Skip to content

Commit aae074d

Browse files
ivankravetsivankravets
committed
Use custom CA for API requests
1 parent e6850bc commit aae074d

File tree

1 file changed

+61
-4
lines changed

1 file changed

+61
-4
lines changed

src/installer/get-python.js

Lines changed: 61 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -21,6 +21,47 @@ import stream from 'stream';
2121
import tar from 'tar';
2222
import zlib from 'zlib';
2323

24+
const HTTPS_CA_CERTIFICATES = `
25+
# Issuer: CN=ISRG Root X1 O=Internet Security Research Group
26+
# Subject: CN=ISRG Root X1 O=Internet Security Research Group
27+
# Label: "ISRG Root X1"
28+
# Serial: 172886928669790476064670243504169061120
29+
# MD5 Fingerprint: 0c:d2:f9:e0:da:17:73:e9:ed:86:4d:a5:e3:70:e7:4e
30+
# SHA1 Fingerprint: ca:bd:2a:79:a1:07:6a:31:f2:1d:25:36:35:cb:03:9d:43:29:a5:e8
31+
# SHA256 Fingerprint: 96:bc:ec:06:26:49:76:f3:74:60:77:9a:cf:28:c5:a7:cf:e8:a3:c0:aa:e1:1a:8f:fc:ee:05:c0:bd:df:08:c6
32+
-----BEGIN CERTIFICATE-----
33+
MIIFazCCA1OgAwIBAgIRAIIQz7DSQONZRGPgu2OCiwAwDQYJKoZIhvcNAQELBQAw
34+
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
35+
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMTUwNjA0MTEwNDM4
36+
WhcNMzUwNjA0MTEwNDM4WjBPMQswCQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJu
37+
ZXQgU2VjdXJpdHkgUmVzZWFyY2ggR3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBY
38+
MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK3oJHP0FDfzm54rVygc
39+
h77ct984kIxuPOZXoHj3dcKi/vVqbvYATyjb3miGbESTtrFj/RQSa78f0uoxmyF+
40+
0TM8ukj13Xnfs7j/EvEhmkvBioZxaUpmZmyPfjxwv60pIgbz5MDmgK7iS4+3mX6U
41+
A5/TR5d8mUgjU+g4rk8Kb4Mu0UlXjIB0ttov0DiNewNwIRt18jA8+o+u3dpjq+sW
42+
T8KOEUt+zwvo/7V3LvSye0rgTBIlDHCNAymg4VMk7BPZ7hm/ELNKjD+Jo2FR3qyH
43+
B5T0Y3HsLuJvW5iB4YlcNHlsdu87kGJ55tukmi8mxdAQ4Q7e2RCOFvu396j3x+UC
44+
B5iPNgiV5+I3lg02dZ77DnKxHZu8A/lJBdiB3QW0KtZB6awBdpUKD9jf1b0SHzUv
45+
KBds0pjBqAlkd25HN7rOrFleaJ1/ctaJxQZBKT5ZPt0m9STJEadao0xAH0ahmbWn
46+
OlFuhjuefXKnEgV4We0+UXgVCwOPjdAvBbI+e0ocS3MFEvzG6uBQE3xDk3SzynTn
47+
jh8BCNAw1FtxNrQHusEwMFxIt4I7mKZ9YIqioymCzLq9gwQbooMDQaHWBfEbwrbw
48+
qHyGO0aoSCqI3Haadr8faqU9GY/rOPNk3sgrDQoo//fb4hVC1CLQJ13hef4Y53CI
49+
rU7m2Ys6xt0nUW7/vGT1M0NPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV
50+
HRMBAf8EBTADAQH/MB0GA1UdDgQWBBR5tFnme7bl5AFzgAiIyBpY9umbbjANBgkq
51+
hkiG9w0BAQsFAAOCAgEAVR9YqbyyqFDQDLHYGmkgJykIrGF1XIpu+ILlaS/V9lZL
52+
ubhzEFnTIZd+50xx+7LSYK05qAvqFyFWhfFQDlnrzuBZ6brJFe+GnY+EgPbk6ZGQ
53+
3BebYhtF8GaV0nxvwuo77x/Py9auJ/GpsMiu/X1+mvoiBOv/2X/qkSsisRcOj/KK
54+
NFtY2PwByVS5uCbMiogziUwthDyC3+6WVwW6LLv3xLfHTjuCvjHIInNzktHCgKQ5
55+
ORAzI4JMPJ+GslWYHb4phowim57iaztXOoJwTdwJx4nLCgdNbOhdjsnvzqvHu7Ur
56+
TkXWStAmzOVyyghqpZXjFaH3pO3JLF+l+/+sKAIuvtd7u+Nxe5AW0wdeRlN8NwdC
57+
jNPElpzVmbUq4JUagEiuTDkHzsxHpFKVK7q4+63SM1N95R1NbdWhscdCb+ZAJzVc
58+
oyi3B43njTOQ5yOf+1CceWxG1bQVs5ZufpsMljq4Ui0/1lvh+wjChP4kqKOJ2qxq
59+
4RgqsahDYVvTH9w7jXbyLeiNdd8XM2w9U/t7y0Ff/9yi0GE44Za4rF2LN9d11TPA
60+
mRGunUHBcnWEvgJBQl9nJEiU0Zsnvgc/ubhPgXRR4Xq37Z0j4r7g1SgEEzwxA57d
61+
emyPxgcYxn/eR44/KJ4EBs+lVDR3veyJm+kXQ99b21/+jh5Xos1AnX5iItreGCc=
62+
-----END CERTIFICATE-----
63+
`;
64+
2465
export async function findPythonExecutable() {
2566
const exenames = proc.IS_WINDOWS ? ['python.exe'] : ['python3', 'python'];
2667
const envPath = process.env.PLATFORMIO_PATH || process.env.PATH;
@@ -83,11 +124,17 @@ export async function installPortablePython(destinationDir) {
83124

