mirror of
https://github.com/outbackdingo/firezone.git
synced 2026-01-27 10:18:54 +00:00
refactor(gui-client): refuse to ever be elevated on Linux (#4232)
Running as sudo / root causes a lot of problems for GUI programs, so we're unwinding that. In this case we can go back to using Tauri's "open URL" function, which is great. Closes #4103 Refs #3713 Affects #3972 - I was finally able to debug it because it came up constantly during this PR
This commit is contained in:
Reactor Scram
@@ -4,70 +4,79 @@ set -euo pipefail
|
||||
|
||||
BUNDLE_ID="dev.firezone.client"
|
||||
|
||||
DEVICE_ID_PATH="/var/lib/$BUNDLE_ID/config/firezone-id.json"
|
||||
#DEVICE_ID_PATH="/var/lib/$BUNDLE_ID/config/firezone-id.json"
|
||||
LOGS_PATH="$HOME/.cache/$BUNDLE_ID/data/logs"
|
||||
DUMP_PATH="$LOGS_PATH/last_crash.dmp"
|
||||
SETTINGS_PATH="$HOME/.config/$BUNDLE_ID/config/advanced_settings.json"
|
||||
RAN_BEFORE_PATH="$HOME/.local/share/$BUNDLE_ID/data/ran_before.txt"
|
||||
SYMS_PATH="../target/debug/firezone-gui-client.syms"
|
||||
|
||||
PACKAGE=firezone-gui-client
|
||||
export RUST_LOG=firezone_gui_client=debug,warn
|
||||
export WEBKIT_DISABLE_COMPOSITING_MODE=1
|
||||
|
||||
cargo build -p "$PACKAGE"
|
||||
cargo install --quiet --locked dump_syms minidump-stackwalk
|
||||
# The dwp doesn't actually do anything if the exe already has all the debug info
|
||||
# Getting this to coordinate between Linux and Windows is tricky
|
||||
dump_syms ../target/debug/firezone-gui-client --output "$SYMS_PATH"
|
||||
ls -lash ../target/debug
|
||||
|
||||
function smoke_test() {
|
||||
# Make sure the files we want to check don't exist on the system yet
|
||||
sudo stat "$LOGS_PATH" && exit 1
|
||||
sudo stat "$SETTINGS_PATH" && exit 1
|
||||
sudo stat "$DEVICE_ID_PATH" && exit 1
|
||||
stat "$LOGS_PATH" && exit 1
|
||||
stat "$SETTINGS_PATH" && exit 1
|
||||
# TODO: The device ID will be written by the tunnel, not the GUI, so we can't check that.
|
||||
# stat "$DEVICE_ID_PATH" && exit 1
|
||||
stat "$RAN_BEFORE_PATH" && exit 1
|
||||
|
||||
# Run the smoke test normally
|
||||
sudo --preserve-env xvfb-run --auto-servernum ../target/debug/"$PACKAGE" --no-deep-links smoke-test
|
||||
if ! xvfb-run --auto-servernum ../target/debug/"$PACKAGE" --no-deep-links smoke-test
|
||||
then
|
||||
minidump-stackwalk --symbols-path "$SYMS_PATH" "$DUMP_PATH"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Note the device ID
|
||||
DEVICE_ID_1=$(cat "$DEVICE_ID_PATH")
|
||||
# DEVICE_ID_1=$(cat "$DEVICE_ID_PATH")
|
||||
|
||||
# Make sure the files were written in the right paths
|
||||
# TODO: Inject some bogus sign-in sequence to test the actor_name file
|
||||
# https://stackoverflow.com/questions/41321092
|
||||
sudo bash -c "stat \"${LOGS_PATH}/\"connlib*log"
|
||||
sudo stat "$SETTINGS_PATH"
|
||||
sudo stat "$DEVICE_ID_PATH"
|
||||
bash -c "stat \"${LOGS_PATH}/\"connlib*log"
|
||||
stat "$SETTINGS_PATH"
|
||||
# stat "$DEVICE_ID_PATH"
|
||||
stat "$RAN_BEFORE_PATH"
|
||||
|
||||
# Run the test again and make sure the device ID is not changed
|
||||
sudo --preserve-env xvfb-run --auto-servernum ../target/debug/"$PACKAGE" --no-deep-links smoke-test
|
||||
DEVICE_ID_2=$(cat "$DEVICE_ID_PATH")
|
||||
xvfb-run --auto-servernum ../target/debug/"$PACKAGE" --no-deep-links smoke-test
|
||||
# DEVICE_ID_2=$(cat "$DEVICE_ID_PATH")
|
||||
|
||||
if [ "$DEVICE_ID_1" != "$DEVICE_ID_2" ]
|
||||
then
|
||||
echo "The device ID should not change if the file is intact between runs"
|
||||
exit 1
|
||||
fi
|
||||
#if [ "$DEVICE_ID_1" != "$DEVICE_ID_2" ]
|
||||
#then
|
||||
# echo "The device ID should not change if the file is intact between runs"
|
||||
# exit 1
|
||||
#fi
|
||||
|
||||
# Clean up the files but not the folders
|
||||
sudo rm -rf "$LOGS_PATH"
|
||||
sudo rm "$SETTINGS_PATH"
|
||||
sudo rm "$DEVICE_ID_PATH"
|
||||
rm -rf "$LOGS_PATH"
|
||||
rm "$SETTINGS_PATH"
|
||||
# rm "$DEVICE_ID_PATH"
|
||||
rm "$RAN_BEFORE_PATH"
|
||||
}
|
||||
|
||||
function crash_test() {
|
||||
# Delete the crash file if present
|
||||
sudo rm -f "$DUMP_PATH"
|
||||
rm -f "$DUMP_PATH"
|
||||
|
||||
# Fail if it returns success, this is supposed to crash
|
||||
sudo --preserve-env xvfb-run --auto-servernum ../target/debug/"$PACKAGE" --crash --no-deep-links && exit 1
|
||||
xvfb-run --auto-servernum ../target/debug/"$PACKAGE" --crash --no-deep-links && exit 1
|
||||
|
||||
# Fail if the crash file wasn't written
|
||||
sudo stat "$DUMP_PATH"
|
||||
stat "$DUMP_PATH"
|
||||
}
|
||||
|
||||
function get_stacktrace() {
|
||||
SYMS_PATH="../target/debug/firezone-gui-client.syms"
|
||||
cargo install --quiet --locked dump_syms minidump-stackwalk
|
||||
# The dwp doesn't actually do anything if the exe already has all the debug info
|
||||
# Getting this to coordinate between Linux and Windows is tricky
|
||||
dump_syms ../target/debug/firezone-gui-client --output "$SYMS_PATH"
|
||||
ls -lash ../target/debug
|
||||
minidump-stackwalk --symbols-path "$SYMS_PATH" "$DUMP_PATH"
|
||||
}
|
||||
|
||||
@@ -79,7 +88,4 @@ crash_test
|
||||
get_stacktrace
|
||||
|
||||
# Clean up
|
||||
sudo rm "$DUMP_PATH"
|
||||
|
||||
# I'm not sure if the last command is handled specially, so explicitly exit with 0
|
||||
exit 0
|
||||
rm "$DUMP_PATH"
|
||||
|
||||
Reference in New Issue
Block a user