diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml new file mode 100644 index 000000000..c81be06b3 --- /dev/null +++ b/.github/FUNDING.yml @@ -0,0 +1,3 @@ +# These are supported funding model platforms + +github: [sipeed] diff --git a/cmd/picoclaw/main.go b/cmd/picoclaw/main.go index 1b5d0974a..3f94f8188 100644 --- a/cmd/picoclaw/main.go +++ b/cmd/picoclaw/main.go @@ -9,6 +9,8 @@ package main import ( "fmt" "os" + "runtime" + "strings" "time" "github.com/spf13/cobra" @@ -33,6 +35,49 @@ import ( var rootNoColor bool +// initTermuxSSL detects Termux environment and sets SSL_CERT_FILE if not already set. +// This fixes X509 certificate errors when running PicoClaw inside Termux or termux-chroot. +// See: https://github.com/sipeed/picoclaw/issues/2944 +func initTermuxSSL() { + // Only applicable on Linux/Android + if runtime.GOOS != "linux" && runtime.GOOS != "android" { + return + } + + // Skip if already set + if os.Getenv("SSL_CERT_FILE") != "" { + return + } + + // Check for Termux prefix in PATH or HOME + home := os.Getenv("HOME") + path := os.Getenv("PATH") + + isTermux := strings.Contains(home, "com.termux") || + strings.Contains(path, "com.termux") || + strings.Contains(home, "/data/data/com.termux") + + if !isTermux { + return + } + + // Check common CA bundle locations in Termux + caPaths := []string{ + "$PREFIX/etc/tls/cert.pem", + os.Getenv("PREFIX") + "/etc/tls/cert.pem", + "/data/data/com.termux/files/usr/etc/tls/cert.pem", + "/usr/etc/tls/cert.pem", + } + + for _, caPath := range caPaths { + expanded := os.ExpandEnv(caPath) + if _, err := os.Stat(expanded); err == nil { + os.Setenv("SSL_CERT_FILE", expanded) + return + } + } +} + func syncCliUIColor(root *cobra.Command) { no, _ := root.PersistentFlags().GetBool("no-color") cliui.Init(no || os.Getenv("NO_COLOR") != "" || os.Getenv("TERM") == "dumb") @@ -123,6 +168,9 @@ const ( ) func main() { + // Initialize Termux SSL certificate detection before anything else + initTermuxSSL() + cliui.Init(earlyColorDisabled()) if earlyColorDisabled() {