git HTTPS clone fails on Windows on CI_SERVER_TLS_CA_FILE error
Summary
Can't clone repository over HTTPS from gitlab-runner on Windows (2016 server).
This doesn't seem to be the same as https://gitlab.com/gitlab-org/gitlab-ee/issues/4136 , because the CI_SERVER_TLS_CA_FILE size is < 8191 (it's 7907 bytes long). It's also not the same as #3422 (closed) , as there is no spaces in the installation path of gitlab-runner, nor where the repository is cloned.
A simple git clone https://gitlab.com/sbarthelemy/conan-public-recipes.git
works, but not the sequence of commands the runner executes.
Steps to reproduce
I can reproduce every time by running manually the same commands as the runner as the "gitlab-runner" user of my system in a cmd.exe shell:
dir "C:\Users\gitlab-runner\builds\0690c1b5\0\sbarthelemy\conan-public-recipes.tmp\git-template" 2>NUL 1>NUL || md "C:\Users\gitlab-runner\builds\0690c1b5\0\sbarthelemy\conan-public-recipes.tmp\git-template" 2>NUL 1>NUL
rd /s /q "C:\Users\gitlab-runner\builds\0690c1b5\0\sbarthelemy\conan-public-recipes" 2>NUL 1>NUL
"git" "config" "-f" "C:\Users\gitlab-runner\builds\0690c1b5\0\sbarthelemy\conan-public-recipes.tmp\git-template/config" "fetch.recurseSubmodules" "false"
"git" "config" "-f" "C:\Users\gitlab-runner\builds\0690c1b5\0\sbarthelemy\conan-public-recipes.tmp\git-template/config" "http.https://gitlab.com.sslCAInfo" "C:\Users\gitlab-runner\builds\0690c1b5\0\sbarthelemy\conan-public-recipes.tmp\CI_SERVER_TLS_CA_FILE"
"git" "clone" "--no-checkout" "https://gitlab.com/sbarthelemy/conan-public-recipes.git" "C:/Users/gitlab-runner/builds/0690c1b5/0/sbarthelemy/conan-public-recipes" "--template" "C:\Users\gitlab-runner\builds\0690c1b5\0\sbarthelemy\conan-public-recipes.tmp\git-template"
Actual behavior
On the last step (the git clone call), I get this error:
fatal: unable to access 'https://gitlab-ci-token:xxxxxxxxxxxxxxxxxxxx@gitlab.com/sbarthelemy/conan-public-recipes.git/': error setting certificate verify locations:
CAfile: C:\Users\gitlab-runner\builds\0690c1b5\0\sbarthelemy\conan-public-recipes.tmp\CI_SERVER_TLS_CA_FILE
CApath: none
The system cannot find the path specified.
Expected behavior
The repository is cloned.
Relevant logs and/or screenshots
See attached build log.
Environment description
This is running on a specific runner. It's a Windows 2016 Server on AWS. Git and gitlab-runner have been installed using chocolatey:
choco install git gitlab-runner
The "shell" executor is used. The config.toml only has basic stuff (name, url, token, executor). The only customization I added is some environment variables to have more traces:
environment = ["CI_DEBUG_TRACE=true", "GIT_TRACE=2", "GIT_CURL_VERBOSE=1"]
Used GitLab Runner version
C:\Users\gitlab-runner>gitlab-runner --version
Version: 11.4.0
Git revision: 8af42251
Git branch: 11-4-stable
GO version: go1.8.7
Built: 2018-10-22T10:06:38+0000
OS/Arch: windows/amd64