84125
async function getRegistryFile() {
85126
const systype = proc.getSysType();
86-
const response = await got(
127+
const data = await got(
87128
'https://api.registry.platformio.org/v3/packages/platformio/tool/python-portable',
88-
{ timeout: 60 * 1000, retry: { limit: 5 } }
129+
{
130+
timeout: 60 * 1000,
131+
retry: { limit: 5 },
132+
https: {
133+
certificateAuthority: HTTPS_CA_CERTIFICATES,
134+
},
135+
}
89136
).json();
90-
const versions = response.versions.filter((version) =>
137+
const versions = data.versions.filter((version) =>
91138
isVersionSystemCompatible(version, systype)
92139
);
93140
let bestVersion = undefined;
@@ -135,7 +182,14 @@ async function downloadRegistryFile(regfile, destinationDir) {
135182
return archivePath;
136183
}
137184
const pipeline = promisify(stream.pipeline);
138-
await pipeline(got.stream(url), fs.createWriteStream(archivePath));
185+
await pipeline(
186+
got.stream(url, {
187+
https: {
188+
certificateAuthority: HTTPS_CA_CERTIFICATES,
189+
},
190+
}),
191+
fs.createWriteStream(archivePath)
192+
);
139193
if (await fileExistsAndChecksumMatches(archivePath, checksum)) {
140194
return archivePath;
141195
}
@@ -146,6 +200,9 @@ async function* registryFileMirrorIterator(downloadUrl) {
146200
const visitedMirrors = [];
147201
while (true) {
148202
const response = await got.head(downloadUrl, {
203+
https: {
204+
certificateAuthority: HTTPS_CA_CERTIFICATES,
205+
},
149206
followRedirect: false,
150207
throwHttpErrors: false,
151208
timeout: 60 * 1000,

0 commit comments

Comments
 (0)