From eb3c269d05049cd0c7810bb8d7c96ab20bd21d45 Mon Sep 17 00:00:00 2001 From: Jamil Date: Mon, 10 Feb 2025 11:10:36 -0800 Subject: [PATCH] ci: Publish headless client 1.4.2 (#8080) Publishes the headless client 1.4.2, now with Windows support. Resolves: #3782 --- .github/workflows/_build_artifacts.yml | 8 +- .github/workflows/ci.yml | 2 +- .github/workflows/publish.yml | 2 +- rust/Cargo.lock | 2 +- rust/headless-client/Cargo.toml | 2 +- scripts/bump-versions.sh | 10 +- website/redirects.js | 8 +- website/src/app/api/releases/route.ts | 2 +- website/src/components/Changelog/Headless.tsx | 471 +++++++++--------- 9 files changed, 262 insertions(+), 245 deletions(-) diff --git a/.github/workflows/_build_artifacts.yml b/.github/workflows/_build_artifacts.yml index 739a2eaf1..fa02fdaf3 100644 --- a/.github/workflows/_build_artifacts.yml +++ b/.github/workflows/_build_artifacts.yml @@ -131,9 +131,9 @@ jobs: target: [x86_64-pc-windows-msvc] package: [firezone-headless-client] # mark:next-headless-version - release_name: [headless-client-1.4.2] + release_name: [headless-client-1.4.3] # mark:next-headless-version - version: [1.4.2] + version: [1.4.3] env: ARTIFACT_PATH: ${{ matrix.artifact }}_${{ matrix.version }}_${{ matrix.arch }}.exe RELEASE_NAME: ${{ matrix.release_name }} @@ -215,9 +215,9 @@ jobs: artifact: firezone-client-headless-linux image_name: client # mark:next-headless-version - release_name: headless-client-1.4.2 + release_name: headless-client-1.4.3 # mark:next-headless-version - version: 1.4.2 + version: 1.4.3 - package: firezone-relay artifact: firezone-relay image_name: relay diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index aebabaf13..4c10cd46c 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -50,7 +50,7 @@ jobs: - release_name: gateway-1.4.4 config_name: release-drafter-gateway.yml # mark:next-headless-version - - release_name: headless-client-1.4.2 + - release_name: headless-client-1.4.3 config_name: release-drafter-headless-client.yml steps: diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index f4686d160..aa386b85d 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -42,7 +42,7 @@ jobs: elif [[ "${{ github.event.release.name }}" =~ headless* ]]; then ARTIFACT=client # mark:next-headless-version - VERSION="1.4.2" + VERSION="1.4.3" else echo "Shouldn't have gotten here. Exiting." exit 1 diff --git a/rust/Cargo.lock b/rust/Cargo.lock index 0b1b250ab..d6e173319 100644 --- a/rust/Cargo.lock +++ b/rust/Cargo.lock @@ -2108,7 +2108,7 @@ dependencies = [ [[package]] name = "firezone-headless-client" -version = "1.4.2" +version = "1.4.3" dependencies = [ "anyhow", "atomicwrites", diff --git a/rust/headless-client/Cargo.toml b/rust/headless-client/Cargo.toml index b9706db7e..2930c6881 100644 --- a/rust/headless-client/Cargo.toml +++ b/rust/headless-client/Cargo.toml @@ -1,7 +1,7 @@ [package] name = "firezone-headless-client" # mark:next-headless-version -version = "1.4.2" +version = "1.4.3" edition = { workspace = true } authors = ["Firezone, Inc."] license = { workspace = true } diff --git a/scripts/bump-versions.sh b/scripts/bump-versions.sh index 2122a4474..390d6a2b1 100755 --- a/scripts/bump-versions.sh +++ b/scripts/bump-versions.sh @@ -118,10 +118,10 @@ function gui() { cargo_update_workspace } -# Linux Headless +# Windows / Linux Headless # -# Unlike the Apple, Android, and GUI clients, headless binaries for Linux are -# built on each `main` workflow. +# Unlike the Apple, Android, and GUI clients, headless binaries for Windows and +# Linux are built on each `main` workflow. # # Instructions: # 1. Perform any final QA testing on the new release assets, then publish the @@ -131,8 +131,8 @@ function gui() { # 4. Commit the changes and open a PR. Ensure the Changelog is correctly # updated with the changes. function headless() { - current_headless_version="1.4.1" - next_headless_version="1.4.2" + current_headless_version="1.4.2" + next_headless_version="1.4.3" find website -type f -name "redirects.js" -exec sed "${SEDARG[@]}" -e '/mark:current-headless-version/{n;s/[0-9]\{1,\}\.[0-9]\{1,\}\.[0-9]\{1,\}/'"${current_headless_version}"'/g;}' {} \; find website -type f -name "route.ts" -exec sed "${SEDARG[@]}" -e '/mark:current-headless-version/{n;s/[0-9]\{1,\}\.