MacOS CA Bundle regression after b3a11018ae1fe99190fb6fb7ae82a486c40f6f15 #22870
Labels
bug
Observed behavior contradicts documented or intended behavior
os-macos
regression
It worked in a previous version of Zig, but stopped working.
standard library
This issue involves writing Zig code for the standard library.
Milestone
Comments
jedisct1
added
the
bug
ifreund
added
the
regression
|
FYI @dreilly1982 We'll have to revert that PR if this can't be fixed in time for 0.14.0. |
|
That is odd, I'll look into this today. |
|
The bundle properly loads if the order of the keychains is switched: diff --git a/lib/std/crypto/Certificate/Bundle/macos.zig b/lib/std/crypto/Certificate/Bundle/macos.zig
index 7fb16af543..4589adb217 100644
--- a/lib/std/crypto/Certificate/Bundle/macos.zig
+++ b/lib/std/crypto/Certificate/Bundle/macos.zig
@@ -12,8 +12,8 @@ pub fn rescanMac(cb: *Bundle, gpa: Allocator) RescanMacError!void {
cb.map.clearRetainingCapacity();
const keychainPaths = [2][]const u8{
- "/System/Library/Keychains/SystemRootCertificates.keychain",
"/Library/Keychains/System.keychain",
+ "/System/Library/Keychains/SystemRootCertificates.keychain",
};
for (keychainPaths) |keychainPath| { |
alexrp
added
standard library
|
So I couldn't reproduce your issue on my end, but swapping the order didn't affect my functionality. What is weird, and I'm looking into it, is the cb.bytes.items.len IS different based of the order, which I find odd. I'm looking more into this tonight. |
|
If it helps, I can also try to repro this with and w/o this change. I seem to be hitting this regression too. I just don't know where to download aarch64 macOS builds of zig for past changes, I can only find the latest master. EDIT: I got some help finding the right nightlies. Here's a log of when the problem started happening: |
alexrp
added a commit
to alexrp/zig
that referenced
this issue
Feb 17, 2025
…in for MacOS CA Bundle" This reverts commit b3a1101. Closes ziglang#22870.
Closed
squeek502
added a commit
to squeek502/zig
that referenced
this issue
Feb 18, 2025
In the original PR that implemented this (ziglang#14325), it included a list of references for the keychain format. Multiple of those references include the checks that are added in this commit, and empirically this fixes the loading of a real keychain file that was previously failing (it had both a record with offset 0 and a record with cert_size 0). Fixes ziglang#22870
This was referenced Feb 18, 2025
T1nk3r1
pushed a commit
to T1nk3r1/zig-frictionless
that referenced
this issue
Apr 5, 2025
In the original PR that implemented this (ziglang#14325), it included a list of references for the keychain format. Multiple of those references include the checks that are added in this commit, and empirically this fixes the loading of a real keychain file that was previously failing (it had both a record with offset 0 and a record with cert_size 0). Fixes ziglang#22870
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Zig Version
0.14.0-dev.3213+53216d2f2
Steps to Reproduce and Observed Behavior
After b3a1101 , root CAs are not properly loaded any more on macOS.
Random example while trying to compile
zls:Reverting b3a1101 fixes this.
Expected Behavior
root CAs can be loaded.
The text was updated successfully, but these errors were encountered: