Merge pull request #108 from SenseUnit/tls_fallback_roots

Snawoot · web-flow · commit dde1b404510e · 2025-04-08T02:46:46.000+03:00
tls: embed fallback certs
diff --git a/Dockerfile b/Dockerfile
@@ -6,21 +6,17 @@ WORKDIR /go/src/github.com/SenseUnit/dumbproxy
 COPY . .
 ARG TARGETOS TARGETARCH
 RUN GOOS=$TARGETOS GOARCH=$TARGETARCH CGO_ENABLED=0 go build -a -tags netgo -ldflags '-s -w -extldflags "-static" -X main.version='"$GIT_DESC"
-ADD https://curl.haxx.se/ca/cacert.pem /certs.crt
-RUN chmod 0644 /certs.crt
 RUN mkdir /.dumbproxy
 
 FROM scratch AS scratch
 COPY --from=build /go/src/github.com/SenseUnit/dumbproxy/dumbproxy /
-COPY --from=build /certs.crt /etc/ssl/certs/ca-certificates.crt
 COPY --from=build --chown=9999:9999 /.dumbproxy /.dumbproxy
 USER 9999:9999
 EXPOSE 8080/tcp
 ENTRYPOINT ["/dumbproxy", "-bind-address", ":8080"]
 
 FROM alpine AS alpine
 COPY --from=build /go/src/github.com/SenseUnit/dumbproxy/dumbproxy /
-COPY --from=build /certs.crt /etc/ssl/certs/ca-certificates.crt
 COPY --from=build --chown=9999:9999 /.dumbproxy /.dumbproxy
 RUN apk add --no-cache tzdata
 USER 9999:9999
diff --git a/go.mod b/go.mod
@@ -18,6 +18,8 @@ require (
 	golang.org/x/time v0.8.0
 )
 
+require golang.org/x/crypto/x509roots/fallback v0.0.0-20250406160420-959f8f3db0fb
+
 require (
 	github.com/GehirnInc/crypt v0.0.0-20230320061759-8cc1b52080c5 // indirect
 	github.com/cespare/xxhash/v2 v2.2.0 // indirect
diff --git a/go.sum b/go.sum
@@ -52,6 +52,8 @@ go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
 go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
 golang.org/x/crypto v0.35.0 h1:b15kiHdrGCHrP6LvwaQ3c03kgNhhiMgvlhxHQhmg2Xs=
 golang.org/x/crypto v0.35.0/go.mod h1:dy7dXNW32cAb/6/PRuTNsix8T+vJAqvuIy5Bli/x0YQ=
+golang.org/x/crypto/x509roots/fallback v0.0.0-20250406160420-959f8f3db0fb h1:Iu0p/klM0SM7atONioa/bPhLS7cjhnip99x1OIGibwg=
+golang.org/x/crypto/x509roots/fallback v0.0.0-20250406160420-959f8f3db0fb/go.mod h1:lxN5T34bK4Z/i6cMaU7frUU57VkDXFD4Kamfl/cp9oU=
 golang.org/x/net v0.36.0 h1:vWF2fRbw4qslQsQzgFqZff+BItCvGFQqKzKIzx1rmoA=
 golang.org/x/net v0.36.0/go.mod h1:bFmbeoIPfrw4sMHNhb4J9f6+tPziuGjq7Jk/38fxi1I=
 golang.org/x/sync v0.11.0 h1:GGz8+XQP4FvTTrjZPzNKTMFtSXH80RAzG+5ghFPgK9w=
diff --git a/main.go b/main.go
@@ -38,6 +38,8 @@ import (
 	"github.com/SenseUnit/dumbproxy/handler"
 	clog "github.com/SenseUnit/dumbproxy/log"
 	proxyproto "github.com/pires/go-proxyproto"
+
+	_ "golang.org/x/crypto/x509roots/fallback"
 )
 
 var (

Original file line number	Diff line number	Diff line change
`@@ -18,6 +18,8 @@ require (`
`18`	`18`	`golang.org/x/time v0.8.0`
`19`	`19`	`)`
`20`	`20`
	`21`	`+require golang.org/x/crypto/x509roots/fallback v0.0.0-20250406160420-959f8f3db0fb`
	`22`	`+`
`21`	`23`	`require (`
`22`	`24`	`github.com/GehirnInc/crypt v0.0.0-20230320061759-8cc1b52080c5 // indirect`
`23`	`25`	`github.com/cespare/xxhash/v2 v2.2.0 // indirect`
Original file line number	Diff line number	Diff line change
`@@ -38,6 +38,8 @@ import (`
`38`	`38`	`"github.com/SenseUnit/dumbproxy/handler"`
`39`	`39`	`clog "github.com/SenseUnit/dumbproxy/log"`
`40`	`40`	`proxyproto "github.com/pires/go-proxyproto"`
	`41`	`+`
	`42`	`+ _ "golang.org/x/crypto/x509roots/fallback"`
`41`	`43`	`)`
`42`	`44`
`43`	`45`	`var (`