github-personal/firezone
1
0
Fork 0
mirror of https://github.com/outbackdingo/firezone.git synced 2026-01-27 10:18:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

chore(ci): enforce shellscript formatting and style (#3679)

Browse Source 
Noticed that we all have different styles of writing scripts :-).

This PR adds linting to our shell scripts to standardize on formatting,
catch common issues and/or possible security bugs.

For editor setup:
- Ensure [`shellcheck`](https://github.com/koalaman/shellcheck) and
[`shfmt`](https://github.com/mvdan/sh) are in your `PATH`
- Configure `shfmt` with indentation of `4`, otherwise it uses tabs by
default.
[Here](https://github.com/jamilbk/nvim/blob/master/init.vim#L159) is how
you can do that with Vim and
[here](https://marketplace.visualstudio.com/items?itemName=mkhl.shfmt)
is how for VScode.

---------

Signed-off-by: Jamil <jamilbk@users.noreply.github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Reactor Scram <ReactorScram@users.noreply.github.com>
Co-authored-by: Thomas Eizinger <thomas@eizinger.io>
Co-authored-by: Brian Manifold <bmanifold@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Andrew Dryga <andrew@dryga.com>
Co-authored-by: Gabi <gabrielalejandro7@gmail.com>
This commit is contained in:
Jamil
2024-02-20 17:01:32 -08:00
committed by GitHub
parent 2d208b1991
commit 19a7bac4ae
22 changed files with 199 additions and 123 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
.github/workflows/_static-analysis.yml vendored
View File

@@ -19,8 +19,9 @@ jobs:
git diff
exit 1
fi
global-linter:
runs-on: macos-14
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
@@ -30,12 +31,16 @@ jobs:
name: Restore Python Cache
with:
path: ~/.cache/pip
key: macos-14-${{ runner.arch }}-pip-${{ hashFiles('requirements.txt') }}
key: ubuntu-22.04-${{ runner.arch }}-pip-${{ hashFiles('requirements.txt') }}
restore-keys: |
macos-14-${{ runner.arch }}-pip-
ubuntu-22.04-${{ runner.arch }}-pip-
- name: Install Python Dependencies
run: |
pip install -r requirements.txt
- name: Install dependencies
run: |
sudo apt-get update
sudo apt-get install -y shfmt
- name: Run pre-commit
run: |
pre-commit install
@@ -45,4 +50,4 @@ jobs:
name: Save Python Cache
with:
path: ~/.cache/pip
key: macos-14-${{ runner.arch }}-pip-${{ hashFiles('requirements.txt') }}
key: ubuntu-22.04-${{ runner.arch }}-pip-${{ hashFiles('requirements.txt') }}

15
.pre-commit-config.yaml
View File

@@ -28,3 +28,18 @@ repos:
- master
- --pattern
- '^(?!((chore|feat|feature|bug|fix|build|ci|docs|style|refactor|perf|test|revert)\/[@a-zA-Z0-9\-\.\/]+)$).*'
# Third party pre-commit hooks
- repo: https://github.com/koalaman/shellcheck-precommit
rev: v0.9.0
hooks:
- id: shellcheck
args: ["--severity=warning"]
exclude: ^.*/gradlew$
- repo: https://github.com/pecigonzalo/pre-commit-shfmt
rev: v2.1.0
hooks:
- id: shell-fmt
args:
- -i
- "4"

5
CONTRIBUTING.md
View File

@@ -17,6 +17,7 @@ started.
- [Pre-commit](#pre-commit)
- [Elixir Development](#elixir-development)
- [Rust Development](#rust-development)
- [Shell script Development](#shell-script-development)
- [Reporting Bugs](#reporting-bugs)
- [Opening a Pull Request](#opening-a-pull-request)
- [Run Tests](#run-tests)
@@ -180,6 +181,10 @@ If you are interested in contributing to the Gateway, Relay, or client library,
please read the detailed info found in the
[Rust Developer Guide](rust/README.md)
### Shell script Development
See [scripts/README](scripts/README.md).
## Reporting Bugs
We appreciate any and all bug reports.

7
elixir/rel/overlays/bin/bootstrap
View File

@@ -3,10 +3,11 @@
mkdir -p /var/firezone
setup_telemetry() {
[ -f /var/firezone/.tid ] || cat /proc/sys/kernel/random/uuid > /var/firezone/.tid
export TELEMETRY_ID=$(cat /var/firezone/.tid)
[ -f /var/firezone/.tid ] || cat /proc/sys/kernel/random/uuid >/var/firezone/.tid
tid=$(cat /var/firezone/.tid)
export TELEMETRY_ID="$tid"
}
setup_telemetry
cd -P -- "$(dirname -- "$0")"
cd -P -- "$(dirname -- "$0")" || exit 1

4
elixir/rel/overlays/bin/migrate
View File

@@ -1,4 +1,4 @@
#!/bin/sh
set -e
source "$(dirname -- "$0")/bootstrap"
exec ./${APPLICATION_NAME} eval Domain.Release.migrate
. "$(dirname -- "$0")/bootstrap"
exec ./"$APPLICATION_NAME" eval Domain.Release.migrate

4
elixir/rel/overlays/bin/seed
View File

@@ -1,4 +1,4 @@
#!/bin/sh
set -e
source "$(dirname -- "$0")/bootstrap"
exec ./${APPLICATION_NAME} eval Domain.Release.seed
. "$(dirname -- "$0")/bootstrap"
exec ./"$APPLICATION_NAME" eval Domain.Release.seed

4
elixir/rel/overlays/bin/server
View File

@@ -1,5 +1,5 @@
#!/bin/sh
set -e
source "$(dirname -- "$0")/bootstrap"
. "$(dirname -- "$0")/bootstrap"
./migrate
exec ./${APPLICATION_NAME} start
exec ./"$APPLICATION_NAME" start

9
rust/README.md Normal file
View File

@@ -0,0 +1,9 @@
# Rust development guide
Firezone uses Rust for all data plane components. This directory contains the
Linux and Windows clients, and low-level networking implementations related to
STUN/TURN.
We target the last stable release of Rust using [`rust-toolchain.toml`](./rust-toolchain.toml).
If you are using `rustup`, that is automatically handled for you.
Otherwise, ensure you have the latest stable version of Rust installed.

