Skip to content

Fix bedrock cert issues & Refactor Remote downloads

Iain Powrie requested to merge tweak/fix-bedrock-cert-issues into dev

What does this MR do and why?

So I discovered while working on steamcmd just there, that bedrock installs are failing, thanks @woutbouckaert for replicating short notice.

Looks like we aren't able to verify the remote cert even though its valid (checked the url). This causes Crafty to fail to download the bedrock executable leaving an empty install dir. Not sure why this has all of a sudden stopped working and 'only' for the bedrock download.

Replicated on windows bare metal and portable package latest. This issue is not a thing on linux likely with the ease of updating ca certs, not sure why windows would be outdated. (Thought it was my computer... but prompted triage after replication.)

2024-02-16 01:13:59,676 - [Crafty] - INFO     - app.classes.shared.helpers - url: https://minecraft.azureedge.net/bin-win/bedrock-server-1.20.62.02.zip
2024-02-16 01:13:59,750 - [Crafty] - CRITICAL - app.classes.shared.import_helper - Failed to download bedrock executable during server creation! 
<urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: certificate has expired (_ssl.c:1007)>

After quick triage and was able to find a solution, by including a certifi ssl context to the request. But after an internal discussion prompted refactor of code base to standardize the way we grab files.

This MR refactors the way we download files throughout crafty, providing an extensible method with:

  • Better log feedback w/ progress
  • certifi ssl context
  • Retry attempts with backoff
  • Ability to apply headers to requests (required for endpoints using CDNs like cloudflare ServerJars)

#thanks chatgpt for the docstrings 💖

Screenshots or screen recordings

Log Output for `ssl_file_gets`

image.png

How to set up and validate locally

  • Launch branch, download server via builder

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

  • Have you checked this doesn't interfere/conflict/duplicate someone elses work?
  • Have you fully tested your changes?
  • Have you resolved any lint issues?
  • Have you assigned a reviewer?
  • Have you applied correct labels?
Edited by Iain Powrie

Merge request reports