Pongo 2.15 (Kong 3.9.x and higher) and higher mandatory rust and reqwest not supporting PONGO_INSECURE #665
Description
Pongo build fails on
https://github.com/Kong/kong-pongo/blob/master/kong-versions/3.9.0/kong/Makefile
due rust/cargo and and reqwest install
https://github.com/Kong/kong-pongo/blob/master/kong-versions/3.9.0/kong/Makefile#L79
5.219 error: failed to download file error=Reqwest(reqwest::Error { kind: Request, url: "https://static.rust-lang.org/dist/channel-rust-stable.toml.sha256", source: hyper_util::client::legacy::Error(Connect, C
ustom { kind: InvalidData, error: InvalidCertificate(UnknownIssuer) }) })
https://github.com/Kong/kong-pongo/blob/master/kong-versions/3.9.0/kong/Makefile#L213
37.05 Caused by:
37.05 [60] SSL peer certificate or SSH remote key was not OK (server certificate verification failed. CAfile: none CRLfile: none)
due
install-rust-toolchain:
@if command -v cargo; then
echo "Rust is already installed in the local directory, skipping";
else
echo "Installing Rust...";
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --no-modify-path;
. $$HOME/.cargo/env;
rustup toolchain install stable;
rustup default stable;
fi
and due
DEV_ROCKS = "busted 2.2.0" "busted-hjtest 0.0.5" "luacheck 1.2.0" "lua-llthreads2 0.1.6" "ldoc 1.5.0" "luacov 0.15.0" "lua-reqwest 0.1.1"
dependencies: install-rust-toolchain bin/grpcurl bin/h2client
$(warning 'dependencies' target is deprecated, this is now not needed when using make dev, but are kept for installation that are not built by Bazel)
export PATH=$$PATH:$$HOME/.cargo/bin; \
for rock in $(DEV_ROCKS) ; do \
if luarocks list --porcelain $$rock | grep -q "installed" ; then \
echo $$rock already installed, skipping ; \
else \
echo $$rock not found, installing via luarocks... ; \
luarocks install $$rock OPENSSL_DIR=$(OPENSSL_DIR) CRYPTO_DIR=$(OPENSSL_DIR) YAML_DIR=$(YAML_DIR) || exit 1; \
fi \
done;
cyrl and git work wo certificates using PONGO_INSECURE options, but rust toolchains cannot support insecure as far as I know.
Only option is add root certificates to https://github.com/Kong/kong-pongo/blob/master/assets/Dockerfile
COPY root_der.crt /usr/local/share/ca-certificates/compynyx/root_der.crt
RUN chmod 644 /usr/local/share/ca-certificates/compynyx/root_der.crt
RUN update-ca-certificates
Installing Rust using apt does not work as APT version is too old
#RUN apt-get install -y cargo
41.88 error: package icu_normalizer_data v2.0.0 cannot be built because it requires rustc 1.82 or newer, while the currently active rustc version is 1.75.0
41.88 Either upgrade to rustc 1.82 or newer, or use
Pongo should add possibility to pass root certificates through pongo parameters to eliminate need to fork makefile.