From 82ed636193e5606bd863cb62d4f6c55731263be1 Mon Sep 17 00:00:00 2001 From: Pedro Tacla Yamada Date: Tue, 23 Apr 2024 13:19:12 +1000 Subject: [PATCH] Use rustls for sentry client (#9667) * Fix workflow syntax * Fix workflow syntax * Use rustls for sentry --- .github/workflows/release.yml | 15 ++- Cargo.lock | 177 ++++++++++++++++++++++++++++++-- crates/node-bindings/Cargo.toml | 8 +- 3 files changed, 187 insertions(+), 13 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index d99bd378f8d..d00dcbbd5c2 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -11,6 +11,11 @@ on: description: 'The type of release, usually corresponds to the dist-tag' required: true type: string + profile: + description: 'The profile to use when building the native binaries' + required: false + default: 'release' + type: string secrets: GHCR_TOKEN: required: true @@ -53,7 +58,7 @@ jobs: if: ${{ matrix.target == 'aarch64-apple-darwin' }} run: sudo rm -Rf /Library/Developer/CommandLineTools/SDKs/*; - name: Build native packages - run: yarn build-native-${{ input.profile || 'release' }} + run: yarn build-native-${{ inputs.profile }} env: RUST_TARGET: ${{ matrix.target }} - name: Strip debug symbols # https://github.com/rust-lang/rust/issues/46034 @@ -88,7 +93,7 @@ jobs: override: true - uses: bahmutov/npm-install@v1.8.35 - name: Build native packages - run: yarn build-native-${{ input.profile || 'release' }} + run: yarn build-native-${{ inputs.profile }} - name: Strip debug symbols # https://github.com/rust-lang/rust/issues/46034 run: strip packages/*/*/*.node - name: Upload artifacts @@ -133,7 +138,7 @@ jobs: with: shared-key: ${{ matrix.target }} - name: Build native packages - run: yarn build-native-${{ input.profile || 'release' }} + run: yarn build-native-${{ inputs.profile }} env: RUST_TARGET: ${{ matrix.target }} CFLAGS: ${{ matrix.cflags }} @@ -186,7 +191,7 @@ jobs: target: ${{ matrix.target }} - uses: bahmutov/npm-install@v1.8.35 - name: Build native packages - run: yarn build-native-${{ input.profile || 'release' }} + run: yarn build-native-${{ inputs.profile }} env: RUST_TARGET: ${{ matrix.target }} CFLAGS: ${{ matrix.cflags }} @@ -217,7 +222,7 @@ jobs: fetch-depth: 0 - uses: bahmutov/npm-install@v1.8.35 - name: Build native packages - run: yarn build-native-${{ input.profile || 'release' }} + run: yarn build-native-${{ inputs.profile }} - name: Download artifacts uses: actions/download-artifact@v3 with: diff --git a/Cargo.lock b/Cargo.lock index 0726c5822ef..02eddd3f1f4 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -76,6 +76,9 @@ name = "anyhow" version = "1.0.75" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a4668cab20f66d8d020e1fbc0ebe47217433c1b6c8f2040faf858554e394ace6" +dependencies = [ + "backtrace", +] [[package]] name = "arrayvec" @@ -915,6 +918,20 @@ dependencies = [ "want", ] +[[package]] +name = "hyper-rustls" +version = "0.24.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ec3efd23720e2049821a693cbc7e65ea87c72f1c58ff2f9522ff332b1491e590" +dependencies = [ + "futures-util", + "http", + "hyper", + "rustls 0.21.11", + "tokio", + "tokio-rustls", +] + [[package]] name = "hyper-tls" version = "0.5.0" @@ -1507,9 +1524,9 @@ checksum = "ff011a302c396a5197692431fc1948019154afc178baf7d8e37367442a4601cf" [[package]] name = "openssl-sys" -version = "0.9.101" +version = "0.9.102" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dda2b0f344e78efc2facf7d195d098df0dd72151b26ab98da807afc26c198dff" +checksum = "c597637d56fbc83893a35eb0dd04b2b8e7a50c91e64e9493e398b5df4fb45fa2" dependencies = [ "cc", "libc", @@ -2004,6 +2021,7 @@ dependencies = [ "http", "http-body", "hyper", + "hyper-rustls", "hyper-tls", "ipnet", "js-sys", @@ -2013,6 +2031,7 @@ dependencies = [ "once_cell", "percent-encoding", "pin-project-lite", + "rustls 0.21.11", "rustls-pemfile", "serde", "serde_json", @@ -2021,11 +2040,13 @@ dependencies = [ "system-configuration", "tokio", "tokio-native-tls", + "tokio-rustls", "tower-service", "url", "wasm-bindgen", "wasm-bindgen-futures", "web-sys", + "webpki-roots 0.25.4", "winreg", ] @@ -2038,6 +2059,20 @@ dependencies = [ "bytemuck", ] +[[package]] +name = "ring" +version = "0.17.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9babe80d5c16becf6594aa32ad2be8fe08498e7ae60b77de8df700e67f191d7e" +dependencies = [ + "cc", + "getrandom", + "libc", + "spin", + "untrusted", + "windows-sys 0.48.0", +] + [[package]] name = "rustc-demangle" version = "0.1.23" @@ -2081,6 +2116,32 @@ dependencies = [ "windows-sys 0.48.0", ] +[[package]] +name = "rustls" +version = "0.21.11" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7fecbfb7b1444f477b345853b1fce097a2c6fb637b2bfb87e6bc5db0f043fae4" +dependencies = [ + "log", + "ring", + "rustls-webpki 0.101.7", + "sct", +] + +[[package]] +name = "rustls" +version = "0.22.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bf4ef73721ac7bcd79b2b315da7779d8fc09718c6b3d2d1b2d94850eb8c18432" +dependencies = [ + "log", + "ring", + "rustls-pki-types", + "rustls-webpki 0.102.3", + "subtle", + "zeroize", +] + [[package]] name = "rustls-pemfile" version = "1.0.4" @@ -2090,6 +2151,33 @@ dependencies = [ "base64", ] +[[package]] +name = "rustls-pki-types" +version = "1.4.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ecd36cc4259e3e4514335c4a138c6b43171a8d61d8f5c9348f9fc7529416f247" + +[[package]] +name = "rustls-webpki" +version = "0.101.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8b6275d1ee7a1cd780b64aca7726599a1dbc893b1e64144529e55c3c2f745765" +dependencies = [ + "ring", + "untrusted", +] + +[[package]] +name = "rustls-webpki" +version = "0.102.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f3bce581c0dd41bce533ce695a1437fa16a7ab5ac3ccfa99fe1a620a7885eabf" +dependencies = [ + "ring", + "rustls-pki-types", + "untrusted", +] + [[package]] name = "rustversion" version = "1.0.14" @@ -2144,11 +2232,21 @@ version = "1.0.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "764cad9e7e1ca5fe15b552859ff5d96a314e6ed2934f2260168cd5dfa5891409" +[[package]] +name = "sct" +version = "0.7.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "da046153aa2352493d6cb7da4b6e5c0c057d8a1d0a9aa8560baffdd945acd414" +dependencies = [ + "ring", + "untrusted", +] + [[package]] name = "security-framework" -version = "2.9.2" +version = "2.10.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "05b64fb303737d99b81884b2c63433e9ae28abebe5eb5045dcdd175dc2ecf4de" +checksum = "770452e37cad93e0a50d5abc3990d2bc351c36d0328f86cefec2f2fb206eaef6" dependencies = [ "bitflags 1.3.2", "core-foundation", @@ -2159,9 +2257,9 @@ dependencies = [ [[package]] name = "security-framework-sys" -version = "2.9.1" +version = "2.10.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e932934257d3b408ed8f30db49d85ea163bfe74961f017f405b025af298f0c7a" +checksum = "41f3cc463c0ef97e11c3461a9d3787412d30e8e7eb907c79180c4a57bf7c04ef" dependencies = [ "core-foundation-sys", "libc", @@ -2200,6 +2298,8 @@ dependencies = [ "httpdate", "native-tls", "reqwest", + "rustls 0.21.11", + "sentry-anyhow", "sentry-backtrace", "sentry-contexts", "sentry-core", @@ -2208,6 +2308,18 @@ dependencies = [ "sentry-tracing", "tokio", "ureq", + "webpki-roots 0.25.4", +] + +[[package]] +name = "sentry-anyhow" +version = "0.32.