From 8e92db3dc61e2270173831b86b8d003f7150bee3 Mon Sep 17 00:00:00 2001 From: Jiahao XU Date: Wed, 22 Jun 2022 16:01:05 +1000 Subject: [PATCH 01/10] Refactor: Extract `new_reqwest_client(_builder)` Signed-off-by: Jiahao XU --- src/fetchers/quickinstall.rs | 6 ++++-- src/helpers.rs | 16 +++++++++++++--- 2 files changed, 17 insertions(+), 5 deletions(-) diff --git a/src/fetchers/quickinstall.rs b/src/fetchers/quickinstall.rs index 7d6ed14a..120dd6cb 100644 --- a/src/fetchers/quickinstall.rs +++ b/src/fetchers/quickinstall.rs @@ -7,7 +7,9 @@ use tokio::task::JoinHandle; use url::Url; use super::Data; -use crate::{download_and_extract, remote_exists, BinstallError, PkgFmt}; +use crate::{ + download_and_extract, new_reqwest_client_builder, remote_exists, BinstallError, PkgFmt, +}; const BASE_URL: &str = "https://github.com/alsuren/cargo-quickinstall/releases/download"; const STATS_URL: &str = "https://warehouse-clerk-tmp.vercel.app/api/crate"; @@ -89,7 +91,7 @@ impl QuickInstall { let url = Url::parse(&stats_url)?; debug!("Sending installation report to quickinstall ({url})"); - reqwest::Client::builder() + new_reqwest_client_builder() .user_agent(USER_AGENT) .build()? .request(Method::HEAD, url.clone()) diff --git a/src/helpers.rs b/src/helpers.rs index 55aee08c..806cc7cd 100644 --- a/src/helpers.rs +++ b/src/helpers.rs @@ -5,7 +5,7 @@ use bytes::Bytes; use cargo_toml::Manifest; use futures_util::stream::Stream; use log::debug; -use reqwest::{Method, Response}; +use reqwest::{Client, ClientBuilder, Method, Response}; use serde::Serialize; use tinytemplate::TinyTemplate; use url::Url; @@ -40,8 +40,16 @@ pub fn load_manifest_path>( Ok(manifest) } +pub fn new_reqwest_client_builder() -> ClientBuilder { + ClientBuilder::new() +} + +pub fn new_reqwest_client() -> reqwest::Result { + new_reqwest_client_builder().build() +} + pub async fn remote_exists(url: Url, method: Method) -> Result { - let req = reqwest::Client::new() + let req = new_reqwest_client()? .request(method.clone(), url.clone()) .send() .await @@ -54,7 +62,9 @@ async fn create_request( ) -> Result>, BinstallError> { debug!("Downloading from: '{url}'"); - reqwest::get(url.clone()) + new_reqwest_client()? + .get(url.clone()) + .send() .await .and_then(|r| r.error_for_status()) .map_err(|err| BinstallError::Http { From eb7d460a9af6c2226a43434f7c904f5111e4f3bc Mon Sep 17 00:00:00 2001 From: Jiahao XU Date: Wed, 22 Jun 2022 19:00:02 +1000 Subject: [PATCH 02/10] Add new enum `TLSVersion` which impl `ArgEnum` and can be converted to `reqwest::tls::Version` Signed-off-by: Jiahao XU --- src/helpers.rs | 3 +++ src/helpers/tls_version.rs | 17 +++++++++++++++++ 2 files changed, 20 insertions(+) create mode 100644 src/helpers/tls_version.rs diff --git a/src/helpers.rs b/src/helpers.rs index 806cc7cd..9e37c73e 100644 --- a/src/helpers.rs +++ b/src/helpers.rs @@ -27,6 +27,9 @@ mod stream_readable; mod path_ext; pub use path_ext::*; +mod tls_version; +pub use tls_version::TLSVersion; + /// Load binstall metadata from the crate `Cargo.toml` at the provided path pub fn load_manifest_path>( manifest_path: P, diff --git a/src/helpers/tls_version.rs b/src/helpers/tls_version.rs new file mode 100644 index 00000000..1f0ad5dc --- /dev/null +++ b/src/helpers/tls_version.rs @@ -0,0 +1,17 @@ +use clap::ArgEnum; +use reqwest::tls::Version; + +#[derive(Debug, Copy, Clone, ArgEnum)] +pub enum TLSVersion { + Tls1_2, + Tls1_3, +} + +impl From for Version { + fn from(ver: TLSVersion) -> Self { + match ver { + TLSVersion::Tls1_2 => Version::TLS_1_2, + TLSVersion::Tls1_3 => Version::TLS_1_3, + } + } +} From 64f468acd61f2691474cefc77ce6e6344c76110f Mon Sep 17 00:00:00 2001 From: Jiahao XU Date: Wed, 22 Jun 2022 19:01:40 +1000 Subject: [PATCH 03/10] Add new opt `https_only_mode` & `min_tls_version` Signed-off-by: