Bug#1101080: rust-ureq - all features autopkgtest fails

Peter Michael Green Sat, 22 Mar 2025 17:24:31 -0700

Package: rust-ureq
Version: 2.12.1-4
Severity: serious


The "all features" autopkgtest for rust-ureq is failing.
https://ci.debian.net/data/autopkgtest/testing/amd64/r/rust-ureq/58833777/log.gz

141s error[E0308]: mismatched types
141s    --> tests/https-agent.rs:116:53
141s     |
141s 116 |         .with_single_cert(certs, rustls::PrivateKey(key))
141s     |                                  ------------------ ^^^ expected 
`Vec<u8>`, found `PrivateKeyDer<'_>`
141s     |                                  |
141s     |                                  arguments to this struct are 
incorrect
141s     |
141s     = note: expected struct `Vec<u8>`
141s                  found enum `rustls_pki_types::PrivateKeyDer<'_>`


I fixed this by adding some conversions.

I then ran into another error.

error[E0432]: unresolved import `rustls::client::ServerCertVerified`
   --> examples/cureq/main.rs:9:5
    |
9   | use rustls::client::ServerCertVerified;
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ no `ServerCertVerified`in `client`

This error was fixed by adding the "dangerous-configuration" feature tothe ruslts dev-dependency

I also discovered that the tree in it's current state produces manyerrors when building aginstrustls-native-certs 0.7. These errors appear to be a result of codechanges in the main rustls patchbut I didn't investigate them deeply. I tightened the dependency toreflect the reality of what the

code will successfully build against.

diff -Nru rust-ureq-2.12.1/debian/changelog rust-ureq-2.12.1/debian/changelog
--- rust-ureq-2.12.1/debian/changelog   2025-03-15 15:07:15.000000000 +0000
+++ rust-ureq-2.12.1/debian/changelog   2025-03-22 23:27:07.000000000 +0000
@@ -1,3 +1,14 @@
+rust-ureq (2.12.1-4.1) UNRELEASED; urgency=medium
+
+  * Non-maintainer upload.
+  * Fix type mismatches in tests/https-agent.rs
+  * Enable "dangerous-configuration" feature in dev-dependency on rustls
+    needed by examples/cureq/main.rs
+  * Tighten rustls-native-certs dependency to specifically require 0.6,
+    The current package produces many errors with version 0.7.
+
+ -- Peter Michael Green <plugw...@debian.org>  Sat, 22 Mar 2025 23:27:07 +0000
+
 rust-ureq (2.12.1-4) unstable; urgency=medium
 
   * reduce patch 2001_rustls to not involve crate rustls-pemfile;
diff -Nru rust-ureq-2.12.1/debian/control rust-ureq-2.12.1/debian/control
--- rust-ureq-2.12.1/debian/control     2025-03-15 15:07:00.000000000 +0000
+++ rust-ureq-2.12.1/debian/control     2025-03-22 22:55:12.000000000 +0000
@@ -19,7 +19,7 @@
  librust-native-tls-0.2+default-dev,
  librust-once-cell-1+default-dev,
  librust-rustls-0.21+default-dev,
- librust-rustls-native-certs-dev (<< 0.8),
+ librust-rustls-native-certs-0.6-dev,
  librust-rustls-pemfile-2+default-dev,
  librust-rustls-webpki-0.101+default-dev,
  librust-serde-1+default-dev,
@@ -51,7 +51,7 @@
  librust-native-tls-0.2+default-dev,
  librust-once-cell-1+default-dev,
  librust-rustls-0.21+default-dev,
- librust-rustls-native-certs-dev (<< 0.8),
+ librust-rustls-native-certs-0.6-dev,
  librust-rustls-webpki-0.101+default-dev,
  librust-serde-1+default-dev,
  librust-serde-json-1+default-dev (>= 1.0.97),
diff -Nru rust-ureq-2.12.1/debian/patches/2001_rustls-native-certs.patch 
rust-ureq-2.12.1/debian/patches/2001_rustls-native-certs.patch
--- rust-ureq-2.12.1/debian/patches/2001_rustls-native-certs.patch      
2025-03-15 14:56:38.000000000 +0000
+++ rust-ureq-2.12.1/debian/patches/2001_rustls-native-certs.patch      
2025-03-22 22:54:20.000000000 +0000
@@ -11,7 +11,7 @@
  log = "0.4"
  webpki-roots = { version = "0.26", optional = true }
 -rustls-native-certs = { version = "0.7", optional = true }
-+rustls-native-certs = { version = ">= 0.6.3, <= 0.7", optional = true }
++rustls-native-certs = { version = ">= 0.6.3, < 0.7", optional = true }
  native-tls = { version = "0.2", optional = true }
  flate2 = { version = "1.0.22", optional = true }
  brotli-decompressor = { version = "4.0.0", optional = true }
diff -Nru rust-ureq-2.12.1/debian/patches/2001_rustls.patch 
rust-ureq-2.12.1/debian/patches/2001_rustls.patch
--- rust-ureq-2.12.1/debian/patches/2001_rustls.patch   2025-03-15 
15:03:39.000000000 +0000
+++ rust-ureq-2.12.1/debian/patches/2001_rustls.patch   2025-03-22 
22:53:43.000000000 +0000
@@ -7,9 +7,11 @@
 Last-Update: 2025-03-15
 ---
 This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
---- a/Cargo.toml
-+++ b/Cargo.toml
-@@ -21,7 +21,7 @@
+Index: rust-ureq-2.12.1/Cargo.toml
+===================================================================
+--- rust-ureq-2.12.1.orig/Cargo.toml
++++ rust-ureq-2.12.1/Cargo.toml
+@@ -21,7 +21,7 @@ rustdoc-args = ["--cfg", "docsrs"]
  