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4da4015667c99f88d68ca7ff02b90c762d6154a4ceb7c02922b9a1dbd3959eeb" +dependencies = [ + "anyhow", + "sentry-backtrace", + "sentry-core", ] [[package]] @@ -2436,6 +2548,12 @@ dependencies = [ "url", ] +[[package]] +name = "spin" +version = "0.9.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6980e8d7511241f8acf4aebddbb1ff938df5eebe98691418c4468d0b72a96a67" + [[package]] name = "st-map" version = "0.2.0" @@ -2539,6 +2657,12 @@ version = "0.10.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "73473c0e59e6d5812c5dfe2a064a6444949f089e20eec9a2e5506596494e4623" +[[package]] +name = "subtle" +version = "2.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "81cdd64d312baedb58e21336b31bc043b77e01cc99033ce76ef539f78e965ebc" + [[package]] name = "swc_atoms" version = "0.6.5" @@ -3395,6 +3519,16 @@ dependencies = [ "tokio", ] +[[package]] +name = "tokio-rustls" +version = "0.24.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c28327cf380ac148141087fbfb9de9d7bd4e84ab5d2c28fbc911d753de8a7081" +dependencies = [ + "rustls 0.21.11", + "tokio", +] + [[package]] name = "tokio-util" version = "0.7.8" @@ -3522,6 +3656,12 @@ version = "0.1.10" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c0edd1e5b14653f783770bce4a4dabb4a5108a5370a5f5d8cfe8710c361f6c8b" +[[package]] +name = "untrusted" +version = "0.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8ecb6da28b8a351d773b68d5825ac39017e680750f980f3a1a85cd8dd28a47c1" + [[package]] name = "ureq" version = "2.9.6" @@ -3532,7 +3672,11 @@ dependencies = [ "log", "native-tls", "once_cell", + "rustls 0.22.4", + "rustls-pki-types", + "rustls-webpki 0.102.3", "url", + "webpki-roots 0.26.1", ] [[package]] @@ -3692,6 +3836,21 @@ dependencies = [ "wasm-bindgen", ] +[[package]] +name = "webpki-roots" +version = "0.25.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5f20c57d8d7db6d3b86154206ae5d8fba62dd39573114de97c2cb0578251f8e1" + +[[package]] +name = "webpki-roots" +version = "0.26.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b3de34ae270483955a94f4b21bdaaeb83d508bb84a01435f393818edb0012009" +dependencies = [ + "rustls-pki-types", +] + [[package]] name = "whoami" version = "1.5.1" @@ -3929,6 +4088,12 @@ dependencies = [ "syn", ] +[[package]] +name = "zeroize" +version = "1.7.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "525b4ec142c6b68a2d10f01f7bbf6755599ca3f81ea53b8431b7dd348f5fdb2d" + [[package]] name = "zopfli" version = "0.7.4" diff --git a/crates/node-bindings/Cargo.toml b/crates/node-bindings/Cargo.toml index 7e21d30f2d2..3775c18fa57 100644 --- a/crates/node-bindings/Cargo.toml +++ b/crates/node-bindings/Cargo.toml @@ -8,7 +8,10 @@ edition = "2021" crate-type = ["cdylib"] [features] -canary = ["sentry", "once_cell", "whoami", "serde", "serde_json"] +canary = ["sentry", "once_cell", "whoami", "serde", "serde_json", "rustls"] + +rustls = ["sentry/rustls"] +openssl = ["sentry/native-tls"] [dependencies] napi-derive = "2.12.5" @@ -17,7 +20,8 @@ parcel-resolver = { path = "../../packages/utils/node-resolver-rs" } dashmap = "5.4.0" xxhash-rust = { version = "0.8.2", features = ["xxh3"] } log = "0.4.21" -sentry = { version = "0.32.2", optional = true } + +sentry = { version = "0.32.2", optional = true, default-features = false, features = ["backtrace", "contexts", "panic", "reqwest", "debug-images", "anyhow"]} once_cell = { version = "1.19.0", optional = true } whoami = { version = "1.5.1", optional = true } serde = { version = "1.0.197", optional = true }