98
rust/connlib/clients/apple/build-rust.sh
View File

@@ -9,31 +9,31 @@ set -e
# Sanitize the environment to prevent Xcode's shenanigans from leaking
# into our highly evolved Rust-based build system.
for var in $(env | awk -F= '{print $1}'); do
if [[ "$var" != "HOME" ]] \
&& [[ "$var" != "USER" ]] \
&& [[ "$var" != "LOGNAME" ]] \
&& [[ "$var" != "TERM" ]] \
&& [[ "$var" != "PWD" ]] \
&& [[ "$var" != "SHELL" ]] \
&& [[ "$var" != "TMPDIR" ]] \
&& [[ "$var" != "XPC_FLAGS" ]] \
&& [[ "$var" != "XPC_SERVICE_NAME" ]] \
&& [[ "$var" != "PLATFORM_NAME" ]] \
&& [[ "$var" != "CONFIGURATION" ]] \
&& [[ "$var" != "NATIVE_ARCH" ]] \
&& [[ "$var" != "ONLY_ACTIVE_ARCH" ]] \
&& [[ "$var" != "ARCHS" ]] \
&& [[ "$var" != "SDKROOT" ]] \
&& [[ "$var" != "OBJROOT" ]] \
&& [[ "$var" != "SYMROOT" ]] \
&& [[ "$var" != "SRCROOT" ]] \
&& [[ "$var" != "TARGETED_DEVICE_FAMILY" ]] \
&& [[ "$var" != "RUSTC_WRAPPER" ]] \
&& [[ "$var" != "SCCACHE_GCS_BUCKET" ]] \
&& [[ "$var" != "SCCACHE_GCS_RW_MODE" ]] \
&& [[ "$var" != "CONNLIB_TARGET_DIR" ]]; then
unset $var
fi
if [[ "$var" != "HOME" ]] &&
[[ "$var" != "USER" ]] &&
[[ "$var" != "LOGNAME" ]] &&
[[ "$var" != "TERM" ]] &&
[[ "$var" != "PWD" ]] &&
[[ "$var" != "SHELL" ]] &&
[[ "$var" != "TMPDIR" ]] &&
[[ "$var" != "XPC_FLAGS" ]] &&
[[ "$var" != "XPC_SERVICE_NAME" ]] &&
[[ "$var" != "PLATFORM_NAME" ]] &&
[[ "$var" != "CONFIGURATION" ]] &&
[[ "$var" != "NATIVE_ARCH" ]] &&
[[ "$var" != "ONLY_ACTIVE_ARCH" ]] &&
[[ "$var" != "ARCHS" ]] &&
[[ "$var" != "SDKROOT" ]] &&
[[ "$var" != "OBJROOT" ]] &&
[[ "$var" != "SYMROOT" ]] &&
[[ "$var" != "SRCROOT" ]] &&
[[ "$var" != "TARGETED_DEVICE_FAMILY" ]] &&
[[ "$var" != "RUSTC_WRAPPER" ]] &&
[[ "$var" != "SCCACHE_GCS_BUCKET" ]] &&
[[ "$var" != "SCCACHE_GCS_RW_MODE" ]] &&
[[ "$var" != "CONNLIB_TARGET_DIR" ]]; then
unset $var
fi
done
# Use pristine path; the PATH from Xcode is polluted with stuff we don't want which can
@@ -41,13 +41,13 @@ done
export PATH="/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:/opt/homebrew/bin:$HOME/.cargo/bin:/run/current-system/sw/bin/"
if [[ $1 == "clean" ]]; then
echo "Skipping build during 'clean'"
exit 0
echo "Skipping build during 'clean'"
exit 0
fi
if [[ -z "$PLATFORM_NAME" ]]; then
echo "PLATFORM_NAME is not set"
exit 1
echo "PLATFORM_NAME is not set"
exit 1
fi
export INCLUDE_PATH="$SDK_ROOT/usr/include"
@@ -56,40 +56,40 @@ export LIBRARY_PATH="$SDK_ROOT/usr/lib"
TARGETS=""
if [[ "$PLATFORM_NAME" = "macosx" ]]; then
if [[ $CONFIGURATION == "Release" ]] || [[ -z "$NATIVE_ARCH" ]]; then
TARGETS="--target aarch64-apple-darwin --target x86_64-apple-darwin"
TARGETS="--target aarch64-apple-darwin --target x86_64-apple-darwin"
else
if [[ $NATIVE_ARCH == "arm64" ]]; then
TARGETS="--target aarch64-apple-darwin"
else
if [[ $NATIVE_ARCH == "x86_64" ]]; then
TARGETS="--target x86_64-apple-darwin"
if [[ $NATIVE_ARCH == "arm64" ]]; then
TARGETS="--target aarch64-apple-darwin"
else
echo "Unsupported native arch for $PLATFORM_NAME: $NATIVE_ARCH"
if [[ $NATIVE_ARCH == "x86_64" ]]; then
TARGETS="--target x86_64-apple-darwin"
else
echo "Unsupported native arch for $PLATFORM_NAME: $NATIVE_ARCH"
fi
fi
fi
fi
else
if [[ "$PLATFORM_NAME" = "iphoneos" ]]; then
TARGETS="--target aarch64-apple-ios"
else
echo "Unsupported platform: $PLATFORM_NAME"
exit 1
fi
if [[ "$PLATFORM_NAME" = "iphoneos" ]]; then
TARGETS="--target aarch64-apple-ios"
else
echo "Unsupported platform: $PLATFORM_NAME"
exit 1
fi
fi
MESSAGE="Building Connlib"
if [[ $CONFIGURATION == "Release" ]]; then
echo "${MESSAGE} for Release"
CONFIGURATION_ARGS="--release"
echo "${MESSAGE} for Release"
CONFIGURATION_ARGS="--release"
else
echo "${MESSAGE} for Debug"
echo "${MESSAGE} for Debug"
fi
if [[ -n "$CONNLIB_TARGET_DIR" ]]; then
set -x
CARGO_TARGET_DIR=$CONNLIB_TARGET_DIR
set +x
set -x
export CARGO_TARGET_DIR=$CONNLIB_TARGET_DIR
set +x
fi
set -x