  [features]
  default = ["tls", "gzip"]
@@ -18,7 +20,7 @@
  native-certs = ["dep:rustls-native-certs"]
  native-tls = ["dep:native-tls"]
  json = ["dep:serde", "dep:serde_json"]
-@@ -48,7 +48,6 @@
+@@ -48,7 +48,6 @@ encoding_rs = { version = "0.8", optiona
  cookie_store = { version = "0.21.1", optional = true, default-features = 
false, features = ["preserve_order", "serde_json"] }
  log = "0.4"
  webpki-roots = { version = "0.26", optional = true }
@@ -26,7 +28,7 @@
  rustls-native-certs = { version = "0.7", optional = true }
  native-tls = { version = "0.2", optional = true }
  flate2 = { version = "1.0.22", optional = true }
-@@ -56,12 +55,12 @@
+@@ -56,12 +55,12 @@ brotli-decompressor = { version = "4.0.0
  http-02 = { package = "http", version = "0.2", optional = true }
  http = { version = "1.1", optional = true }
  url = "2.5.0"
@@ -37,13 +39,15 @@
  env_logger = { version = "<=0.11", default-features = false, features = 
["humantime"] }
  serde = { version = "1", features = ["derive"] }
 -rustls = { version = "0.23.5", default-features = false, features = ["std", 
"ring"] }
-+rustls = { version = "0.21.6", default-features = false }
++rustls = { version = "0.21.6", default-features = false, features = 
["dangerous_configuration"] }
  rustls-pemfile = { version = "2.0" }
  
  [[example]]
---- a/examples/cureq/main.rs
-+++ b/examples/cureq/main.rs
-@@ -3,11 +3,13 @@
+Index: rust-ureq-2.12.1/examples/cureq/main.rs
+===================================================================
+--- rust-ureq-2.12.1.orig/examples/cureq/main.rs
++++ rust-ureq-2.12.1/examples/cureq/main.rs
+@@ -3,11 +3,13 @@ use std::fmt;
  use std::io;
  use std::thread;
  use std::time::Duration;
@@ -60,7 +64,7 @@
  use ureq;
  
  #[derive(Debug)]
-@@ -94,42 +96,20 @@
+@@ -94,42 +96,20 @@ fn perform(
      Ok(())
  }
  
@@ -107,7 +111,7 @@
  }
  
  fn main() {
-@@ -185,7 +165,7 @@
+@@ -185,7 +165,7 @@ Fetch url and copy it to stdout.
              }
              "-k" => {
                  let client_config = ClientConfig::builder()
@@ -116,9 +120,11 @@
                      .with_custom_certificate_verifier(Arc::new(AcceptAll {}))
                      .with_no_client_auth();
                  builder = builder.tls_config(Arc::new(client_config));
---- a/examples/tls_config.rs
-+++ b/examples/tls_config.rs
-@@ -21,13 +21,23 @@
+Index: rust-ureq-2.12.1/examples/tls_config.rs
+===================================================================
+--- rust-ureq-2.12.1.orig/examples/tls_config.rs
++++ rust-ureq-2.12.1/examples/tls_config.rs
+@@ -21,13 +21,23 @@ pub fn main() {
      // }
  
      // This adds webpki_roots certs.
@@ -144,9 +150,11 @@
          .with_root_certificates(root_store)
          .with_no_client_auth();
  
