On Wed, 2018-07-04 at 13:26 +0200, Johannes Schindelin wrote:
> On Wed, 4 Jul 2018, Paul Smith wrote:
>
> > One thing I wanted to do was provide a default ca-bundle.crt file
> > along with my local build of Git. I need my installation to be
> > relocatable and I'm using RUNTIME_PREFIX with Git 2.18.0 (on
> > GNU/Linux).
>
> Understandable. We do this all the time in Git for Windows. Our
> config entry has this form:
>
> [http]
> sslCAinfo = /ssl/certs/ca-bundle.crt
>
> and in the RUNTIME_PREFIX mode, this will be made relative to the
> runtime prefix. It is my understanding that bf9acba (http: treat
> config options sslCAPath and sslCAInfo as paths, 2015-11-23) makes
> this work.
Hm. Unless I'm missing something this doesn't happen (and indeed, it
does not work for me; with:
[http]
sslcainfo = /etc/ca-bundle.crt
I get:
fatal: unable to access 'https://github.com/myrepo.git/': error
setting certificate verify locations:
CAfile: /etc/ca-bundle.crt
CApath: none
although it works if I use a fully-qualified pathname, and using strace
I find the process never attempted to access any other path for ca-
bundle.crt).
In http.c we see how this path is treated in http_options():
if (!strcmp("http.sslcainfo", var))
return git_config_pathname(&ssl_cainfo, var, value);
I can't tell exactly how this function is invoked, but the result
(ssl_cainfo) is used here without further modification:
curl_easy_setopt(result, CURLOPT_CAINFO, ssl_cainfo);
In config.c we find get_config_pathname() which does this:
*dest = expand_user_path(value, 0);
In path.c we find expand_user_path() which does this:
if (path == NULL)
goto return_null;
if (path[0] == '~') {
...
}
strbuf_addstr(&user_path, to_copy);
return strbuf_detach(&user_path, NULL);
I don't see any reference to system_prefix(), system_path(), etc. which
would be needed to RUNTIME_PREFIX-ize things.
