chore(oma-fetch,oma-topics): disable aws-lc-rs

eatradish · eatradish · commit e1d02d68bea2 · 2025-12-31T17:59:01.000+08:00
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -24,6 +24,8 @@ chrono = "0.4.38"
 rustix = { version = "1", features = ["process", "stdio"] }
 libc = "0.2.159"
 reqwest = { version = "0.13", default-features = false }
+rustls-platform-verifier = { version = "0.6", optional = true }
+rustls = { version = "0.23", default-features = false, features = ["ring", "logging", "prefer-post-quantum", "std", "tls12"], optional = true }
 tracing = "0.1.40"
 tracing-subscriber = { version = "0.3.18", features = ["env-filter"] }
 console-subscriber = { version = "0.5.0", optional = true }
@@ -80,7 +82,7 @@ aosc = ["dep:oma-topics", "oma-refresh/aosc", "oma-pm/aosc", "oma-contents/aosc"
 sequoia-openssl-backend = ["oma-refresh/sequoia-openssl-backend"]
 sequoia-nettle-backend = ["oma-refresh/sequoia-nettle-backend"]
 tokio-console = ["dep:console-subscriber"]
-rustls = ["reqwest/default-tls", "oma-fetch/rustls", "oma-refresh/rustls", "oma-topics/rustls"]
+rustls = ["reqwest/rustls-no-provider", "dep:rustls-platform-verifier", "dep:rustls", "oma-fetch/rustls", "oma-refresh/rustls", "oma-topics/rustls"]
 openssl = ["reqwest/native-tls", "oma-fetch/native-tls", "oma-refresh/native-tls", "oma-topics/native-tls"]
 nice-setup = ["sequoia-nettle-backend", "rustls", "oma-refresh/apt"]
 openssl-setup = ["sequoia-openssl-backend", "openssl", "oma-refresh/apt"]
diff --git a/oma-fetch/Cargo.toml b/oma-fetch/Cargo.toml
@@ -31,6 +31,6 @@ tokio = { version = "1.42", features = ["macros", "rt-multi-thread"] }
 flume = "0.12"
 
 [features]
-rustls = ["reqwest/default-tls"]
+rustls = ["reqwest/rustls-no-provider"]
 native-tls = ["reqwest/native-tls"]
 default = ["rustls"]
diff --git a/oma-topics/Cargo.toml b/oma-topics/Cargo.toml
@@ -25,6 +25,6 @@ oma-console = { path = "../oma-console" }
 tokio = { version = "1.28", default-features = false, features = ["macros", "rt-multi-thread"] }
 
 [features]
-rustls = ["reqwest/default-tls"]
+rustls = ["reqwest/rustls-no-provider"]
 native-tls = ["reqwest/native-tls"]
 default = ["rustls"]
diff --git a/src/main.rs b/src/main.rs
@@ -5,7 +5,7 @@ use std::io::{self, IsTerminal, stderr, stdin};
 use std::path::{Path, PathBuf};
 
 use std::process::{Command, exit};
-use std::sync::{LazyLock, OnceLock};
+use std::sync::{Arc, LazyLock, OnceLock};
 use std::thread;
 use std::time::{Duration, SystemTime, UNIX_EPOCH};
 
@@ -37,6 +37,8 @@ use oma_utils::dbus::{create_dbus_connection, get_another_oma_status};
 use oma_utils::{OsRelease, is_termux};
 use reqwest::Client;
 use rustix::stdio::stdout;
+use rustls::ClientConfig;
+use rustls_platform_verifier::BuilderVerifierExt;
 use subcommand::utils::{LockError, is_terminal};
 use tokio::runtime::Runtime;
 use tracing::{debug, error, info, warn};
@@ -67,12 +69,15 @@ static RT: LazyLock<Runtime> = LazyLock::new(|| {
         .build()
         .expect("Failed to init async runtime")
 });
+
 static HTTP_CLIENT: LazyLock<Client> = LazyLock::new(|| {
     Client::builder()
         .user_agent(APP_USER_AGENT)
+        .tls_backend_preconfigured(tls_config())
         .build()
         .unwrap()
 });
+
 static WRITER: LazyLock<Writer> = LazyLock::new(Writer::default);
 static LOCK: OnceLock<PathBuf> = OnceLock::new();
 
@@ -475,6 +480,18 @@ fn try_main(
     code
 }
 
+fn tls_config() -> ClientConfig {
+    let arc_crypto_provider = Arc::new(rustls::crypto::ring::default_provider());
+    let config = ClientConfig::builder_with_provider(arc_crypto_provider)
+        .with_safe_default_protocol_versions()
+        .unwrap()
+        .with_platform_verifier()
+        .unwrap()
+        .with_no_client_auth();
+
+    config
+}
+
 fn init_color_formatter(oma: &OhManagerAilurus, config: &Config) {
     let mut follow_term_color = oma.global.follow_terminal_color || config.follow_terminal_color();
     let no_color = oma.global.color == ColorChoice::Never;
diff --git a/src/subcommand/mirror.rs b/src/subcommand/mirror.rs
@@ -59,6 +59,7 @@ use crate::pb::Print;
 use crate::subcommand::utils::multiselect;
 use crate::success;
 use crate::table::PagerPrinter;
+use crate::tls_config;
 use crate::utils::root;
 
 use super::utils::Refresh;
@@ -482,10 +483,7 @@ fn set_order(
 fn get_latency(timeout: f64, no_progress: bool, json: bool) -> Result<i32, OutputError> {
     let mm = MirrorManager::new("/")?;
 
-    let client = blocking::ClientBuilder::new()
-        .user_agent(APP_USER_AGENT)
-        .timeout(Duration::from_secs_f64(timeout))
-        .build()?;
+    let client = client(timeout)?;
 
     let mirrors = mm.mirrors_iter()?.collect::<Vec<_>>();
 
@@ -714,10 +712,7 @@ fn speedtest(
         None
     };
 
-    let client = blocking::ClientBuilder::new()
-        .user_agent(APP_USER_AGENT)
-        .timeout(Duration::from_secs_f64(timeout))
-        .build()?;
+    let client = client(timeout)?;
 
     let mut score_map = HashMap::with_hasher(ahash::RandomState::new());
 
@@ -822,6 +817,16 @@ fn speedtest(
     Ok(0)
 }
 
+fn client(timeout: f64) -> Result<blocking::Client, OutputError> {
+    let client = blocking::ClientBuilder::new()
+        .user_agent(APP_USER_AGENT)
+        .tls_backend_preconfigured(tls_config())
+        .timeout(Duration::from_secs_f64(timeout))
+        .build()?;
+
+    Ok(client)
+}
+
 #[inline]
 fn progress_bar(mirrors_len: u64) -> OmaProgressBar {
     OmaProgressBar::new(
