Failed to retrieve remote Requirements from https://raw.githubuserscontent.com/snipe/snipe-it/master/.upgrade_requirements.json

[colly72]

Debug mode

• I have enabled debug mode
• I have read checked the Common Issues page

Describe the bug

I'm getting the same issue as here when trying to upgrade - I'm on v 6.4.2

#14224

Reproduction steps

1. run php upgrade.php

...

Expected behavior

automated upgrade

Screenshots

No response

Snipe-IT Version

6.4.2

Operating System

Windows

Web Server

IIS

PHP Version

8.1.28

Operating System

No response

Browser

No response

Version

No response

Device

No response

Operating System

No response

Browser

No response

Version

No response

Error messages

No response

Additional context

No response

[welcome]

👋 Thanks for opening your first issue here! If you're reporting a 🐞 bug, please make sure you include steps to reproduce it. We get a lot of issues on this repo, so please be patient and we will get back to you as soon as we can.

[jerm]

@colly72

This means that your machine got no result when trying to get upgrade info from https://raw.githubusercontent.com/snipe/snipe-it/master/.upgrade_requirements.json

1. is your machine able to reach that url? if not, you're going to have a bad time all around. try it in a browser?

if that works, run php -a (or php.exe -a? not sure about windows php repl)

$Url="https://raw.githubusercontent.com/snipe/snipe-it/master/.upgrade_requirements.json";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $Url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$output = curl_exec($ch);
curl_close($ch);
print($output);

if you can get the page output (a few lines of json) in a browser on that server but not in that blurb, something is wonky with your php/curl setup.

do you have php curl libraries installed? If not, you should get a different error, but here we are.

[colly72]

I can reach that url fine in a browser.

When I run the commands from a command prompt, I get no errors but it doesn't output anything. I have curl installed and working as far as I can tell

[jerm]

can you run those again, but add this to the bottom?

var_dump(curl_getinfo($ch));

then post the output in here

[nukeith42]

Hello,
I have seen a similar issue, and not sure if @colly72 has a similar configuration. But in my environment curl must use a proxy otherwise internet is blocked. I can manually running curl from command line uses proxy correctly, and can pull the requirements json. As I have a .curlrc file to use.

• php 8.1.29
• previously on 6.3.4 (upgraded manually with git pull / composer install)
• now on 7.0.4
• IIS
• Windows server 2019

Running the php upgrade.php fails to pull the json as it is. However, I can modify the upgrade.php as follows, in the section posted above, and it does pull the requirements correctly and would appear to update normally. This appears to work fine in my test instance after having done a git pull and composer install, I have yet to test production instance.
$proxyipadd = 'x.x.x.x';
$proxyport = 'xxxx';
curl_setopt($ch, CURLOPT_PROXY, $proxyipadd);
curl_setopt($ch, CURLOPT_PROXYPORT, $proxyport);
curl_setopt($ch, CURLOPT_HTTPPROXYTUNNEL , true);

Additionally, I tried the troubleshooting steps above but did not get any output. However, proxy IP and port is listed in the var_dump. Additionally, running the modified version as above in the php console does give the output as well.

php > $Url="https://raw.githubusercontent.com/snipe/snipe-it/master/.upgrade_requirements.json";
php > $ch = curl_init();
php > curl_setopt($ch, CURLOPT_URL, $Url);
php > curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
php > $output = curl_exec($ch);
php > print($output);
php > curl_close($ch);
php > var_dump(curl_getinfo($ch));
array(37) {
["url"]=>
string(82) "https://raw.githubusercontent.com/snipe/snipe-it/master/.upgrade_requirements.json"
["content_type"]=>
NULL
["http_code"]=>
int(0)
["header_size"]=>
int(0)
["request_size"]=>
int(0)
["filetime"]=>
int(-1)
["ssl_verify_result"]=>
int(0)
["redirect_count"]=>
int(0)
["total_time"]=>
float(0.006982)
["namelookup_time"]=>
float(7.0E-5)
["connect_time"]=>
float(0.005899)
["pretransfer_time"]=>
float(0)
["size_upload"]=>
float(0)
["size_download"]=>
float(0)
["speed_download"]=>
float(0)
["speed_upload"]=>
float(0)
["download_content_length"]=>
float(-1)
["upload_content_length"]=>
float(-1)
["starttransfer_time"]=>
float(0)
["redirect_time"]=>
float(0)
["redirect_url"]=>
string(0) ""
["primary_ip"]=>
string(11) "PROXYIP"
["certinfo"]=>
array(0) {
}
["primary_port"]=>
int(8080)
["local_ip"]=>
string(12) "HOSTIP"
["local_port"]=>
int(51785)
["http_version"]=>
int(0)
["protocol"]=>
int(2)
["ssl_verifyresult"]=>
int(1)
["scheme"]=>
string(5) "HTTPS"
["appconnect_time_us"]=>
int(0)
["connect_time_us"]=>
int(5899)
["namelookup_time_us"]=>
int(70)
["pretransfer_time_us"]=>
int(0)
["redirect_time_us"]=>
int(0)
["starttransfer_time_us"]=>
int(0)
["total_time_us"]=>
int(6982)
}`

C:\www\snipe-it>curl https://raw.githubusercontent.com/snipe/snipe-it/master/.upgrade_requirements.json
{
"DOC1": "This file is meant to be pulled from the current HEAD of the desired branch, NOT referenced locally",
"DOC2": "In other words, what you see locally are the requirements for your current install",
"DOC3": "Please don't rely on these versions for planning upgrades unless you've fetched the most recent version",
"DOC4": "You should really just ignore it and run upgrade.php. Really",
"php_min_version": "8.1.0",
"php_max_major_minor": "8.3",
"php_max_wontwork": "8.4.0",
"current_snipeit_version": "7.0"
}`

[colly72]

Here's what

can you run those again, but add this to the bottom?

var_dump(curl_getinfo($ch));

then post the output in here

Here's what I get:

array(37) {
["url"]=>
string(82) "https://raw.githubusercontent.com/snipe/snipe-it/master/.upgrade_requirements.json"
["content_type"]=>
NULL
["http_code"]=>
int(0)
["header_size"]=>
int(0)
["request_size"]=>
int(0)
["filetime"]=>
int(-1)
["ssl_verify_result"]=>
int(20)
["redirect_count"]=>
int(0)
["total_time"]=>
float(0.099103)
["namelookup_time"]=>
float(0.05122)
["connect_time"]=>
float(0.052576)
["pretransfer_time"]=>
float(0)
["size_upload"]=>
float(0)
["size_download"]=>
float(0)
["speed_download"]=>
float(0)
["speed_upload"]=>
float(0)
["download_content_length"]=>
float(-1)
["upload_content_length"]=>
float(-1)
["starttransfer_time"]=>
float(0)
["redirect_time"]=>
float(0)
["redirect_url"]=>
string(0) ""
["primary_ip"]=>
string(15) "185.199.108.133"
["certinfo"]=>
array(0) {
}
["primary_port"]=>
int(443)
["local_ip"]=>
string(13) "192.168.160.2"
["local_port"]=>
int(61068)
["http_version"]=>
int(0)
["protocol"]=>
int(2)
["ssl_verifyresult"]=>
int(0)
["scheme"]=>
string(5) "HTTPS"
["appconnect_time_us"]=>
int(0)
["connect_time_us"]=>
int(52576)
["namelookup_time_us"]=>
int(51220)
["pretransfer_time_us"]=>
int(0)
["redirect_time_us"]=>
int(0)
["starttransfer_time_us"]=>
int(0)
["total_time_us"]=>
int(99103)
}

[jerm]

Ah, so I see in there

["ssl_verify_result"]=>
int(20)

which is X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: unable to get local issuer certificate

So something is funky with SSL on your machine, at least as far as curl is concerned. Github is running digicert certificates there, so it's not some fly-by-night CA with crappy support

are you running behind a proxy? That might screw with things if it's not configured in curl. I like @nukeith42 's idea there (thanks!! I always forget about proxies)

At any rate, that's where it's failing. Your PHP version is supported by v7, so you can hypothetically skip that check and be OK if git works where curl doesn't (as always, take a backup just in case).... but I am really curious what's going on there.

