Skip to content

Commit 376e999

Browse files
mxclmxcl
committed
Attempt to add our TLS certificate to the binary
So we can work on Linux without ca-certs installed. TODO, update this regularly…
1 parent 4cb6d60 commit 376e999

File tree

6 files changed

+118
-5
lines changed

6 files changed

+118
-5
lines changed

crates/lib/src/client.rs

Lines changed: 24 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,24 @@
1+
use reqwest::tls::Certificate;
2+
use reqwest::Client;
3+
use reqwest::ClientBuilder;
4+
5+
const CERT: &str = include_str!("dist_pkgx_dev.pem");
6+
7+
pub fn build_client() -> Result<Client, Box<dyn std::error::Error>> {
8+
let mut builder = ClientBuilder::new();
9+
10+
// Split and parse each certificate in the PEM chain
11+
for cert_pem in CERT.split("-----END CERTIFICATE-----") {
12+
let cert_pem = cert_pem.trim();
13+
if cert_pem.is_empty() {
14+
continue;
15+
}
16+
17+
let cert_pem = format!("{}{}", cert_pem, "\n-----END CERTIFICATE-----");
18+
let cert = Certificate::from_pem(cert_pem.as_bytes())?;
19+
builder = builder.add_root_certificate(cert);
20+
}
21+
22+
let client = builder.build()?;
23+
Ok(client)
24+
}

