Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add tooling for recording and replaying PyPI interactions #609

Closed
wants to merge 6 commits into from

Conversation

zanieb
Copy link
Member

@zanieb zanieb commented Dec 11, 2023

Uses mitmproxy to record and replay interactions with a PyPI server. For example:

./offlinepi record cargo test --features pypi -- --test-threads=1

Then run tests with replayed responses:

./offlinepi replay cargo test --features pypi

I tested this with my internet turned off, so it looks to be fully offline.

See the README for more details.

I want to figure out a good way to help people install the certificate as it's not trivial. I did:

sudo security add-trusted-cert -d -p ssl -p basic -k /Library/Keychains/System.keychain ~/.mitmproxy/mitmproxy-ca-cert.pem

See #615 for a more general solution.

I'm also not sure what the best way is to hook this into our test suite in practice. It'd be nice to have a command that recorded new responses automatically or just replayed if not needed, but it's unclear how that'd be done :) it seems best for others to play with this before we make it integral in any way.

@zanieb zanieb force-pushed the zb/offlinepi branch 2 times, most recently from c3520ff to 9838342 Compare December 11, 2023 21:24
reqwest = { version = "0.11.22", default-features = false, features = ["json", "gzip", "brotli", "stream", "rustls-tls"] }
reqwest = { version = "0.11.22", default-features = false, features = ["json", "gzip", "brotli", "stream", "rustls-tls-native-roots"] }
Copy link
Member Author

@zanieb zanieb Dec 11, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I believe this is required because I registered the cert with my system.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

rustls-tls: Enables TLS functionality provided by rustls. Equivalent to rustls-tls-webpki-roots.
rustls-tls-webpki-roots: Enables TLS functionality provided by rustls, while using root certificates from the webpki-roots crate.
rustls-tls-native-roots: Enables TLS functionality provided by rustls, while using root certificates from the rustls-native-certs crate.
source

Hm...

Copy link
Member Author

@zanieb zanieb Dec 11, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@zanieb
Copy link
Member Author

zanieb commented Dec 12, 2023

Oh also I needed to install from GitHub to get things working initially, I should verify and document what version we require.

konstin added a commit that referenced this pull request Dec 12, 2023
Built on #609

When activating the `puffin-test-custom-ca-cert` feature, you can inject a custom ssl certificate by setting `PUFFIN_TEST_CA_CERT_PEM` to a pem file, e.g.

```bash
PUFFIN_TEST_CA_CERT_PEM=$(pwd)/mitmproxy-ca-cert.pem ./offlinepi record cargo test --features pypi --features puffin-test-custom-ca-cert -- --test-threads=1
```

This feature is off by default, so this is not possible in release builds.
@zanieb
Copy link
Member Author

zanieb commented Dec 12, 2023

A HAR file for our test suite is about 10 MB e.g. https://gist.github.com/zanieb/fb1d4f03176be020a2d0912476d19a1c

Built on #609

When activating the `puffin-test-custom-ca-cert` feature, you can inject
a custom ssl certificate by setting `PUFFIN_TEST_CA_CERT_PEM` to a pem
file, e.g.

```bash
PUFFIN_TEST_CA_CERT_PEM=$(pwd)/mitmproxy-ca-cert.pem ./offlinepi record cargo test --features pypi --features puffin-test-custom-ca-cert -- --test-threads=1 
```

This feature is off by default, so this is not possible in release
builds.
@zanieb
Copy link
Member Author

zanieb commented Dec 14, 2023

I'll revert my cert changes in favor of #615 if possible and document usage.

@zanieb zanieb closed this Jan 18, 2024
BurntSushi pushed a commit that referenced this pull request Feb 16, 2024
Closes #1474 

Using the `rustls-tls-native-roots` feature

> `rustls-tls`: Enables TLS functionality provided by rustls. Equivalent
to rustls-tls-webpki-roots.
>
> `rustls-tls-webpki-roots`: Enables TLS functionality provided by
rustls, while using root certificates from the webpki-roots crate.
>
> `rustls-tls-native-roots`: Enables TLS functionality provided by
rustls, while using root certificates from the rustls-native-certs
crate.

Additional context:

- seanmonstar/reqwest#1554
- encode/httpx#302
- [Should I use the native certs or
webpki-roots?](https://github.com/rustls/rustls-native-certs#should-i-use-this-or-webpki-roots)

Prior discussion at #609
@zanieb zanieb mentioned this pull request Aug 2, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants