这是indexloc提供的服务,不要输入任何密码
Skip to content

Support http.cainfo and some authentication support #148

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Jan 3, 2024
Merged

Support http.cainfo and some authentication support #148

merged 2 commits into from
Jan 3, 2024

Conversation

j-baker
Copy link
Contributor

@j-baker j-baker commented Jan 3, 2024

I use a private Cargo sparse registry. With the last two fixes, more stuff works, but overall there are still problems.

  1. The current version asserts HTTP/2 is available. This can't be assumed, as while it's available for crates.io, it's not part of the registry spec. I've increased the scope of connection reuse so there should practically be no additional overhead (and arguably reduced due to fewer TLS handshakes).
  2. http.cainfo is the cargo config which is used to set a new CA bundle. We utilise it because our company has its own trust root. This is not picked up by cargo-workspaces, so all commands fail with TLS issues. If this config is set, I've changed the code to configure the client to use it. This requires the use of rustls due to some quirks with reqwest.
  3. Sparse registries may require authentication. There doesn't obviously seem to be a way to configure tame index to use this. I've made an assumption that if --token is provided, this probably has read access as well as write access and configured it on the reqwest client. Over time, this is likely faulty - with the new Cargo credential helpers it's likely people will move away from using --token. However, what we have here is likely good enough for now.

j-baker added 2 commits January 3, 2024 09:19
@j-baker
Support http.cainfo and some authentication support
3efe646 
I use a private Cargo sparse registry. With the last two fixes, more
stuff works, but overall there are still problems.

1. The current version asserts HTTP/2 is available. This can't be
   assumed, as while it's available for crates.io, it's not part of the
   registry spec. I've increased the scope of connection reuse so there
   should practically be no additional overhead (and arguably reduced
   due to fewer TLS handshakes).
1. http.cainfo is the cargo config which is used to set a new CA bundle.
   We utilise it because our company has its own trust root. If this
   config is set, I've changed the code to configure the client to use
   it.
1. Sparse registries may require authentication. There doesn't obviously
   seem to be a way to configure tame index to use this. I've made an
   assumption that if `--token` is provided, this probably has read
   access as well as write access and configured it on the reqwest
   client. Over time, this is likely faulty - with the new Cargo
   credential helpers it's likely people will move away from using
   `--token`. However, what we have here is likely good enough for now.
@j-baker
imports
679b79a
@j-baker j-baker mentioned this pull request Jan 3, 2024
Closed
@pksunkara pksunkara linked an issue Jan 3, 2024 that may be closed by this pull request
Publish reads from wrong registry when --registry option provided #79
Closed
@pksunkara pksunkara merged commit 68df8c6 into pksunkara:master Jan 3, 2024
@pksunkara
Copy link
Owner

Thanks for the contribution. Please test it out and let me know and I will do the release.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Publish reads from wrong registry when --registry option provided
2 participants
@j-baker @pksunkara