---- a/src/agent.rs
-+++ b/src/agent.rs
-@@ -595,11 +595,17 @@
+Index: rust-ureq-2.12.1/src/agent.rs
+===================================================================
+--- rust-ureq-2.12.1.orig/src/agent.rs
++++ rust-ureq-2.12.1/src/agent.rs
+@@ -595,11 +595,17 @@ impl AgentBuilder {
      /// # fn main() -> Result<(), ureq::Error> {
      /// # ureq::is_test(true);
      /// use std::sync::Arc;
@@ -167,9 +175,11 @@
      ///     .with_root_certificates(root_store)
      ///     .with_no_client_auth();
      /// let agent = ureq::builder()
---- a/src/rtls.rs
-+++ b/src/rtls.rs
-@@ -64,12 +64,30 @@
+Index: rust-ureq-2.12.1/src/rtls.rs
+===================================================================
+--- rust-ureq-2.12.1.orig/src/rtls.rs
++++ rust-ureq-2.12.1/src/rtls.rs
+@@ -64,12 +64,30 @@ fn root_certs() -> rustls::RootCertStore
      use log::error;
  
      let mut root_cert_store = rustls::RootCertStore::empty();
@@ -203,7 +213,7 @@
      if valid_count == 0 && invalid_count > 0 {
          error!(
              "no valid certificates loaded by rustls-native-certs. all HTTPS 
requests will fail."
-@@ -80,9 +98,15 @@
+@@ -80,9 +98,15 @@ fn root_certs() -> rustls::RootCertStore
  
  #[cfg(not(feature = "native-certs"))]
  fn root_certs() -> rustls::RootCertStore {
@@ -222,7 +232,7 @@
  }
  
  impl TlsConnector for Arc<rustls::ClientConfig> {
-@@ -98,9 +122,8 @@
+@@ -98,9 +122,8 @@ impl TlsConnector for Arc<rustls::Client
              dns_name
          };
  
@@ -234,9 +244,11 @@
  
          let mut sess = rustls::ClientConnection::new(self.clone(), sni)
              .map_err(|e| ErrorKind::Io.msg("tls connection creation 
failed").src(e))?;
---- a/tests/https-agent.rs
-+++ b/tests/https-agent.rs
-@@ -102,13 +102,19 @@
+Index: rust-ureq-2.12.1/tests/https-agent.rs
+===================================================================
+--- rust-ureq-2.12.1.orig/tests/https-agent.rs
++++ rust-ureq-2.12.1/tests/https-agent.rs
+@@ -102,13 +102,19 @@ m0Wqhhi8/24Sy934t5Txgkfoltg8ahkx934WjP6W
          .unwrap()
          .unwrap();
  
@@ -260,7 +272,7 @@
          .unwrap();
  
      let agent = ureq::builder()
-@@ -149,11 +155,17 @@
+@@ -149,11 +155,17 @@ m0Wqhhi8/24Sy934t5Txgkfoltg8ahkx934WjP6W
  #[test]
  #[cfg(feature = "tls")]
  fn ipv6_addr_in_dns_name() {
diff -Nru rust-ureq-2.12.1/debian/patches/2002_native_certs.patch 
rust-ureq-2.12.1/debian/patches/2002_native_certs.patch
--- rust-ureq-2.12.1/debian/patches/2002_native_certs.patch     2025-03-15 
14:56:59.000000000 +0000
+++ rust-ureq-2.12.1/debian/patches/2002_native_certs.patch     2025-03-22 
22:58:18.000000000 +0000
@@ -22,7 +22,7 @@
  cookie_store = { version = "0.21.1", optional = true, default-features = 
false, features = ["preserve_order", "serde_json"] }
  log = "0.4"
 -webpki-roots = { version = "0.26", optional = true }
- rustls-native-certs = { version = ">= 0.6.3, <= 0.7", optional = true }
+ rustls-native-certs = { version = ">= 0.6.3, < 0.7", optional = true }
  native-tls = { version = "0.2", optional = true }
  flate2 = { version = "1.0.22", optional = true }
 --- a/src/agent.rs
@@ -149,3 +149,16 @@
          .with_root_certificates(root_certs())
          .with_no_client_auth();
          Arc::new(Arc::new(config))
+Index: rust-ureq-2.12.1/tests/https-agent.rs
+===================================================================
+--- rust-ureq-2.12.1.orig/tests/https-agent.rs
++++ rust-ureq-2.12.1/tests/https-agent.rs
+@@ -113,7 +113,7 @@ m0Wqhhi8/24Sy934t5Txgkfoltg8ahkx934WjP6W
+     let tls_config = rustls::ClientConfig::builder()
+         .with_safe_defaults()
+         .with_root_certificates(root_store)
+-        .with_single_cert(certs, rustls::PrivateKey(key))
++        .with_single_cert(certs.into_iter().map(|cert| 
rustls::Certificate(cert.to_vec())).collect(), 
rustls::PrivateKey(key.secret_der().to_vec()))
+         .unwrap();
+ 
+     let agent = ureq::builder()

Bug#1101080: rust-ureq - all features autopkgtest fails

Reply via email to