fix: 포트 충돌 회피 — note_bridge 8098, intent_service 8099

Jellyfin(8096), OrbStack(8097) 포트 충돌으로 변경. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-19 13:53:55 +09:00
parent dc08d29509
commit c2257d3a86
2709 changed files with 619549 additions and 10 deletions
--- a/.venv/lib/python3.9/site-packages/wassima/_os/_linux.py
+++ b/.venv/lib/python3.9/site-packages/wassima/_os/_linux.py
@@ -0,0 +1,95 @@
+from __future__ import annotations
+
+import os
+from pathlib import Path
+from ssl import PEM_cert_to_DER_cert
+
+# source: http://gagravarr.org/writing/openssl-certs/others.shtml
+BUNDLE_TRUST_STORE_DIRECTORIES: list[str] = [
+    "/var/ssl",
+    "/usr/share/ssl",
+    "/usr/local/ssl",
+    "/usr/local/openssl",
+    "/usr/local/etc/openssl",
+    "/usr/local/share/certs",
+    "/usr/lib/ssl",
+    "/usr/ssl",
+    "/etc/openssl",
+    "/etc/pki/ca-trust/extracted/pem",
+    "/etc/pki/tls",
+    "/etc/ssl",
+    "/etc/certs",
+    "/opt/etc/ssl",
+    "/system/etc/security/cacerts",
+    "/boot/system/data/ssl",
+]
+
+KNOWN_TRUST_STORE_EXTENSIONS: list[str] = [
+    "pem",
+    "crt",
+]
+
+BANNED_KEYWORD_NOT_TLS: set[str] = {
+    "email",
+    "objsign",
+    "trust",
+    "timestamp",
+    "codesign",
+    "ocsp",
+    "untrusted",
+}
+
+
+def root_der_certificates() -> list[bytes]:
+    certificates: list[bytes] = []
+
+    for directory in BUNDLE_TRUST_STORE_DIRECTORIES:
+        if not os.path.exists(directory):
+            continue
+
+        # Use rglob to recursively search all files in directory and subdirectories
+        for filepath in Path(directory).rglob("*"):
+            try:
+                if not filepath.is_file():  # Skip directories
+                    continue
+
+                extension = filepath.suffix.lstrip(".").lower()
+
+                if extension not in KNOWN_TRUST_STORE_EXTENSIONS and extension.isdigit() is False:
+                    continue
+
+                if any(kw in str(filepath).lower() for kw in BANNED_KEYWORD_NOT_TLS):
+                    continue
+
+                with open(filepath, encoding="utf-8") as f:
+                    bundle = f.read()
+
+                if not bundle.strip():  # Skip empty files
+                    continue  # Defensive:
+
+                line_ending = "\n" if "-----END CERTIFICATE-----\r\n" not in bundle else "\r\n"
+                boundary = "-----END CERTIFICATE-----" + line_ending
+
+                for chunk in bundle.split(boundary):
+                    if chunk:
+                        start_marker = chunk.find("-----BEGIN CERTIFICATE-----" + line_ending)
+
+                        if start_marker == -1:
+                            break  # Defensive: file that aren't PEM encoded in target directories(...)
+
+                        pem_reconstructed = "".join([chunk[start_marker:], boundary])
+
+                        try:
+                            der_certificate = PEM_cert_to_DER_cert(pem_reconstructed)
+                        except ValueError:  # Defensive: malformed cert/base64?
+                            continue
+
+                        if der_certificate not in certificates:
+                            certificates.append(der_certificate)
+
+            except (OSError, UnicodeDecodeError):  # Defensive: Skip files we can't read
+                # OSError -> e.g. PermissionError
+                # UnicodeDecodeError -> DER ASN.1 encoded
+                continue
+
+    return certificates