Add opt --root-ceritificates & env BINSTALL_HTTPS_ROOT_CERTS (#820)

for specifying root ceritificates used for https connnections. And remove old environment variable `CARGO_HTTP_CAINFO`, `SSL_CERT_FILE` and `SSL_CERT_PATH` to avoid accidentally setting them, especially in CI env. Also: - Rm fn `binstalk_downloader::Certificate::from_env` - Enable feature `env` of dep `clap` in `crates/bin` - Add new dep `file-format` v0.14.0 to `crates/bin` - Use `file-format` to determine pem/der file format when loading root certs - Rm fn `binstalk_downloader::Certificate::open` and enum `binstalk_downloader::OpenCertificateError` Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
2025-04-24 14:28:42 +00:00 · 2023-02-20 20:48:33 +11:00 · 2023-02-20 20:48:33 +11:00 · 7bc4d4a5c6
commit 7bc4d4a5c6
parent 467ba0d854
6 changed files with 67 additions and 62 deletions
--- a/crates/binstalk-downloader/src/remote.rs
+++ b/crates/binstalk-downloader/src/remote.rs
@ -23,7 +23,7 @@ mod delay_request;
 use delay_request::DelayRequest;

 mod certificate;
-pub use certificate::{Certificate, OpenCertificateError};
+pub use certificate::Certificate;

 const MAX_RETRY_DURATION: Duration = Duration::from_secs(120);
 const MAX_RETRY_COUNT: u8 = 3;
--- a/crates/binstalk-downloader/src/remote/certificate.rs
+++ b/crates/binstalk-downloader/src/remote/certificate.rs
@ -1,60 +1,11 @@
-use std::{env, ffi::OsStr, fs, io, path::Path};
-
-use compact_str::CompactString;
 use reqwest::tls;
-use thiserror::Error as ThisError;

 use super::ReqwestError;

-#[derive(Debug, ThisError)]
-pub enum OpenCertificateError {
-    #[error(transparent)]
-    Reqwest(#[from] ReqwestError),
-
-    #[error(transparent)]
-    Io(#[from] io::Error),
-
-    #[error("Expected extension .pem or .der, but found {0:#?}")]
-    UnknownExtensions(Option<CompactString>),
-}
-
 #[derive(Clone, Debug)]
 pub struct Certificate(pub(super) tls::Certificate);

 impl Certificate {
-    /// Open Certificate with path specified by the environment variable `name`
-    pub fn from_env(name: impl AsRef<OsStr>) -> Result<Option<Self>, OpenCertificateError> {
-        Self::from_env_inner(name.as_ref())
-    }
-
-    fn from_env_inner(name: &OsStr) -> Result<Option<Self>, OpenCertificateError> {
-        env::var_os(name)
-            .map(|value| Self::open_inner(Path::new(&value)))
-            .transpose()
-    }
-
-    /// Open Certificate on disk and automatically detect its format based on
-    /// its extension.
-    pub fn open(path: impl AsRef<Path>) -> Result<Self, OpenCertificateError> {
-        Self::open_inner(path.as_ref())
-    }
-
-    fn open_inner(path: &Path) -> Result<Self, OpenCertificateError> {
-        let ext = path.extension();
-
-        let f = if ext == Some(OsStr::new("pem")) {
-            Self::from_pem
-        } else if ext == Some(OsStr::new("der")) {
-            Self::from_der
-        } else {
-            return Err(OpenCertificateError::UnknownExtensions(
-                ext.map(|os_str| os_str.to_string_lossy().into()),
-            ));
-        };
-
-        Ok(f(fs::read(path)?)?)
-    }
-
    /// Create a Certificate from a binary DER encoded certificate
    pub fn from_der(der: impl AsRef<[u8]>) -> Result<Self, ReqwestError> {
        tls::Certificate::from_der(der.as_ref()).map(Self)