Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Adds flag to optionally use system certificates when fetching latest release. #133

Closed
wants to merge 3 commits into from
Closed

feat: Adds flag to optionally use system certificates when fetching latest release. #133

wants to merge 3 commits into from

Conversation

mchernicoff
Copy link

Resolves #132 See that issue for details.

This adds the "native" flag to the axoupdater CLI. If this flag is set, axoupdater will fetch the latest release using native system certs for TLS, instead of the reqwest crate's default Mozilla WebPKI certs.

@mchernicoff
Copy link
Author

This patch has not been fully tested in a production-like environment. In order to test it, a new release of axoupdater must first be created with these changes. Then you should run cargo dist build with cargo-dist with the updater option enabled to install axoupdater, then check that the newly created update command correctly allows the use of the "native" flag.

@mistydemeo
Copy link
Contributor

Apologies for the delay on reviewing here.

This makes sense to me conceptually, but I'm wondering a bit about the usability. In what circumstances would a user know that they need to pass the --native flag? Is this something that users in your environment are going to pass explicitly, or a default that all users using your distributed software will need? If it's the latter, I wonder if it would be better to have the CLI gate this based on environment variables.

@Gankra Gankra mentioned this pull request Jul 5, 2024
Merged
@mchernicoff
Copy link
Author

Apologies for the delay on reviewing here.

This makes sense to me conceptually, but I'm wondering a bit about the usability. In what circumstances would a user know that they need to pass the --native flag? Is this something that users in your environment are going to pass explicitly, or a default that all users using your distributed software will need? If it's the latter, I wonder if it would be better to have the CLI gate this based on environment variables.

To answer the question as asked (even as other solutions are being implemented), we don't expect most users of our software to have to use this flag. The issue is that we, the primary developers and maintainers of the software, need this feature to make our own software work in our corporate enterprise environment. So I was envisioning something that we, the developers, know to use and that other users can be told to use if they encounter the same error we get (e.g. A line in the README somewhere).

@mistydemeo
Copy link
Contributor

I believe this was resolved by #136, which was released in 0.6.7 - does that fully cover your usecase?

@mchernicoff
Copy link
Author

I believe this was resolved by #136, which was released in 0.6.7 - does that fully cover your usecase?

Yes, we should be good now. Thank you!

@Gankra Gankra closed this Aug 22, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Cannot use system certificates when fetching latest release
3 participants
@mchernicoff @mistydemeo @Gankra