crates/lib/src/dist_pkgx_dev.pem

Lines changed: 87 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,87 @@
1+
-----BEGIN CERTIFICATE-----
2+
MIIF1DCCBLygAwIBAgIQC9t8IXiDDmg6s1si268UuDANBgkqhkiG9w0BAQsFADA8
3+
MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRwwGgYDVQQDExNBbWF6b24g
4+
UlNBIDIwNDggTTAyMB4XDTI0MDgyNzAwMDAwMFoXDTI1MDkyNTIzNTk1OVowFzEV
5+
MBMGA1UEAxMMZGlzdC50ZWEueHl6MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
6+
CgKCAQEAvX6hYR7o/rsJoBRJ7K8lwnUC1tBQX6uCxfDTTyT1Kie39EDIAxRkRRlY
7+
1iD0IiCCxTxE+n/VvWfZblIzTMBmYrgxiG/dn7C84i+eizLXhgqyMgWIbumYr144
8+
+nyF71pHWFz8jURth2bHUw839Bp7eXMhuS50YYCSH+pjoS/oqOhi5NCX2DaHWRYm
9+
KmK5515unPb6s8Cz/hyHk1sODFH5gePO5mOBfCVsO8wSd+Z/CTLSy5TqPR5eO1vW
10+
+9P9PEMhQ8JPSbVoM56DhWs4PjoP0JyZyGE3AA6HDNucp1+CklkYt9dDT5zJjTyq
11+
+7/TtaNv9aeSdj0YDNABE22T8a2ydQIDAQABo4IC9TCCAvEwHwYDVR0jBBgwFoAU
12+
wDFSzVpQw4J8dHHOy+mc+XrrguIwHQYDVR0OBBYEFHonYWsrH6AizIVhB970km6i
13+
I2fQMCYGA1UdEQQfMB2CDGRpc3QudGVhLnh5eoINZGlzdC5wa2d4LmRldjATBgNV
14+
HSAEDDAKMAgGBmeBDAECATAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYB
15+
BQUHAwEGCCsGAQUFBwMCMDsGA1UdHwQ0MDIwMKAuoCyGKmh0dHA6Ly9jcmwucjJt
16+
MDIuYW1hem9udHJ1c3QuY29tL3IybTAyLmNybDB1BggrBgEFBQcBAQRpMGcwLQYI
17+
KwYBBQUHMAGGIWh0dHA6Ly9vY3NwLnIybTAyLmFtYXpvbnRydXN0LmNvbTA2Bggr
18+
BgEFBQcwAoYqaHR0cDovL2NydC5yMm0wMi5hbWF6b250cnVzdC5jb20vcjJtMDIu
19+
Y2VyMAwGA1UdEwEB/wQCMAAwggF/BgorBgEEAdZ5AgQCBIIBbwSCAWsBaQB2ABLx
20+
TjS9U3JMhAYZw48/ehP457Vih4icbTAFhOvlhiY6AAABkZOC8y0AAAQDAEcwRQIh
21+
AOwOXL8HQz3g1sMg5oAuvCvYo3sEmRGehJKrHARm48oUAiBwnA6A35ZCWRInK/ml
22+
FR0JCETCh8/onaRn0qTySL10aAB2AH1ZHhLheCp7HGFnfF79+NCHXBSgTpWeuQMv
23+
2Q6MLnm4AAABkZOC8u8AAAQDAEcwRQIhAIAgx9+kmT/VZA202FCaCKbqWvhni4PS
24+
9PwTpBzlgAyTAiBRuGrhJWXxfseaG5Nj5tLICtStWLxorcf/6/6QRkFxjQB3AObS
25+
MWNAd4zBEEEG13G5zsHSQPaWhIb7uocyHf0eN45QAAABkZOC80QAAAQDAEgwRgIh
26+
ALd75WpxaWSkdgQsko0qs/S/88JHs/MGKzyQ5PFfbb42AiEA9MuAXVmvIoAzbN8x
27+
AyCJ1pAjvL5ZMei2vfyKq1sA1hYwDQYJKoZIhvcNAQELBQADggEBAJ/tQzu4/7I4
28+
T8t0ys1IlZS+Q5IAy5v7YU97gJxKfs1X6UuR+FSLa92TmScw4BcYwjnbeWI8v/dM
29+
OCXYW63aMcATUJnjFibclIyw1v0oB/Z8k27mjFaT/oXZrUK0KiMSaP4TOO9y6/2l
30+
veJHeDgmpoK7EZxMNA2pHNtywG7WrL69dr8SstVpZikf3HzalmBMhLb3yilGMrun
31+
nG5+6qY4582gIvBuNZ0tUDci81e5un+6yrPm0B0AYbxrwwQSB7iBhx9pFqSStJtZ
32+
CBNQjZ7XpAfILBPWnyoGt2gYESQ0ZsmyRuM1wWQz71rmJJJm6nXhWnwHTE9/VjC5
33+
GwhG1Wd5jh4=
34+
-----END CERTIFICATE-----
35+
-----BEGIN CERTIFICATE-----
36+
MIIEXjCCA0agAwIBAgITB3MSSkvL1E7HtTvq8ZSELToPoTANBgkqhkiG9w0BAQsF
37+
ADA5MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6
38+
b24gUm9vdCBDQSAxMB4XDTIyMDgyMzIyMjUzMFoXDTMwMDgyMzIyMjUzMFowPDEL
39+
MAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEcMBoGA1UEAxMTQW1hem9uIFJT
40+
QSAyMDQ4IE0wMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALtDGMZa
41+
qHneKei1by6+pUPPLljTB143Si6VpEWPc6mSkFhZb/6qrkZyoHlQLbDYnI2D7hD0
42+
sdzEqfnuAjIsuXQLG3A8TvX6V3oFNBFVe8NlLJHvBseKY88saLwufxkZVwk74g4n
43+
WlNMXzla9Y5F3wwRHwMVH443xGz6UtGSZSqQ94eFx5X7Tlqt8whi8qCaKdZ5rNak