44
rust/docker-init.sh
View File

@@ -1,32 +1,32 @@
#!/bin/sh
if [ "${FIREZONE_ENABLE_MASQUERADE}" = "1" ]; then
IFACE="tun-firezone"
# Enable masquerading for ethernet and wireless interfaces
iptables -C FORWARD -i $IFACE -j ACCEPT > /dev/null 2>&1 || iptables -A FORWARD -i $IFACE -j ACCEPT
iptables -C FORWARD -o $IFACE -j ACCEPT > /dev/null 2>&1 || iptables -A FORWARD -o $IFACE -j ACCEPT
iptables -t nat -C POSTROUTING -o e+ -j MASQUERADE > /dev/null 2>&1 || iptables -t nat -A POSTROUTING -o e+ -j MASQUERADE
iptables -t nat -C POSTROUTING -o w+ -j MASQUERADE > /dev/null 2>&1 || iptables -t nat -A POSTROUTING -o w+ -j MASQUERADE
ip6tables -C FORWARD -i $IFACE -j ACCEPT > /dev/null 2>&1 || ip6tables -A FORWARD -i $IFACE -j ACCEPT
ip6tables -C FORWARD -o $IFACE -j ACCEPT > /dev/null 2>&1 || ip6tables -A FORWARD -o $IFACE -j ACCEPT
ip6tables -t nat -C POSTROUTING -o e+ -j MASQUERADE > /dev/null 2>&1 || ip6tables -t nat -A POSTROUTING -o e+ -j MASQUERADE
ip6tables -t nat -C POSTROUTING -o w+ -j MASQUERADE > /dev/null 2>&1 || ip6tables -t nat -A POSTROUTING -o w+ -j MASQUERADE
IFACE="tun-firezone"
# Enable masquerading for ethernet and wireless interfaces
iptables -C FORWARD -i $IFACE -j ACCEPT >/dev/null 2>&1 || iptables -A FORWARD -i $IFACE -j ACCEPT
iptables -C FORWARD -o $IFACE -j ACCEPT >/dev/null 2>&1 || iptables -A FORWARD -o $IFACE -j ACCEPT
iptables -t nat -C POSTROUTING -o e+ -j MASQUERADE >/dev/null 2>&1 || iptables -t nat -A POSTROUTING -o e+ -j MASQUERADE
iptables -t nat -C POSTROUTING -o w+ -j MASQUERADE >/dev/null 2>&1 || iptables -t nat -A POSTROUTING -o w+ -j MASQUERADE
ip6tables -C FORWARD -i $IFACE -j ACCEPT >/dev/null 2>&1 || ip6tables -A FORWARD -i $IFACE -j ACCEPT
ip6tables -C FORWARD -o $IFACE -j ACCEPT >/dev/null 2>&1 || ip6tables -A FORWARD -o $IFACE -j ACCEPT
ip6tables -t nat -C POSTROUTING -o e+ -j MASQUERADE >/dev/null 2>&1 || ip6tables -t nat -A POSTROUTING -o e+ -j MASQUERADE
ip6tables -t nat -C POSTROUTING -o w+ -j MASQUERADE >/dev/null 2>&1 || ip6tables -t nat -A POSTROUTING -o w+ -j MASQUERADE
fi
if [ "${LISTEN_ADDRESS_DISCOVERY_METHOD}" = "gce_metadata" ]; then
echo "Using GCE metadata to discover listen address"
echo "Using GCE metadata to discover listen address"
if [ "${PUBLIC_IP4_ADDR}" = "" ]; then
public_ip4=$(curl "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/access-configs/0/external-ip" -H "Metadata-Flavor: Google" -s)
export PUBLIC_IP4_ADDR="${public_ip4}"
echo "Discovered PUBLIC_IP4_ADDR: ${PUBLIC_IP4_ADDR}"
fi
if [ "${PUBLIC_IP4_ADDR}" = "" ]; then
public_ip4=$(curl "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/access-configs/0/external-ip" -H "Metadata-Flavor: Google" -s)
export PUBLIC_IP4_ADDR="${public_ip4}"
echo "Discovered PUBLIC_IP4_ADDR: ${PUBLIC_IP4_ADDR}"
fi
if [ "${PUBLIC_IP6_ADDR}" = "" ]; then
public_ip6=$(curl "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ipv6s" -H "Metadata-Flavor: Google" -s)
export PUBLIC_IP6_ADDR="${public_ip6}"
echo "Discovered PUBLIC_IP6_ADDR: ${PUBLIC_IP6_ADDR}"
fi
if [ "${PUBLIC_IP6_ADDR}" = "" ]; then
public_ip6=$(curl "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ipv6s" -H "Metadata-Flavor: Google" -s)
export PUBLIC_IP6_ADDR="${public_ip6}"
echo "Discovered PUBLIC_IP6_ADDR: ${PUBLIC_IP6_ADDR}"
fi
fi
exec $@
exec "$@"

4
rust/snownet-tests/router/run.sh
View File

@@ -4,7 +4,7 @@ set -ex
# Set up NAT
nft add table ip nat
nft add chain ip nat postrouting { type nat hook postrouting priority 100 \; }
nft add chain ip nat postrouting '{' type nat hook postrouting priority 100 \; '}'
nft add rule ip nat postrouting masquerade $NAT_BEHAVIOUR
# Assumption after a long debugging session involving Gabi, Jamil and Thomas:
@@ -13,6 +13,6 @@ nft add rule ip nat postrouting masquerade $NAT_BEHAVIOUR
# To achieve this, we set an absurdly high latency of 300ms for the WAN network.
tc qdisc add dev eth1 root netem delay 300ms
echo "1" > /tmp/setup_done # This will be checked by our docker HEALTHCHECK
echo "1" >/tmp/setup_done # This will be checked by our docker HEALTHCHECK
conntrack --event --proto UDP --output timestamp # Display a real-time log of NAT events in the kernel.

