KittyPatch/kitty
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

macOS: Bundle mozilla's root certificates with kitty

Browse Source 
Apple doesnt provide root certificates in a form useable by openssl
which means all ssl based network requests fail, so bundle our own

Fixes #3936
This commit is contained in:
Kovid Goyal 2021-08-16 17:16:03 +05:30
parent 827b6598b2
commit 56cb628ee8
No known key found for this signature in database
GPG Key ID: 06BC317B515ACE7C
3 changed files with 37 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
__main__.py
View File

@ -123,17 +123,29 @@ def setup_openssl_environment() -> None:
# out of their asses and implement a common location for SSL certificates. # out of their asses and implement a common location for SSL certificates.
# It's not that hard people, there exists a wonderful tool called the symlink # It's not that hard people, there exists a wonderful tool called the symlink
# See https://www.mobileread.com/forums/showthread.php?t=256095 # See https://www.mobileread.com/forums/showthread.php?t=256095
if 'SSL_CERT_FILE' not in os.environ and 'SSL_CERT_DIR' not in os.environ: #
if os.access('/etc/pki/tls/certs/ca-bundle.crt', os.R_OK): # Also load bundled certs on macOS since Apple tries to make everyone use
os.environ['SSL_CERT_FILE'] = '/etc/pki/tls/certs/ca-bundle.crt' # their NIH SSL library instead of OpenSSL.
if 'SSL_CERT_FILE' in os.environ or 'SSL_CERT_DIR' in os.environ:
return
candidates = ['/etc/pki/tls/certs/ca-bundle.crt']
ext_dir = getattr(sys, 'kitty_extensions_dir', '')
if ext_dir:
if 'darwin' in sys.platform.lower():
d = os.path.dirname
candidates.append(os.path.join(d(d(d(ext_dir))), 'cacert.pem'))
for q in candidates:
if os.access(q, os.R_OK):
os.environ['SSL_CERT_FILE'] = q
setattr(sys, 'kitty_ssl_env_var', 'SSL_CERT_FILE') setattr(sys, 'kitty_ssl_env_var', 'SSL_CERT_FILE')
elif os.path.isdir('/etc/ssl/certs'): return
os.environ['SSL_CERT_DIR'] = '/etc/ssl/certs' if os.path.isdir('/etc/ssl/certs'):
setattr(sys, 'kitty_ssl_env_var', 'SSL_CERT_DIR') os.environ['SSL_CERT_DIR'] = '/etc/ssl/certs'
setattr(sys, 'kitty_ssl_env_var', 'SSL_CERT_DIR')
def main() -> None: def main() -> None:
if getattr(sys, 'frozen', False) and 'darwin' not in sys.platform.lower(): if getattr(sys, 'frozen', False):
setup_openssl_environment() setup_openssl_environment()
first_arg = '' if len(sys.argv) < 2 else sys.argv[1] first_arg = '' if len(sys.argv) < 2 else sys.argv[1]
func = entry_points.get(first_arg) func = entry_points.get(first_arg)

11
bypy/macos/__main__.py
View File

@ -170,6 +170,7 @@ class Freeze(object):
self.add_stdlib() self.add_stdlib()
self.add_misc_libraries() self.add_misc_libraries()
self.freeze_python() self.freeze_python()
self.add_ca_certs()
if not self.dont_strip: if not self.dont_strip:
self.strip_files() self.strip_files()
if not self.skip_tests: if not self.skip_tests:
@ -180,6 +181,16 @@ class Freeze(object):
return ret return ret
@flush
def add_ca_certs(self):
print('\nDownloading CA certs...')
from urllib.request import urlopen
ca_certs_url = 'https://curl.haxx.se/ca/cacert.pem'
certs = urlopen(ca_certs_url).read()
dest = os.path.join(self.contents_dir, 'Resources', 'cacert.pem')
with open(dest, 'wb') as f:
f.write(certs)
@flush @flush
def strip_files(self): def strip_files(self):
print('\nStripping files...') print('\nStripping files...')

7
docs/changelog.rst
View File

@ -4,6 +4,13 @@ Changelog
|kitty| is a feature-rich, cross-platform, *fast*, GPU based terminal. |kitty| is a feature-rich, cross-platform, *fast*, GPU based terminal.
To update |kitty|, :doc:`follow the instructions <binary>`. To update |kitty|, :doc:`follow the instructions <binary>`.
0.23.1 [future]
----------------------
- macOS: Fix themes kitten failing to download themes because of missing SSL
certificates (:iss:`3936`)
- A new :doc:`themes kitten </kittens/themes>` to easily change kitty themes.
0.23.0 [2021-08-16] 0.23.0 [2021-08-16]
---------------------- ----------------------