Jiahao XU --- src/main.rs | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/src/main.rs b/src/main.rs index 0d8748cc..4250a653 100644 --- a/src/main.rs +++ b/src/main.rs @@ -84,6 +84,14 @@ struct Options { #[clap(long)] no_cleanup: bool, + /// Enable https only mode + #[clap(long)] + https_only_mode: bool, + + /// Decide which TLS version to use. + #[clap(long, arg_enum)] + min_tls_version: Option, + /// Override manifest source. /// /// This skips searching crates.io for a manifest and uses the specified path directly, useful From 0423f54b53fd12781b50e654e1d287d221963968 Mon Sep 17 00:00:00 2001 From: Jiahao XU Date: Wed, 22 Jun 2022 19:03:32 +1000 Subject: [PATCH 04/10] Add new dep once_cell v1.12.0 Signed-off-by: Jiahao XU --- Cargo.lock | 1 + Cargo.toml | 1 + 2 files changed, 2 insertions(+) diff --git a/Cargo.lock b/Cargo.lock index 3ff44ae8..9b3b74b5 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -145,6 +145,7 @@ dependencies = [ "guess_host_triple", "log", "miette", + "once_cell", "reqwest", "scopeguard", "semver", diff --git a/Cargo.toml b/Cargo.toml index 379e649b..42968b54 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -30,6 +30,7 @@ flate2 = { version = "1.0.24", features = ["zlib-ng"], default-features = false futures-util = { version = "0.3.21", default-features = false } log = "0.4.14" miette = { version = "4.7.1", features = ["fancy-no-backtrace"] } +once_cell = "1.12.0" reqwest = { version = "0.11.11", features = [ "rustls-tls", "stream" ], default-features = false } scopeguard = "1.1.0" semver = "1.0.10" From a3ab3ec502406fb851049f27529c32e6da93ab80 Mon Sep 17 00:00:00 2001 From: Jiahao XU Date: Wed, 22 Jun 2022 19:12:32 +1000 Subject: [PATCH 05/10] Add new static var `REQWESTGLOBALCONFIG` Signed-off-by: Jiahao XU --- src/helpers.rs | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/src/helpers.rs b/src/helpers.rs index 9e37c73e..5ae9744f 100644 --- a/src/helpers.rs +++ b/src/helpers.rs @@ -5,6 +5,7 @@ use bytes::Bytes; use cargo_toml::Manifest; use futures_util::stream::Stream; use log::debug; +use once_cell::sync::OnceCell; use reqwest::{Client, ClientBuilder, Method, Response}; use serde::Serialize; use tinytemplate::TinyTemplate; @@ -30,6 +31,9 @@ pub use path_ext::*; mod tls_version; pub use tls_version::TLSVersion; +/// (enable https only mode, min TLS version_option) +pub static REQWESTGLOBALCONFIG: OnceCell<(bool, Option)> = OnceCell::new(); + /// Load binstall metadata from the crate `Cargo.toml` at the provided path pub fn load_manifest_path>( manifest_path: P, @@ -44,7 +48,19 @@ pub fn load_manifest_path>( } pub fn new_reqwest_client_builder() -> ClientBuilder { - ClientBuilder::new() + let mut builder = ClientBuilder::new(); + + if let Some((https_only, min_tls_ver_opt)) = REQWESTGLOBALCONFIG.get() { + if *https_only { + builder = builder.http2_prior_knowledge(); + } + + if let Some(min_tls_ver) = *min_tls_ver_opt { + builder = builder.min_tls_version(min_tls_ver.into()); + } + } + + builder } pub fn new_reqwest_client() -> reqwest::Result { From 087d544331367cb67acc7224a0a593557fc0ee19 Mon Sep 17 00:00:00 2001 From: Jiahao XU Date: Wed, 22 Jun 2022 19:14:32 +1000 Subject: [PATCH 06/10] Initialize `REQWESTGLOBALCONFIG` in `main::entry` Signed-off-by: Jiahao XU --- src/main.rs | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/main.rs b/src/main.rs index 4250a653..10b9f034 100644 --- a/src/main.rs +++ b/src/main.rs @@ -185,6 +185,11 @@ async fn entry() -> Result<()> { bin_dir: opts.bin_dir.take(), }; + // Initialize REQWESTGLOBALCONFIG + REQWESTGLOBALCONFIG + .set((opts.https_only_mode, opts.min_tls_version)) + .unwrap(); + // Setup logging let mut log_config = ConfigBuilder::new(); log_config.add_filter_ignore("hyper".to_string()); From 423fb0e373f07e70ccc5c9062478886393fb2427 Mon Sep 17 00:00:00 2001 From: Jiahao XU Date: Wed, 22 Jun 2022 19:16:39 +1000 Subject: [PATCH 07/10] Test https-only-mode & min-tls-ver in `run_tests_unix.sh` Signed-off-by: Jiahao XU --- ci-scripts/run_tests_unix.sh | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/ci-scripts/run_tests_unix.sh b/ci-scripts/run_tests_unix.sh index dbc25abd..87bf9784 100755 --- a/ci-scripts/run_tests_unix.sh +++ b/ci-scripts/run_tests_unix.sh @@ -20,3 +20,8 @@ cargo binstall --help >/dev/null "./$1" binstall --log-level debug --manifest-path . --no-confirm cargo-binstall # Test that the installed binaries can be run cargo binstall --help >/dev/null + +# Install binaries using https-only-mode and specify min tls ver +"./$1" binstall --https-only-mode --min-tls-version tls1-3 cargo-binstall +# Test that the installed binaries can be run +cargo binstall --help >/dev/null From b03ec6fb933b0d3ffaf1743fe6f4cb0b5384508b Mon Sep 17 00:00:00 2001 From: Jiahao XU Date: Wed, 22 Jun 2022 19:27:35 +1000 Subject: [PATCH 08/10] Fix `run_tests_unix.sh`: Add `--no-confirm` Signed-off-by: Jiahao XU --- ci-scripts/run_tests_unix.sh | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/ci-scripts/run_tests_unix.sh b/ci-scripts/run_tests_unix.sh index 87bf9784..135d4765 100755 --- a/ci-scripts/run_tests_unix.sh +++ b/ci-scripts/run_tests_unix.sh @@ -22,6 +22,11 @@ cargo binstall --help >/dev/null cargo binstall --help >/dev/null # Install binaries using https-only-mode and specify min tls ver -"./$1" binstall --https-only-mode --min-tls-version tls1-3 cargo-binstall +"./$1" binstall \ + --log-level debug \ + --https-only-mode \ + --min-tls-version tls1-3 \ + --no-confirm \ + cargo-binstall # Test that the installed binaries can be run cargo binstall --help >/dev/null From 9b62ebdae185de8fcae196750bd1e2ebabf0ed32 Mon Sep 17 00:00:00 2001 From: Jiahao XU Date: Wed, 22 Jun 2022 19:28:34 +1000 Subject: [PATCH 09/10] Fix https only mode: It should not be http2 only Signed-off-by: Jiahao XU --- src/helpers.rs | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/src/helpers.rs b/src/helpers.rs index 5ae9744f..6be1df71 100644 --- a/src/helpers.rs +++ b/src/helpers.rs @@ -51,9 +51,7 @@ pub fn new_reqwest_client_builder() -> ClientBuilder { let mut builder = ClientBuilder::new(); if let Some((https_only, min_tls_ver_opt)) = REQWESTGLOBALCONFIG.get() { - if *https_only { - builder = builder.http2_prior_knowledge(); - } + builder = builder.https_only(*https_only); if let Some(min_tls_ver) = *min_tls_ver_opt { builder = builder.min_tls_version(min_tls_ver.into()); From 691bc18dd0481fabd8b21e62b095eae6ff4babe1 Mon Sep 17 00:00:00 2001 From: Jiahao XU Date: Thu, 23 Jun 2022 13:03:50 +1000 Subject: [PATCH 10/10] Set min TLS ver to 1.2 for https only mode Signed-off-by: Jiahao XU --- src/helpers.rs | 4 ++++ src/main.rs | 5 ++++- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/src/helpers.rs b/src/helpers.rs index 6be1df71..03bf97c9 100644 --- a/src/helpers.rs +++ b/src/helpers.rs @@ -53,6 +53,10 @@ pub fn new_reqwest_client_builder() -> ClientBuilder { if let Some((https_only, min_tls_ver_opt)) = REQWESTGLOBALCONFIG.get() { builder = builder.https_only(*https_only); + if *https_only { + builder = builder.min_tls_version(reqwest::tls::Version::TLS_1_2); + } + if let Some(min_tls_ver) = *min_tls_ver_opt { builder = builder.min_tls_version(min_tls_ver.into()); } diff --git a/src/main.rs b/src/main.rs index 10b9f034..5b2294ac 100644 --- a/src/main.rs +++ b/src/main.rs @@ -84,7 +84,10 @@ struct Options { #[clap(long)] no_cleanup: bool, - /// Enable https only mode + /// Enable https only mode. + /// + /// When https only mode is enabled, it will also set + /// minimum TLS version to tls1_2. #[clap(long)] https_only_mode: bool,