Fix `get_latest_versions_file`

`latest.json` is not published under api.mullvad.net.

3 files changed, 25 insertions, 23 deletions

diff --git a/mullvad-update/mullvad-release/src/main.rs b/mullvad-update/mullvad-release/src/main.rs
index cedc426cfa..5089dbeb09 100644
--- a/mullvad-update/mullvad-release/src/main.rs
+++ b/mullvad-update/mullvad-release/src/main.rs
@@ -170,12 +170,8 @@ async fn main() -> anyhow::Result<()> {
 
             // Download latest.json metadata if available
             if latest_file {
-                match HttpVersionInfoProvider::get_latest_versions_file()
-                    .await
-                    .and_then(|json| {
-                        serde_json::to_string_pretty(&json).context("Failed to format JSON")
-                    }) {
-                    Ok(json) => {
+                match HttpVersionInfoProvider::get_latest_versions_file().await {
+                    Ok(json_str) => {
                         let path = Path::new(LATEST_FILENAME);
 
                         if !assume_yes && path.exists() {
@@ -188,7 +184,7 @@ async fn main() -> anyhow::Result<()> {
                             }
                         }
 
-                        fs::write(path, json).await.context("Failed to write")?;
+                        fs::write(path, json_str).await.context("Failed to write")?;
 
                         println!("Updated {}", path.display());
                     }
diff --git a/mullvad-update/src/client/api.rs b/mullvad-update/src/client/api.rs
index 6f4f7bc51b..dbfd7dc45a 100644
--- a/mullvad-update/src/client/api.rs
+++ b/mullvad-update/src/client/api.rs
@@ -8,7 +8,7 @@ use tokio::fs;
 #[cfg(test)]
 use vec1::Vec1;
 
-use crate::defaults::META_REPOSITORY_URL;
+use crate::defaults;
 use crate::format;
 use crate::version::{VersionInfo, VersionParameters};
 
@@ -40,11 +40,7 @@ impl MetaRepositoryPlatform {
 
     /// Return complete URL used for the metadata
     pub fn url(&self) -> String {
-        format!(
-            "{}/{}",
-            crate::defaults::META_REPOSITORY_URL,
-            self.filename()
-        )
+        format!("{}/{}", defaults::RELEASES_URL, self.filename())
     }
 
     fn filename(&self) -> &str {
@@ -87,7 +83,7 @@ impl From<MetaRepositoryPlatform> for HttpVersionInfoProvider {
         HttpVersionInfoProvider {
             url: platform.url(),
             resolve: Some((API_HOST_DEFAULT, API_IP_DEFAULT)),
-            pinned_certificate: Some(crate::defaults::PINNED_CERTIFICATE.clone()),
+            pinned_certificate: Some(defaults::PINNED_CERTIFICATE.clone()),
             dump_to_path: None,
         }
     }
@@ -158,15 +154,17 @@ impl HttpVersionInfoProvider {
 
     /// Retrieve the `latest.json` file.
     ///
-    /// By default, `pinned_certificate` will be set to the LE root certificate. The contents are
-    /// unsigned.
-    pub async fn get_latest_versions_file() -> anyhow::Result<Vec<u8>> {
+    /// - `pinned_certificate` will be set to the LE root certificate.
+    /// - DNS will be used to look up the URL.
+    /// - The JSON response is not signed.
+    pub async fn get_latest_versions_file() -> anyhow::Result<String> {
         Self::get(
-            &format!("{META_REPOSITORY_URL}/latest.json"),
-            Some(crate::defaults::PINNED_CERTIFICATE.clone()),
-            Some((API_HOST_DEFAULT, API_IP_DEFAULT)),
+            &format!("{}/latest.json", defaults::METADATA_URL),
+            Some(defaults::PINNED_CERTIFICATE.clone()),
+            None,
         )
         .await
+        .and_then(|raw_json: Vec<u8>| Ok(String::from_utf8(raw_json)?))
         .context("Failed to get latest.json file")
     }
 
diff --git a/mullvad-update/src/defaults.rs b/mullvad-update/src/defaults.rs
index 7d6ba5f172..bc563a1b04 100644
--- a/mullvad-update/src/defaults.rs
+++ b/mullvad-update/src/defaults.rs
@@ -4,11 +4,19 @@ use crate::format::key::VerifyingKey;
 use std::sync::LazyLock;
 use vec1::Vec1;
 
-/// Default repository URL for version metadata
+/// Default URL for the `releases`-API.
+///
+/// Note that this is just a proxy to _some_ of the files in [METADATA_URL].
 #[cfg(feature = "client")]
-pub const META_REPOSITORY_URL: &str = "https://api.mullvad.net/app/releases/";
+pub const RELEASES_URL: &str = "https://api.mullvad.net/app/releases/";
 
-/// Default TLS certificate to pin to
+/// Default URL for version metadata repository.
+#[cfg(feature = "client")]
+pub const METADATA_URL: &str = "https://releases.mullvad.net/desktop/metadata/";
+
+/// Default TLS certificate to pin to.
+///
+/// This is the Let's Encrypt root-certificate.
 #[cfg(feature = "client")]
 pub static PINNED_CERTIFICATE: LazyLock<reqwest::Certificate> = LazyLock::new(|| {
     const CERT_BYTES: &[u8] = include_bytes!("../../mullvad-api/le_root_cert.pem");