Skip to content

Commit

Permalink
Attempt to add our TLS certificate to the binary
Browse files Browse the repository at this point in the history 
So we can work on Linux without ca-certs installed.

TODO, update this regularly…
  • Loading branch information
@mxcl
mxcl committed Feb 10, 2025
1 parent 4cb6d60 commit 376e999
Show file tree
Hide file tree
Showing 6 changed files with 118 additions and 5 deletions.
24 changes: 24 additions & 0 deletions crates/lib/src/client.rs
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
use reqwest::tls::Certificate;
use reqwest::Client;
use reqwest::ClientBuilder;

const CERT: &str = include_str!("dist_pkgx_dev.pem");

pub fn build_client() -> Result<Client, Box<dyn std::error::Error>> {
let mut builder = ClientBuilder::new();

// Split and parse each certificate in the PEM chain
for cert_pem in CERT.split("-----END CERTIFICATE-----") {
let cert_pem = cert_pem.trim();
if cert_pem.is_empty() {
continue;
}

let cert_pem = format!("{}{}", cert_pem, "\n-----END CERTIFICATE-----");
let cert = Certificate::from_pem(cert_pem.as_bytes())?;
builder = builder.add_root_certificate(cert);
}

let client = builder.build()?;
Ok(client)
}
87 changes: 87 additions & 0 deletions crates/lib/src/dist_pkgx_dev.pem
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,87 @@
-----BEGIN CERTIFICATE-----
MIIF1DCCBLygAwIBAgIQC9t8IXiDDmg6s1si268UuDANBgkqhkiG9w0BAQsFADA8
MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRwwGgYDVQQDExNBbWF6b24g
UlNBIDIwNDggTTAyMB4XDTI0MDgyNzAwMDAwMFoXDTI1MDkyNTIzNTk1OVowFzEV
MBMGA1UEAxMMZGlzdC50ZWEueHl6MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAvX6hYR7o/rsJoBRJ7K8lwnUC1tBQX6uCxfDTTyT1Kie39EDIAxRkRRlY
1iD0IiCCxTxE+n/VvWfZblIzTMBmYrgxiG/dn7C84i+eizLXhgqyMgWIbumYr144
+nyF71pHWFz8jURth2bHUw839Bp7eXMhuS50YYCSH+pjoS/oqOhi5NCX2DaHWRYm
KmK5515unPb6s8Cz/hyHk1sODFH5gePO5mOBfCVsO8wSd+Z/CTLSy5TqPR5eO1vW
+9P9PEMhQ8JPSbVoM56DhWs4PjoP0JyZyGE3AA6HDNucp1+CklkYt9dDT5zJjTyq
+7/TtaNv9aeSdj0YDNABE22T8a2ydQIDAQABo4IC9TCCAvEwHwYDVR0jBBgwFoAU
wDFSzVpQw4J8dHHOy+mc+XrrguIwHQYDVR0OBBYEFHonYWsrH6AizIVhB970km6i
I2fQMCYGA1UdEQQfMB2CDGRpc3QudGVhLnh5eoINZGlzdC5wa2d4LmRldjATBgNV
HSAEDDAKMAgGBmeBDAECATAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYB
BQUHAwEGCCsGAQUFBwMCMDsGA1UdHwQ0MDIwMKAuoCyGKmh0dHA6Ly9jcmwucjJt
MDIuYW1hem9udHJ1c3QuY29tL3IybTAyLmNybDB1BggrBgEFBQcBAQRpMGcwLQYI
KwYBBQUHMAGGIWh0dHA6Ly9vY3NwLnIybTAyLmFtYXpvbnRydXN0LmNvbTA2Bggr
BgEFBQcwAoYqaHR0cDovL2NydC5yMm0wMi5hbWF6b250cnVzdC5jb20vcjJtMDIu
Y2VyMAwGA1UdEwEB/wQCMAAwggF/BgorBgEEAdZ5AgQCBIIBbwSCAWsBaQB2ABLx
TjS9U3JMhAYZw48/ehP457Vih4icbTAFhOvlhiY6AAABkZOC8y0AAAQDAEcwRQIh
AOwOXL8HQz3g1sMg5oAuvCvYo3sEmRGehJKrHARm48oUAiBwnA6A35ZCWRInK/ml
FR0JCETCh8/onaRn0qTySL10aAB2AH1ZHhLheCp7HGFnfF79+NCHXBSgTpWeuQMv
2Q6MLnm4AAABkZOC8u8AAAQDAEcwRQIhAIAgx9+kmT/VZA202FCaCKbqWvhni4PS
9PwTpBzlgAyTAiBRuGrhJWXxfseaG5Nj5tLICtStWLxorcf/6/6QRkFxjQB3AObS
MWNAd4zBEEEG13G5zsHSQPaWhIb7uocyHf0eN45QAAABkZOC80QAAAQDAEgwRgIh
ALd75WpxaWSkdgQsko0qs/S/88JHs/MGKzyQ5PFfbb42AiEA9MuAXVmvIoAzbN8x
AyCJ1pAjvL5ZMei2vfyKq1sA1hYwDQYJKoZIhvcNAQELBQADggEBAJ/tQzu4/7I4
T8t0ys1IlZS+Q5IAy5v7YU97gJxKfs1X6UuR+FSLa92TmScw4BcYwjnbeWI8v/dM
OCXYW63aMcATUJnjFibclIyw1v0oB/Z8k27mjFaT/oXZrUK0KiMSaP4TOO9y6/2l
veJHeDgmpoK7EZxMNA2pHNtywG7WrL69dr8SstVpZikf3HzalmBMhLb3yilGMrun
nG5+6qY4582gIvBuNZ0tUDci81e5un+6yrPm0B0AYbxrwwQSB7iBhx9pFqSStJtZ
CBNQjZ7XpAfILBPWnyoGt2gYESQ0ZsmyRuM1wWQz71rmJJJm6nXhWnwHTE9/VjC5
GwhG1Wd5jh4=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEXjCCA0agAwIBAgITB3MSSkvL1E7HtTvq8ZSELToPoTANBgkqhkiG9w0BAQsF
ADA5MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6