4
rust/windows-client/dev.sh
View File

@@ -7,9 +7,9 @@ set -e
# Fixes exiting with Ctrl-C
stop() {
kill $(jobs -p)
kill "$(jobs -p)"
}
trap stop SIGINT SIGTERM
trap stop INT TERM
# Copy frontend dependencies
cp node_modules/flowbite/dist/flowbite.min.js src/

40
scripts/README.md Normal file
View File

@@ -0,0 +1,40 @@
# Firezone shell scripts
This directory contains various shell scripts used for development, testing, and
deployment of the Firezone product.
## Developer Setup
We lint shell scripts in CI. To get your PR to pass, you'll want to ensure your
local development environment is set up to lint shell scripts:
1. Install [`shfmt`](https://github.com/mvdan/sh):
- `brew install shfmt` on macOS
- Install shfmt from https://github.com/mvdan/sh/releases for other platforms
1. Install [`shellcheck`](https://github.com/koalaman/shellcheck/tree/master):
- `brew install shellcheck` on macOS
- `sudo apt-get install shellcheck` on Ubuntu
Then just lint and format your shell scripts before you commit:
```
shfmt -i 4 **/*.sh
shellcheck --severity=warning **/*.sh
```
You can achieve this more easily by using `pre-commit`. See
[CONTRIBUTING](../CONTRIBUTING.md#pre-commit).
### Editor setup
- [Vim](https://github.com/dense-analysis/ale/blob/master/autoload/ale/fixers/shfmt.vim)
([here's an example](https://github.com/jamilbk/nvim/blob/master/init.vim#L159)
using ALE)
- [VSCode](https://marketplace.visualstudio.com/items?itemName=mkhl.shfmt)
## Scripting tips
- Use `#!/usr/bin/env bash` along with `set -euo pipefail` in general for dev
and test scripts.
- In Docker images and other minimal envs, stick to `#!/bin/sh` and simply
`set -eu`.

45
scripts/gateway-docker-upgrade.sh
View File

@@ -1,20 +1,19 @@
#!/usr/bin/env bash
set -e
set -euo pipefail
TARGET_IMAGE="ghcr.io/firezone/gateway:1"
CURRENTLY_RUNNING=$(docker ps --format "{{.Names}} {{.Image}}" | grep -e "$TARGET_IMAGE" | awk '{print $1}')
if [ "$CURRENTLY_RUNNING" == "" ]; then
echo "No Firezone gateway found running on this system. Exiting."
exit -1
exit 1
fi
echo "Pulling latest image..."
docker pull "$TARGET_IMAGE" > /dev/null
docker pull "$TARGET_IMAGE" >/dev/null
echo "Checking for containers to upgrade..."
for RUNNING_CONTAINER in $CURRENTLY_RUNNING
do
for RUNNING_CONTAINER in $CURRENTLY_RUNNING; do
LATEST=$(docker inspect --format "{{.Id}}" "$TARGET_IMAGE")
RUNNING=$(docker inspect --format "{{.Image}}" "$RUNNING_CONTAINER")
RUNNING_NAME=$(docker inspect --format "{{.Name}}" "$RUNNING_CONTAINER" | sed 's~/~~g')
@@ -22,28 +21,28 @@ do
# Upgrade if necessary
if [ "$RUNNING" != "$LATEST" ]; then
echo -n "Upgrading gateway..."
docker container inspect "$RUNNING_CONTAINER" --format '{{join .Config.Env "\n"}}' | grep -v "PATH" > variables.env
docker stop "$RUNNING_CONTAINER" > /dev/null
docker rm -f "$RUNNING_CONTAINER" > /dev/null
docker container inspect "$RUNNING_CONTAINER" --format '{{join .Config.Env "\n"}}' | grep -v "PATH" >variables.env
docker stop "$RUNNING_CONTAINER" >/dev/null
docker rm -f "$RUNNING_CONTAINER" >/dev/null
docker run -d \
--restart=unless-stopped \
--pull=always \
--health-cmd="ip link | grep tun-firezone" \
--name="$RUNNING_NAME" \
--cap-add=NET_ADMIN \
--volume /var/lib/firezone \
--env-file variables.env \
--sysctl net.ipv4.ip_forward=1 \
--sysctl net.ipv4.conf.all.src_valid_mark=1 \
--sysctl net.ipv6.conf.all.disable_ipv6=0 \
--sysctl net.ipv6.conf.all.forwarding=1 \
--sysctl net.ipv6.conf.default.forwarding=1 \
--device="/dev/net/tun:/dev/net/tun" \
"$TARGET_IMAGE"
--restart=unless-stopped \
--pull=always \
--health-cmd="ip link | grep tun-firezone" \
--name="$RUNNING_NAME" \
--cap-add=NET_ADMIN \
--volume /var/lib/firezone \
--env-file variables.env \
--sysctl net.ipv4.ip_forward=1 \
--sysctl net.ipv4.conf.all.src_valid_mark=1 \
--sysctl net.ipv6.conf.all.disable_ipv6=0 \
--sysctl net.ipv6.conf.all.forwarding=1 \
--sysctl net.ipv6.conf.default.forwarding=1 \
--device="/dev/net/tun:/dev/net/tun" \
"$TARGET_IMAGE"
rm variables.env
echo "Container upgraded"
else
echo "Gateway is already up to date"
echo "Gateway is already up to date"
fi
done

