building standalone app bundle with SSL certs

hello, :wave: i’m one of the current tap maintainers for the homebrew-freecad tap. i’ve run into an issue building freecad into a self contained apple .app bundle. the issue pertains to SSL. Freecad itself is compromised of many different workbenches and one of those workbenches in the addon manager. this workbench uses networking to communicate with github thus requiring the use of SSL to make certain network requests. unfortunately, as far as i can tell the freecad binary itself does “not bundle” SSL (the cert) into the Apple bundle ie. the when i build the app bundle, so when i attempt to use the addon manager i have to set the authentication method from server to client. learn more

i bring all this up, because i did a search for SSL on these forums and didn’t see much information pertaining to how one would go about including SSL support for a binary if indeed that’s how it’s suppose to be added the final product that is shipped.

freecad can built and launched as a standalone CLI application that spawn a GUI like most other cmake programs, but can also be built using some additional tooling to build an Apple .app bundle which i prefer because when the system dependencies (homebrew packages) update the self contained app bundle still works because the dependencies that are required were copied / compiled in the app bundle during build time.

since i’m building an app bundle, would i end up with a FreeCAD binary that includes the cert file required for SSL support or does it copy in the cert file in the app bundle ie. the cert.pem.

there is another maintainer of freecad who uses conda to build and ship freecad releases. their process of building and shipping the bundle is to create a shell script and prepend some environment variables and then launch and execute the freecad binary, which seems a bit hacky but this is all new to me so forgive if that should be the way a little excerpt from such bash script is below,

export LANG="UTF-8"  #
export SSL_CERT_FILE=${PREFIX}/ssl/cacert.pem #
export GIT_SSL_CAINFO=${PREFIX}/ssl/cacert.pem

if [[ `sw_vers -productVersion` > 10.99 ]] ; then

"${PREFIX}/bin/freecad" $@

:point_up: that is the script/cmd that is launched when a user double clicks on the bundle

also i just opened a issue on the homebrew-freecad that complements this post. here