some issue with hex on windows machine

[miwee]

I have Erlang 17.3 and Elixir 1.0.0 installed. Platform is Windows 7.
My setup was running fine. Now when I try to use hex I get this error

D:\test>mix local.hex
Are you sure you want to install archive https://hex.pm/installs/hex.ez? [Yn] y
ERROR: cannot verify hex.pm's certificate, issued by `/C=FR/O=GANDI SAS/CN=Gandi Standard SSL CA':
  Self-signed certificate encountered.
To connect to hex.pm insecurely, use `--no-check-certificate'.
Unable to establish SSL connection.
** (Mix) Could not fetch data, please download manually from "https://hex.pm/installs/hex.ez" and copy it to "C:\\Users\\miwee\\AppData\\Local\\Temp/hex.ez"

I downloaded and copied hex.ez at mentioned place, but it didn't help.

Any suggestions?

thanks
miwee

[Eric Meadows-Jönsson]

The error message is a bug. You should put the file in C:\Users\miwee\.mix\archives.

I want to check what the certificate issue from wget is. How did install it?

​

--
You received this message because you are subscribed to the Google Groups "elixir-lang-talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elixir-lang-ta...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
Eric Meadows-Jönsson

[miwee]

it works. thanks.
I installed the elixir from http://s3.hex.pm/elixir-websetup.exe
I installed wget from chocolatey repo

[Eric Meadows-Jönsson]

It seems like the wget package on chocolatey does not bundle ca root certs [1] which leads to this failure.

[1] http://users.ugent.be/~bpuype/wget/#certificates

[José Valim]

Should we then remove wget from the list on Windows?

José Valim

www.plataformatec.com.br

Skype: jv.ptec

Founder and Lead Developer

[José Valim]

miwee, could you please check two things?

1. does it work with curl (if one is available)?

2. if you uninstall both curl and wget, does it work?

Thank you!

José Valim

www.plataformatec.com.br

Skype: jv.ptec

Founder and Lead Developer

[miwee]

if i uninstall wget and install curl (from chocolatey repo)

I get similar error

Are you sure you want to install archive https://hex.pm/installs/hex.ez? [Yn] y               

curl: (60) SSL certificate problem: self signed certificate in certificate chain              
More details here: http://curl.haxx.se/docs/sslcerts.html                                     
                                                                                              
curl performs SSL certificate verification by default, using a "bundle"                       
 of Certificate Authority (CA) public keys (CA certs). If the default                         
 bundle file isn't adequate, you can specify an alternate file                                
 using the --cacert option.                                                                   
If this HTTPS server uses a certificate signed by a CA represented in                         
 the bundle, the certificate verification probably failed due to a                            
 problem with the certificate (it might be expired, or the name might                         
 not match the domain name in the URL).                                                       
If you'd like to turn off curl's verification of the certificate, use                         
 the -k (or --insecure) option.                                                               

If I remove both wget and curl

then mix local.hex  command simply hangs. no output, nor any error message. I've to Ctrl-C to exit the program.

thanks,
miwee

[José Valim]

Thank you! One last question, can you please try this command:

powershell -Command "& {$ErrorActionPreference = 'Stop'; $client = new-object System.Net.WebClient; $client.DownloadFile(\"https://hex.pm/installs/hex.ez\", \"hex-ps.ez\")}"

This is the command we run on Windows when wget and curl are not available.

José Valim

www.plataformatec.com.br

Skype: jv.ptec

Founder and Lead Developer

[miwee]

the command terminates normally. no error message (no success message either). so looks like the command is working.

thanks
miwee

[José Valim]

If running manually works, I wonder why it hang when running it via a Mix command. Can you please try this one last command:

iex(1)> Application.start(:mix)

:ok

iex(2)> Mix.shell.cmd ~s[powershell -Command "& {$ErrorActionPreference = 'Stop'; $client = new-object System.Net.WebClient; $client.DownloadFile(\"https://hex.pm/installs/hex.ez\", \"hex-ps.ez\")}"]

Thanks a lot!

