godotengine
/
godot
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Bundle SSL certs with the templates. 

If this is undesired it can be avoided by specifying builtin_certs=no .
Bundled SSL certs will be used unless you specify an override in:
Project Settings -> SSL -> Certificates .
This commit is contained in:
Fabio Alessandrelli 2018-09-14 16:02:04 +02:00
parent 4547e22393
commit d2b38aabec
10 changed files with 52 additions and 128 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
SConstruct
View File

@ -172,6 +172,7 @@ opts.Add(BoolVariable('no_editor_splash', "Don't use the custom splash screen fo
# Thirdparty libraries # Thirdparty libraries
opts.Add(BoolVariable('builtin_bullet', "Use the built-in Bullet library", True)) opts.Add(BoolVariable('builtin_bullet', "Use the built-in Bullet library", True))
opts.Add(BoolVariable('builtin_certs', "Bundle default SSL certificates to be used if you don't specify an override in the project settings", True))
opts.Add(BoolVariable('builtin_enet', "Use the built-in ENet library", True)) opts.Add(BoolVariable('builtin_enet', "Use the built-in ENet library", True))
opts.Add(BoolVariable('builtin_freetype', "Use the built-in FreeType library", True)) opts.Add(BoolVariable('builtin_freetype', "Use the built-in FreeType library", True))
opts.Add(BoolVariable('builtin_libogg', "Use the built-in libogg library", True)) opts.Add(BoolVariable('builtin_libogg', "Use the built-in libogg library", True))

3
core/SCsub
View File

@ -93,6 +93,9 @@ if 'builtin_zstd' in env and env['builtin_zstd']:
# Godot's own sources # Godot's own sources
env.add_source_files(env.core_sources, "*.cpp") env.add_source_files(env.core_sources, "*.cpp")
# Certificates
env.Depends("#core/io/certs_compressed.gen.h", ["#thirdparty/certs/ca-certificates.crt", env.Value(env['builtin_certs'])])
env.CommandNoCache("#core/io/certs_compressed.gen.h", "#thirdparty/certs/ca-certificates.crt", run_in_subprocess(core_builders.make_certs_header))
# Make binders # Make binders
env.CommandNoCache(['method_bind.gen.inc', 'method_bind_ext.gen.inc'], 'make_binders.py', run_in_subprocess(make_binders.run)) env.CommandNoCache(['method_bind.gen.inc', 'method_bind_ext.gen.inc'], 'make_binders.py', run_in_subprocess(make_binders.run))

31
core/core_builders.py
View File

@ -4,7 +4,36 @@ All such functions are invoked in a subprocess on Windows to prevent build flaki
""" """
from platform_methods import subprocess_main from platform_methods import subprocess_main
from compat import iteritems, itervalues, open_utf8, escape_string from compat import iteritems, itervalues, open_utf8, escape_string, byte_to_str
def make_certs_header(target, source, env):
src = source[0]
dst = target[0]
f = open(src, "rb")
g = open_utf8(dst, "w")
buf = f.read()
decomp_size = len(buf)
import zlib
buf = zlib.compress(buf)
g.write("/* THIS FILE IS GENERATED DO NOT EDIT */\n")
g.write("#ifndef _CERTS_RAW_H\n")
g.write("#define _CERTS_RAW_H\n")
if env['builtin_certs']:
# Defined here and not in env so changing it does not trigger a full rebuild.
g.write("#define BUILTIN_CERTS_ENABLED\n")
g.write("static const int _certs_compressed_size = " + str(len(buf)) + ";\n")
g.write("static const int _certs_uncompressed_size = " + str(decomp_size) + ";\n")
g.write("static const unsigned char _certs_compressed[] = {\n")
for i in range(len(buf)):
g.write("\t" + byte_to_str(buf[i]) + ",\n")
g.write("};\n")
g.write("#endif")
g.close()
f.close()
def make_authors_header(target, source, env): def make_authors_header(target, source, env):