44+
+r9nUThOeClqFd4oXych//Rc7Y0eX1KNWHYSI1Nk31mYgiK3JvH063g+K9tHA63Z
45+
eTgKgndlh+WI+zv7i44HepRZjA1FYwYZ9Vv/9UkC5Yz8/yU65fgjaE+wVHM4e/Yy
46+
C2osrPWE7gJ+dXMCAwEAAaOCAVowggFWMBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYD
47+
VR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNV
48+
HQ4EFgQUwDFSzVpQw4J8dHHOy+mc+XrrguIwHwYDVR0jBBgwFoAUhBjMhTTsvAyU
49+
lC4IWZzHshBOCggwewYIKwYBBQUHAQEEbzBtMC8GCCsGAQUFBzABhiNodHRwOi8v
50+
b2NzcC5yb290Y2ExLmFtYXpvbnRydXN0LmNvbTA6BggrBgEFBQcwAoYuaHR0cDov
51+
L2NydC5yb290Y2ExLmFtYXpvbnRydXN0LmNvbS9yb290Y2ExLmNlcjA/BgNVHR8E
52+
ODA2MDSgMqAwhi5odHRwOi8vY3JsLnJvb3RjYTEuYW1hem9udHJ1c3QuY29tL3Jv
53+
b3RjYTEuY3JsMBMGA1UdIAQMMAowCAYGZ4EMAQIBMA0GCSqGSIb3DQEBCwUAA4IB
54+
AQAtTi6Fs0Azfi+iwm7jrz+CSxHH+uHl7Law3MQSXVtR8RV53PtR6r/6gNpqlzdo
55+
Zq4FKbADi1v9Bun8RY8D51uedRfjsbeodizeBB8nXmeyD33Ep7VATj4ozcd31YFV
56+
fgRhvTSxNrrTlNpWkUk0m3BMPv8sg381HhA6uEYokE5q9uws/3YkKqRiEz3TsaWm
57+
JqIRZhMbgAfp7O7FUwFIb7UIspogZSKxPIWJpxiPo3TcBambbVtQOcNRWz5qCQdD
58+
slI2yayq0n2TXoHyNCLEH8rpsJRVILFsg0jc7BaFrMnF462+ajSehgj12IidNeRN
59+
4zl+EoNaWdpnWndvSpAEkq2P
60+
-----END CERTIFICATE-----
61+
-----BEGIN CERTIFICATE-----
62+
MIIEkjCCA3qgAwIBAgITBn+USionzfP6wq4rAfkI7rnExjANBgkqhkiG9w0BAQsF
63+
ADCBmDELMAkGA1UEBhMCVVMxEDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNj
64+
b3R0c2RhbGUxJTAjBgNVBAoTHFN0YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4x
65+
OzA5BgNVBAMTMlN0YXJmaWVsZCBTZXJ2aWNlcyBSb290IENlcnRpZmljYXRlIEF1
66+
dGhvcml0eSAtIEcyMB4XDTE1MDUyNTEyMDAwMFoXDTM3MTIzMTAxMDAwMFowOTEL
67+
MAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJv
68+
b3QgQ0EgMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALJ4gHHKeNXj
69+
ca9HgFB0fW7Y14h29Jlo91ghYPl0hAEvrAIthtOgQ3pOsqTQNroBvo3bSMgHFzZM
70+
9O6II8c+6zf1tRn4SWiw3te5djgdYZ6k/oI2peVKVuRF4fn9tBb6dNqcmzU5L/qw
71+
IFAGbHrQgLKm+a/sRxmPUDgH3KKHOVj4utWp+UhnMJbulHheb4mjUcAwhmahRWa6
72+
VOujw5H5SNz/0egwLX0tdHA114gk957EWW67c4cX8jJGKLhD+rcdqsq08p8kDi1L
73+
93FcXmn/6pUCyziKrlA4b9v7LWIbxcceVOF34GfID5yHI9Y/QCB/IIDEgEw+OyQm
74+
jgSubJrIqg0CAwEAAaOCATEwggEtMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/
75+
BAQDAgGGMB0GA1UdDgQWBBSEGMyFNOy8DJSULghZnMeyEE4KCDAfBgNVHSMEGDAW
76+
gBScXwDfqgHXMCs4iKK4bUqc8hGRgzB4BggrBgEFBQcBAQRsMGowLgYIKwYBBQUH
77+
MAGGImh0dHA6Ly9vY3NwLnJvb3RnMi5hbWF6b250cnVzdC5jb20wOAYIKwYBBQUH
78+
MAKGLGh0dHA6Ly9jcnQucm9vdGcyLmFtYXpvbnRydXN0LmNvbS9yb290ZzIuY2Vy
79+
MD0GA1UdHwQ2MDQwMqAwoC6GLGh0dHA6Ly9jcmwucm9vdGcyLmFtYXpvbnRydXN0
80+
LmNvbS9yb290ZzIuY3JsMBEGA1UdIAQKMAgwBgYEVR0gADANBgkqhkiG9w0BAQsF
81+
AAOCAQEAYjdCXLwQtT6LLOkMm2xF4gcAevnFWAu5CIw+7bMlPLVvUOTNNWqnkzSW
82+
MiGpSESrnO09tKpzbeR/FoCJbM8oAxiDR3mjEH4wW6w7sGDgd9QIpuEdfF7Au/ma
83+
eyKdpwAJfqxGF4PcnCZXmTA5YpaP7dreqsXMGz7KQ2hsVxa81Q4gLv7/wmpdLqBK
84+
bRRYh5TmOTFffHPLkIhqhBGWJ6bt2YFGpn6jcgAKUj6DiAdjd4lpFw85hdKrCEVN
85+
0FE6/V1dN2RMfjCyVSRCnTawXZwXgWHxyvkQAiSr6w10kY17RSlQOYiypok1JR4U
86+
akcjMS9cmvqtmg5iUaQqqcT5NJ0hGA==
87+
-----END CERTIFICATE-----