[0-9]\{1,\}\.[0-9]\{1,\}/'"${current_headless_version}"'/g;}' {} \; diff --git a/website/redirects.js b/website/redirects.js index 1f31e6846..0cfcaeb31 100644 --- a/website/redirects.js +++ b/website/redirects.js @@ -46,7 +46,7 @@ module.exports = [ source: "/dl/firezone-client-headless-windows/latest/x86_64", destination: // mark:current-headless-version - "https://www.github.com/firezone/firezone/releases/download/headless-client-1.4.1/firezone-client-headless-windows_1.4.1_x86_64.exe", + "https://www.github.com/firezone/firezone/releases/download/headless-client-1.4.2/firezone-client-headless-windows_1.4.2_x86_64.exe", permanent: false, }, /* @@ -72,21 +72,21 @@ module.exports = [ source: "/dl/firezone-client-headless-linux/latest/x86_64", destination: // mark:current-headless-version - "https://www.github.com/firezone/firezone/releases/download/headless-client-1.4.1/firezone-client-headless-linux_1.4.1_x86_64", + "https://www.github.com/firezone/firezone/releases/download/headless-client-1.4.2/firezone-client-headless-linux_1.4.2_x86_64", permanent: false, }, { source: "/dl/firezone-client-headless-linux/latest/aarch64", destination: // mark:current-headless-version - "https://www.github.com/firezone/firezone/releases/download/headless-client-1.4.1/firezone-client-headless-linux_1.4.1_aarch64", + "https://www.github.com/firezone/firezone/releases/download/headless-client-1.4.2/firezone-client-headless-linux_1.4.2_aarch64", permanent: false, }, { source: "/dl/firezone-client-headless-linux/latest/armv7", destination: // mark:current-headless-version - "https://www.github.com/firezone/firezone/releases/download/headless-client-1.4.1/firezone-client-headless-linux_1.4.1_armv7", + "https://www.github.com/firezone/firezone/releases/download/headless-client-1.4.2/firezone-client-headless-linux_1.4.2_armv7", permanent: false, }, /* diff --git a/website/src/app/api/releases/route.ts b/website/src/app/api/releases/route.ts index 56730490e..fcacb6fbd 100644 --- a/website/src/app/api/releases/route.ts +++ b/website/src/app/api/releases/route.ts @@ -11,7 +11,7 @@ export async function GET(_req: NextRequest) { // mark:current-gui-version gui: "1.4.3", // mark:current-headless-version - headless: "1.4.1", + headless: "1.4.2", // mark:current-gateway-version gateway: "1.4.3", }; diff --git a/website/src/components/Changelog/Headless.tsx b/website/src/components/Changelog/Headless.tsx index ec705a916..0a2f7b201 100644 --- a/website/src/components/Changelog/Headless.tsx +++ b/website/src/components/Changelog/Headless.tsx @@ -31,7 +31,8 @@ export default function Headless({ title }: { title: string }) { return ( {/* When you cut a release, remove any solved issues from the "known issues" lists over in `client-apps`. This must not be done when the issue's PR merges. */} - + + Publishes the headless client for Windows. @@ -39,233 +40,249 @@ export default function Headless({ title }: { title: string }) { Only write logs using ANSI-escape codes if the underlying output stream supports it. - - - - Fixes an issue where large DNS responses were incorrectly discarded. - - - BREAKING: Removes the positional token argument on the CLI. Use - `FIREZONE_TOKEN` or `FIREZONE_TOKEN_PATH` env variables instead. - - - - - Allows disabling telemetry by setting `FIREZONE_NO_TELEMETRY=true`. - - - Adds support for GSO (Generic Segmentation Offload), delivering - throughput improvements of up to 60%. - - - Makes use of the new control protocol, delivering faster and more - robust connection establishment. - - - Uses multiple threads to read & write to the TUN device, greatly - improving performance. - - - Improves connection setup latency by buffering initial packets. - - - - - Fixes an issue where symmetric NATs would generate unnecessary - candidate for hole-punching. - - - - - Mitigates a crash in case the maximum packet size is not respected. - - - Prevents re-connections to the portal from hanging for longer than 5s. - - - Fixes an issue where network roaming would cause Firezone to become - unresponsive. - - - Fixes an issue where subsequent SIGHUP signals after the first one - were ignored. - - - - Handles DNS queries over TCP correctly. - - Fixes an issue where Firezone