[colly72]

I was running it using https but with an IP address, rather than a host name. I've now created and Lets Encrypt wilcard SSL and edited the .env file to point to the hostname rather than the IP address. I can log in fine but still the php upgrade.php command fails unless i skip PHP checks.

We're running behind a firewall that has SSL inspection but I've whitelisted the url, so that shouldn't be causing the issue.

[jerm]

this only has to do with a connection to github.com, so while it's great that you've upgraded your snipe-it site security, it doesn't affect this issue at all. ;)

Did you whitelist github.com, or your site URL?

[vivid-segue]

I believe the issue is a Windows CA issue, mentioned here.

I had already updated php to 8.3.8 and my curl version is 8.7, so I did the 'Native CA option' by adding

curl_setopt($ch, CURLOPT_SSL_OPTIONS, CURLSSLOPT_NATIVE_CA);

after line 12 in upgrade.php. Running 'php upgrade.php' will then pass the requirement checks and continue with the upgrade.

...it will then fail on the git pull because of the modified local upgrade.php.

Doing a test with the code provided earlier also works by adding the line:

$Url="https://raw.githubusercontent.com/snipe/snipe-it/master/.upgrade_requirements.json";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $Url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
**curl_setopt($ch, CURLOPT_SSL_OPTIONS, CURLSSLOPT_NATIVE_CA)**;
$output = curl_exec($ch);
curl_close($ch);
print($output);
var_dump(curl_getinfo($ch));

Results in the contents of the .json as well as

array(40) {
  ["url"]=>
  string(82) "https://raw.githubusercontent.com/snipe/snipe-it/master/.upgrade_requirements.json"
  ["content_type"]=>
  string(25) "text/plain; charset=utf-8"
  ["http_code"]=>
  int(200)
  ["header_size"]=>
  int(875)
  ["request_size"]=>
  int(0)
  ["filetime"]=>
  int(-1)
  ["ssl_verify_result"]=>
  int(0)
  ["redirect_count"]=>
  int(0)
  ["total_time"]=>
  float(0.090822)
  ["namelookup_time"]=>
  float(0.001267)
  ["connect_time"]=>
  float(0.022568)
  ["pretransfer_time"]=>
  float(0.08038)
  ["size_upload"]=>
  float(0)
  ["size_download"]=>
  float(550)
  ["speed_download"]=>
  float(6055)
  ["speed_upload"]=>
  float(0)
  ["download_content_length"]=>
  float(550)
  ["upload_content_length"]=>
  float(0)
  ["starttransfer_time"]=>
  float(0.090761)
  ["redirect_time"]=>
  float(0)
  ["redirect_url"]=>
  string(0) ""
  ["primary_ip"]=>
  string(15) "185.199.109.133"
  ["certinfo"]=>
  array(0) {
  }
  ["primary_port"]=>
  int(443)
  ["local_ip"]=>
  string(10) "10.5.187.3"
  ["local_port"]=>
  int(61085)
  ["http_version"]=>
  int(3)
  ["protocol"]=>
  int(2)
  ["ssl_verifyresult"]=>
  int(0)
  ["scheme"]=>
  string(5) "HTTPS"
  ["appconnect_time_us"]=>
  int(80166)
  ["connect_time_us"]=>
  int(22568)
  ["namelookup_time_us"]=>
  int(1267)
  ["pretransfer_time_us"]=>
  int(80380)
  ["redirect_time_us"]=>
  int(0)
  ["starttransfer_time_us"]=>
  int(90761)
  ["total_time_us"]=>
  int(90822)
  ["effective_method"]=>
  string(3) "GET"
  ["capath"]=>
  string(0) ""
  ["cainfo"]=>
  string(0) ""

for the getinfo.