github-personal/firezone
1
0
Fork 0
mirror of https://github.com/outbackdingo/firezone.git synced 2026-01-27 10:18:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

test(linux-client): separate the token from the systemd unit file (#4626)

Browse Source 
This is needed so that we can auto-update the systemd unit file, either
manually, or with a package manager like `apt`. We don't want users
cut-and-pasting these together on every update, and we don't want
machines doing it. Making the file updatable means we can make security
fixes to it easily.
This commit is contained in:
Reactor Scram
2024-04-15 15:38:49 -05:00
committed by GitHub
parent 493716ab6b
commit 7bc1d51b0f
2 changed files with 8 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
scripts/tests/systemd/dns-systemd-resolved.sh
View File

@@ -4,6 +4,8 @@
set -euo pipefail
BINARY_NAME=firezone-linux-client
CONFIG_DIR=/etc/dev.firezone.client
TOKEN_PATH="$CONFIG_DIR/token.txt"
docker compose exec client cat firezone-linux-client > "$BINARY_NAME"
chmod u+x "$BINARY_NAME"
@@ -11,7 +13,12 @@ sudo mv "$BINARY_NAME" "/usr/bin/$BINARY_NAME"
# TODO: Check whether this is redundant with the systemd service file
sudo setcap cap_net_admin+eip "/usr/bin/$BINARY_NAME"
sudo cp scripts/tests/systemd/firezone-client.service /etc/systemd/system/
sudo mkdir "$CONFIG_DIR"
sudo touch "$TOKEN_PATH"
sudo chmod 600 "$TOKEN_PATH"
echo "n.SFMyNTY.g2gDaANtAAAAJGM4OWJjYzhjLTkzOTItNGRhZS1hNDBkLTg4OGFlZjZkMjhlMG0AAAAkN2RhN2QxY2QtMTExYy00NGE3LWI1YWMtNDAyN2I5ZDIzMGU1bQAAACtBaUl5XzZwQmstV0xlUkFQenprQ0ZYTnFJWktXQnMyRGR3XzJ2Z0lRdkZnbgYAGUmu74wBYgABUYA.UN3vSLLcAMkHeEh5VHumPOutkuue8JA6wlxM9JxJEPE" | sudo tee "$TOKEN_PATH" > /dev/null
sudo cp scripts/tests/systemd/firezone-client.service /usr/lib/systemd/system/
systemd-analyze security firezone-client
HTTPBIN=dns.httpbin

1
scripts/tests/systemd/firezone-client.service
View File

@@ -7,7 +7,6 @@ AmbientCapabilities=CAP_NET_ADMIN
Environment="FIREZONE_API_URL=ws://localhost:8081"
Environment="FIREZONE_DNS_CONTROL=systemd-resolved"
Environment="FIREZONE_ID=D0455FDE-8F65-4960-A778-B934E4E85A5F"
Environment="FIREZONE_TOKEN=n.SFMyNTY.g2gDaANtAAAAJGM4OWJjYzhjLTkzOTItNGRhZS1hNDBkLTg4OGFlZjZkMjhlMG0AAAAkN2RhN2QxY2QtMTExYy00NGE3LWI1YWMtNDAyN2I5ZDIzMGU1bQAAACtBaUl5XzZwQmstV0xlUkFQenprQ0ZYTnFJWktXQnMyRGR3XzJ2Z0lRdkZnbgYAGUmu74wBYgABUYA.UN3vSLLcAMkHeEh5VHumPOutkuue8JA6wlxM9JxJEPE"
Environment="RUST_LOG=info"
ExecStart=firezone-linux-client