Add sqlx-rustls support (#720)

I'd like to add optional rustls support for SQLx. This PR implements the required features, but tests using `--all-features` fail, because runtime selection features are not additive. I didn't find a solution apart from avoiding `--all-features`. --------- Co-authored-by: Yuri Astrakhan <YuriAstrakhan@gmail.com>
2024-12-19 12:51:37 +03:00 · 2023-07-03 23:29:44 +02:00 · 2023-07-03 23:29:44 +02:00 · aabcb0aa0a
commit aabcb0aa0a
parent 8e7bba3535
12 changed files with 224 additions and 121 deletions
--- a/.github/FUNDING.yml
+++ b/.github/FUNDING.yml
@ -1,2 +1,2 @@
-github: [maplibre]
+github: [ maplibre ]
 open_collective: maplibre
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@ -1,40 +1,40 @@
 version: 2
 updates:
-# Maintain dependencies for GitHub Actions
- package-ecosystem: "github-actions"
-  directory: "/"
-  schedule:
-    interval: "daily"
- package-ecosystem: cargo
-  directory: "/"
-  schedule:
-    interval: daily
-    time: "02:00"
-  open-pull-requests-limit: 10
-  ignore:
-  - dependency-name: actix
-    versions:
-    - 0.11.0
-    - 0.11.1
-  - dependency-name: docopt
-    versions:
-    - 1.1.1
-  - dependency-name: actix-rt
-    versions:
-    - 2.0.0
-    - 2.0.2
-    - 2.1.0
-    - 2.2.0
-  - dependency-name: postgres
-    versions:
-    - 0.19.1
-  - dependency-name: serde
-    versions:
-    - 1.0.124
-    - 1.0.125
-  - dependency-name: env_logger
-    versions:
-    - 0.8.3
-  - dependency-name: criterion
-    versions:
-    - 0.3.4
+  # Maintain dependencies for GitHub Actions
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "daily"
+  - package-ecosystem: cargo
+    directory: "/"
+    schedule:
+      interval: daily
+      time: "02:00"
+    open-pull-requests-limit: 10
+    ignore:
+      - dependency-name: actix
+        versions:
+          - 0.11.0
+          - 0.11.1
+      - dependency-name: docopt
+        versions:
+          - 1.1.1
+      - dependency-name: actix-rt
+        versions:
+          - 2.0.0
+          - 2.0.2
+          - 2.1.0
+          - 2.2.0
+      - dependency-name: postgres
+        versions:
+          - 0.19.1
+      - dependency-name: serde
+        versions:
+          - 1.0.124
+          - 1.0.125
+      - dependency-name: env_logger
+        versions:
+          - 0.8.3
+      - dependency-name: criterion
+        versions:
+          - 0.3.4
--- a/.github/workflows/bench.yml
+++ b/.github/workflows/bench.yml
@ -2,14 +2,14 @@ name: Benchmark

 on:
  pull_request:
-    types: [opened, synchronize, reopened]
+    types: [ opened, synchronize, reopened ]
    paths-ignore:
      - '**.md'
      - 'demo/**'
      - 'docs/**'
      - 'homebrew-formula/**'
  push:
-    branches: [main]
+    branches: [ main ]
    paths-ignore:
      - '**.md'
      - 'demo/**'
--- a/.github/workflows/build-deploy-docs.yml
+++ b/.github/workflows/build-deploy-docs.yml
@ -17,7 +17,7 @@ jobs:
      - name: Setup mdBook
        uses: peaceiris/actions-mdbook@v1
        with:
-           mdbook-version: 'latest'
+          mdbook-version: 'latest'

      - run: mdbook build docs

--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@ -2,21 +2,21 @@ name: CI

 on:
  push:
-    branches: [main]
+    branches: [ main ]
    paths-ignore:
      - '**.md'
      - 'demo/**'
      - 'docs/**'
      - 'homebrew-formula/**'
  pull_request:
-    branches: [main]
+    branches: [ main ]
    paths-ignore:
      - '**.md'
      - 'demo/**'
      - 'docs/**'
      - 'homebrew-formula/**'
  release:
-    types: [published]
+    types: [ published ]
  workflow_dispatch:

 jobs:
@ -48,8 +48,15 @@ jobs:
        if: matrix.target == 'x86_64-unknown-linux-gnu'
        shell: bash
        run: |
+          set -x
          cargo fmt --all -- --check
-          cargo clippy --workspace --all-targets --all-features -- -D warnings
+          cargo clippy --package martin-tile-utils -- -D warnings
+          cargo clippy --package martin-mbtiles -- -D warnings
+          cargo clippy --package martin-mbtiles --no-default-features --features native-tls -- -D warnings
+          cargo clippy --package martin-mbtiles --no-default-features --features rustls -- -D warnings
+          cargo clippy --package martin -- -D warnings
+          cargo clippy --package martin --features vendored-openssl -- -D warnings
+          cargo clippy --package martin --features bless-tests -- -D warnings
      - name: Install OpenSSL (Windows)
        if: runner.os == 'Windows'
        run: |
@ -84,7 +91,7 @@ jobs:
  test:
    # Don't change this name - it is used by the merge protection rules
    name: Test & package ${{ matrix.target }}
-    needs: [build]
+    needs: [ build ]
    strategy:
      fail-fast: true
      matrix:
@ -136,8 +143,11 @@ jobs:
        if: matrix.target == 'x86_64-unknown-linux-gnu'
        shell: bash
        run: |
-          cargo test --all-targets
-          cargo test --all-targets --all-features
+          set -x
+          cargo test --package martin-tile-utils
+          cargo test --package martin-mbtiles
+          cargo test --package martin-mbtiles --no-default-features --features rustls
+          cargo test --package martin --features vendored-openssl
          cargo test --doc
          rm -rf target
        env:
@ -203,7 +213,7 @@ jobs:
  test-legacy:
    # Don't change this name - it is used by the merge protection rules
    name: Test Legacy DB
-    needs: [build]
+    needs: [ build ]
    runs-on: ubuntu-latest
    strategy:
      fail-fast: true
@ -249,47 +259,47 @@ jobs:
          ${{ matrix.image }}
          -c "exec docker-entrypoint.sh ${{ matrix.args }}"
    steps:
-    - name: Checkout sources
-      uses: actions/checkout@v3
-    - name: Setup database
-      run: |
-        # sudo apt-get install postgresql-client
-        tests/fixtures/initdb.sh
-      env:
-        PGPORT: ${{ job.services.postgres.ports[5432] }}
-    - name: Unit Tests (Linux)
-      shell: bash
-      run: |
-        echo "Running unit tests, connecting to DATABASE_URL=$DATABASE_URL"
-        echo "Same but as base64 to prevent GitHub obfuscation (this is not a secret):"
-        echo "$DATABASE_URL" | base64
-        if [[ "${{ matrix.sslmode }}" == "disable" ]]; then
-          # This only works if SSL is not required
-          cargo test --all-targets
-        fi
-        cargo test --all-targets --all-features
-        cargo test --doc
-        rm -rf target
-      env:
-        DATABASE_URL: postgres://${{ env.PGUSER }}:${{ env.PGUSER }}@${{ env.PGHOST }}:${{ job.services.postgres.ports[5432] }}/${{ env.PGDATABASE }}?sslmode=${{ matrix.sslmode }}
-    - name: Save test output on failure
-      if: failure()
-      uses: actions/upload-artifact@v3
-      with:
-        name: test-output
-        path: tests/output/*
-        retention-days: 5
-    - uses: actions/download-artifact@v3
-      with:
-        name: build-x86_64-unknown-linux-gnu
-        path: target/
-    - name: Integration Tests
-      run: |
-        chmod +x target/martin target/mbtiles
-        tests/test.sh
-      env:
-        DATABASE_URL: postgres://${{ env.PGUSER }}:${{ env.PGUSER }}@${{ env.PGHOST }}:${{ job.services.postgres.ports[5432] }}/${{ env.PGDATABASE }}?sslmode=${{ matrix.sslmode }}
-        MARTIN_BUILD: "-"
-        MARTIN_BIN: target/martin
-        MBTILES_BUILD: "-"
-        MBTILES_BIN: target/mbtiles
+      - name: Checkout sources
+        uses: actions/checkout@v3
+      - name: Setup database
+        run: |
+          # sudo apt-get install postgresql-client
+          tests/fixtures/initdb.sh
+        env:
+          PGPORT: ${{ job.services.postgres.ports[5432] }}
+      - name: Unit Tests (Linux)
+        shell: bash
+        run: |
+          echo "Running unit tests, connecting to DATABASE_URL=$DATABASE_URL"
+          echo "Same but as base64 to prevent GitHub obfuscation (this is not a secret):"
+          echo "$DATABASE_URL" | base64
+          set -x
+          cargo test --package martin-tile-utils
+          cargo test --package martin-mbtiles
+          cargo test --package martin-mbtiles --no-default-features --features rustls
+          cargo test --package martin --features vendored-openssl
+          cargo test --doc
+          rm -rf target
+        env:
+          DATABASE_URL: postgres://${{ env.PGUSER }}:${{ env.PGUSER }}@${{ env.PGHOST }}:${{ job.services.postgres.ports[5432] }}/${{ env.PGDATABASE }}?sslmode=${{ matrix.sslmode }}
+      - name: Save test output on failure
+        if: failure()
+        uses: actions/upload-artifact@v3
+        with:
+          name: test-output
+          path: tests/output/*
+          retention-days: 5
+      - uses: actions/download-artifact@v3
+        with:
+          name: build-x86_64-unknown-linux-gnu
+          path: target/
+      - name: Integration Tests
+        run: |
+          chmod +x target/martin target/mbtiles
+          tests/test.sh
+        env:
+          DATABASE_URL: postgres://${{ env.PGUSER }}:${{ env.PGUSER }}@${{ env.PGHOST }}:${{ job.services.postgres.ports[5432] }}/${{ env.PGDATABASE }}?sslmode=${{ matrix.sslmode }}
+          MARTIN_BUILD: "-"
+          MARTIN_BIN: target/martin
+          MBTILES_BUILD: "-"
+          MBTILES_BIN: target/mbtiles
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@ -2,21 +2,21 @@ name: Docker