José Valim

www.plataformatec.com.br

Skype: jv.ptec

Founder and Lead Developer

[Onorio Catenacci]

On Tuesday, September 23, 2014 6:07:57 AM UTC-4, José Valim wrote:

If running manually works, I wonder why it hang when running it via a Mix command. Can you please try this one last command:

iex(1)> Application.start(:mix)

:ok

iex(2)> Mix.shell.cmd ~s[powershell -Command "& {$ErrorActionPreference = 'Stop'; $client = new-object System.Net.WebClient; $client.DownloadFile(\"https://hex.pm/installs/hex.ez\", \"hex-ps.ez\")}"]

Thanks a lot!

For whatever it's worth:

1.) I pulled curl down manually (v7.30.0) and I get the same error on Windows 7.  I mean to say this is not the version from Chocolatey (v7.28.1) but I see the same issue.  

2.) I tried manually running that last command; this is what I got:

At line:1 char:131

+ ... installs/hex.ez, hex-ps.ez)}

+                    ~

Missing argument in parameter list.

At line:1 char:3

+ & {$ErrorActionPreference = 'Stop'; $client = new-object System.Net.WebClient; $ ...

+   ~

Missing closing '}' in statement block.

At line:1 char:142

+ ... x.ez, hex-ps.ez)}

+                    ~

Unexpected token ')' in expression or statement.

At line:1 char:143

+ ... .ez, hex-ps.ez)}

+                    ~

Unexpected token '}' in expression or statement.

    + CategoryInfo          : ParserError: (:) [], ParentContainsErrorRecordException

    + FullyQualifiedErrorId : MissingEndParenthesisInMethodCall

0

[Onorio Catenacci]

On Tuesday, September 23, 2014 11:32:22 AM UTC-4, Onorio Catenacci wrote:

On Tuesday, September 23, 2014 6:07:57 AM UTC-4, José Valim wrote:

If running manually works, I wonder why it hang when running it via a Mix command. Can you please try this one last command:

iex(1)> Application.start(:mix)

:ok

iex(2)> Mix.shell.cmd ~s[powershell -Command "& {$ErrorActionPreference = 'Stop'; $client = new-object System.Net.WebClient; $client.DownloadFile(\"https://hex.pm/installs/hex.ez\", \"hex-ps.ez\")}"]

Thanks a lot!

 

Pulling the powershell command out and running it directly from a DOS command prompt:

C:\Program Files (x86)\Microsoft Visual Studio 11.0>powershell -Command "& {$ErrorActionPreference = 'Stop'; $client = new-object System.Net.WebClient; $client.

DownloadFile(\"https://hex.pm/installs/hex.ez\", \"hex-ps.ez\")}"

Exception calling "DownloadFile" with "2" argument(s): "An exception occurred during a WebClient request."

At line:1 char:80

+ & {$ErrorActionPreference = 'Stop'; $client = new-object

System.Net.WebClient; $ ...

+

  ~

    + CategoryInfo          : NotSpecified: (:) [], ParentContainsErrorRecordException

    + FullyQualifiedErrorId : WebException 

--

Onorio

[Eric Meadows-Jönsson]

The powershell command works for me. Maybe something went wrong when pasting it?

--
You received this message because you are subscribed to the Google Groups "elixir-lang-talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elixir-lang-ta...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
Eric Meadows-Jönsson

[Onorio Catenacci]

On Tuesday, September 23, 2014 12:19:00 PM UTC-4, Eric Meadows-Jönsson wrote:

The powershell command works for me. Maybe something went wrong when pasting it?

That thought had occurred to me too Eric; I did try it a couple of times but that's hardly conclusive.  I'll try it again when I get a bit more time. 

[miwee]

The given command still hangs. Ctrl-C needed.
few things I noticed.

The working command at DOS is this, which you gave earlier

powershell -Command "& {$ErrorActionPreference = 'Stop'; $client = new-object System.Net.WebClient; $client.DownloadFile(\"https://hex.pm/installs/hex.ez\", \"hex-ps.ez\")}"

If we check the actual format of command at iex shell

iex(1)> IO.puts ~s[powershell -Command "& {$ErrorActionPreference = 'Stop'; $client = new-object System.Net.WebClient; $client.DownloadFile(\"https://hex.pm/installs/hex.ez\", \"hex-ps.ez\")}"]

powershell -Command "& {$ErrorActionPreference = 'Stop'; $client = new-object System.Net.WebClient; $client.DownloadFile("https://hex.pm/installs/hex.ez", "hex-ps.ez")}"

