Fix cert roots.

moonrepo · Nov 23, 2024 · c5ced29 · c5ced29
1 parent 54b16c2
commit c5ced29
Show file tree

Hide file tree

Showing 4 changed files with 10 additions and 8 deletions.
diff --git a/.moon/workspace.yml b/.moon/workspace.yml
@@ -37,13 +37,13 @@ docker:
       - '*.json'
 
 unstable_remote:
-  host: 'grpc://localhost:9092'
+  host: 'grpcs://localhost:9092'
   # mtls:
   #   caCert: 'crates/remote/tests/__fixtures__/certs/ca.pem'
   #   clientCert: 'crates/remote/tests/__fixtures__/certs/client.pem'
   #   clientKey: 'crates/remote/tests/__fixtures__/certs/client.key'
   #   domain: 'localhost'
   # tls:
   #   assumeHttp2: true
-  #   cert: 'crates/remote/tests/__fixtures__/certs-local/ca.crt'
+  #   cert: 'crates/remote/tests/__fixtures__/certs/ca.pem'
   #   domain: 'localhost'
diff --git a/crates/remote/src/fs_digest.rs b/crates/remote/src/fs_digest.rs
@@ -121,7 +121,7 @@ impl OutputDigests {
         };
 
         if abs_path.is_symlink() {
-            let link = std::fs::read_link(&abs_path).map_err(map_read_error)?;
+            let link = fs::read_link(&abs_path).map_err(map_read_error)?;
             let metadata = fs::metadata(&abs_path).map_err(map_read_error)?;
             let props = compute_node_properties(&metadata);
 

diff --git a/crates/remote/src/grpc_tls.rs b/crates/remote/src/grpc_tls.rs
@@ -30,14 +30,15 @@ pub fn create_tls_config(
         "Configuring TLS",
     );
 
-    let mut tls =
-        ClientTlsConfig::new().ca_certificate(Certificate::from_pem(fs::read_file_bytes(cert)?));
+    let mut tls = ClientTlsConfig::new()
+        .with_enabled_roots()
+        .ca_certificate(Certificate::from_pem(fs::read_file_bytes(cert)?));
 
     if let Some(domain) = &config.domain {
         tls = tls.domain_name(domain.to_owned());
     }
 
-    Ok(tls.assume_http2(config.assume_http2).with_enabled_roots())
+    Ok(tls.assume_http2(config.assume_http2))
 }
 
 // https://github.com/hyperium/tonic/blob/master/examples/src/tls_client_auth/client.rs
@@ -59,6 +60,7 @@ pub fn create_mtls_config(
     );
 
     let mut mtls = ClientTlsConfig::new()
+        .with_enabled_roots()
         .ca_certificate(Certificate::from_pem(fs::read_file_bytes(ca_cert)?))
         .identity(Identity::from_pem(
             fs::read_file_bytes(client_cert)?,
@@ -69,5 +71,5 @@ pub fn create_mtls_config(
         mtls = mtls.domain_name(domain.to_owned());
     }
 
-    Ok(mtls.assume_http2(config.assume_http2).with_enabled_roots())
+    Ok(mtls.assume_http2(config.assume_http2))
 }
diff --git a/justfile b/justfile
@@ -77,7 +77,7 @@ bazel-remote:
 	rm -f ~/.moon/bazel-cache/cas.v2/.DS_Store && bazel-remote --dir ~/.moon/bazel-cache --max_size 10 --storage_mode uncompressed --grpc_address 0.0.0.0:9092
 
 bazel-remote-tls:
-	rm -f ~/.moon/bazel-cache/cas.v2/.DS_Store && bazel-remote --dir ~/.moon/bazel-cache --max_size 10 --storage_mode uncompressed --grpc_address 0.0.0.0:9092 --tls_cert_file=./crates/remote/tests/__fixtures__/certs-local/server.crt --tls_key_file=./crates/remote/tests/__fixtures__/certs-local/server.key
+	rm -f ~/.moon/bazel-cache/cas.v2/.DS_Store && bazel-remote --dir ~/.moon/bazel-cache --max_size 10 --storage_mode uncompressed --grpc_address 0.0.0.0:9092 --tls_cert_file=./crates/remote/tests/__fixtures__/certs/server.pem --tls_key_file=./crates/remote/tests/__fixtures__/certs/server.key
 
 bazel-remote-mtls:
 	rm -f ~/.moon/bazel-cache/cas.v2/.DS_Store && bazel-remote --dir ~/.moon/bazel-cache --max_size 10 --storage_mode uncompressed --tls_cert_file=./crates/remote/tests/__fixtures__/certs/server.pem --tls_key_file=./crates/remote/tests/__fixtures__/certs/server.key --tls_ca_file=./crates/remote/tests/__fixtures__/certs/ca.pem