would fail to establish connections to - Gateways and the client had to be restarted. - - - - - Ensures Firefox doesn't attempt to use DNS over HTTPS when Firezone is - active. - - - Fixes connectivity issues on idle connections by entering an - always-on, low-power mode instead of closing them. - - - Adds always-on error reporting using sentry.io. - - - Sends the motherboard's hardware ID for device verification. - - - - - Fixes a bug where non-wildcard DNS resources were not prioritised over - wildcard ones (e.g. `app.example.com` vs `*.example.com`). - - - - - Fixes a bug where DNS PTR queries by the system did not get answered. - - - Fixes a routing bug when one of several overlapping CIDR resources - gets disabled / removed. - - - Fixes a bug where the Linux Clients didn't work on ZFS filesystems. - - - Fixes an issue where some browsers may fail to route DNS Resources - correctly. - - - - - Removes unnecessary packet buffers for a minor performance increase. - - - - Adds the Internet Resource feature. - - - - Implements glob-like matching of domains for DNS resources. - - - Connections to Gateways are now sticky for the duration of the - Client's session to fix issues with long-lived TCP connections. - - - - - Fixes a bug where relayed connections failed to establish after an - idle period. - - - Fixes a bug where restrictive NATs caused connectivity problems. - - - - - Fixes an issue where the IPC service can panic during DNS resolution. - - - - - Uses `systemd-resolved` DNS control by default on Linux - - - Mitigates a bug where the Client can panic if an internal channel - fills up - - - Improves reliability of DNS resolution of non-resources. - - - - - Fixes an issue where DNS queries could time out on some networks. - - - -
  • - Fixes an{" "} - - issue - {" "} - where a stale DNS cache could prevent traffic from routing to DNS - Resources if they were updated while the Client was signed in. -
    • -     - -
  • - Prevents Firezone's stub resolver from intercepting DNS record types - besides A, AAAA, and PTR. These are now forwarded to your upstream DNS - resolver. -
    • -     - -
  • - Fixes an issue that could cause Resources to be unreachable a few - hours after roaming networks. -
    • -
  • - Reduces noise in logs for the default log level. -
    • -     - -
  • - Introduces the new DNS routing system supported by 1.1.0 Gateways - which results in much more stable connections for DNS Resources, - especially when wildcards are used. -
    • -
  • - Improves reliability when roaming between networks. -
    • -
  • - Closes idle connections to Gateways that have not seen traffic for - more than 5 minutes which reduces power consumption when not accessing - Resources. -
    • -
  • - Updates log file endings to JSONL and adds syslog-style logs for - easier readability. -
    • -

    - Note: Client versions 1.1.x are incompatible with - Gateways running 1.0.x. -

    -     - - This is a maintenance release with no major user-facing changes. - - - This release fixes a bug where the incorrect Client version was reported - to the admin portal. - - - This release contains connectivity fixes and performance improvements - and is recommended for all users. - - - This is a maintenance release with no major user-facing changes. - - - This is a maintenance release with no major user-facing changes. - - - Maintenance release. - - - This release reverts a change that could cause connectivity issues seen - by some users. - - - Update the upgrade URLs used to check for new versions. - - - Initial release. + + {/* The Windows headless client didn't exist before 1.4.2 */} + {title === "Linux Headless" && ( + <> + + + Fixes an issue where large DNS responses were incorrectly + discarded. + + + BREAKING: Removes the positional token argument on the CLI. Use + `FIREZONE_TOKEN` or `FIREZONE_TOKEN_PATH` env variables instead. + + + + + Allows disabling telemetry by setting + `FIREZONE_NO_TELEMETRY=true`. + + + Adds support for GSO (Generic Segmentation Offload), delivering + throughput improvements of up to 60%. + + + Makes use of the new control protocol, delivering faster and more + robust connection establishment. + + + Uses multiple threads to read & write to the