So escape characters are gone in the $client.DownloadFile section. If I replace ~s with ~S for preserving escaping

iex(5)> IO.puts ~S[powershell -Command "& {$ErrorActionPreference = 'Stop'; $client = new-object System.Net.WebClient; $client.DownloadFile(\"https://hex.pm/installs/hex.ez\", \"hex-ps.ez\")}"]

powershell -Command "& {$ErrorActionPreference = 'Stop'; $client = new-object System.Net.WebClient; $client.DownloadFile(\"https://hex.pm/installs/hex.ez\", \"hex-ps.ez\")}"

command is now identical to the earlier working command at DOS. But it still hangs. Most likely it's an issue with Mix.shell.cmd handling of stdin chars. Since when I ran the above command in DOS there is no output (may be a new line, but I'm not sure). For example I tried following, by adding help command at the end

iex(1)> Application.start(:mix)
:ok
iex(2)> Mix.shell.cmd ~S[powershell -Command "& {$ErrorActionPreference = 'Stop'; $client = new-object System.Net.WebClient; $client.DownloadFile(\"https://hex.pm/installs/hex.ez\", \"hex-ps.ez\"); help}"]
TOPIC
    Get-Help

SHORT DESCRIPTION
    Displays help about Windows PowerShell cmdlets and concepts.

LONG DESCRIPTION

SYNTAX
    get-help {<CmdletName> | <TopicName>}
    help {<CmdletName> | <TopicName>}
    <CmdletName> -?

    "Get-help" and "-?" display help on one page.
    "Help" displays help on multiple pages.
       
    Examples:
      get-help get-process   : Displays help about the Get-Process cmdlet.
      get-help about_signing : Displays help about signing scripts.

So the given commands are running, but Mix.shell.cmd is not able to detect that commands are actually finished running, and it keeps waiting.

thanks
miwee

[José Valim]

Thank you! Can you please try writing the command with Shell.cmd/3? Maybe using the System.cmd/3 API would work correctly?

José Valim

www.plataformatec.com.br

Skype: jv.ptec

Founder and Lead Developer

[Eric Meadows-Jönsson]

The escaping issue was from copying the code here, it should be correct in the original Mix code.

I am unable to reproduce the issue of the command not exiting. Do you know why it might be happening?

On Tue, Sep 23, 2014 at 8:42 PM, miwee <me.m...@gmail.com> wrote:

--
Eric Meadows-Jönsson

[miwee]

The below command exits normally

hex_download_cmd = ~S[powershell -Command "& {$ErrorActionPreference = 'Stop'; $client = new-object System.Net.WebClient; $client.DownloadFile(\"https://hex.pm/installs/hex.ez\", \"hex-ps.ez\");}"]

hex_download_cmd |> :erlang.binary_to_list() |> :os.cmd()

But the below command hangs

hex_download_cmd_opts = ~S[-Command "& {$ErrorActionPreference = 'Stop'; $client = new-object System.Net.WebClient; $client.DownloadFile(\"https://hex.pm/installs/hex.ez\", \"hex-ps.ez\");}"]

System.cmd("powershell", [hex_download_cmd_opts])

[Eric Meadows-Jönsson]

System.cmd will escape the arguments so that command won’t work.

The following works on my machine:

System.cmd "powershell", ["-Command", ~S["& {$ErrorActionPreference = 'Stop'; $client = new-object System.Net.WebClient; $client.DownloadFile(\"https://hex.pm/installs/hex.ez\", \"hex-ps.ez\");}"]]

It looks like we should default to powershell on windows and fall back to curl / wget, instead of the other way around.

​

[Dave Cottlehuber]

> The following works on my machine:
>
> System.cmd "powershell", ["-Command", ~S["& {$ErrorActionPreference =
> 'Stop'; $client = new-object System.Net.WebClient;
> $client.DownloadFile(\"https://hex.pm/installs/hex.ez\",
> \"hex-ps.ez\");}"]]
>
> It looks like we should default to powershell on windows and fall back to
> curl / wget, instead of the other way around.

Is there an embarassingly obvious reason we’re not simply using from stdlib:

:ssl.start
:inets.start
url = 'https://hex.pm/installs/hex.ez'
{ok, {{_, 200, _reason }, _headers, content}} = :httpc.request url

and avoiding this whole mess?

—
Dave Cottlehuber
d...@jsonified.com
Sent from my Couch

[Eric Meadows-Jönsson]

Yes, we cannot use https with httpc.