 on:
  push:
-    branches: [main]
+    branches: [ main ]
    paths-ignore:
      - '**.md'
      - 'demo/**'
      - 'docs/**'
      - 'homebrew-formula/**'
  pull_request:
-    branches: [main]
+    branches: [ main ]
    paths-ignore:
      - '**.md'
      - 'demo/**'
      - 'docs/**'
      - 'homebrew-formula/**'
  release:
-    types: [published]
+    types: [ published ]
  workflow_dispatch:

 jobs:
--- a/.github/workflows/grcov.yml
+++ b/.github/workflows/grcov.yml
@ -2,14 +2,14 @@ name: Code coverage

 on:
  push:
-    branches: [main]
+    branches: [ main ]
    paths-ignore:
      - '**.md'
      - 'demo/**'
      - 'docs/**'
      - 'homebrew-formula/**'
  pull_request:
-    branches: [main]
+    branches: [ main ]
    paths-ignore:
      - '**.md'
      - 'demo/**'
@ -74,6 +74,6 @@ jobs:

      - name: Check conditional cfg values
        run: |
-          cargo +nightly check -Z unstable-options -Z check-cfg=features,names,values,output --workspace --all-features
+          cargo +nightly check -Z unstable-options -Z check-cfg=features,names,values,output --workspace
        env:
          RUSTFLAGS: '-D warnings'
--- a/Cargo.lock
+++ b/Cargo.lock
@ -1096,7 +1096,7 @@ dependencies = [
 "futures-core",
 "futures-sink",
 "pin-project",
- "spin",
+ "spin 0.9.8",
 ]

 [[package]]
@ -1171,12 +1171,12 @@ dependencies = [

 [[package]]
 name = "fs4"
-version = "0.6.5"
+version = "0.6.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7672706608ecb74ab2e055c68327ffc25ae4cac1e12349204fd5fb0f3487cce2"
+checksum = "2eeb4ed9e12f43b7fa0baae3f9cdda28352770132ef2e09a23760c29cae8bd47"
 dependencies = [
 "async-trait",
- "rustix 0.37.22",
+ "rustix 0.38.2",
 "tokio",
 "windows-sys 0.48.0",
 ]
@ -1775,7 +1775,7 @@ dependencies = [

 [[package]]
 name = "martin-mbtiles"
-version = "0.2.2"
+version = "0.3.0"
 dependencies = [
 "actix-rt",
 "anyhow",
@ -2511,6 +2511,21 @@ dependencies = [
 "bytemuck",
 ]

+[[package]]
+name = "ring"
+version = "0.16.20"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3053cf52e236a3ed746dfc745aa9cacf1b791d846bdaf412f60a8d7d6e17c8fc"
+dependencies = [
+ "cc",
+ "libc",
+ "once_cell",
+ "spin 0.5.2",
+ "untrusted",
+ "web-sys",
+ "winapi",
+]
+
 [[package]]
 name = "roxmltree"
 version = "0.18.0"
@ -2582,6 +2597,27 @@ dependencies = [
 "windows-sys 0.48.0",
 ]

