From 003a2eddf5f4fe376caf75d044beddb5f70f5037 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Luismi=20Ram=C3=ADrez?= <luismi.ramirez@protonmail.com>
Date: Mon, 14 Feb 2022 14:57:18 +0100
Subject: [PATCH] Check CAcert file exists when installing extension

The extension installation will no longer fail if the CA cert file is
not accessible. It'll print a warning and use the library defaults.
---
 ...n-failure-when-cacert-is-not-accessible.md |  6 ++++
 mix_helpers.exs                               | 32 ++++++++++++++++++-
 2 files changed, 37 insertions(+), 1 deletion(-)
 create mode 100644 .changesets/prevent-extension-installation-failure-when-cacert-is-not-accessible.md

diff --git a/.changesets/prevent-extension-installation-failure-when-cacert-is-not-accessible.md b/.changesets/prevent-extension-installation-failure-when-cacert-is-not-accessible.md
new file mode 100644
index 000000000..77b9d2639
--- /dev/null
+++ b/.changesets/prevent-extension-installation-failure-when-cacert-is-not-accessible.md
@@ -0,0 +1,6 @@
+---
+bump: "patch"
+type: "change"
+---
+
+The extension installation will no longer fail when the CA certificate file is not accessible.
diff --git a/mix_helpers.exs b/mix_helpers.exs
index 902e63bf6..408f96be8 100644
--- a/mix_helpers.exs
+++ b/mix_helpers.exs
@@ -252,11 +252,28 @@ defmodule Mix.Appsignal.Helper do
   end
 
   defp download_options do
+    default_cacert_file_path = priv_path("cacert.pem")
+
+    cacert_file =
+      case check_cacert_access(default_cacert_file_path) do
+        :ok ->
+          default_cacert_file_path
+
+        {:error, message} ->
+          Logger.warn(
+            "The cacert file path: #{default_cacert_file_path} is not accessible. " <>
+              "Reason: #{inspect(message)}. " <>
+              "Using system defaults instead."
+          )
+
+          :certifi.cacertfile()
+      end
+
     options = [
       ssl_options:
         [
           verify: :verify_peer,
-          cacertfile: priv_path("cacert.pem")
+          cacertfile: cacert_file
         ] ++ tls_options() ++ customize_hostname_check_or_verify_fun()
     ]
 
@@ -270,6 +287,19 @@ defmodule Mix.Appsignal.Helper do
     end
   end
 
+  defp check_cacert_access(cacert_path) do
+    case File.stat(cacert_path) do
+      {:ok, %{access: access}} when access in [:read, :read_write] ->
+        :ok
+
+      {:ok, %{access: access}} ->
+        {:error, "File access is #{inspect(access)}"}
+
+      {:error, reason} ->
+        {:error, reason}
+    end
+  end
+
   defp extract_package(filename) do
     case System.cmd("tar", ["zxf", filename, "--no-same-owner"],
            stderr_to_stdout: true,