From 530ee1955f3b9d0c9081ca0f998fecdb65294fa6 Mon Sep 17 00:00:00 2001 From: TheAssassin Date: Sun, 5 May 2024 17:41:39 +0200 Subject: [PATCH 1/4] Pin Alpine version now that 3.19 has been released --- ci/build-in-docker.sh | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/ci/build-in-docker.sh b/ci/build-in-docker.sh index 5ee5ee9..42e4283 100755 --- a/ci/build-in-docker.sh +++ b/ci/build-in-docker.sh @@ -31,8 +31,7 @@ case "$ARCH" in esac # libassuan-static is supported only from 3.19 onwards -# TODO: change this to a stable release once Alpine 3.19 was released -image="$image_prefix"/alpine:edge +image="$image_prefix"/alpine:3.19 repo_root="$(readlink -f "$(dirname "${BASH_SOURCE[0]}")"/..)" From 12563033e1f68e9577abfd000f23b4ea66b2107d Mon Sep 17 00:00:00 2001 From: TheAssassin Date: Sun, 5 May 2024 17:38:10 +0200 Subject: [PATCH 2/4] Handle nullptr properly Fixes segfaults in #34. --- src/appimagetool_fetch_runtime.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/appimagetool_fetch_runtime.cpp b/src/appimagetool_fetch_runtime.cpp index 5c7c225..5a05ecc 100644 --- a/src/appimagetool_fetch_runtime.cpp +++ b/src/appimagetool_fetch_runtime.cpp @@ -140,7 +140,7 @@ class GetRequest { #if querying_supported { const auto caInfo = getOption(CURLINFO_CAINFO); - if (std::filesystem::exists(caInfo)) { + if (caInfo != nullptr && std::filesystem::exists(caInfo)) { if (verbose) { std::cerr << "libcurl's default CA certificate bundle file " << caInfo << " was found on this system" << std::endl; } @@ -150,7 +150,7 @@ class GetRequest { { const auto caPath = getOption(CURLINFO_CAPATH); - if (std::filesystem::is_directory(caPath)) { + if (caPath != nullptr && std::filesystem::is_directory(caPath)) { if (verbose) { std::cerr << "libcurl's default CA certificate bundle directory " << caPath << " was found on this system" << std::endl; From 92f8d7a18989644e5b37cc1d034b19b829f86d0f Mon Sep 17 00:00:00 2001 From: TheAssassin Date: Sun, 5 May 2024 18:31:36 +0200 Subject: [PATCH 3/4] Fix missing spaces in log message --- src/appimagetool.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/appimagetool.c b/src/appimagetool.c index 6c22fbd..1233c9a 100644 --- a/src/appimagetool.c +++ b/src/appimagetool.c @@ -877,8 +877,8 @@ main (int argc, char *argv[]) } else { if (!fetch_runtime(arch, &size, &data, verbose)) { die( - "Failed to download runtime file, please download the runtime manually from" - "https://github.com/AppImage/type2-runtime/releases and pass it to appimagetool with" + "Failed to download runtime file, please download the runtime manually from " + "https://github.com/AppImage/type2-runtime/releases and pass it to appimagetool with " "--runtime-file" ); } From 707207f81245626fb45a3081ce4a43e83d58e48f Mon Sep 17 00:00:00 2001 From: TheAssassin Date: Sun, 5 May 2024 18:02:42 +0200 Subject: [PATCH 4/4] Fix CA certificate chain lookup logic When the values libcurl provides as defaults are broken, they should be unset or replaced with working ones. Therefore, we now probe them, unset broken ones and then run our detection logic if the values have not been set. This should make sure both values are either set with a seemingly usable path or unset. When neither of the values work, we log a warning. Then, the included locations can be amended, if possible. --- src/appimagetool_fetch_runtime.cpp | 33 ++++++++++++++++++++++-------- 1 file changed, 24 insertions(+), 9 deletions(-) diff --git a/src/appimagetool_fetch_runtime.cpp b/src/appimagetool_fetch_runtime.cpp index 5a05ecc..be996a1 100644 --- a/src/appimagetool_fetch_runtime.cpp +++ b/src/appimagetool_fetch_runtime.cpp @@ -134,6 +134,9 @@ class GetRequest { } void setUpTlsCaChainCompatibility(bool verbose) { + bool foundFile = false; + bool foundDir = false; + // from curl 7.84.0 on, one can query the default values and check if these files or directories exist // if not, we anyway run the detection #define querying_supported LIBCURL_VERSION_NUM >= CURL_VERSION_BITS(7, 84, 0) @@ -144,7 +147,12 @@ class GetRequest { if (verbose) { std::cerr << "libcurl's default CA certificate bundle file " << caInfo << " was found on this system" << std::endl; } - return; + foundFile = true; + } else { + if (verbose) { + std::cerr << "libcurl's default CA certificate bundle file " << caInfo << " was not found on this system, nulling" << std::endl; + } + setOption(CURLOPT_CAINFO, ""); } } @@ -155,36 +163,43 @@ class GetRequest { std::cerr << "libcurl's default CA certificate bundle directory " << caPath << " was found on this system" << std::endl; } - return; + foundDir = true; + } else { + if (verbose) { + std::cerr << "libcurl's default CA certificate bundle directory " << caPath << " was not found on this system, nulling" << std::endl; + } + setOption(CURLOPT_CAPATH, ""); } } #else #warning "libcurl version too old, not trying to use default values for system-provided CA certificate bundles" #endif - { + if (!foundFile) { const auto chainFile = findCaBundleFile(); if (!chainFile.empty()) { if (verbose) { std::cerr << "Using CA bundle file in " << chainFile << std::endl; } setOption(CURLOPT_CAINFO, chainFile.c_str()); - return; } + foundFile = true; } - { + if (!foundDir) { const auto chainDir = findCaBundleDirectory(); if (!chainDir.empty()) { if (verbose) { - std::cerr << "Using CA bundle file in " << chainDir << std::endl; + std::cerr << "Using CA bundle dir in " << chainDir << std::endl; } - setOption(CURLOPT_CAINFO, chainDir.c_str()); - return; + setOption(CURLOPT_CAPATH, chainDir.c_str()); } + foundDir = true; } - std::cerr << "Warning: could not find valid CA chain bundle, HTTPS requests will likely fail" << std::endl; + if (!foundFile && !foundDir) { + std::cerr << "Warning: could not find valid CA chain bundle, HTTPS requests will likely fail" << std::endl; + } } public: