From d2b38aabecd8f9bac5c050841f730ccbe07538f2 Mon Sep 17 00:00:00 2001 From: Fabio Alessandrelli Date: Fri, 14 Sep 2018 16:02:04 +0200 Subject: [PATCH] Bundle SSL certs with the templates. If this is undesired it can be avoided by specifying builtin_certs=no . Bundled SSL certs will be used unless you specify an override in: Project Settings -> SSL -> Certificates . --- SConstruct | 1 + core/SCsub | 3 ++ core/core_builders.py | 31 ++++++++++++++++++++- core/io/stream_peer_ssl.cpp | 26 +++++++++++------ editor/SCsub | 4 --- editor/editor_builders.py | 26 ----------------- editor/editor_initialize_ssl.cpp | 48 -------------------------------- editor/editor_initialize_ssl.h | 36 ------------------------ editor/editor_node.cpp | 2 -- editor/project_manager.cpp | 3 -- 10 files changed, 52 insertions(+), 128 deletions(-) delete mode 100644 editor/editor_initialize_ssl.cpp delete mode 100644 editor/editor_initialize_ssl.h diff --git a/SConstruct b/SConstruct index 3f3976555dc..7faf6c54b8c 100644 --- a/SConstruct +++ b/SConstruct @@ -172,6 +172,7 @@ opts.Add(BoolVariable('no_editor_splash', "Don't use the custom splash screen fo # Thirdparty libraries opts.Add(BoolVariable('builtin_bullet', "Use the built-in Bullet library", True)) +opts.Add(BoolVariable('builtin_certs', "Bundle default SSL certificates to be used if you don't specify an override in the project settings", True)) opts.Add(BoolVariable('builtin_enet', "Use the built-in ENet library", True)) opts.Add(BoolVariable('builtin_freetype', "Use the built-in FreeType library", True)) opts.Add(BoolVariable('builtin_libogg', "Use the built-in libogg library", True)) diff --git a/core/SCsub b/core/SCsub index a6365bf9254..8012ed132c4 100644 --- a/core/SCsub +++ b/core/SCsub @@ -93,6 +93,9 @@ if 'builtin_zstd' in env and env['builtin_zstd']: # Godot's own sources env.add_source_files(env.core_sources, "*.cpp") +# Certificates +env.Depends("#core/io/certs_compressed.gen.h", ["#thirdparty/certs/ca-certificates.crt", env.Value(env['builtin_certs'])]) +env.CommandNoCache("#core/io/certs_compressed.gen.h", "#thirdparty/certs/ca-certificates.crt", run_in_subprocess(core_builders.make_certs_header)) # Make binders env.CommandNoCache(['method_bind.gen.inc', 'method_bind_ext.gen.inc'], 'make_binders.py', run_in_subprocess(make_binders.run)) diff --git a/core/core_builders.py b/core/core_builders.py index 90e505aab9a..7b2f88a2425 100644 --- a/core/core_builders.py +++ b/core/core_builders.py @@ -4,7 +4,36 @@ All such functions are invoked in a subprocess on Windows to prevent build flaki """ from platform_methods import subprocess_main -from compat import iteritems, itervalues, open_utf8, escape_string +from compat import iteritems, itervalues, open_utf8, escape_string, byte_to_str + + +def make_certs_header(target, source, env): + + src = source[0] + dst = target[0] + f = open(src, "rb") + g = open_utf8(dst, "w") + buf = f.read() + decomp_size = len(buf) + import zlib + buf = zlib.compress(buf) + + g.write("/* THIS FILE IS GENERATED DO NOT EDIT */\n") + g.write("#ifndef _CERTS_RAW_H\n") + g.write("#define _CERTS_RAW_H\n") + if env['builtin_certs']: + # Defined here and not in env so changing it does not trigger a full rebuild. + g.write("#define BUILTIN_CERTS_ENABLED\n") + g.write("static const int _certs_compressed_size = " + str(len(buf)) + ";\n") + g.write("static const int _certs_uncompressed_size = " + str(decomp_size) + ";\n") + g.write("static const unsigned char _certs_compressed[] = {\n") + for i in range(len(buf)): + g.write("\t" + byte_to_str(buf[i]) + ",\n") + g.write("};\n") + g.write("#endif") + + g.close() + f.close() def make_authors_header(target, source, env): diff --git a/core/io/stream_peer_ssl.cpp b/core/io/stream_peer_ssl.cpp index 1f590219383..a02565bc1cc 100644 --- a/core/io/stream_peer_ssl.cpp +++ b/core/io/stream_peer_ssl.cpp @@ -30,6 +30,8 @@ #include "stream_peer_ssl.h" +#include "core/io/certs_compressed.gen.h" +#include "core/io/compression.h" #include "core/os/file_access.h" #include "core/project_settings.h" @@ -68,24 +70,32 @@ PoolByteArray StreamPeerSSL::get_project_cert_array() { ProjectSettings::get_singleton()->set_custom_property_info("network/ssl/certificates", PropertyInfo(Variant::STRING, "network/ssl/certificates", PROPERTY_HINT_FILE, "*.crt")); if (certs_path != "") { - + // Use certs defined in project settings. FileAccess *f = FileAccess::open(certs_path, FileAccess::READ); if (f) { int flen = f->get_len(); out.resize(flen + 1); - { - PoolByteArray::Write w = out.write(); - f->get_buffer(w.ptr(), flen); - w[flen] = 0; //end f string - } - + PoolByteArray::Write w = out.write(); + f->get_buffer(w.ptr(), flen); + w[flen] = 0; // Make sure it ends with string terminator memdelete(f); - #ifdef DEBUG_ENABLED print_verbose(vformat("Loaded certs from '%s'.", certs_path)); #endif } } +#ifdef BUILTIN_CERTS_ENABLED + else { + // Use builtin certs only if user did not override it in project settings. + out.resize(_certs_uncompressed_size + 1); + PoolByteArray::Write w = out.write(); + Compression::decompress(w.ptr(), _certs_uncompressed_size, _certs_compressed, _certs_compressed_size, Compression::MODE_DEFLATE); + w[_certs_uncompressed_size] = 0; // Make sure it ends with string terminator +#ifdef DEBUG_ENABLED + print_verbose("Loaded builtin certs"); +#endif + } +#endif return out; } diff --git a/editor/SCsub b/editor/SCsub index 6a4b06a97a8..82b982eef23 100644 --- a/editor/SCsub +++ b/editor/SCsub @@ -61,10 +61,6 @@ if env['tools']: env.Depends("#editor/doc_data_compressed.gen.h", docs) env.CommandNoCache("#editor/doc_data_compressed.gen.h", docs, run_in_subprocess(editor_builders.make_doc_header)) - # Certificates - env.Depends("#editor/certs_compressed.gen.h", "#thirdparty/certs/ca-certificates.crt") - env.CommandNoCache("#editor/certs_compressed.gen.h", "#thirdparty/certs/ca-certificates.crt", run_in_subprocess(editor_builders.make_certs_header)) - import glob path = env.Dir('.').abspath diff --git a/editor/editor_builders.py b/editor/editor_builders.py index fa037980c28..9e9fe752b49 100644 --- a/editor/editor_builders.py +++ b/editor/editor_builders.py @@ -9,32 +9,6 @@ from platform_methods import subprocess_main from compat import encode_utf8, byte_to_str, open_utf8, escape_string -def make_certs_header(target, source, env): - - src = source[0] - dst = target[0] - f = open(src, "rb") - g = open_utf8(dst, "w") - buf = f.read() - decomp_size = len(buf) - import zlib - buf = zlib.compress(buf) - - g.write("/* THIS FILE IS GENERATED DO NOT EDIT */\n") - g.write("#ifndef _CERTS_RAW_H\n") - g.write("#define _CERTS_RAW_H\n") - g.write("static const int _certs_compressed_size = " + str(len(buf)) + ";\n") - g.write("static const int _certs_uncompressed_size = " + str(decomp_size) + ";\n") - g.write("static const unsigned char _certs_compressed[] = {\n") - for i in range(len(buf)): - g.write("\t" + byte_to_str(buf[i]) + ",\n") - g.write("};\n") - g.write("#endif") - - g.close() - f.close() - - def make_doc_header(target, source, env): dst = target[0] diff --git a/editor/editor_initialize_ssl.cpp b/editor/editor_initialize_ssl.cpp deleted file mode 100644 index 9f7537cc9ad..00000000000 --- a/editor/editor_initialize_ssl.cpp +++ /dev/null @@ -1,48 +0,0 @@ -/*************************************************************************/ -/* editor_initialize_ssl.cpp */ -/*************************************************************************/ -/* This file is part of: */ -/* GODOT ENGINE */ -/* https://godotengine.org */ -/*************************************************************************/ -/* Copyright (c) 2007-2018 Juan Linietsky, Ariel Manzur. */ -/* Copyright (c) 2014-2018 Godot Engine contributors (cf. AUTHORS.md) */ -/* */ -/* Permission is hereby granted, free of charge, to any person obtaining */ -/* a copy of this software and associated documentation files (the */ -/* "Software"), to deal in the Software without restriction, including */ -/* without limitation the rights to use, copy, modify, merge, publish, */ -/* distribute, sublicense, and/or sell copies of the Software, and to */ -/* permit persons to whom the Software is furnished to do so, subject to */ -/* the following conditions: */ -/* */ -/* The above copyright notice and this permission notice shall be */ -/* included in all copies or substantial portions of the Software. */ -/* */ -/* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, */ -/* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF */ -/* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.