feat: introduce rustls-no-provider feature flag#1103
Conversation
|
This PR has been automatically closed. The referenced issue does not show a discussion between you and a maintainer. To avoid wasted effort on both sides, please discuss your proposed approach in the issue first and wait for a maintainer to respond before opening a PR. Please review our contributing guidelines for more details. |
Oh my god. That is one of the most contribution hostile things I've experienced in a while. A PR is a perfectly suited place for a discussion as to whether something should be contributed to the repository. This whole dance of making an issue first, discussing it and only then being allowed to open a PR is very discouraging for small fixes like this. Perhaps at least make a rule to only apply this to first-time contributors and don't punish people that have a good track record of contributions. |
|
Hey, thanks for opening the PR and also thanks for your honest feedback. You're definitely right 👍 We will overhaul this workflow and how it behaves, and roll out a better version early next week. In the meantime I hope we didn't discourage you too much, because we do value your (and everyone's) contributions to this codebase 🙇 |
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
szokeasaurusrex
left a comment
szokeasaurusrex
left a comment
There was a problem hiding this comment.
Hey @thomaseizinger, thanks again for the contribution, and sorry about the bot.
I am a bit concerned about making this change, however. Specifically, it can cause a runtime panic for anyone compiling with default-features = false.
I reproduced with a minimal app using:
sentry = { version = "0.48.0", default-features = false, features = ["reqwest", "rustls"] }With this PR’s change:
rustls = ["dep:rustls", "reqwest?/rustls-no-provider", "ureq?/rustls"]the app compiles, but panics when Sentry initializes the reqwest transport:
thread 'main' panicked at .../reqwest-0.13.3/src/async_impl/client.rs:2461:5:
No provider set
Reverting only this feature mapping back to reqwest?/rustls makes the same app run successfully, since reqwest/rustls pulls in and installs a crypto provider.
This is masked with Sentry default features because transport also enables native-tls, but users with default-features = false + reqwest + rustls lose a working TLS backend unless they install a provider themselves.
Do you see any way to implement this change in a non-breaking, backwards compatible way? If not, I would want to see a strong argument for why the benefits of this change outweigh the costs of potentially breaking existing users.
|
Thank you for re-opening the PR! I think the entire point of this change is to break the default behaviour. The problem with pulling in The way I see this is: The strong argument is the same argument that applies to cargo feature flags in general: They are additive and cannot be turned off, therefore every crate should only ever activate what it really needs. Sentry the library doesn't need a working crypto provider. The binaries that use it need one because they actually run code and they should be in charge of selecting which provider they want. |
|
Another approach would be to make this a new |
Yeah that works too. I guess Sentry is unlikely to be a library that is buried deep in the dependency tree so this is fine. Otherwise, the two label approach can bring with it the pain of it getting accidentally activated because some other dependency you are pulling in activated the wrong one. |
Got it. Also, just wondering, was this a regression from a previous version of the SDK, or has the SDK never pulled in |
It was a regression. I believe 0.46 was the last one that worked without any patching from our side. (We currently depend on a fork) It came in with the bump of |
|
|
|
Circling back here @thomaseizinger, I like @lcian's idea of introducing a separate Would you be willing to update the PR accordingly, or shall we take this over from here? |
Oh, I didn't realise you wanted me to continue working on this PR. I am okay with the idea, happy for you to take over and ship whichever solution you are comfortable with. |
|
@thomaseizinger to clarify, I am also happy to take it over; however, if you wanted to contribute the fix, I didn't want to steal that opportunity away from you 😅 so just wanted to follow up and see what your plan is |
thomaseizinger
force-pushed
the
fix/rustls-no-provider
branch
from
d0ea483 to
7a78d79
Compare
thomaseizinger
changed the title
aws-lc-rs by defaultrustls-no-provider feature flag
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## master #1103 +/- ##
==========================================
+ Coverage 73.81% 74.36% +0.55%
==========================================
Files 64 67 +3
Lines 7538 7942 +404
==========================================
+ Hits 5564 5906 +342
- Misses 1974 2036 +62 |
![sentry[bot]](https://avatars.githubusercontent.com/in/12637?s=60&v=4){kind=small}
This comment was marked as low quality.
This comment was marked as low quality.
Sorry, something went wrong.
szokeasaurusrex
left a comment
szokeasaurusrex
left a comment
There was a problem hiding this comment.
Nice, thanks again for the contribution!
4 participants
Description
Activating the
rustlsfeature ofreqwestpulls inaws-lc-rsby default as the crypto provider. To allow people to make their own decision about which crypto provider to use withrustls, we should depend on therustls-no-providerfeature flag instead.We add our own
rustls-no-providerfeature flag which allows users to opt out ofaws-lc-rsbeing the default crypto provider ofreqwestin a backwards-compatible way.Issues
Resolves: #1102
Reminders
feat:,fix:,ref:,meta:, etc.)