Merge pull request #177 from r-lib/fix/embedded-certs-on-linux

gaborcsardi · web-flow · commit edc019e4c0e9 · 2023-08-24T23:49:38.000+02:00
diff --git a/Makefile b/Makefile
@@ -47,9 +47,12 @@ rig-$(VERSION).tar.gz: target/release/rig
 	mkdir -p build/bin
 	mkdir -p build/share/bash-completion/completions
 	mkdir -p build/share/zsh/site-functions
+	ls -l target/release
 	cp target/release/rig build/bin
 	find target/release/build -name _rig -exec cp \{\} build/share/zsh/site-functions \; 
-	find target/release/build -name rig.bash -exec cp \{\} build/share/bash-completion/completions \; 
+	find target/release/build -name rig.bash -exec cp \{\} build/share/bash-completion/completions \;
+	mkdir -p build/share/rig
+	curl -L -o build/share/rig/cacert.pem 'https://curl.se/ca/cacert.pem'
 	tar cz -C build -f $@ bin share
 
 # -------------------------------------------------------------------------
diff --git a/src/escalate.rs b/src/escalate.rs
@@ -50,6 +50,8 @@ pub fn escalate(task: &str) -> Result<(), Box<dyn Error>> {
             "LC_MONETARY",
             "LC_NUMERIC",
             "LC_TIME",
+            "SSL_CERT_FILE",
+            "SSL_CERT_DIR",
         ])?;
     }
 
diff --git a/src/linux.rs b/src/linux.rs
@@ -11,7 +11,7 @@ use std::{file, line};
 
 use clap::ArgMatches;
 use simple_error::*;
-use simplelog::{trace,debug, info, warn};
+use simplelog::{trace, debug, info, warn};
 
 use crate::resolve::resolve_versions;
 use crate::rversion::*;
@@ -855,4 +855,26 @@ fn check_usr_bin_sed(rver: &str) -> Result<(), Box<dyn Error>> {
            Run `ln -s /bin/sed /usr/bin/sed` as the root user to fix this,\n        \
            and then run rig again."
         );
-}
+}
+
+pub fn set_cert_envvar() {
+    match std::env::var("SSL_CERT_FILE") {
+        Ok(_)  => {
+            debug!("SSL_CERT_FILE is already set, keeping it.");
+            return;
+        },
+        Err(_) => {
+            let scertpath = "/usr/local/share/rig/cacert.pem";
+            let certpath = std::path::Path::new(scertpath);
+            if certpath.exists() {
+                debug!("Using embedded SSL certificates via SSL_CERT_FILE");
+                std::env::set_var("SSL_CERT_FILE", scertpath);
+            } else {
+                debug!(
+                    "{} does not exist, using system SSL certificates",
+                    scertpath
+                );
+            }
+        }
+    };
+}
diff --git a/src/main.rs b/src/main.rs
@@ -54,7 +54,6 @@ fn main() {
 }
 
 fn main_() -> i32 {
-    unset_r_envvars();
     let args = parse_args();
 
     // -- set up logger output --------------------------------------------
@@ -87,6 +86,11 @@ fn main_() -> i32 {
         _ => {}
     };
 
+    unset_r_envvars();
+
+    #[cfg(target_os = "linux")]
+    set_cert_envvar();
+
     // --------------------------------------------------------------------
 
     match main__(&args) {

Original file line number	Diff line number	Diff line change
`@@ -50,6 +50,8 @@ pub fn escalate(task: &str) -> Result<(), Box<dyn Error>> {`
`50`	`50`	`"LC_MONETARY",`
`51`	`51`	`"LC_NUMERIC",`
`52`	`52`	`"LC_TIME",`
	`53`	`+ "SSL_CERT_FILE",`
	`54`	`+ "SSL_CERT_DIR",`
`53`	`55`	`])?;`
`54`	`56`	`}`
`55`	`57`