[Dave Cottlehuber]

> Yes, we cannot use https with httpc.

Hi Eric,

I already tested my example in Elixir 1.0.0 on FreeBSD in 17.1, and OSX with 17.3, and Windows 7 x64 with 17.3 (erlang). They all produce the same correct result.

In what case do you (or others) get a failure with https, or is there something special about hex that I missed?

Sorry if this was already discussed on list.

A+
Dave

[Eric Meadows-Jönsson]

Hi Dave,

Sorry for my short response, I will try to explain it a bit more in depth.

We are moving towards making Hex secure. That means using HTTPS to fetch packages and the registry and ultimately the signing of packages. Making Hex secure is completely useless if we cannot safely install it. Someone can MITM the request to fetch Hex and install a compromised version on your system.

Your request completes successfully but that doesn't mean you are using HTTPS. The connection is encrypted but the peer is not verified by default with httpc. Verifying the peer requires pinning the certificate for hex.pm and whatever CDN we may use or using a list of root certificates to validate the certificate.

Certificate pinning is complicated because we have no automatic way to update your Elixir installation. Say that we bundle hex.pm's certificate with Elixir 1.0.0, but then in the future, the certificate hex.pm sends is changed which will break the installation of Hex with Elixir 1.0.0 forever.

Erlang does not bundle a list of root certificates and Elixir can't do it either, because again, we have no way of updating Elixir when root certificates are added or removed. Erlang does not expose an API for us the find the system's root certificates (hopefully this can change in the future).

Instead, to download Hex we try to call out to applications on your system which have root certificates or can access the system's certificates. 

--
You received this message because you are subscribed to the Google Groups "elixir-lang-talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elixir-lang-ta...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
Eric Meadows-Jönsson

[Onorio Catenacci]

So at the risk of asking a dumb question:

I pulled down hex-ps.ez (used Eric's command below) and I still cannot get mix deps.get or mix. deps.compile or pretty much anything that uses hex to work on Windows.  By the way, I tried this with both names (hex-ps.ez and hex.ez) so that doesn't seem to be part of the issue. I copied hex-ps.ez into the directory the message specifies (which seems to be my %TEMP% dir) but it looks as if mix still isn't seeing hex installed because it keeps prompting me to get hex again:

PS C:\dev\findprospects> mix deps.get

Could not find hex, which is needed to build dependency :httpotion

Shall I install hex? [Yn] Y

curl: (60) SSL certificate problem: unable to get local issuer certificate

More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"

 of Certificate Authority (CA) public keys (CA certs). If the default

 bundle file isn't adequate, you can specify an alternate file

 using the --cacert option.

If this HTTPS server uses a certificate signed by a CA represented in

 the bundle, the certificate verification probably failed due to a

 problem with the certificate (it might be expired, or the name might

 not match the domain name in the URL).

If you'd like to turn off curl's verification of the certificate, use

 the -k (or --insecure) option.

** (Mix) Could not fetch data, please download manually from "https://hex.pm/installs/hex.ez" and copy it to "C:\\Users\\OCATEN~1\\AppData\\Local\\Temp/hex.ez"

Mind you, I get all that after having done the download command that Eric outlined below and copying hex.ez into the directory specified.

Any ideas?  I'd love to be able to do development on my Windows box again.

Oh and by the way, I found this:

http://superuser.com/questions/442793/why-cant-curl-properly-verify-a-certificate-on-windows

And I tried it to see if I could get rid of the curl error message.  No luck.  I mention that in case it helps to develop a better fix for this curl issue.

--

Onorio

[José Valim]

Onorio, to exactly which directory did you copy your hex.ez file?

José Valim

www.plataformatec.com.br

Skype: jv.ptec

Founder and Lead Developer

[Onorio Catenacci]

c:\users\ocatenacci\appdata\local\temp 

That's also the value of the %temp% environment variable.

--

Onorio

[Onorio Catenacci]

Hi José,

Duh--just found Eric's old message about the right location for the hex.ez file.  Sorry--PEBCAK moment.  :-)

--

Onorio

On Wednesday, October 1, 2014 11:10:32 AM UTC-4, José Valim wrote:

[José Valim]

It is definitely our fault though. A bug fix is coming with elixir 1.0.1 which should be out in about 10 days.

--