Allow using native TLS root certs (#468)

* Allow using native TLS root certs * Test new feature, and ensure sqlite3 is present in the image
GothenburgBitFactory · Oct 13, 2024 · 94a6ffc · 94a6ffc
1 parent ea3c68e
commit 94a6ffc
Show file tree

Hide file tree

Showing 4 changed files with 70 additions and 1 deletion.
diff --git a/.github/workflows/rust-tests.yml b/.github/workflows/rust-tests.yml
@@ -16,6 +16,7 @@ jobs:
         features:
           - ""
           - "server-sync"
+          - "tls-native-roots"
 
     name: "taskchampion ${{ matrix.features == '' && 'with no features' || format('with features {0}', matrix.features) }}"
     runs-on: ubuntu-latest
@@ -29,6 +30,9 @@ jobs:
           path: ~/.cargo/registry
           key: ubuntu-latest-stable-cargo-registry-${{ hashFiles('**/Cargo.lock') }}
 
+      - name: Install system packages
+        run: sudo apt-get install -y libsqlite3-dev
+
       - name: Cache cargo build
         uses: actions/cache@v4
         with:

diff --git a/Cargo.lock b/Cargo.lock
diff --git a/taskchampion/Cargo.toml b/taskchampion/Cargo.toml
@@ -26,6 +26,8 @@ encryption = ["dep:ring"]
 cloud = []
 # static bundling of dependencies
 bundled = ["rusqlite/bundled"]
+# use native CA roots, instead of bundled
+tls-native-roots = ["ureq/native-certs"]
 
 [package.metadata.docs.rs]
 all-features = true

diff --git a/taskchampion/src/lib.rs b/taskchampion/src/lib.rs
@@ -42,6 +42,8 @@ Support for some optional functionality is controlled by feature flags.
  * `server-sync` - sync to the taskchampion-sync-server
  * `sync` - enables all of the sync features above
  * `bundled` - activates bundling system libraries like sqlite
+ * `tls-native-roots` - use native (system) TLS roots, instead of those bundled with rustls, by
+   (indirectly) enabling the `rustls` feature `rustls-tls-native-roots`.
 
  By default, `sync` and `bundled` are enabled.