Skip to content

FAQ

How can I get MSYS2 running under Wine?

Wine fails to run Cygwin binaries and as a result MSYS2 and Git for Windows, which are based on Cygwin. See the following bug reports for the current state of things:

It might require fixes in both Wine and Cygwin to get resolved. If anyone makes some progress on this, let us know!

How can I make MSYS2/pacman trust my company's custom TLS CA certificate

In case your computer is managed by an organization they might MITM all your TLS connections and install their own custom CA certificate onto your system so that MITM connections are still marked as secure. Because OpenSSL in MSYS2 currently doesn't integrate with the Windows system CA store, and thus doesn't know about your organization's custom certificates you have to add them and trust them manually.

You might be affected if you see the following errors when using pacman, curl or similar:

  • SSL certificate problem: unable to get local issuer certificate
  • SSL certificate problem: self signed certificate in certificate chain

First we need to get the certificates of your organization

1) via Firefox:

  • Open https://repo.msys2.org in Firefox (the connection should be marked as secure!)
  • Press ctrl+i to open the page info
  • Go to "Security" and click "View Certificate"
  • Go through all tabs where the certificate belongs to your organization, scroll down and click on "PEM (cert)" to download the "*.pem" file

2) or via Chrome/Chromium/Edge:

See https://stackoverflow.com/a/70398349

3) or by asking your IT department to give you the certificates.

Now that we have the certificate files, we copy them into MSYS2 and register them:

  • Open a MSYS2 shell
  • Place the .pem/.cer files into /etc/pki/ca-trust/source/anchors
  • Run update-ca-trust (there is no output)

Now TLS connections to the MSYS2 repo should work:

$ curl --fail --silent --show-error -I https://repo.msys2.org -o /dev/null && echo "OK!"
OK!

The certificates can be removed again by deleting the .pem/.cer files in /etc/pki/ca-trust/source/anchors and running update-ca-trust again.

How long are old packages kept on repo.msys2.org?

1.75 years after a package version leaves the pacman package database, it is removed from the server. This means that if you do not update the pacman DB for more than 1.75 years, the installation of packages may fail until you update.

External projects that rely on specific package versions on the repo server are advised to mirror those packages if the above retention policy does not meet their needs.