Skip to content

Error downloading packages etc #19465

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
proitcon opened this issue May 6, 2025 · 3 comments
Open

Error downloading packages etc #19465

proitcon opened this issue May 6, 2025 · 3 comments
Labels
question Further information is requested

Comments

@proitcon
Copy link

proitcon commented May 6, 2025

I am following the instructions from Microsoft to run CodeQL on a driver project using version 2.15.4.
When trying to download the packages I get this error:
Package specifications to check for download: microsoft/windows-drivers@1.0.13
A fatal error occurred: Could not create access credentials for microsoft/windows-drivers.
(eventual cause: SunCertPathBuilderException "unable to find valid certification path to requested target")

Another thread suggested adding certificates to a store:

But this did not make any difference.
@proitcon proitcon added the question Further information is requested label May 6, 2025
@rvermeulen
Copy link
Contributor

Hi @proitcon,

Thanks for your question.
This error is commonly caused by end point security systems intercepting traffic.
The solution is to add the root certificate of the end point security system to the CodeQL keystore.

Can you share more information on which keystore you have updated?

@proitcon
Copy link
Author

proitcon commented May 6, 2025

Hi @rvermeulen
I can see now that the links I provided didn't make it through.
I used these command as suggested in another thread here:
echo | openssl s_client -showcerts -servername ghcr.io -connect ghcr.io:443 > ghcr-certificates.pem
keytool -import -alias ghcr -keystore "/codeql/tools/win64/java/lib/security/cacerts" -file ghcr-certificates.pem

The file was imported but it did not make any difference.

@rvermeulen
Copy link
Contributor

Hi @proitcon,

Can you validate that ghcr-certificates.pem contain the intermediate/root public keys?
The certification path fails because it misses those.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question Further information is requested
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@rvermeulen @proitcon