Win x64 PowerShell Artifact Upload Fails Self-signed SSL UTF-8 BOM Encoding
Summary
I'm working with a gitlab community edition installation, using a self-signed certificate, and ran into a problem with the gitlab-runner using the certificate file.
The original certificate file is stored as UTF-8, without the BOM. It appears that when the tls-ca-file
specified in config.toml
is copied to the CI_SERVER_TLS_CA_FILE
file during the run/build, it's being converted from UTF-8 to UTF-8 BOM.
The byte order mark is causing the artifacts upload to fail on windows using PowerShell.
Example config.toml
file:
concurrent = 1
check_interval = 0
[[runners]]
name = "MY-RUNNER"
url = "https://gitlab.uhcl.edu/ci"
token = "REMOVED"
tls-ca-file = "C:\\Multi-Runner\\gitlab.hostname.crt"
tls_verify = false
executor = "shell"
shell = "powershell"
environment = ["GIT_SSL_NO_VERIFY=true"]
[runners.ssh]
[runners.docker]
tls_verify = false
image = ""
privileged = false
disable_cache = false
[runners.parallels]
base_name = ""
disable_snapshots = false
[runners.virtualbox]
base_name = ""
disable_snapshots = false
[runners.cache]
Sample .gitlab-ci.yml
file:
variables:
GIT_SSL_NO_VERIFY: "true"
NPM_CONFIG_LOGLEVEL: "warn"
NUGET_PACKAGES: $CI_PROJECT_DIR/.nuget/packages
before_script:
- node -v
- npm -v
stages:
- build
cache:
key: "$CI_BUILD_REF_NAME"
untracked: true
paths:
- dist/
- src/node_modules/
windows_build:
script:
- powershell -ExecutionPolicy ByPass -File build.ps1 -target "Build"
type: build
only:
- master
tags:
- windows
- nodejs
- gulp
artifacts:
untracked: true
paths:
- dist/
- assets/
- examples/
Example error when the file is copied as UTF-8 BOM:
Version: 1.11.0
Git revision: 33af656
Git branch: 1-11-stable
GO version: go1.7.5
Built: Wed, 22 Feb 2017 15:57:56 +0000
OS/Arch: windows/amd64
Uploading artifacts...
dist/: found 21 matching files
assets/: found 43 matching files
examples/: found 80 matching files
untracked: found 7629 files
ERROR: Failed to parse PEM in C:\Multi-Runner\builds\327666eb\0\group-name\project-name.tmp\CI_SERVER_TLS_CA_FILE
ERROR: Uploading artifacts to coordinator... error error=couldn't execute POST against https://gitlab.hostname/ci/api/v1/builds/2042/artifacts?: Post https://gitlab.hostname/ci/api/v1/builds/2042/artifacts?: x509: certificate signed by unknown authority id=2042 token=XXXXXXX
WARNING: Retrying...
ERROR: Uploading artifacts to coordinator... error error=couldn't execute POST against https://gitlab.hostname/ci/api/v1/builds/2042/artifacts?: Post https://gitlab.hostname/ci/api/v1/builds/2042/artifacts?: x509: certificate signed by unknown authority id=2042 token=XXXXXXX
WARNING: Retrying...
ERROR: Uploading artifacts to coordinator... error error=couldn't execute POST against https://gitlab.hostname/ci/api/v1/builds/2042/artifacts?: Post https://gitlab.hostname/ci/api/v1/builds/2042/artifacts?: x509: certificate signed by unknown authority id=2042 token=XXXXXXX
FATAL: invalid argument
ERROR: Job failed: exit status 1
It appears that the CI_SERVER_TLS_CA_FILE
file is replaced multiple times during the build, making it hard to intercept with a text editor. In my attempt to work though the problem, I looped the following command while the build was running and was able to achieve a successful upload:
cd C:\Multi-Runner
# Rapidly looped/repeated the following until the build completed:
cp .\gitlab.hostname.crt .\builds\327666eb\0\group-name\project-name.tmp\CI_SERVER_TLS_CA_FILE
The resulting output while doing this was:
Version: 1.11.0
Git revision: 33af656
Git branch: 1-11-stable
GO version: go1.7.5
Built: Wed, 22 Feb 2017 15:57:56 +0000
OS/Arch: windows/amd64
Uploading artifacts...
dist/: found 21 matching files
assets/: found 43 matching files
examples/: found 80 matching files
untracked: found 7629 files
Uploading artifacts to coordinator... ok id=2054 responseStatus=201 Created token=XXXXXXX
Job succeeded