b24gUm9vdCBDQSAxMB4XDTIyMDgyMzIyMjUzMFoXDTMwMDgyMzIyMjUzMFowPDEL
MAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEcMBoGA1UEAxMTQW1hem9uIFJT
QSAyMDQ4IE0wMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALtDGMZa
qHneKei1by6+pUPPLljTB143Si6VpEWPc6mSkFhZb/6qrkZyoHlQLbDYnI2D7hD0
sdzEqfnuAjIsuXQLG3A8TvX6V3oFNBFVe8NlLJHvBseKY88saLwufxkZVwk74g4n
WlNMXzla9Y5F3wwRHwMVH443xGz6UtGSZSqQ94eFx5X7Tlqt8whi8qCaKdZ5rNak
+r9nUThOeClqFd4oXych//Rc7Y0eX1KNWHYSI1Nk31mYgiK3JvH063g+K9tHA63Z
eTgKgndlh+WI+zv7i44HepRZjA1FYwYZ9Vv/9UkC5Yz8/yU65fgjaE+wVHM4e/Yy
C2osrPWE7gJ+dXMCAwEAAaOCAVowggFWMBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYD
VR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNV
HQ4EFgQUwDFSzVpQw4J8dHHOy+mc+XrrguIwHwYDVR0jBBgwFoAUhBjMhTTsvAyU
lC4IWZzHshBOCggwewYIKwYBBQUHAQEEbzBtMC8GCCsGAQUFBzABhiNodHRwOi8v
b2NzcC5yb290Y2ExLmFtYXpvbnRydXN0LmNvbTA6BggrBgEFBQcwAoYuaHR0cDov
L2NydC5yb290Y2ExLmFtYXpvbnRydXN0LmNvbS9yb290Y2ExLmNlcjA/BgNVHR8E
ODA2MDSgMqAwhi5odHRwOi8vY3JsLnJvb3RjYTEuYW1hem9udHJ1c3QuY29tL3Jv
b3RjYTEuY3JsMBMGA1UdIAQMMAowCAYGZ4EMAQIBMA0GCSqGSIb3DQEBCwUAA4IB
AQAtTi6Fs0Azfi+iwm7jrz+CSxHH+uHl7Law3MQSXVtR8RV53PtR6r/6gNpqlzdo
Zq4FKbADi1v9Bun8RY8D51uedRfjsbeodizeBB8nXmeyD33Ep7VATj4ozcd31YFV
fgRhvTSxNrrTlNpWkUk0m3BMPv8sg381HhA6uEYokE5q9uws/3YkKqRiEz3TsaWm
JqIRZhMbgAfp7O7FUwFIb7UIspogZSKxPIWJpxiPo3TcBambbVtQOcNRWz5qCQdD
slI2yayq0n2TXoHyNCLEH8rpsJRVILFsg0jc7BaFrMnF462+ajSehgj12IidNeRN
4zl+EoNaWdpnWndvSpAEkq2P
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEkjCCA3qgAwIBAgITBn+USionzfP6wq4rAfkI7rnExjANBgkqhkiG9w0BAQsF
ADCBmDELMAkGA1UEBhMCVVMxEDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNj
b3R0c2RhbGUxJTAjBgNVBAoTHFN0YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4x
OzA5BgNVBAMTMlN0YXJmaWVsZCBTZXJ2aWNlcyBSb290IENlcnRpZmljYXRlIEF1
dGhvcml0eSAtIEcyMB4XDTE1MDUyNTEyMDAwMFoXDTM3MTIzMTAxMDAwMFowOTEL
MAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJv
b3QgQ0EgMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALJ4gHHKeNXj
ca9HgFB0fW7Y14h29Jlo91ghYPl0hAEvrAIthtOgQ3pOsqTQNroBvo3bSMgHFzZM
9O6II8c+6zf1tRn4SWiw3te5djgdYZ6k/oI2peVKVuRF4fn9tBb6dNqcmzU5L/qw
IFAGbHrQgLKm+a/sRxmPUDgH3KKHOVj4utWp+UhnMJbulHheb4mjUcAwhmahRWa6
VOujw5H5SNz/0egwLX0tdHA114gk957EWW67c4cX8jJGKLhD+rcdqsq08p8kDi1L
93FcXmn/6pUCyziKrlA4b9v7LWIbxcceVOF34GfID5yHI9Y/QCB/IIDEgEw+OyQm
jgSubJrIqg0CAwEAAaOCATEwggEtMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/
BAQDAgGGMB0GA1UdDgQWBBSEGMyFNOy8DJSULghZnMeyEE4KCDAfBgNVHSMEGDAW
gBScXwDfqgHXMCs4iKK4bUqc8hGRgzB4BggrBgEFBQcBAQRsMGowLgYIKwYBBQUH
MAGGImh0dHA6Ly9vY3NwLnJvb3RnMi5hbWF6b250cnVzdC5jb20wOAYIKwYBBQUH
MAKGLGh0dHA6Ly9jcnQucm9vdGcyLmFtYXpvbnRydXN0LmNvbS9yb290ZzIuY2Vy
MD0GA1UdHwQ2MDQwMqAwoC6GLGh0dHA6Ly9jcmwucm9vdGcyLmFtYXpvbnRydXN0
LmNvbS9yb290ZzIuY3JsMBEGA1UdIAQKMAgwBgYEVR0gADANBgkqhkiG9w0BAQsF
AAOCAQEAYjdCXLwQtT6LLOkMm2xF4gcAevnFWAu5CIw+7bMlPLVvUOTNNWqnkzSW
MiGpSESrnO09tKpzbeR/FoCJbM8oAxiDR3mjEH4wW6w7sGDgd9QIpuEdfF7Au/ma
eyKdpwAJfqxGF4PcnCZXmTA5YpaP7dreqsXMGz7KQ2hsVxa81Q4gLv7/wmpdLqBK
bRRYh5TmOTFffHPLkIhqhBGWJ6bt2YFGpn6jcgAKUj6DiAdjd4lpFw85hdKrCEVN
0FE6/V1dN2RMfjCyVSRCnTawXZwXgWHxyvkQAiSr6w10kY17RSlQOYiypok1JR4U
akcjMS9cmvqtmg5iUaQqqcT5NJ0hGA==
-----END CERTIFICATE-----
4 changes: 2 additions & 2 deletions crates/lib/src/install.rs
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,5 @@
use async_compression::tokio::bufread::XzDecoder;
use fs2::FileExt;
use reqwest::Client;
use std::{error::Error, fs::OpenOptions, path::PathBuf};
use tempfile::tempdir_in;
use tokio::task;
Expand All @@ -16,6 +15,7 @@ use futures::stream::TryStreamExt;