*/ -/* IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY */ -/* CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, */ -/* TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE */ -/* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ -/*************************************************************************/ - -#include "editor_initialize_ssl.h" - -#include "certs_compressed.gen.h" -#include "core/io/compression.h" -#include "core/io/stream_peer_ssl.h" - -void editor_initialize_certificates() { - - PoolByteArray data; - data.resize(_certs_uncompressed_size + 1); - { - PoolByteArray::Write w = data.write(); - Compression::decompress(w.ptr(), _certs_uncompressed_size, _certs_compressed, _certs_compressed_size, Compression::MODE_DEFLATE); - w[_certs_uncompressed_size] = 0; //make sure it ends at zero - } - - StreamPeerSSL::load_certs_from_memory(data); -} diff --git a/editor/editor_initialize_ssl.h b/editor/editor_initialize_ssl.h deleted file mode 100644 index 71d16b8c53e..00000000000 --- a/editor/editor_initialize_ssl.h +++ /dev/null @@ -1,36 +0,0 @@ -/*************************************************************************/ -/* editor_initialize_ssl.h */ -/*************************************************************************/ -/* This file is part of: */ -/* GODOT ENGINE */ -/* https://godotengine.org */ -/*************************************************************************/ -/* Copyright (c) 2007-2018 Juan Linietsky, Ariel Manzur. */ -/* Copyright (c) 2014-2018 Godot Engine contributors (cf. AUTHORS.md) */ -/* */ -/* Permission is hereby granted, free of charge, to any person obtaining */ -/* a copy of this software and associated documentation files (the */ -/* "Software"), to deal in the Software without restriction, including */ -/* without limitation the rights to use, copy, modify, merge, publish, */ -/* distribute, sublicense, and/or sell copies of the Software, and to */ -/* permit persons to whom the Software is furnished to do so, subject to */ -/* the following conditions: */ -/* */ -/* The above copyright notice and this permission notice shall be */ -/* included in all copies or substantial portions of the Software. */ -/* */ -/* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, */ -/* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF */ -/* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.*/ -/* IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY */ -/* CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, */ -/* TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE */ -/* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ -/*************************************************************************/ - -#ifndef EDITOR_INITIALIZE_SSL_H -#define EDITOR_INITIALIZE_SSL_H - -void editor_initialize_certificates(); - -#endif // EDITOR_INITIALIZE_SSL_H diff --git a/editor/editor_node.cpp b/editor/editor_node.cpp index d8e6f711ff2..0ba1ef3b181 100644 --- a/editor/editor_node.cpp +++ b/editor/editor_node.cpp @@ -54,7 +54,6 @@ #include "editor/editor_audio_buses.h" #include "editor/editor_file_system.h" #include "editor/editor_help.h" -#include "editor/editor_initialize_ssl.h" #include "editor/editor_properties.h" #include "editor/editor_settings.h" #include "editor/editor_themes.h" @@ -4686,7 +4685,6 @@ EditorNode::EditorNode() { SceneState::set_disable_placeholders(true); ResourceLoader::clear_translation_remaps(); //no remaps using during editor ResourceLoader::clear_path_remaps(); - editor_initialize_certificates(); //for asset sharing InputDefault *id = Object::cast_to(Input::get_singleton()); diff --git a/editor/project_manager.cpp b/editor/project_manager.cpp index f494c84efa4..91ab5b4dff6 100644 --- a/editor/project_manager.cpp +++ b/editor/project_manager.cpp @@ -41,7 +41,6 @@ #include "core/translation.h" #include "core/version.h" #include "core/version_hash.gen.h" -#include "editor_initialize_ssl.h" #include "editor_scale.h" #include "editor_settings.h" #include "editor_themes.h" @@ -2059,8 +2058,6 @@ void ProjectListFilter::_bind_methods() { ProjectListFilter::ProjectListFilter() { - editor_initialize_certificates(); //for asset sharing - _current_filter = FILTER_NAME; filter_option = memnew(OptionButton);