TUN device, greatly + improving performance. + + + Improves connection setup latency by buffering initial packets. + + + + + Fixes an issue where symmetric NATs would generate unnecessary + candidate for hole-punching. + + + + + Mitigates a crash in case the maximum packet size is not + respected. + + + Prevents re-connections to the portal from hanging for longer than + 5s. + + + Fixes an issue where network roaming would cause Firezone to + become unresponsive. + + + Fixes an issue where subsequent SIGHUP signals after the first one + were ignored. + + + + Handles DNS queries over TCP correctly. + + Fixes an issue where Firezone would fail to establish connections + to Gateways and the client had to be restarted. + + + + + Ensures Firefox doesn't attempt to use DNS over HTTPS when + Firezone is active. + + + Fixes connectivity issues on idle connections by entering an + always-on, low-power mode instead of closing them. + + + Adds always-on error reporting using sentry.io. + + + Sends the motherboard's hardware ID for device verification. + + + + + Fixes a bug where non-wildcard DNS resources were not prioritised + over wildcard ones (e.g. `app.example.com` vs `*.example.com`). + + + + + Fixes a bug where DNS PTR queries by the system did not get + answered. + + + Fixes a routing bug when one of several overlapping CIDR resources + gets disabled / removed. + + + Fixes a bug where the Linux Clients didn't work on ZFS + filesystems. + + + Fixes an issue where some browsers may fail to route DNS Resources + correctly. + + + + + Removes unnecessary packet buffers for a minor performance + increase. + + + + + Adds the Internet Resource feature. + + + + + Implements glob-like matching of domains for DNS resources. + + + Connections to Gateways are now sticky for the duration of the + Client's session to fix issues with long-lived TCP connections. + + + + + Fixes a bug where relayed connections failed to establish after an + idle period. + + + Fixes a bug where restrictive NATs caused connectivity problems. + + + + + Fixes an issue where the IPC service can panic during DNS + resolution. + + + + + Uses `systemd-resolved` DNS control by default on Linux + + + Mitigates a bug where the Client can panic if an internal channel + fills up + + + Improves reliability of DNS resolution of non-resources. + + + + + Fixes an issue where DNS queries could time out on some networks. + + + +
  • + Fixes an{" "} + + issue + {" "} + where a stale DNS cache could prevent traffic from routing to DNS + Resources if they were updated while the Client was signed in. +
    • +     + +
  • + Prevents Firezone's stub resolver from intercepting DNS record + types besides A, AAAA, and PTR. These are now forwarded to your + upstream DNS resolver. +
    • +     + +
  • + Fixes an issue that could cause Resources to be unreachable a few + hours after roaming networks. +
    • +
  • + Reduces noise in logs for the default log level. +
    • +     + +
  • + Introduces the new DNS routing system supported by 1.1.0 Gateways + which results in much more stable connections for DNS Resources, + especially when wildcards are used. +
    • +
  • + Improves reliability when roaming between networks. +
    • +
  • + Closes idle connections to Gateways that have not seen traffic for + more than 5 minutes which reduces power consumption when not + accessing Resources. +
    • +
  • + Updates log file endings to JSONL and adds syslog-style logs for + easier readability. +
    • +

    + Note: Client versions 1.1.x are incompatible with + Gateways running 1.0.x. +

    +     + + This is a maintenance release with no major user-facing changes. + + + This release fixes a bug where the incorrect Client version was + reported to the admin portal. + + + This release contains connectivity fixes and performance + improvements and is recommended for all users. + + + This is a maintenance release with no major user-facing changes. + + + This is a maintenance release with no major user-facing changes. + + + Maintenance release. + + + This release reverts a change that could cause connectivity issues + seen by some users. + + + Update the upgrade URLs used to check for new versions. + + + Initial release. + + + )}     ); }