26
core/io/stream_peer_ssl.cpp
View File

@ -30,6 +30,8 @@
#include "stream_peer_ssl.h" #include "stream_peer_ssl.h"
#include "core/io/certs_compressed.gen.h"
#include "core/io/compression.h"
#include "core/os/file_access.h" #include "core/os/file_access.h"
#include "core/project_settings.h" #include "core/project_settings.h"
@ -68,24 +70,32 @@ PoolByteArray StreamPeerSSL::get_project_cert_array() {
ProjectSettings::get_singleton()->set_custom_property_info("network/ssl/certificates", PropertyInfo(Variant::STRING, "network/ssl/certificates", PROPERTY_HINT_FILE, "*.crt")); ProjectSettings::get_singleton()->set_custom_property_info("network/ssl/certificates", PropertyInfo(Variant::STRING, "network/ssl/certificates", PROPERTY_HINT_FILE, "*.crt"));
if (certs_path != "") { if (certs_path != "") {
// Use certs defined in project settings.
FileAccess *f = FileAccess::open(certs_path, FileAccess::READ); FileAccess *f = FileAccess::open(certs_path, FileAccess::READ);
if (f) { if (f) {
int flen = f->get_len(); int flen = f->get_len();
out.resize(flen + 1); out.resize(flen + 1);
{ PoolByteArray::Write w = out.write();
PoolByteArray::Write w = out.write(); f->get_buffer(w.ptr(), flen);
f->get_buffer(w.ptr(), flen); w[flen] = 0; // Make sure it ends with string terminator
w[flen] = 0; //end f string
}
memdelete(f); memdelete(f);
#ifdef DEBUG_ENABLED #ifdef DEBUG_ENABLED
print_verbose(vformat("Loaded certs from '%s'.", certs_path)); print_verbose(vformat("Loaded certs from '%s'.", certs_path));
#endif #endif
} }
} }
#ifdef BUILTIN_CERTS_ENABLED
else {
// Use builtin certs only if user did not override it in project settings.
out.resize(_certs_uncompressed_size + 1);
PoolByteArray::Write w = out.write();
Compression::decompress(w.ptr(), _certs_uncompressed_size, _certs_compressed, _certs_compressed_size, Compression::MODE_DEFLATE);
w[_certs_uncompressed_size] = 0; // Make sure it ends with string terminator
#ifdef DEBUG_ENABLED
print_verbose("Loaded builtin certs");
#endif
}
#endif
return out; return out;
} }

4
editor/SCsub
View File

@ -61,10 +61,6 @@ if env['tools']:
env.Depends("#editor/doc_data_compressed.gen.h", docs) env.Depends("#editor/doc_data_compressed.gen.h", docs)
env.CommandNoCache("#editor/doc_data_compressed.gen.h", docs, run_in_subprocess(editor_builders.make_doc_header)) env.CommandNoCache("#editor/doc_data_compressed.gen.h", docs, run_in_subprocess(editor_builders.make_doc_header))
# Certificates
env.Depends("#editor/certs_compressed.gen.h", "#thirdparty/certs/ca-certificates.crt")
env.CommandNoCache("#editor/certs_compressed.gen.h", "#thirdparty/certs/ca-certificates.crt", run_in_subprocess(editor_builders.make_certs_header))
import glob import glob
path = env.Dir('.').abspath path = env.Dir('.').abspath

26
editor/editor_builders.py
View File

@ -9,32 +9,6 @@ from platform_methods import subprocess_main
from compat import encode_utf8, byte_to_str, open_utf8, escape_string from compat import encode_utf8, byte_to_str, open_utf8, escape_string
def make_certs_header(target, source, env):
src = source[0]
dst = target[0]
f = open(src, "rb")
g = open_utf8(dst, "w")
buf = f.read()
decomp_size = len(buf)
import zlib
buf = zlib.compress(buf)
g.write("/* THIS FILE IS GENERATED DO NOT EDIT */\n")
g.write("#ifndef _CERTS_RAW_H\n")
g.write("#define _CERTS_RAW_H\n")
g.write("static const int _certs_compressed_size = " + str(len(buf)) + ";\n")
g.write("static const int _certs_uncompressed_size = " + str(decomp_size) + ";\n")
g.write("static const unsigned char _certs_compressed[] = {\n")
for i in range(len(buf)):
g.write("\t" + byte_to_str(buf[i]) + ",\n")
g.write("};\n")
g.write("#endif")
g.close()
f.close()
def make_doc_header(target, source, env): def make_doc_header(target, source, env):
dst = target[0] dst = target[0]

