InvokeAI
InvokeAI copied to clipboard
invoke-ai
[enhancement]: Anti-malware software interferes with installation
Is there an existing issue for this?
- [X] I have searched the existing issues
Contact Details
No response
What should this feature add?
Some AV software (have seen AVG and Kaspersky mentioned) prevent a SSL revocation check from succeeding. The installer's curl commands then break and install fails.
We should try to figure out how to avoid this without just disabling the revocation checks (which does work) or forcing the user to disable their anti-malware software (which also does work).
See https://discord.com/channels/1020123559063990373/1044860655422943302 for some helpful investigation by @ebr.
Alternatives
No response
Aditional Content
No response
From what I understand of this issue (it only effects curl) and its cause (curl using Window's (default?) non-standard secure connections for cert verification validation), the correct solution here should be setting CURL_SSL_BACKEND=openssl, which disables nothing, but rather switches curl's secure backend from Windows' to SSL's
From what I understand of this issue (it only effects
curl) and its cause (curlusing Window's (default?) non-standard secure connections for cert verification validation), the correct solution here should be settingCURL_SSL_BACKEND=openssl, which disables nothing, but rather switchescurl's secure backend from Windows' to SSL's
Is OpenSSL guaranteed to be available on windows?
Is OpenSSL guaranteed to be available on windows?
That is a very good point. It seems that curl should be built with the openssl backend, and I don't think we can rely on that on Windows. I tried this just now on a clean Windows VM, and my curl's behaviour is unchanged with this environment var set, but I don't have any antivirus on there, so actually no idea if it had any effect. It did not break curl, so there's that.
But besides, getting users to set a Windows environment variable is probably not going to be a robust solution.
Here's another idea: curl -tlsv1.3 -L https://github.com/cmdr2/stable-diffusion-ui/releases/download/v1.1/micromamba.exe -O. -tlsv1.3 forces the use of TLSv1.3, which may tell SChannel to behave correctly. I just tried it, works, but again - no AV, so no idea if this is a fix. The inspiration for this came from a tangentially related https://stackoverflow.com/questions/41618766/powershell-invoke-webrequest-fails-with-ssl-tls-secure-channel
Finally, I'd like to test if using Invoke-WebRequest in PowerShell instead of curl in .bat might work around the issue. will report back.
@ebr I wonder if PowerShell is a better shell for our installation. It's so much nicer to work in and provides a lot of wonderfully useful cmdlets. Ya know, I'm gonna just go ahead and say yes - it is a better shell for us to use - and interestingly, it is cross-platform... Maybe this is crazy, but what if we used PowerShell for all platforms?
Sorry, went a bit off topic.
@psychedelicious;
what if we used PowerShell for all platforms?
I totally follow your logic (although I have some resevations), but... I can't do it, not in a reasonable time frame. I know almost nothing about Powershell, and every time I've tried to learn, it's broken my brain.
@ebr;
getting users to set a Windows environment variable
~~Not necessary (AFAIK) - there should be a way to set that in the script just for the curl command (like e.g. setting the MPS backend thingy for Macs).~~
grr. Testing from the install script, with curl -v, indicates that curl on Windows doesn't have the OpenSSL backend.