0

I'm trying to deploy a project to heroku. I customized Adam Bugress' buildpack so that it bootstraps paket.exe and restores my dependencies.

Nuget dependencies seem to work fine but restoring Gist dependency fails and so does the bootstrapper. Here's the output from the latter

Mozilla Roots Importer - version 4.5.0.0
Download and import trusted root certificates from Mozilla's MXR.
Copyright 2002, 2003 Motus Technologies. Copyright 2004-2008 Novell. BSD licensed.
Downloading from 'http://mxr.mozilla.org/seamonkey/source/security/nss/lib/ckfw/builtins/certdata.txt?raw=1'...
Importing certificates into user store...
140 new root certificates were added to your trust store.
Import process completed.

Checking Paket version (version 2.50.11 requested)...
Version 2.50.11 not found in cache.
Starting download from https://github.com/fsprojects/Paket/releases/download/2.50.11/paket.exe
'Cache' download failed. If using Mono, you may need to import trusted certificates using the 'mozroots' tool as none are contained by default. Trying fallback download from 'Github'.
Checking Paket version (version 2.50.11 requested)...
Starting download from https://github.com/fsprojects/Paket/releases/download/2.50.11.0/paket.exe
'Github' download failed. If using Mono, you may need to import trusted certificates using the 'mozroots' tool as none are contained by default. Trying fallback download from 'Nuget'.
Checking Paket version (version 2.50.11 requested)...
Starting download from https://www.nuget.org/api/v2/package/Paket/2.50.11
Error: TrustFailure (Nuget)
Error: TrustFailure (Github)
Error: TrustFailure (Cache)

As you can see above I am calling mozroots --import --sync to no avail. Please help

Update - certmgr

Mono Certificate Manager - version 4.5.0.0
Manage X.509 certificates and CRL from stores.
Copyright 2002, 2003 Motus Technologies. Copyright 2004-2008 Novell. BSD licensed.
X.509 Certificate v3
Issued from: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
Issued to:   C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Extended Validation Server CA
Valid from:  10/22/2013 12:00:00 PM
Valid until: 10/22/2028 12:00:00 PM
*** WARNING: Certificate signature is INVALID ***
Import this certificate into the CA store ?
Unhandled Exception:
System.NullReferenceException: Object reference not set to an instance of an object
   at Mono.Tools.CertificateManager.Ssl (System.String host, Boolean machine, Boolean verbose) <0x40ae7c40 + 0x0075a> in <filename unknown>:0 
   at Mono.Tools.CertificateManager.Main (System.String[] args) <0x40ae2d70 + 0x004f0> in <filename unknown>:0 
[ERROR] FATAL UNHANDLED EXCEPTION: System.NullReferenceException: Object reference not set to an instance of an object
   at Mono.Tools.CertificateManager.Ssl (System.String host, Boolean machine, Boolean verbose) <0x40ae7c40 + 0x0075a> in <filename unknown>:0 
   at Mono.Tools.CertificateManager.Main (System.String[] args) <0x40ae2d70 + 0x004f0> in <filename unknown>:0
Tomasz Pluskiewicz
  • 3,622
  • 1
  • 19
  • 42
  • Did you ever tried manually the URL's? they yield a wonderful 404... only the nuget works. – Gusman Feb 29 '16 at 14:05
  • Thanks, my bad. Should be 2.50.11. But the effect is the same – Tomasz Pluskiewicz Mar 01 '16 at 09:41
  • Try this: certmgr --ssl https://github.com/fsprojects/Paket/releases/download/2.50.11.0/paket.exe – Gusman Mar 01 '16 at 09:45
  • Comments screwed the final part, it's certmgr --ssl (the https url to download certs for) – Gusman Mar 01 '16 at 09:46
  • I tried certmgr. Please see the output. Unfortunately I don't think I can script this for Heroku because it expects confirmation? – Tomasz Pluskiewicz Mar 01 '16 at 10:22
  • Woah, you are stomping with tons of bugs.. certmgr --ssl downloads the certificate and adds it to the store, so it would not be needed to execute it with Heroku if it was executed succesfully at least once. You can compile the cermtgr from source (https://github.com/mono/mono/blob/master/mcs/tools/security/certmgr.cs) and debug what is causing that exception, or it can give you a pointer on how to download the certificate and add it to the CA. – Gusman Mar 01 '16 at 11:24

0 Answers0