48
editor/editor_initialize_ssl.cpp
View File

@ -1,48 +0,0 @@
/*************************************************************************/
/* editor_initialize_ssl.cpp */
/*************************************************************************/
/* This file is part of: */
/* GODOT ENGINE */
/* https://godotengine.org */
/*************************************************************************/
/* Copyright (c) 2007-2018 Juan Linietsky, Ariel Manzur. */
/* Copyright (c) 2014-2018 Godot Engine contributors (cf. AUTHORS.md) */
/* */
/* Permission is hereby granted, free of charge, to any person obtaining */
/* a copy of this software and associated documentation files (the */
/* "Software"), to deal in the Software without restriction, including */
/* without limitation the rights to use, copy, modify, merge, publish, */
/* distribute, sublicense, and/or sell copies of the Software, and to */
/* permit persons to whom the Software is furnished to do so, subject to */
/* the following conditions: */
/* */
/* The above copyright notice and this permission notice shall be */
/* included in all copies or substantial portions of the Software. */
/* */
/* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, */
/* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF */
/* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.*/
/* IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY */
/* CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, */
/* TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE */
/* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */
/*************************************************************************/
#include "editor_initialize_ssl.h"
#include "certs_compressed.gen.h"
#include "core/io/compression.h"
#include "core/io/stream_peer_ssl.h"
void editor_initialize_certificates() {
PoolByteArray data;
data.resize(_certs_uncompressed_size + 1);
{
PoolByteArray::Write w = data.write();
Compression::decompress(w.ptr(), _certs_uncompressed_size, _certs_compressed, _certs_compressed_size, Compression::MODE_DEFLATE);
w[_certs_uncompressed_size] = 0; //make sure it ends at zero
}
StreamPeerSSL::load_certs_from_memory(data);
}

36
editor/editor_initialize_ssl.h
View File

@ -1,36 +0,0 @@
/*************************************************************************/
/* editor_initialize_ssl.h */
/*************************************************************************/
/* This file is part of: */
/* GODOT ENGINE */
/* https://godotengine.org */
/*************************************************************************/
/* Copyright (c) 2007-2018 Juan Linietsky, Ariel Manzur. */
/* Copyright (c) 2014-2018 Godot Engine contributors (cf. AUTHORS.md) */
/* */
/* Permission is hereby granted, free of charge, to any person obtaining */
/* a copy of this software and associated documentation files (the */
/* "Software"), to deal in the Software without restriction, including */
/* without limitation the rights to use, copy, modify, merge, publish, */
/* distribute, sublicense, and/or sell copies of the Software, and to */
/* permit persons to whom the Software is furnished to do so, subject to */
/* the following conditions: */
/* */
/* The above copyright notice and this permission notice shall be */
/* included in all copies or substantial portions of the Software. */
/* */
/* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, */
/* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF */
/* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.*/
/* IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY */
/* CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, */
/* TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE */
/* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */
/*************************************************************************/
#ifndef EDITOR_INITIALIZE_SSL_H
#define EDITOR_INITIALIZE_SSL_H
void editor_initialize_certificates();
#endif // EDITOR_INITIALIZE_SSL_H

2
editor/editor_node.cpp
View File

@ -54,7 +54,6 @@
#include "editor/editor_audio_buses.h" #include "editor/editor_audio_buses.h"
#include "editor/editor_file_system.h" #include "editor/editor_file_system.h"
#include "editor/editor_help.h" #include "editor/editor_help.h"
#include "editor/editor_initialize_ssl.h"
#include "editor/editor_properties.h" #include "editor/editor_properties.h"
#include "editor/editor_settings.h" #include "editor/editor_settings.h"
#include "editor/editor_themes.h" #include "editor/editor_themes.h"
@ -4686,7 +4685,6 @@ EditorNode::EditorNode() {
SceneState::set_disable_placeholders(true); SceneState::set_disable_placeholders(true);
ResourceLoader::clear_translation_remaps(); //no remaps using during editor ResourceLoader::clear_translation_remaps(); //no remaps using during editor
ResourceLoader::clear_path_remaps(); ResourceLoader::clear_path_remaps();
editor_initialize_certificates(); //for asset sharing
InputDefault *id = Object::cast_to<InputDefault>(Input::get_singleton()); InputDefault *id = Object::cast_to<InputDefault>(Input::get_singleton());

3
editor/project_manager.cpp
View File

@ -41,7 +41,6 @@
#include "core/translation.h" #include "core/translation.h"
#include "core/version.h" #include "core/version.h"
#include "core/version_hash.gen.h" #include "core/version_hash.gen.h"
#include "editor_initialize_ssl.h"
#include "editor_scale.h" #include "editor_scale.h"
#include "editor_settings.h" #include "editor_settings.h"
#include "editor_themes.h" #include "editor_themes.h"
@ -2059,8 +2058,6 @@ void ProjectListFilter::_bind_methods() {
ProjectListFilter::ProjectListFilter() { ProjectListFilter::ProjectListFilter() {
editor_initialize_certificates(); //for asset sharing
_current_filter = FILTER_NAME; _current_filter = FILTER_NAME;
filter_option = memnew(OptionButton); filter_option = memnew(OptionButton);