+[[package]]
+name = "rustls"
+version = "0.20.8"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "fff78fc74d175294f4e83b28343315ffcfb114b156f0185e9741cb5570f50e2f"
+dependencies = [
+ "log",
+ "ring",
+ "sct",
+ "webpki",
+]
+
+[[package]]
+name = "rustls-pemfile"
+version = "1.0.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "2d3987094b1d07b653b7dfdc3f70ce9a1da9c51ac18c1b06b662e4f9a0e9f4b2"
+dependencies = [
+ "base64",
+]
+
 [[package]]
 name = "rustybuzz"
 version = "0.7.0"
@ -2615,11 +2651,11 @@ dependencies = [

 [[package]]
 name = "schannel"
-version = "0.1.21"
+version = "0.1.22"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "713cfb06c7059f3588fb8044c0fad1d09e3c01d225e25b9220dbfdcf16dbb1b3"
+checksum = "0c3733bf4cf7ea0880754e19cb5a462007c4a8c1914bff372ccc95b464f1df88"
 dependencies = [
- "windows-sys 0.42.0",
+ "windows-sys 0.48.0",
 ]

 [[package]]
@ -2628,6 +2664,16 @@ version = "1.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "d29ab0c6d3fc0ee92fe66e2d99f700eab17a8d57d1c1d3b748380fb20baa78cd"

+[[package]]
+name = "sct"
+version = "0.7.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d53dcdb7c9f8158937a7981b48accfd39a43af418591a5d008c7b22b5e1b7ca4"
+dependencies = [
+ "ring",
+ "untrusted",
+]
+
 [[package]]
 name = "security-framework"
 version = "2.9.1"
@ -2659,18 +2705,18 @@ checksum = "bebd363326d05ec3e2f532ab7660680f3b02130d780c299bca73469d521bc0ed"

 [[package]]
 name = "serde"
-version = "1.0.164"
+version = "1.0.165"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9e8c8cf938e98f769bc164923b06dce91cea1751522f46f8466461af04c9027d"
+checksum = "c939f902bb7d0ccc5bce4f03297e161543c2dcb30914faf032c2bd0b7a0d48fc"
 dependencies = [
 "serde_derive",
 ]

 [[package]]
 name = "serde_derive"
-version = "1.0.164"
+version = "1.0.165"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d9735b638ccc51c28bf6914d90a2e9725b377144fc612c49a611fddd1b631d68"
+checksum = "6eaae920e25fffe4019b75ff65e7660e72091e59dd204cb5849bbd6a3fd343d7"
 dependencies = [
 "proc-macro2",
 "quote",
@ -2831,6 +2877,12 @@ dependencies = [
 "windows-sys 0.48.0",
 ]

+[[package]]
+name = "spin"
+version = "0.5.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6e63cff320ae2c57904679ba7cb63280a3dc4613885beafb148ee7bf9aa9042d"
+
 [[package]]
 name = "spin"
 version = "0.9.8"
@ -2913,6 +2965,8 @@ dependencies = [
 "once_cell",
 "paste",
 "percent-encoding",
+ "rustls",
+ "rustls-pemfile",
 "serde",
 "sha2",
 "smallvec",
@ -2922,6 +2976,7 @@ dependencies = [
 "thiserror",
 "tokio-stream",
 "url",
+ "webpki-roots",
 ]

 [[package]]
@ -2956,6 +3011,7 @@ dependencies = [
 "once_cell",
 "tokio",
 "tokio-native-tls",
+ "tokio-rustls",
 ]

 [[package]]
@ -3287,6 +3343,17 @@ dependencies = [
 "tokio-util",
 ]

+[[package]]
+name = "tokio-rustls"
+version = "0.23.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c43ee83903113e03984cb9e5cebe6c04a5116269e900e3ddba8f068a62adda59"
+dependencies = [
+ "rustls",
+ "tokio",
+ "webpki",
+]
+
 [[package]]
 name = "tokio-stream"
 version = "0.1.14"
@ -3432,6 +3499,12 @@ version = "0.2.8"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "1865806a559042e51ab5414598446a5871b561d21b6764f2eabb0dd481d880a6"

+[[package]]
+name = "untrusted"
+version = "0.7.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a156c684c91ea7d62626509bce3cb4e1d9ed5c4d978f7b4352658f96a4c26b4a"
+
 [[package]]
 name = "url"
 version = "2.4.0"
@ -3614,6 +3687,25 @@ dependencies = [
 "wasm-bindgen",
 ]

