diff --git a/pict-rs.toml b/pict-rs.toml index 1a5bf9f..189036a 100644 --- a/pict-rs.toml +++ b/pict-rs.toml @@ -574,6 +574,16 @@ type = 'postgres' # default: empty url = 'postgres://user:password@host:5432/db' +## Optional: Whether to use TLS when connecting to postgres +# environment variable: PICTRS__REPO__USE_TLS +# default: false +use_tls = false + +## Optional: The CA Certificate used to verify the postgres TLS certificate +# environment variable: PICTRS__REPO__CERTIFICATE_FILE +# default: empty +certificate_file = '/etc/ca-certificate.crt' + ### Media storage configuration diff --git a/releases/0.5.2.md b/releases/0.5.2.md new file mode 100644 index 0000000..6ed81aa --- /dev/null +++ b/releases/0.5.2.md @@ -0,0 +1,64 @@ +# pict-rs 0.5.2 + +## Overview + +A quick release to improve postgres support. + +### Changes + +- [Support TLS in Postgres Connections](#support-tls-in-postgres-connections) +- [Compiler Version Requirements](#compiler-version-requirements) + + +## Upgrade Notes + +There's no significant changes from 0.5.1, so upgrading should be as simple as pulling a new version +of pict-rs. + + +## Descriptions + +### Support TLS in Postgres Connections + +The postgres repo now supports some new options to enable connecting via TLS. If the postgres +server's certificate is not generally trusted, a CA certificate can be provided to pict-rs to allow +it to trust the postgres connection. + +If the postgres endpoint uses TLS and has a publicly trusted certificate, the configuration can be +updated to simply add `use_tls = true` +```toml +[repo] +type = 'postgres' +url = 'postgres://pictrs:1234@localhost:5432/pictrs' +use_tls = true +``` +or with environment variables +```bash +PICTRS__REPO__TYPE=postgres +PICTRS__REPO__URL=postgres://pictrs:1234@localhost:5432/pictrs +PICTRS__REPO__USE_TLS=true +``` + +If the server uses a self-signed certificate, the CA's certificate can be added to pict-rs' trusted +CAs. +```toml +[repo] +type = 'postgres' +url = 'postgres://pictrs:1234@localhost:5432/pictrs' +use_tls = true +certificate_file = '/path/to/ca/certificate.crt' +``` +or with environment variables +```bash +PICTRS__REPO__TYPE=postgres +PICTRS__REPO__URL=postgres://pictrs:1234@localhost:5432/pictrs +PICTRS__REPO__USE_TLS=true +PICTRS__REPO__CERTIFICATE_FILE=/path/to/ca/certificate.crt +``` + +### Compiler Version Requirements + +pict-rs 0.5.2 now takes advantage of rust's native support for AFIT (Async Fn In Trait) for the +store trait. This trait already was not object-safe, so using AFIT does not come with any downsides. +This does mean that the minimum supported rust version for building pict-rs is now 1.75, which +released in December 2023.