Unexpected auth failures on package install

Habitat Help
#1

I’m seeing odd behavior when attempting to install a package from my origin in a local studio.

Context: origin has been around for a while, but hasn’t been actively developed recently. Generated a new auth token and keypair, and have them set in my cli.toml and ~/.hab/cache/keys respectively.

However, when I go into the studio and attempt to install/start one of my artifacts, I receive the following error:

[401 Unauthorized] Your GitHub token requires both user:email and read:org permissions.

If I try to do a hab pkg install outside of the studio instead, I get:

the handshake failed: The OpenSSL library reported an error: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed:s3_clnt.c:1269:: unable to get local issuer certificate

IIRC, this is from a config that was before access tokens on bldr, but am unsure where in my local config it’s trying to pull that from (or if I’m misdiagnosing entirely!)

Just updated hab, so running on version hab 0.62.1/20180905002018, installed on MacOS via brew.

#2

hey @ChefRycar you should be able to follow along here https://www.habitat.sh/docs/install-habitat/ to get your environment setup. You can probably skip down to “Configure your workstation”.

WRT the 2nd error, you can’t install packages on osx so it won’t work either way. For problems running the binary for other commands that are natively supported you might need to export SSL_CERT_FILE=/usr/local/etc/openssl/cert.pem

#3

Ah yeah, that make sense with the second error.

For the first, I’m still puzzled. I did run though the cli setup and kept things pretty boilerplate. Used a personal access token created via the UI, set up my origin as default. Didn’t setup any secrets, and my ~/.hab/etc/ directory just has a cli.toml with the origin/token set. My keypair is in ~/.hab/cache/keys, and they seemed to be pulled correctly when I enter the studio.

The error remains. I know I did have a github token set up previously, but don’t know if there’s anything cached in my local config that I need to be concerned with. Nothing was obvious in ~/.hab.

#4

Do you have an old version of the CLI?

#5

Nope, figured it out though!

Short version: User error.

Longer version: My cli.toml was right, but I still had an old auth token in my bash_profile which was getting used instead. Fixing that has unblocked me!