mirror of
https://github.com/GNS3/gns3-server
synced 2025-01-12 09:00:57 +00:00
Merge pull request #2265 from GNS3/use-bundled-cacert
Use bundled cacert file for frozen app
This commit is contained in:
commit
04a302a389
@ -15,13 +15,13 @@
|
|||||||
# You should have received a copy of the GNU General Public License
|
# You should have received a copy of the GNU General Public License
|
||||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
|
||||||
import sys
|
|
||||||
import os
|
import os
|
||||||
import json
|
import json
|
||||||
import uuid
|
import uuid
|
||||||
import asyncio
|
import asyncio
|
||||||
import aiohttp
|
import aiohttp
|
||||||
import shutil
|
import shutil
|
||||||
|
import ssl
|
||||||
|
|
||||||
try:
|
try:
|
||||||
import importlib_resources
|
import importlib_resources
|
||||||
@ -32,6 +32,7 @@ except ImportError:
|
|||||||
from .appliance import Appliance
|
from .appliance import Appliance
|
||||||
from ..config import Config
|
from ..config import Config
|
||||||
from ..utils.asyncio import locking
|
from ..utils.asyncio import locking
|
||||||
|
from ..utils.cacert import get_cacert
|
||||||
|
|
||||||
import logging
|
import logging
|
||||||
log = logging.getLogger(__name__)
|
log = logging.getLogger(__name__)
|
||||||
@ -46,6 +47,7 @@ class ApplianceManager:
|
|||||||
|
|
||||||
self._appliances = {}
|
self._appliances = {}
|
||||||
self._appliances_etag = None
|
self._appliances_etag = None
|
||||||
|
self._sslcontext = ssl.create_default_context(cafile=get_cacert())
|
||||||
|
|
||||||
@property
|
@property
|
||||||
def appliances_etag(self):
|
def appliances_etag(self):
|
||||||
@ -174,7 +176,7 @@ class ApplianceManager:
|
|||||||
|
|
||||||
symbol_url = "https://raw.githubusercontent.com/GNS3/gns3-registry/master/symbols/{}".format(symbol)
|
symbol_url = "https://raw.githubusercontent.com/GNS3/gns3-registry/master/symbols/{}".format(symbol)
|
||||||
async with aiohttp.ClientSession() as session:
|
async with aiohttp.ClientSession() as session:
|
||||||
async with session.get(symbol_url) as response:
|
async with session.get(symbol_url, ssl=self._sslcontext) as response:
|
||||||
if response.status != 200:
|
if response.status != 200:
|
||||||
log.warning("Could not retrieve appliance symbol {} from GitHub due to HTTP error code {}".format(symbol, response.status))
|
log.warning("Could not retrieve appliance symbol {} from GitHub due to HTTP error code {}".format(symbol, response.status))
|
||||||
else:
|
else:
|
||||||
@ -200,7 +202,11 @@ class ApplianceManager:
|
|||||||
log.info("Checking if appliances are up-to-date (ETag {})".format(self._appliances_etag))
|
log.info("Checking if appliances are up-to-date (ETag {})".format(self._appliances_etag))
|
||||||
headers["If-None-Match"] = self._appliances_etag
|
headers["If-None-Match"] = self._appliances_etag
|
||||||
async with aiohttp.ClientSession() as session:
|
async with aiohttp.ClientSession() as session:
|
||||||
async with session.get('https://api.github.com/repos/GNS3/gns3-registry/contents/appliances', headers=headers) as response:
|
async with session.get(
|
||||||
|
'https://api.github.com/repos/GNS3/gns3-registry/contents/appliances',
|
||||||
|
ssl=self._sslcontext,
|
||||||
|
headers=headers
|
||||||
|
) as response:
|
||||||
if response.status == 304:
|
if response.status == 304:
|
||||||
log.info("Appliances are already up-to-date (ETag {})".format(self._appliances_etag))
|
log.info("Appliances are already up-to-date (ETag {})".format(self._appliances_etag))
|
||||||
return
|
return
|
||||||
|
@ -32,7 +32,7 @@ import distro
|
|||||||
|
|
||||||
from .version import __version__, __version_info__
|
from .version import __version__, __version_info__
|
||||||
from .config import Config
|
from .config import Config
|
||||||
from .utils.get_resource import get_resource
|
from .utils.cacert import get_cacert
|
||||||
|
|
||||||
import logging
|
import logging
|
||||||
log = logging.getLogger(__name__)
|
log = logging.getLogger(__name__)
|
||||||
@ -71,21 +71,13 @@ class CrashReport:
|
|||||||
sentry_uncaught.disabled = True
|
sentry_uncaught.disabled = True
|
||||||
|
|
||||||
if SENTRY_SDK_AVAILABLE:
|
if SENTRY_SDK_AVAILABLE:
|
||||||
cacert = None
|
|
||||||
if hasattr(sys, "frozen"):
|
|
||||||
cacert_resource = get_resource("cacert.pem")
|
|
||||||
if cacert_resource is not None and os.path.isfile(cacert_resource):
|
|
||||||
cacert = cacert_resource
|
|
||||||
else:
|
|
||||||
log.error("The SSL certificate bundle file '{}' could not be found".format(cacert_resource))
|
|
||||||
|
|
||||||
# Don't send log records as events.
|
# Don't send log records as events.
|
||||||
sentry_logging = LoggingIntegration(level=logging.INFO, event_level=None)
|
sentry_logging = LoggingIntegration(level=logging.INFO, event_level=None)
|
||||||
|
|
||||||
try:
|
try:
|
||||||
sentry_sdk.init(dsn=CrashReport.DSN,
|
sentry_sdk.init(dsn=CrashReport.DSN,
|
||||||
release=__version__,
|
release=__version__,
|
||||||
ca_certs=cacert,
|
ca_certs=get_cacert(),
|
||||||
default_integrations=False,
|
default_integrations=False,
|
||||||
integrations=[sentry_logging])
|
integrations=[sentry_logging])
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
|
34
gns3server/utils/cacert.py
Normal file
34
gns3server/utils/cacert.py
Normal file
@ -0,0 +1,34 @@
|
|||||||
|
# -*- coding: utf-8 -*-
|
||||||
|
#
|
||||||
|
# Copyright (C) 2023 GNS3 Technologies Inc.
|
||||||
|
#
|
||||||
|
# This program is free software: you can redistribute it and/or modify
|
||||||
|
# it under the terms of the GNU General Public License as published by
|
||||||
|
# the Free Software Foundation, either version 3 of the License, or
|
||||||
|
# (at your option) any later version.
|
||||||
|
#
|
||||||
|
# This program is distributed in the hope that it will be useful,
|
||||||
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
# GNU General Public License for more details.
|
||||||
|
#
|
||||||
|
# You should have received a copy of the GNU General Public License
|
||||||
|
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
|
||||||
|
import os
|
||||||
|
import sys
|
||||||
|
|
||||||
|
from .get_resource import get_resource
|
||||||
|
|
||||||
|
import logging
|
||||||
|
log = logging.getLogger(__name__)
|
||||||
|
|
||||||
|
|
||||||
|
def get_cacert():
|
||||||
|
if hasattr(sys, "frozen"):
|
||||||
|
cacert_resource = get_resource("cacert.pem")
|
||||||
|
if cacert_resource is not None and os.path.isfile(cacert_resource):
|
||||||
|
return cacert_resource
|
||||||
|
else:
|
||||||
|
log.error("The SSL certificate bundle file '{}' could not be found".format(cacert_resource))
|
||||||
|
return None # this means we use the system's CA bundle
|
Loading…
Reference in New Issue
Block a user