Getting install error on WSL:
> XXXX@YYYY:/mnt/...
# installt
tall-needle-56640
10/09/2020, 12:24 AMGetting install error on WSL:
XXXX@YYYY:/mnt/c/WINDOWS/system32$ curl -fsSL --insecure https://get.pulumi.com | sh
error: could not determine latest version of Pulumi, try passing --version X.Y.Z to
install an explicit version
We're sorry, but it looks like something might have gone wrong during installation.
If you need help, please join us on https://slack.pulumi.com/
g
gentle-diamond-70147
10/09/2020, 4:24 PMCan you try running
curl --fail --silent -L "<https://www.pulumi.com/latest-version>"t
tall-needle-56640
10/10/2020, 6:43 PMI get no output at all.
g
gentle-diamond-70147
10/12/2020, 7:32 PMCan you try without the
--silentt
tall-needle-56640
10/12/2020, 10:04 PMI get a cert error. But if I add
--insecure2.11.2g
gentle-diamond-70147
10/12/2020, 10:05 PMCan you share the full error with
--verboset
tall-needle-56640
10/12/2020, 10:13 PM$ curl --fail -L --insecure --verbose "https://www.pulumi.com/latest-version"
* Trying 13.249.93.4...
* Connected to www.pulumi.com (13.249.93.4) port 443 (#0)
* found 127 certificates in /etc/ssl/certs/ca-certificates.crt
* found 508 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* SSL connection using TLS1.2 / ECDHE_RSA_AES_256_GCM_SHA384
* server certificate verification SKIPPED
* server certificate status verification SKIPPED
* common name: www.pulumi.com (matched)
* server certificate expiration date OK
* server certificate activation date OK
* certificate public key: RSA
* certificate version: #3
* subject: CN=www.pulumi.com
* start date: Mon, 12 Oct 2020 215259 GMT
* expire date: Tue, 12 Oct 2021 215259 GMT
* issuer: C=US,ST=Minnesota,L=Arden Hills,O=LAND O LAKES INC,OU=IT,CN=proxy.ent.lolcentral.com
* compression: NULL
* ALPN, server did not agree to a protocol
GET /latest-version HTTP/1.1
Host: www.pulumi.com
User-Agent: curl/7.47.0
Accept: /< HTTP/1.1 200 OK < Age: 29 < Date: Mon, 12 Oct 2020 221202 GMT < ETag: "2304f92cf4921374e8a0864246d58e32" < Server: AmazonS3 < X-Cache: Hit from cloudfront < Connection: Keep-Alive < X-Amz-Cf-Id: nfOPeg8hCffOsxb96SZY-bs2eVu2TLK5wu2F353Fmw-USOKM-2C4tQ== < Content-Type: text/plain < X-Amz-Cf-Pop: LAX50-C3 < Last-Modified: Fri, 09 Oct 2020 221229 GMT < Content-Length: 6 < * Connection #0 to host www.pulumi.com left intact 2.11.2
tall-needle-56640
10/12/2020, 10:14 PMcurl -fsSL --insecure --verbose https://get.pulumi.com | sh
* Rebuilt URL to: https://get.pulumi.com/
* Trying 99.84.167.119...
* Connected to get.pulumi.com (99.84.167.119) port 443 (#0)
* found 127 certificates in /etc/ssl/certs/ca-certificates.crt
* found 508 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* SSL connection using TLS1.2 / ECDHE_RSA_AES_256_GCM_SHA384
* server certificate verification SKIPPED
* server certificate status verification SKIPPED
* common name: get.pulumi.com (matched)
* server certificate expiration date OK
* server certificate activation date OK
* certificate public key: RSA
* certificate version: #3
* subject: CN=get.pulumi.com
* start date: Mon, 12 Oct 2020 220031 GMT
* expire date: Tue, 12 Oct 2021 220031 GMT
* issuer: C=US,ST=Minnesota,L=Arden Hills,O=LAND O LAKES INC,OU=IT,CN=proxy.ent.lolcentral.com
* compression: NULL
* ALPN, server did not agree to a protocol
GET / HTTP/1.1
Host: get.pulumi.com
User-Agent: curl/7.47.0
Accept: /< HTTP/1.1 200 OK < Age: 495 < Date: Mon, 12 Oct 2020 220217 GMT < ETag: "40f30a24bf23b7b1ad1313f563deceba" < Vary: Accept-Encoding < Server: AmazonS3 < X-Cache: Hit from cloudfront < Connection: Keep-Alive < X-Amz-Cf-Id: 4eURUeqTYD-Ob7zOJ9986fnWYOxsrSUXX-l1fTyKfylMKoWrplmdcA== < Content-Type: text/plain < X-Amz-Cf-Pop: LAX50-C1 < Accept-Ranges: bytes < Last-Modified: Tue, 15 Sep 2020 174506 GMT < Content-Length: 6529 < { [6529 bytes data] * Connection #0 to host get.pulumi.com left intact error: could not determine latest version of Pulumi, try passing --version X.Y.Z to install an explicit version We're sorry, but it looks like something might have gone wrong during installation. If you need help, please join us on https://slack.pulumi.com/
g
gentle-diamond-70147
10/13/2020, 5:47 AMSorry, one more...
curl --fail -L --verbose "<https://www.pulumi.com/latest-version>"t
tall-needle-56640
10/13/2020, 1:43 PM$ curl --fail -L --verbose "https://www.pulumi.com/latest-version"
* Trying 13.249.93.93...
* Connected to www.pulumi.com (13.249.93.93) port 443 (#0)
* found 127 certificates in /etc/ssl/certs/ca-certificates.crt
* found 508 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* SSL connection using TLS1.2 / ECDHE_RSA_AES_256_GCM_SHA384
* server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
* Closing connection 0
curl: (60) server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
tall-needle-56640
10/13/2020, 1:45 PMThe issue with the cert is likely because my company is intercepting the cert and changing the issuer. In one of the previous calls we can see
issuer: C=US,ST=Minnesota,L=Arden Hills,O=LAND O LAKES INC,OU=IT,CN=proxy.ent.lolcentral.com
tall-needle-56640
10/13/2020, 1:46 PMI'm working on getting an exception, but I thought I'd be able to temporarily work around it by using
--insecureg
gentle-diamond-70147
10/13/2020, 9:59 PMYes, I think that's the case - the cert being intercepted.
The https://get.pulumi.com/ script itself is doing a curl to
<https://www.pulumi.com/latest-version>--insecuret
tall-needle-56640
10/19/2020, 4:13 PMI got my security team to bypass the cert interception and it is working now. Thanks.
g
gentle-diamond-70147
10/19/2020, 4:36 PMThanks for the follow up. I'll see what we can do to print a more helpful error message.
13 Views