question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Support git clone for repos with self-signed SSL certs

See original GitHub issue

Is your enhancement related to a problem? Please describe.

Say I’m a customer behind a firewall (air gap).

I have company wide certs for connecting my local laptop to company internal git repos.

But when I fire up Che 7, launch a workspace from a devfile…

projects:
  - name: java-maven-helloworld
    source:
      type: git
      location: "https://git.mycorp.com/projects-r-us/java-maven-helloworld.git"

… and try to clone from the repo, I can’t connect:

The only workaround is to open a console in the Che 7 workspace, and do this:

git config --global http.sslverify “false”
git clone https://git.mycorp.com/projects-r-us/java-maven-helloworld.git

So… how can I get those certs into my che 7 workspace OOTB via the devfile, so I can clone from those repos as part of workspace creation, rather than via a manual step?

Describe the solution you’d like

We can do it in same way how it works for Keycloak at the moment, here helm template and Java code in Che repository. Also need to configure git trust store.

Workflow will be:

  • admin put somewhere correct SSL certificate for internal Git server (with name like CHE_GIT_SSL_CERT);
  • during start workspace we will:
    • mount this certificate on each container as k8s secret, in specified path;
    • modify git config git config --global http.sslCAInfo /home/some-path/git-certs/cert.pem;

Issue Analytics

  • State:closed
  • Created 4 years ago
  • Comments:22 (18 by maintainers)

github_iconTop GitHub Comments

3reactions
l0rdcommented, Sep 27, 2019

Another option: since in user preferences we already persist git.username and git.email it may make sense to persist git.http.sslverify as well. I mean user config should probably not live in a devfile.

0reactions
vinokurigcommented, Dec 26, 2019
Read more comments on GitHub >

github_iconTop Results From Across the Web

Unable to clone Git repository due to self signed certificate
Git server is using self signed certificate and Fisheye/Crucible is unable to clone a Git repository. The following appears in the ...
Read more >
How can I make git accept a self signed certificate?
Export the root self-signed Certificate to a file. You can do this from within your browser. Locate the “ca-bundle.crt” file in your git...
Read more >
6 Ways to fix : SSL certificate problem: self signed ... - Jhooq
Scenario 1 : Git clone - SSL certificate problem: self signed certificate in certificate chain ... It is one of the most common...
Read more >
Fix Git Self Signed Certificate in Certificate Chain on Windows
A popular workaround is to disable SSL Verification using git config --global http.sslVerify false but that creates large security risks.
Read more >
Using self-signed certificates with Git – hydro|ecology
Using self-signed certificates with Git · openssl s_client -connect www.github.com:443 · -----BEGIN CERTIFICATE----- ...a bunch of garbage... ---- ...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found