+[[package]]
+name = "webpki"
+version = "0.22.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f095d78192e208183081cc07bc5515ef55216397af48b873e5edcd72637fa1bd"
+dependencies = [
+ "ring",
+ "untrusted",
+]
+
+[[package]]
+name = "webpki-roots"
+version = "0.22.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b6c71e40d7d2c34a5106301fb632274ca37242cd0c9d3e64dbece371a40a2d87"
+dependencies = [
+ "webpki",
+]
+
 [[package]]
 name = "weezl"
 version = "0.1.7"
--- a/Cargo.toml
+++ b/Cargo.toml
@ -27,7 +27,7 @@ futures = "0.3"
 indoc = "2"
 itertools = "0.11"
 log = "0.4"
-martin-mbtiles = { path = "./martin-mbtiles", version = "0.2.0", default-features = false }  # disable CLI tools
+martin-mbtiles = { path = "./martin-mbtiles", version = "0.3.0", default-features = false, features = ["native-tls"] }  # disable CLI tools
 martin-tile-utils = { path = "./martin-tile-utils", version = "0.1.0" }
 num_cpus = "1"
 openssl = "0.10"
@ -42,7 +42,7 @@ serde = { version = "1", features = ["derive"] }
 serde_json = "1"
 serde_yaml = "0.9"
 spreet = { version = "0.8", default-features = false }
-sqlx = { version = "0.6", features = ["offline", "sqlite", "runtime-actix-native-tls"] }
+sqlx = { version = "0.6", features = ["offline", "sqlite"] }
 subst = { version = "0.2", features = ["yaml"] }
 thiserror = "1"
 tilejson = "0.3"
--- a/4
+++ b/4
@ -88,7 +88,6 @@ test-legacy: (docker-up "db-legacy") test-unit test-int
 # Run Rust unit and doc tests (cargo test)
 test-unit *ARGS:
    cargo test --all-targets {{ ARGS }}
-    cargo test --all-targets --all-features {{ ARGS }}
    cargo test --doc

 # Run integration tests
@ -153,7 +152,6 @@ coverage FORMAT='html':
    export MARTIN_PORT=3111

    cargo test --all-targets
-    cargo test --all-targets --all-features
    tests/test.sh

    set -x
@ -204,7 +202,7 @@ fmt2:

 # Run cargo clippy
 clippy:
-    cargo clippy --workspace --all-targets --all-features --bins --tests --lib --benches -- -D warnings
+    cargo clippy --workspace --all-targets --bins --tests --lib --benches -- -D warnings

 # These steps automatically run before git push via a git hook
 [private]
--- a/martin-mbtiles/Cargo.toml
+++ b/martin-mbtiles/Cargo.toml
@ -1,6 +1,6 @@
 [package]
 name = "martin-mbtiles"
-version = "0.2.2"
+version = "0.3.0"
 authors = ["Yuri Astrakhan <YuriAstrakhan@gmail.com>", "MapLibre contributors"]
 description = "A simple low-level MbTiles access and processing library, with some tile format detection and other relevant heuristics."
 keywords = ["mbtiles", "maps", "tiles", "mvt", "tilejson"]
@ -11,8 +11,11 @@ license.workspace = true

 [features]
 # TODO: Disable "cli" feature in default builds
-default = ["cli"]
+default = ["cli", "native-tls"]
 cli = ["dep:anyhow", "dep:clap", "dep:tokio"]
+# One of the following two must be used
+native-tls = ["sqlx/runtime-actix-native-tls"]
+rustls = ["sqlx/runtime-actix-rustls"]

 [dependencies]
 futures.workspace = true
--- a/tests/test.sh
+++ b/tests/test.sh
@ -4,11 +4,11 @@ set -euo pipefail
 # TODO: use  --fail-with-body  to get the response body on failure
 CURL=${CURL:-curl --silent --show-error --fail --compressed}
 DATABASE_URL="${DATABASE_URL:-postgres://postgres@localhost/db}"
-MARTIN_BUILD="${MARTIN_BUILD:-cargo build --all-features}"
+MARTIN_BUILD="${MARTIN_BUILD:-cargo build --features ssl}"
 MARTIN_PORT="${MARTIN_PORT:-3111}"
 MARTIN_URL="http://localhost:${MARTIN_PORT}"
 MARTIN_ARGS="${MARTIN_ARGS:---listen-addresses localhost:${MARTIN_PORT}}"
-MARTIN_BIN="${MARTIN_BIN:-cargo run --all-features --} ${MARTIN_ARGS}"
+MARTIN_BIN="${MARTIN_BIN:-cargo run --features ssl --} ${MARTIN_ARGS}"

 MBTILES_BUILD="${MBTILES_BUILD:-cargo build -p martin-mbtiles}"
 MBTILES_BIN="${MBTILES_BIN:-target/debug/mbtiles}"