Rely on certificate stores provided by Erlang/OTP 25+

Author: josevalim

Diff for: CHANGELOG.md

@@ -1,5 +1,9 @@
 # Changelog
 
+## v0.9.0-dev
+
+  * Rely on certificate stores provided by Erlang/OTP 25+
+
 ## v0.8.4 (2024-06-04)
 
   * Support configuring `make_precompiler_downloader`

Diff for: lib/elixir_make/downloader/httpc.ex

@@ -50,21 +50,16 @@ defmodule ElixirMake.Downloader.Httpc do
 
   defp cacerts_options do
     cond do
+      path = System.get_env("HEX_CACERTS_PATH") ->
+        [cacertfile: path]
+
       path = System.get_env("ELIXIR_MAKE_CACERT") ->
+        IO.warn("Setting ELIXIR_MAKE_CACERT is deprecated, please set HEX_CACERTS_PATH instead")
         [cacertfile: path]
 
       certs = otp_cacerts() ->
         [cacerts: certs]
 
-      Application.spec(:castore, :vsn) ->
-        [cacertfile: Application.app_dir(:castore, "priv/cacerts.pem")]
-
-      Application.spec(:certifi, :vsn) ->
-        [cacertfile: Application.app_dir(:certifi, "priv/cacerts.pem")]
-
-      path = cacerts_from_os() ->
-        [cacertfile: path]
-
       true ->
         warn_no_cacerts()
         []
@@ -77,65 +72,27 @@ defmodule ElixirMake.Downloader.Httpc do
       try do
         :public_key.cacerts_get()
       rescue
-        _ ->
-          nil
+        _ -> nil
       end
     end
   end
 
-  # https_opts and related code are taken from
-  # https://github.com/elixir-cldr/cldr_utils/blob/v2.19.1/lib/cldr/http/http.ex
-  @certificate_locations [
-    # Debian/Ubuntu/Gentoo etc.
-    "/etc/ssl/certs/ca-certificates.crt",
-
-    # Fedora/RHEL 6
-    "/etc/pki/tls/certs/ca-bundle.crt",
-
-    # OpenSUSE
-    "/etc/ssl/ca-bundle.pem",
-
-    # OpenELEC
-    "/etc/pki/tls/cacert.pem",
-
-    # CentOS/RHEL 7
-    "/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem",
-
-    # Open SSL on MacOS
-    "/usr/local/etc/openssl/cert.pem",
-
-    # MacOS & Alpine Linux
-    "/etc/ssl/cert.pem"
-  ]
-
-  defp cacerts_from_os do
-    Enum.find(@certificate_locations, &File.exists?/1)
-  end
-
   defp warn_no_cacerts do
     Mix.shell().error("""
     No certificate trust store was found.
 
-    Tried looking for: #{inspect(@certificate_locations)}
-
     A certificate trust store is required in
     order to download locales for your configuration.
     Since elixir_make could not detect a system
     installed certificate trust store one of the
     following actions may be taken:
 
-    1. Install the hex package `castore`. It will
-       be automatically detected after recompilation.
-
-    2. Install the hex package `certifi`. It will
-       be automatically detected after recompilation.
-
-    3. Specify the location of a certificate trust store
+    1. Specify the location of a certificate trust store
        by configuring it in environment variable:
 
-         export ELIXIR_MAKE_CACERT="/path/to/cacerts.pem"
+         export HEX_CACERTS_PATH="/path/to/cacerts.pem"
 
-    4. Use OTP 25+ on an OS that has built-in certificate
+    2. Use OTP 25+ on an OS that has built-in certificate
        trust store.
     """)
   end

Diff for: mix.exs

@@ -1,7 +1,7 @@
 defmodule ElixirMake.Mixfile do
   use Mix.Project
 
-  @version "0.8.4"
+  @version "0.9.0-dev"
   def project do
     [
       app: :elixir_make,
@@ -21,8 +21,6 @@ defmodule ElixirMake.Mixfile do
 
   defp deps do
     [
-      {:castore, "~> 0.1 or ~> 1.0", optional: true},
-      {:certifi, "~> 2.0", optional: true},
       {:ex_doc, "~> 0.20", only: :docs}
     ]
   end