vmware-labs · Angelmmiguel · Nov 24, 2023 · Nov 24, 2023 · Nov 24, 2023 · Nov 24, 2023
diff --git a/.github/workflows/artifacts.yml b/.github/workflows/artifacts.yml
@@ -4,6 +4,9 @@ on:
   push:
     tags:
     - "v[0-9]+.[0-9]+.[0-9]+"
+  # TODO: Remove it
+  pull_request:
+    branches: [ "main", "v[0-9]+.[0-9]+" ]
 
 jobs:
   build:
@@ -18,14 +21,14 @@ jobs:
             platform: unknown-linux-musl
             cross: false
             name: linux-musl
-            features: --features vendored-openssl
+            features:
           - build: linux
             arch: aarch64
             os: ubuntu-latest
             platform: unknown-linux-musl
             cross: true
             name: linux-musl
-            features: --features vendored-openssl
+            features:
           - build: windows
             arch: x86_64
             os: windows-latest
@@ -53,7 +56,7 @@ jobs:
             platform: apple-darwin
             cross: false
             name: macos-darwin
-            features: --features vendored-openssl
+            features:
     runs-on: ${{ matrix.os }}
     env:
       # This variable can be overriden with `cross` for builds that

diff --git a/.github/workflows/container-preview.yml b/.github/workflows/container-preview.yml
@@ -45,7 +45,7 @@ jobs:
         sudo apt-get update
         sudo apt-get install musl-tools
     - name: Build
-      run: ${{env.CARGO}} build --release --target=${{ matrix.arch }}-${{ matrix.platform }} --features vendored-openssl
+      run: ${{env.CARGO}} build --release --target=${{ matrix.arch }}-${{ matrix.platform }}
     - name: Upload artifact
       uses: actions/upload-artifact@v3
       with:

diff --git a/.github/workflows/container-release.yml b/.github/workflows/container-release.yml
@@ -46,7 +46,7 @@ jobs:
         sudo apt-get update
         sudo apt-get install musl-tools
     - name: Build
-      run: ${{env.CARGO}} build --release --target=${{ matrix.arch }}-${{ matrix.platform }} --features vendored-openssl
+      run: ${{env.CARGO}} build --release --target=${{ matrix.arch }}-${{ matrix.platform }}
     - name: Upload artifact
       uses: actions/upload-artifact@v3
       with:

diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -34,7 +34,7 @@ wws-server = { workspace = true }
 wws-project = { workspace = true }
 
 [dev-dependencies]
-reqwest = { version = "0.11", features = ["blocking"] }
+reqwest = { version = "0.11", features = ["rustls", "blocking"] }
-reqwest = { version = "0.11", features = ["rustls", "blocking"] }
+reqwest = { version = "0.11", features = ["rustls-tls", "blocking"] }
-reqwest = { version = "0.11", features = ["rustls", "blocking"] }
+reqwest = { version = "0.11", features = ["rustls-tls", "blocking"] }
 
 [features]
 default = ["all"]
@@ -43,8 +43,6 @@ wws_config = []
 wws_router = []
 wws_server = []
 
-vendored-openssl = ["wws-project/vendored-openssl"]
-
 [workspace]
 members = [
   "crates/api-manage",
@@ -77,7 +75,7 @@ exclude = [
 [workspace.dependencies]
 actix-web = "4"
 lazy_static = "1.4.0"
-reqwest = "0.11"
+reqwest = { version = "0.11", features = ["rustls"] }
 serde = { version = "1.0", features = ["derive"] }
 serde_json = "1.0.85"
 tokio = "1.28"
@@ -99,4 +97,3 @@ wasmtime-wasi = "13.0.0"
 wasmtime-wasi-nn = "13.0.0"
 wasi-common = "13.0.0"
 path-slash = "0.2.1"
-openssl = { version = "=0.10.55" }
diff --git a/crates/project/Cargo.toml b/crates/project/Cargo.toml
@@ -16,11 +16,6 @@ wws-store = { workspace = true }
 url = "2.3.1"
 sha256 = "1.1.1"
 git2 = "0.17.2"
-# Not all platforms require OpenSSL
-openssl = { workspace = true, optional = true }
-
-[features]
-vendored-openssl = ["openssl/vendored"]
 
 [dev-dependencies]
 path-slash = { workspace = true }
diff --git a/deny.toml b/deny.toml
@@ -33,7 +33,7 @@ exclude = [
     "wit-bindgen-wasmtime",
     "wit-bindgen-gen-wasmtime",
     "wit-bindgen-gen-rust",
-    "wit-bindgen-gen-core"
+    "wit-bindgen-gen-core",
 ]
 
 # More documentation for the advisories section can be found here:
@@ -63,10 +63,17 @@ allow = [
     "ISC",
     "MIT",
     "MPL-2.0",
+    "OpenSSL",
     "Unicode-DFS-2016",
-    "Zlib"
+    "Zlib",
 ]
 
+# Special case for Ring, which includes multiple licenses
+[[licenses.clarify]]
+name = "ring"
+expression = "MIT AND ISC AND OpenSSL"
+license-files = [{ path = "LICENSE", hash = 0xbd0eed23 }]
+
 # More documentation about the 'bans' section can be found here:
 # https://embarkstudios.github.io/cargo-deny/checks/bans/cfg.html
 [bans]

diff --git a/image/Dockerfile b/image/Dockerfile
@@ -1,6 +1,4 @@
 # Build wasm_runtime in release mode
-
-
 FROM --platform=$TARGETPLATFORM rust:1.71.0-slim as build-wws
 ARG WWS_BUILD_DIR=/usr/src/wws
 ARG TARGETPLATFORM
@@ -19,15 +17,13 @@ RUN set -eux; \
         *) echo >&2 "unsupported architecture: $BUILDPLATFORM"; exit 1 ;; \
     esac; \
     rustup target add $bldArch; \
-    cargo build --release --features vendored-openssl --target=$bldArch; \
+    cargo build --release --target=$bldArch; \
     mkdir ./build; \
     cp ./target/$bldArch/release/wws ./build/wws
 
-
+# Build the image
 FROM --platform=$TARGETPLATFORM debian:bullseye-slim
 ARG WWS_BUILD_DIR=/usr/src/wws
-RUN apt-get update && \
-    apt-get install -y --no-install-recommends ca-certificates
 RUN mkdir -p /app
 RUN mkdir -p /opt
 COPY --from=build-wws ${WWS_BUILD_DIR}/build/wws /opt

diff --git a/image/Prebuilt.dockerfile b/image/Prebuilt.dockerfile
@@ -2,10 +2,9 @@
 # is mainly used to build the preview / release container images in
 # GitHub actions
 
-# Retrieve the certificates to install runtimes later on.
+# Create the folders for the main container
 FROM --platform=$TARGETPLATFORM bitnami/minideb:latest AS sysroot
 RUN mkdir -p /target/app /target/opt
-RUN install_packages ca-certificates
 
 # Build the final image
 FROM --platform=$TARGETPLATFORM scratch
@@ -17,7 +16,6 @@ LABEL org.opencontainers.image.licenses="Apache-2.0"
 
 COPY --from=sysroot /target/app /app
 COPY --from=sysroot /target/opt /opt
-COPY --from=sysroot /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
 COPY --chmod=755 ./wws-$TARGETARCH /opt/wws
 
 ENTRYPOINT ["/opt/wws"]