crates/lib/src/install.rs

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,5 @@
11
use async_compression::tokio::bufread::XzDecoder;
22
use fs2::FileExt;
3-
use reqwest::Client;
43
use std::{error::Error, fs::OpenOptions, path::PathBuf};
54
use tempfile::tempdir_in;
65
use tokio::task;
@@ -16,6 +15,7 @@ use futures::stream::TryStreamExt;
1615

1716
use crate::{
1817
cellar,
18+
client::build_client,
1919
config::Config,
2020
inventory,
2121
types::{Installation, Package},
@@ -65,7 +65,7 @@ where
6565
}
6666

6767
let url = inventory::get_url(pkg, config);
68-
let client = Client::new();
68+
let client = build_client()?;
6969
let rsp = client.get(url).send().await?.error_for_status()?;
7070

7171
let total_size = rsp

crates/lib/src/inventory.rs

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,4 @@
1+
use crate::client::build_client;
12
use crate::config::Config;
23
use crate::types::{host, Package, PackageReq};
34
use libsemverator::semver::Semver as Version;
@@ -44,7 +45,7 @@ pub async fn ls(rq: &PackageReq, config: &Config) -> Result<Vec<Version>, Box<dy
4445
base_url, rq.project, platform, arch
4546
))?;
4647

47-
let rsp = reqwest::get(url.clone()).await?;
48+
let rsp = build_client()?.get(url.clone()).send().await?;
4849

4950
if !rsp.status().is_success() {
5051
return Err(Box::new(DownloadError {

crates/lib/src/lib.rs

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,5 @@
11
mod cellar;
2+
mod client;
23
pub mod config;
34
pub mod env;
45
pub mod hydrate;

crates/lib/src/sync.rs

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
use crate::{config::Config, pantry_db};
1+
use crate::{client::build_client, config::Config, pantry_db};
22
use async_compression::tokio::bufread::GzipDecoder;
33
use fs2::FileExt;
44
use futures::TryStreamExt;
@@ -39,7 +39,7 @@ pub async fn replace(config: &Config, conn: &mut Connection) -> Result<(), Box<d
3939
}
4040

4141
async fn download_and_extract_pantry(url: &str, dest: &PathBuf) -> Result<(), Box<dyn Error>> {
42-
let rsp = reqwest::get(url).await?.error_for_status()?;
42+
let rsp = build_client()?.get(url).send().await?.error_for_status()?;
4343

4444
let stream = rsp.bytes_stream();
4545

0 commit comments

Comments
 (0)