Paket.bootstrapper.exe unable to communicate with GitHub (5.138.5)

[kirasglimmer]

Description

GitHub shut down an old insecure encryption cypher, and paket.bootstrapper.exe is not able to talk to their servers. More info here:
https://githubengineering.com/crypto-removal-notice/

Repro steps

Please provide the steps required to reproduce the problem

1. Download latest paket.bootstrapper.exe

2. Try to run it. Observe error.

Checking Paket version (downloading latest stable)...
The request was aborted: Could not create SSL/TLS secure channel. (Github - cached)

Expected behavior

The bootstrapper downloads the latest version of paket.exe.

Actual behavior

Checking Paket version (downloading latest stable)...
The request was aborted: Could not create SSL/TLS secure channel. (Github - cached)

Known workarounds

None.

[ptrstpp950]

Workaround
Add registry keys to force NET framework to use strong encryption. For example PowerShell commands:

new-itemproperty -path "HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319" -name "SchUseStrongCrypto" -Value 1 -PropertyType "DWord";
new-itemproperty -path "HKLM:\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319" -name "SchUseStrongCrypto" -Value 1 -PropertyType "DWord"

[ppatino]

Any idea on expected resolution timeline? Workaround is easy enough locally but needs more work for CI servers.

[ptrstpp950]

As you can see pull request is in progress #3066
Still, it will need to changes in source after the owner of this repository release it (commit new bootstrapper). I'm just an unlucky user, who need workaround ASAP 😄

[BlythMeister]

Also, all source code branches would need an updated bootstrap if you add the bootstrapper into your repo...

[egracer]

You can also force the download from nuget using --force-nuget or by configuring paket.bootstrapper.exe.config as described in the bootstrapper documentation.

[samhanes]

If you're using magic mode, you can use the following paket.exe.config:

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
  <appSettings>
    <add key="ForceNuget" value="True"/>
  </appSettings>
</configuration>

[csmager]

I've updated to the bootstrapper in the 5.141.0 release (with the fix from #3066), I now get a different error in 'magic mode':

The request was aborted: The connection was closed unexpectedly. (Github - cached (temporarily ignore updates))

In normal mode, I see this:

Checking Paket version (downloading latest stable)...
Hash file of version 5.141.0 not found in cache.
Starting download from https://github.com/fsprojects/Paket/releases/download/5.141.0/paket-sha256.txt
'Github - cached' download failed. If using Mono, you may need to import trusted certificates using the 'mozroots' tool as none are contained by default. Trying fallback download from 'Nuget - cached'.

[ptrstpp950]

No only paket.exe.config helps

[forki]

Any ideas what's still going wrong?

[csmager]

Updated VS this morning and now VS and Rider both claim I don't have .NET Framework 4.5 SDK, so Paket won't build anymore. Once I've shaved that yak I'll see if I can debug and get more info...

[BlythMeister]

the release is missing the sha256.txt file...don't know if that helps

[csmager]

Ah, yeah. Clicking the link in the error message I posted gives you a 404.

[forki]

uploaded in 5.142.0

[BlythMeister]

Seem good now for me.

and in magic mode

[forki]

Thanks everyone Am 23.02.2018 11:11 schrieb "Chris Blyth" <[email protected]>:

…

[image: image] <https://user-images.githubusercontent.com/1046836/36589027-d8bef698-1881-11e8-895d-12a053a56a75.png> Seem good now for me. — You are receiving this because you commented. Reply to this email directly, view it on GitHub <#3065 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AADgNF96wksP9HBFpCoZMk3ReSfg4Gstks5tXo7MgaJpZM4SP6kq> .

[MiloszKrajewski]

Thank you for quick fix!

[dsyme]

Could someone post a description of what we should do?

For example, at the moment I just have this paket.exe

 Directory of C:\GitHub\dsyme\visualfsharp\fcs\.paket

09/01/2018  10:37            63,784 paket.exe
               1 File(s)         63,784 bytes
               0 Dir(s)  63,022,436,352 bytes free

If you send a link to the replacement I can replace it. I assume the appropriate replacement is the paket.bootstrapper.exe here https://github.com/fsprojects/Paket/releases/tag/5.142.0 but I have to manually rename it to be paket.exe?

[samhanes]

@dsyme That's correct.

[dsyme]

@samhanes thanks!

[misterspeedy]

Just to confirm - I had this exact issue with an extant project (VS Code + Win10) and downloading paket.bootstrapper.exe (as linked above) into .paket in my project, then renaming it to paket.exe, fixed the issue. Didn't have to restart VS Code.

[haf]

macOS / linux is not fixed by the above (from what I experienced myself), instead, download a new version of paket and assume Mr. Stenberg tells you the truth about what authorities to trust ;):

curl -L -o /tmp/cacert.pem https://curl.haxx.se/ca/cacert.pem
cert-sync --user /tmp/cacert.pem
export MONO_TLS_PROVIDER=btls
mono .paket/paket.exe install -vv

Note that this trusts the local DNS server to resolve curl.haxx.se to a valid domain, and that domain is unsigned https://dnssec-debugger.verisignlabs.com/curl.haxx.se — here is the SHA256 sum I saw 2018-02-26:

defe310a0184a12e4b1b3d147f1d77395dd7a09e3428373d019bef5d542ceba3 /tmp/cacert.pem

[Gonnagle]

This could probably be closed as fixed?