Check CAcert file exists when installing extension

The extension installation will no longer fail if the CA cert file is not accessible. It'll print a warning and use the library defaults.
appsignal · Feb 15, 2022 · 2ffb5b6 · 2ffb5b6
1 parent faa7441
commit 2ffb5b6
Show file tree

Hide file tree

Showing 2 changed files with 43 additions and 7 deletions.
diff --git a/...ngesets/prevent-extension-installation-failure-when-cacert-is-not-accessible.md b/...ngesets/prevent-extension-installation-failure-when-cacert-is-not-accessible.md
@@ -0,0 +1,6 @@
+---
+bump: "patch"
+type: "change"
+---
+
+The extension installation will no longer fail when the CA certificate file is not accessible.
diff --git a/mix_helpers.exs b/mix_helpers.exs
@@ -252,13 +252,30 @@ defmodule Mix.Appsignal.Helper do
   end
 
   defp download_options do
-    options = [
-      ssl_options:
-        [
-          verify: :verify_peer,
-          cacertfile: priv_path("cacert.pem")
-        ] ++ tls_options() ++ customize_hostname_check_or_verify_fun()
-    ]
+    default_cacert_file_path = priv_path("cacert.pem")
+
+    options =
+      case check_cacert_access(default_cacert_file_path) do
+        :ok ->
+          [
+            ssl_options:
+              [
+                verify: :verify_peer,
+                cacertfile: default_cacert_file_path
+              ] ++ tls_options() ++ customize_hostname_check_or_verify_fun()
+          ]
+
+        {:error, message} ->
+          Logger.warn(
+            "The cacert file path: #{default_cacert_file_path} is not accessible. " <>
+              "Reason: #{inspect(message)}. " <>
+              "Using system defaults instead."
+          )
+
+          [
+            cacertfile: :certifi.cacertfile()
+          ]
+      end
 
     case check_proxy() do
       nil ->
@@ -270,6 +287,19 @@ defmodule Mix.Appsignal.Helper do
     end
   end
 
+  defp check_cacert_access(cacert_path) do
+    case File.stat(cacert_path) do
+      {:ok, %{access: access}} when access in [:read, :read_write] ->
+        :ok
+
+      {:ok, %{access: access}} ->
+        {:error, "File access is #{inspect(access)}"}
+
+      {:error, reason} ->
+        {:error, reason}
+    end
+  end
+
   defp extract_package(filename) do
     case System.cmd("tar", ["zxf", filename, "--no-same-owner"],
            stderr_to_stdout: true,