From a945e9b005988a574ad9a081757e1aaf8f454869 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alejandro=20Gonz=C3=A1lez?= <7822554+AlexTMjugador@users.noreply.github.com> Date: Sat, 12 Jul 2025 15:39:41 +0200 Subject: [PATCH] tweak(labrinth): drop last remaining dependency on system OpenSSL (#3982) We standarized on using `rustls` as a TLS implementation across the monorepo, which is written in Rust and has better ergonomics, integration with the Rust ecosystem, and consistent behavior among platforms. However, the Labrinth Clickhouse client was the last remaining exception to this, using the native, OS-provided TLS implementation, which on Linux is OpenSSL and requires developers and Docker images to install OpenSSL development packages to build Labrinth, in addition to introducing an additional runtime dependency to Labrinth. Let's make the process of building Labrinth slightly simpler by switching such client to `rustls` as well, which results in finally using the same TLS implementation for everything, a simplified build and distribution process, less transitive dependencies, and potentially smaller binaries (since `rustls` was already being pulled in for, e.g., the SMTP client). --- Cargo.lock | 113 ++---------------- Cargo.toml | 7 +- .../src/content/docs/contributing/labrinth.md | 2 - apps/labrinth/Cargo.toml | 2 +- apps/labrinth/Dockerfile | 2 +- apps/labrinth/src/clickhouse/mod.rs | 15 +-- 6 files changed, 22 insertions(+), 119 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index e9cbeac2d..f6519c3b1 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1706,7 +1706,7 @@ dependencies = [ "bitflags 2.9.1", "core-foundation 0.10.0", "core-graphics-types", - "foreign-types 0.5.0", + "foreign-types", "libc", ] @@ -2699,15 +2699,6 @@ version = "0.1.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d9c4f5dac5e15c24eb999c26181a6ca40b39fe946cbe4c263c7209467bc83af2" -[[package]] -name = "foreign-types" -version = "0.3.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f6f339eb8adc052cd2ca78910fda869aefa38d22d5cb648e6485e4d3fc06f3b1" -dependencies = [ - "foreign-types-shared 0.1.1", -] - [[package]] name = "foreign-types" version = "0.5.0" @@ -2715,7 +2706,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d737d9aa519fb7b749cbc3b962edcf310a8dd1f4b67c91c4f83975dbdd17d965" dependencies = [ "foreign-types-macros", - "foreign-types-shared 0.3.1", + "foreign-types-shared", ] [[package]] @@ -2729,12 +2720,6 @@ dependencies = [ "syn 2.0.101", ] -[[package]] -name = "foreign-types-shared" -version = "0.1.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "00b0228411908ca8685dba7fc2cdd70ec9990a6e753e89b6ac91a84c40fbaf4b" - [[package]] name = "foreign-types-shared" version = "0.3.1" @@ -3678,11 +3663,10 @@ dependencies = [ [[package]] name = "hyper-rustls" -version = "0.27.5" +version = "0.27.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2d191583f3da1305256f22463b9bb0471acad48a4e534a5218b9963e9c1f59b2" +checksum = "e3c93eb611681b207e1fe55d5a71ecf91572ec8a6705cdb6857f7d8d5242cf58" dependencies = [ - "futures-util", "http 1.3.1", "hyper 1.6.0", "hyper-util", @@ -3692,7 +3676,7 @@ dependencies = [ "tokio", "tokio-rustls 0.26.2", "tower-service", - "webpki-roots 0.26.11", + "webpki-roots 1.0.0", ] [[package]] @@ -3708,22 +3692,6 @@ dependencies = [ "tower-service", ] -[[package]] -name = "hyper-tls" -version = "0.6.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "70206fc6890eaca9fde8a0bf71caa2ddfc9fe045ac9e5c70df101a7dbde866e0" -dependencies = [ - "bytes", - "http-body-util", - "hyper 1.6.0", - "hyper-util", - "native-tls", - "tokio", - "tokio-native-tls", - "tower-service", -] - [[package]] name = "hyper-util" version = "0.1.14" @@ -4389,7 +4357,7 @@ dependencies = [ "futures-util", "hex", "hmac", - "hyper-tls", + "hyper-rustls 0.27.7", "hyper-util", "iana-time-zone", "image", @@ -4986,23 +4954,6 @@ dependencies = [ "winapi", ] -[[package]] -name = "native-tls" -version = "0.2.14" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "87de3442987e9dbec73158d5c715e7ad9072fda936bb03d19d7fa10e00520f0e" -dependencies = [ - "libc", - "log", - "openssl", - "openssl-probe", - "openssl-sys", - "schannel", - "security-framework 2.11.1", - "security-framework-sys", - "tempfile", -] - [[package]] name = "ndk" version = "0.9.0" @@ -5577,50 +5528,12 @@ dependencies = [ "pathdiff", ] -[[package]] -name = "openssl" -version = "0.10.72" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fedfea7d58a1f73118430a55da6a286e7b044961736ce96a16a17068ea25e5da" -dependencies = [ - "bitflags 2.9.1", - "cfg-if", - "foreign-types 0.3.2", - "libc", - "once_cell", - "openssl-macros", - "openssl-sys", -] - -[[package]] -name = "openssl-macros" -version = "0.1.