Update build process to include certificate directory for SSL verification in frozen builds
This commit is contained in:
@@ -117,10 +117,10 @@ def build(build: bool = True, copy: bool = True, test: bool = False, dest: str |
|
||||
name_used = f"{base_name}_{ts}"
|
||||
print(f"Previous artifact appears locked; building as {name_used} to avoid PermissionError")
|
||||
|
||||
# Ensure cert.pem is included for test builds as well (if present)
|
||||
cert_path = project_root / "cert.pem"
|
||||
if cert_path.exists():
|
||||
arg = f"{str(cert_path)};."
|
||||
# Ensure cert folder is included for test builds as well (if present)
|
||||
cert_dir = project_root / "cert"
|
||||
if cert_dir.exists() and cert_dir.is_dir():
|
||||
arg = f"{str(cert_dir)};cert"
|
||||
# Avoid adding duplicate entries
|
||||
if arg not in add_data_args:
|
||||
add_data_args += ["--add-data", arg]
|
||||
|
||||
@@ -30,6 +30,8 @@ from local_file_picker import local_file_picker
|
||||
from local_folder_picker import local_folder_picker
|
||||
|
||||
from typing import Optional
|
||||
import tempfile
|
||||
import glob
|
||||
|
||||
from fastapi import Request
|
||||
from fastapi.responses import RedirectResponse
|
||||
@@ -773,10 +775,46 @@ def launch_app(
|
||||
# when the user hasn't explicitly provided a CA bundle or disabled
|
||||
# verification. This lets builders ship a corporate CA with the app.
|
||||
try:
|
||||
bundled = base_path / "cert.pem"
|
||||
if bundled.exists() and VERIFY_SSL is True:
|
||||
VERIFY_SSL = str(bundled)
|
||||
logger.info(f"Using bundled CA bundle at {VERIFY_SSL}")
|
||||
# Prefer an entire bundled cert/ folder (so users can include many
|
||||
# certificate files). If present, concatenate .pem/.cer/.crt files
|
||||
# into a temporary combined bundle and use that. Otherwise fall back
|
||||
# to a single cert.pem file if present.
|
||||
bundled_dir = base_path / "cert"
|
||||
if bundled_dir.exists() and bundled_dir.is_dir() and VERIFY_SSL is True:
|
||||
# Collect candidate cert files
|
||||
patterns = ["*.pem", "*.cer", "*.crt"]
|
||||
files = []
|
||||
for p in patterns:
|
||||
files.extend(sorted(bundled_dir.glob(p)))
|
||||
|
||||
if files:
|
||||
# Create a temporary combined CA bundle file (persisted)
|
||||
tmp = tempfile.NamedTemporaryFile(delete=False, prefix="nice_uploader_ca_", suffix=".pem")
|
||||
try:
|
||||
for f in files:
|
||||
try:
|
||||
with open(f, "rb") as fh:
|
||||
tmp.write(fh.read())
|
||||
# Ensure certs are separated
|
||||
tmp.write(b"\n")
|
||||
except Exception:
|
||||
# skip unreadable files
|
||||
logger.debug(f"Skipping unreadable cert file: {f}")
|
||||
tmp.flush()
|
||||
tmp.close()
|
||||
VERIFY_SSL = str(Path(tmp.name))
|
||||
logger.info(f"Using bundled CA bundle dir combined to {VERIFY_SSL}")
|
||||
except Exception as e:
|
||||
try:
|
||||
tmp.close()
|
||||
except Exception:
|
||||
pass
|
||||
logger.debug(f"Failed to build combined CA bundle: {e}")
|
||||
else:
|
||||
bundled = base_path / "cert.pem"
|
||||
if bundled.exists() and VERIFY_SSL is True:
|
||||
VERIFY_SSL = str(bundled)
|
||||
logger.info(f"Using bundled CA bundle at {VERIFY_SSL}")
|
||||
except Exception:
|
||||
pass
|
||||
|
||||
|
||||
+2
-2
@@ -11,8 +11,8 @@ project_root = here
|
||||
datas = [
|
||||
(str(project_root / 'icon'), 'icon'),
|
||||
(str(project_root / 'icon' / 'icon1.png'), 'icon'),
|
||||
# include user-supplied CA bundle if present so frozen app can use it
|
||||
(str(project_root / 'cert.pem'), '.')
|
||||
# include user-supplied CA bundle folder (all files) so frozen app can use it
|
||||
(str(project_root / 'cert'), 'cert')
|
||||
]
|
||||
binaries = []
|
||||
|
||||
|
||||
Reference in New Issue
Block a user