diff options
| -rw-r--r-- | mullvad-update/mullvad-release/src/main.rs | 10 | ||||
| -rw-r--r-- | mullvad-update/src/client/api.rs | 24 | ||||
| -rw-r--r-- | mullvad-update/src/defaults.rs | 14 |
3 files changed, 25 insertions, 23 deletions
diff --git a/mullvad-update/mullvad-release/src/main.rs b/mullvad-update/mullvad-release/src/main.rs index cedc426cfa..5089dbeb09 100644 --- a/mullvad-update/mullvad-release/src/main.rs +++ b/mullvad-update/mullvad-release/src/main.rs @@ -170,12 +170,8 @@ async fn main() -> anyhow::Result<()> { // Download latest.json metadata if available if latest_file { - match HttpVersionInfoProvider::get_latest_versions_file() - .await - .and_then(|json| { - serde_json::to_string_pretty(&json).context("Failed to format JSON") - }) { - Ok(json) => { + match HttpVersionInfoProvider::get_latest_versions_file().await { + Ok(json_str) => { let path = Path::new(LATEST_FILENAME); if !assume_yes && path.exists() { @@ -188,7 +184,7 @@ async fn main() -> anyhow::Result<()> { } } - fs::write(path, json).await.context("Failed to write")?; + fs::write(path, json_str).await.context("Failed to write")?; println!("Updated {}", path.display()); } diff --git a/mullvad-update/src/client/api.rs b/mullvad-update/src/client/api.rs index 6f4f7bc51b..dbfd7dc45a 100644 --- a/mullvad-update/src/client/api.rs +++ b/mullvad-update/src/client/api.rs @@ -8,7 +8,7 @@ use tokio::fs; #[cfg(test)] use vec1::Vec1; -use crate::defaults::META_REPOSITORY_URL; +use crate::defaults; use crate::format; use crate::version::{VersionInfo, VersionParameters}; @@ -40,11 +40,7 @@ impl MetaRepositoryPlatform { /// Return complete URL used for the metadata pub fn url(&self) -> String { - format!( - "{}/{}", - crate::defaults::META_REPOSITORY_URL, - self.filename() - ) + format!("{}/{}", defaults::RELEASES_URL, self.filename()) } fn filename(&self) -> &str { @@ -87,7 +83,7 @@ impl From<MetaRepositoryPlatform> for HttpVersionInfoProvider { HttpVersionInfoProvider { url: platform.url(), resolve: Some((API_HOST_DEFAULT, API_IP_DEFAULT)), - pinned_certificate: Some(crate::defaults::PINNED_CERTIFICATE.clone()), + pinned_certificate: Some(defaults::PINNED_CERTIFICATE.clone()), dump_to_path: None, } } @@ -158,15 +154,17 @@ impl HttpVersionInfoProvider { /// Retrieve the `latest.json` file. /// - /// By default, `pinned_certificate` will be set to the LE root certificate. The contents are - /// unsigned. - pub async fn get_latest_versions_file() -> anyhow::Result<Vec<u8>> { + /// - `pinned_certificate` will be set to the LE root certificate. + /// - DNS will be used to look up the URL. + /// - The JSON response is not signed. + pub async fn get_latest_versions_file() -> anyhow::Result<String> { Self::get( - &format!("{META_REPOSITORY_URL}/latest.json"), - Some(crate::defaults::PINNED_CERTIFICATE.clone()), - Some((API_HOST_DEFAULT, API_IP_DEFAULT)), + &format!("{}/latest.json", defaults::METADATA_URL), + Some(defaults::PINNED_CERTIFICATE.clone()), + None, ) .await + .and_then(|raw_json: Vec<u8>| Ok(String::from_utf8(raw_json)?)) .context("Failed to get latest.json file") } diff --git a/mullvad-update/src/defaults.rs b/mullvad-update/src/defaults.rs index 7d6ba5f172..bc563a1b04 100644 --- a/mullvad-update/src/defaults.rs +++ b/mullvad-update/src/defaults.rs @@ -4,11 +4,19 @@ use crate::format::key::VerifyingKey; use std::sync::LazyLock; use vec1::Vec1; -/// Default repository URL for version metadata +/// Default URL for the `releases`-API. +/// +/// Note that this is just a proxy to _some_ of the files in [METADATA_URL]. #[cfg(feature = "client")] -pub const META_REPOSITORY_URL: &str = "https://api.mullvad.net/app/releases/"; +pub const RELEASES_URL: &str = "https://api.mullvad.net/app/releases/"; -/// Default TLS certificate to pin to +/// Default URL for version metadata repository. +#[cfg(feature = "client")] +pub const METADATA_URL: &str = "https://releases.mullvad.net/desktop/metadata/"; + +/// Default TLS certificate to pin to. +/// +/// This is the Let's Encrypt root-certificate. #[cfg(feature = "client")] pub static PINNED_CERTIFICATE: LazyLock<reqwest::Certificate> = LazyLock::new(|| { const CERT_BYTES: &[u8] = include_bytes!("../../mullvad-api/le_root_cert.pem"); |