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c" -dependencies = [ - "proc-macro2", - "quote", - "syn 2.0.101", -] - [[package]] name = "openssl-probe" version = "0.1.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d05e27ee213611ffe7d6348b942e8f942b37114c00cc03cec254295a4a17852e" -[[package]] -name = "openssl-sys" -version = "0.9.108" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e145e1651e858e820e4860f7b9c5e169bc1d8ce1c86043be79fa7b7634821847" -dependencies = [ - "cc", - "libc", - "pkg-config", - "vcpkg", -] - [[package]] name = "option-ext" version = "0.2.0" @@ -6850,7 +6763,7 @@ dependencies = [ "http-body 1.0.1", "http-body-util", "hyper 1.6.0", - "hyper-rustls 0.27.5", + "hyper-rustls 0.27.7", "hyper-util", "js-sys", "log", @@ -7980,7 +7893,7 @@ dependencies = [ "bytemuck", "cfg_aliases", "core-graphics", - "foreign-types 0.5.0", + "foreign-types", "js-sys", "log", "objc2 0.5.2", @@ -9292,16 +9205,6 @@ dependencies = [ "syn 2.0.101", ] -[[package]] -name = "tokio-native-tls" -version = "0.3.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bbae76ab933c85776efabc971569dd6119c580d8f5d448769dec1764bf796ef2" -dependencies = [ - "native-tls", - "tokio", -] - [[package]] name = "tokio-rustls" version = "0.24.1" diff --git a/Cargo.toml b/Cargo.toml index 040e12d0b..d95e9b601 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -67,7 +67,12 @@ heck = "0.5.0" hex = "0.4.3" hickory-resolver = "0.25.2" hmac = "0.12.1" -hyper-tls = "0.6.0" +hyper-rustls = { version = "0.27.7", default-features = false, features = [ + "http1", + "native-tokio", + "ring", + "tls12", +] } hyper-util = "0.1.14" iana-time-zone = "0.1.63" image = { version = "0.25.6", default-features = false, features = ["rayon"] } diff --git a/apps/docs/src/content/docs/contributing/labrinth.md b/apps/docs/src/content/docs/contributing/labrinth.md index f29c71255..1be7dd3ed 100644 --- a/apps/docs/src/content/docs/contributing/labrinth.md +++ b/apps/docs/src/content/docs/contributing/labrinth.md @@ -19,8 +19,6 @@ From there, you can create the database and perform all database migrations with sqlx database setup ``` -Finally, if on Linux, you will need the OpenSSL library. On Debian-based systems, this involves the `pkg-config` and `libssl-dev` packages. - To enable labrinth to create a project, you need to add two things. 1. An entry in the `loaders` table. diff --git a/apps/labrinth/Cargo.toml b/apps/labrinth/Cargo.toml index b49aefabf..b41b0fe96 100644 --- a/apps/labrinth/Cargo.toml +++ b/apps/labrinth/Cargo.toml @@ -36,7 +36,7 @@ paste.workspace = true meilisearch-sdk = { workspace = true, features = ["reqwest"] } rust-s3.workspace = true reqwest = { workspace = true, features = ["http2", "rustls-tls-webpki-roots", "json", "multipart"] } -hyper-tls.workspace = true +hyper-rustls.workspace = true hyper-util.workspace = true serde = { workspace = true, features = ["derive"] } diff --git a/apps/labrinth/Dockerfile b/apps/labrinth/Dockerfile index 01b73d95b..f0677efd5 100644 --- a/apps/labrinth/Dockerfile +++ b/apps/labrinth/Dockerfile @@ -11,7 +11,7 @@ LABEL org.opencontainers.image.description="Modrinth API" LABEL org.opencontainers.image.licenses=AGPL-3.0 RUN apt-get update \ - && apt-get install -y --no-install-recommends ca-certificates openssl dumb-init curl \ + && apt-get install -y --no-install-recommends ca-certificates dumb-init curl \ && rm -rf /var/lib/apt/lists/* COPY --from=build /usr/src/labrinth/target/release/labrinth /labrinth/labrinth diff --git a/apps/labrinth/src/clickhouse/mod.rs b/apps/labrinth/src/clickhouse/mod.rs index fe1ffe6e7..e7c2215f5 100644 --- a/apps/labrinth/src/clickhouse/mod.rs +++ b/apps/labrinth/src/clickhouse/mod.rs @@ -1,5 +1,4 @@ -use hyper_tls::{HttpsConnector, native_tls}; -use hyper_util::client::legacy::connect::HttpConnector; +use hyper_rustls::HttpsConnectorBuilder; use hyper_util::rt::TokioExecutor; mod fetch; @@ -15,13 +14,11 @@ pub async fn init_client_with_database( database: &str, ) -> clickhouse::error::Result { let client = { - let mut http_connector = HttpConnector::new(); - http_connector.enforce_http(false); // allow https URLs - - let tls_connector = - native_tls::TlsConnector::builder().build().unwrap().into(); - let https_connector = - HttpsConnector::from((http_connector, tls_connector)); + let https_connector = HttpsConnectorBuilder::new() + .with_native_roots()? + .https_or_http() + .enable_all_versions() + .build(); let hyper_client = hyper_util::client::legacy::Client::builder(TokioExecutor::new()) .build(https_connector);