2
scripts/tests/direct-curl-portal-down.sh
View File

@@ -1,6 +1,6 @@
#!/usr/bin/env bash
set -e
set -euo pipefail
source "./scripts/tests/lib.sh"

2
scripts/tests/direct-curl-portal-relay-down.sh
View File

@@ -1,6 +1,6 @@
#!/usr/bin/env bash
set -e
set -euo pipefail
source "./scripts/tests/lib.sh"

2
scripts/tests/direct-curl-portal-restart.sh
View File

@@ -1,6 +1,6 @@
#!/usr/bin/env bash
set -e
set -euo pipefail
source "./scripts/tests/lib.sh"

2
scripts/tests/lib.sh
View File

@@ -1,5 +1,7 @@
#!/usr/bin/env bash
set -euo pipefail
function install_iptables_drop_rules() {
sudo iptables -I FORWARD 1 -s 172.28.0.100 -d 172.28.0.105 -j DROP
sudo iptables -I FORWARD 1 -s 172.28.0.105 -d 172.28.0.100 -j DROP

2
scripts/tests/relayed-curl-portal-down.sh
View File

@@ -1,6 +1,6 @@
#!/usr/bin/env bash
set -e
set -euo pipefail
source "./scripts/tests/lib.sh"

2
scripts/tests/relayed-curl-portal-restart.sh
View File

@@ -1,6 +1,6 @@
#!/usr/bin/env bash
set -e
set -euo pipefail
source "./scripts/tests/lib.sh"

8
swift/apple/copy_generated_connlib_files.sh
View File

@@ -7,16 +7,16 @@
set -e
if [[ $1 == "clean" ]]; then
echo "Skipping copy during 'clean'"
exit 0
echo "Skipping copy during 'clean'"
exit 0
fi
DEST=./FirezoneNetworkExtension/Connlib
if [[ -n "$CONNLIB_SOURCE_DIR" ]]; then
set -x
rm -rf $DEST
find $CONNLIB_SOURCE_DIR/Sources/Connlib
cp -r $CONNLIB_SOURCE_DIR/Sources/Connlib $DEST
find "$CONNLIB_SOURCE_DIR"/Sources/Connlib
cp -r "$CONNLIB_SOURCE_DIR"/Sources/Connlib $DEST
set +x
else
echo "CONNLIB_SOURCE_DIR is not set. Is this being invoked from Xcode?"

6
swift/apple/lint.sh
View File

@@ -10,8 +10,8 @@ if [[ "$(uname -m)" == arm64 ]]; then
export PATH="/opt/homebrew/bin:$PATH"
fi
if which swift-format > /dev/null; then
find . -name "*.swift" -not -path "./FirezoneNetworkExtension/Connlib/Generated/*" | xargs swift-format lint --strict
if which swift-format >/dev/null; then
find . -name "*.swift" -not -path "./FirezoneNetworkExtension/Connlib/Generated/*" -exec xargs swift-format lint --strict \;
else
echo "warning: swift-format not installed, install with `brew install swift-format`"
echo "warning: swift-format not installed, install with 'brew install swift-format'"
fi