cmd,'\','/',True); - if not Exec(AppDir+'\{#MINGW_BITNESS}\bin\git.exe','config -f config '+Cmd, - ProgramData+'\Git',SW_HIDE,ewWaitUntilTerminated,i) then + if not Exec(AppDir+'\{#MINGW_BITNESS}\bin\git.exe','config --system '+Cmd, + AppDir,SW_HIDE,ewWaitUntilTerminated,i) then LogError('Unable to configure SSL CA info: ' + Cmd); end;