Deprecate --secure, enforce HTTPS (#343)

Resolves #124
2025-04-20 12:38:43 +00:00 · 2022-09-05 16:18:14 +12:00 · 2022-09-05 16:18:14 +12:00 · db82c6935f
commit db82c6935f
parent 73f7719e53
4 changed files with 8 additions and 23 deletions
--- a/.github/scripts/tests.sh
+++ b/.github/scripts/tests.sh
@ -24,14 +24,12 @@ cargo binstall --help >/dev/null
 # Test that the installed binaries can be run
 cargo binstall --help >/dev/null

-# Install binaries using secure mode
 min_tls=1.3
 [[ "${2:-}" == "Windows" ]] && min_tls=1.2 # WinTLS on GHA doesn't support 1.3 yet

 "./$1" binstall \
    --force \
    --log-level debug \
-    --secure \
    --min-tls-version $min_tls \
    --no-confirm \
    cargo-binstall
--- a/crates/bin/src/args.rs
+++ b/crates/bin/src/args.rs
@ -113,15 +113,8 @@ pub struct Args {
    #[clap(help_heading = "Options", long)]
    pub install_path: Option<PathBuf>,

-    /// Enforce downloads over secure transports only.
-    ///
-    /// Insecure HTTP downloads will be removed completely in the future; in the meantime this
-    /// option forces a fail when the remote endpoint uses plaintext HTTP or insecure TLS suites.
-    ///
-    /// Without this option, plain HTTP will warn.
-    ///
-    /// Implies `--min-tls-version=1.2`.
-    #[clap(help_heading = "Options", long)]
+    /// Deprecated, here for back-compat only. Secure is now on by default.
+    #[clap(hide(true), long)]
    pub secure: bool,

    /// Force a crate to be installed even if it is already installed.
--- a/crates/bin/src/entry.rs
+++ b/crates/bin/src/entry.rs
@ -32,7 +32,7 @@ pub async fn install_crates(mut args: Args, jobserver_client: LazyJobserverClien
    let desired_targets = get_desired_targets(args.targets.take());

    // Initialize reqwest client
-    let client = create_reqwest_client(args.secure, args.min_tls_version.map(|v| v.into()))?;
+    let client = create_reqwest_client(args.min_tls_version.map(|v| v.into()))?;

    // Build crates.io api client
    let crates_io_api_client = crates_io_api::AsyncClient::new(
--- a/crates/lib/src/helpers/remote.rs
+++ b/crates/lib/src/helpers/remote.rs
@ -8,19 +8,13 @@ use url::Url;

 use crate::errors::BinstallError;

-pub fn create_reqwest_client(
-    secure: bool,
-    min_tls: Option<tls::Version>,
-) -> Result<Client, BinstallError> {
+pub fn create_reqwest_client(min_tls: Option<tls::Version>) -> Result<Client, BinstallError> {
    const USER_AGENT: &str = concat!(env!("CARGO_PKG_NAME"), "/", env!("CARGO_PKG_VERSION"));

-    let mut builder = ClientBuilder::new().user_agent(USER_AGENT);
-
-    if secure {
-        builder = builder
-            .https_only(true)
-            .min_tls_version(tls::Version::TLS_1_2);
-    }
+    let mut builder = ClientBuilder::new()
+        .user_agent(USER_AGENT)
+        .https_only(true)
+        .min_tls_version(tls::Version::TLS_1_2);

    if let Some(ver) = min_tls {
        builder = builder.min_tls_version(ver);