[Halld-offline] fixing access to github [Re: git clone and certificates at JLab]

Mark Ito marki at jlab.org
Tue May 23 10:49:18 EDT 2017

Bottom line: doing nothing with certificates is the permanent solution.

Last week GitHub changed the way they use certificates (using 
certificate pinning 
<https://en.wikipedia.org/wiki/HTTP_Public_Key_Pinning>). This broke the 
solution we were using previously, i. e., configuring git to use a JLab 
certificate was causing errors. And so our git transactions (at least 
those from ifarm) were failing last week.

The solution suggested last week (see below) was to stop using the JLab 
certificate with Git.

The reaction from the Computer Center to the GitHub change is to 
whitelist GitHub, exempting it from the web filter and foregoing 
decryption of traffic from GitHub. Which means we do not need to do 
anything with certificates at all as far as Git and GitHub are 
concerned; the non-use of certificates is the way we should go from now 
on. Basically the original problem has disappeared.

Thanks to Wesley Moore of CNI for tracking this down for us.

So now we need an FAQ on how to undo the solution suggested by the old FAQ!

On 05/11/2017 12:39 PM, Mark Ito wrote:
> For some reason, unknown to me, calling out a certificate in your 
> .gitconfig file is breaking git clone at JLab as of today. If you 
> delete your .gitconfig from your home directory (or move out of the 
> way), clones should work. Let me know if that is not what you see.
Mark Ito, marki at jlab.org, (757)269-5295

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mailman.jlab.org/pipermail/halld-offline/attachments/20170523/343b587a/attachment-0002.html>

More information about the Halld-offline mailing list