use crate::{
cellar,
client::build_client,
config::Config,
inventory,
types::{Installation, Package},
Expand Down Expand Up @@ -65,7 +65,7 @@ where
}

let url = inventory::get_url(pkg, config);
let client = Client::new();
let client = build_client()?;
let rsp = client.get(url).send().await?.error_for_status()?;

let total_size = rsp
Expand Down
3 changes: 2 additions & 1 deletion crates/lib/src/inventory.rs
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
use crate::client::build_client;
use crate::config::Config;
use crate::types::{host, Package, PackageReq};
use libsemverator::semver::Semver as Version;
Expand Down Expand Up @@ -44,7 +45,7 @@ pub async fn ls(rq: &PackageReq, config: &Config) -> Result<Vec<Version>, Box<dy
base_url, rq.project, platform, arch
))?;

let rsp = reqwest::get(url.clone()).await?;
let rsp = build_client()?.get(url.clone()).send().await?;

if !rsp.status().is_success() {
return Err(Box::new(DownloadError {
Expand Down
1 change: 1 addition & 0 deletions crates/lib/src/lib.rs
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
mod cellar;
mod client;
pub mod config;
pub mod env;
pub mod hydrate;
Expand Down
4 changes: 2 additions & 2 deletions crates/lib/src/sync.rs
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
use crate::{config::Config, pantry_db};
use crate::{client::build_client, config::Config, pantry_db};
use async_compression::tokio::bufread::GzipDecoder;
use fs2::FileExt;
use futures::TryStreamExt;
Expand Down Expand Up @@ -39,7 +39,7 @@ pub async fn replace(config: &Config, conn: &mut Connection) -> Result<(), Box<d
}

async fn download_and_extract_pantry(url: &str, dest: &PathBuf) -> Result<(), Box<dyn Error>> {
let rsp = reqwest::get(url).await?.error_for_status()?;
let rsp = build_client()?.get(url).send().await?.error_for_status()?;

let stream = rsp.bytes_stream();

Expand Down

0 comments on commit 376e999

Please sign in to comment.