This call always results in an error because the GUI runs unprivileged
on both Linux and Windows now, so it can't control DNS or deactivate DNS
control. The IPC service has taken over all that, so the GUI not only
shouldn't do it, it can't do it.
<img width="568" alt="image"
src="https://github.com/firezone/firezone/assets/13400041/ad1b861f-4f3e-453a-94b5-d6f21c9eb198">
Closes#5015.
This way if the user opens and closes the GUI without doing anything,
the Welcome screen still appears until they successfully sign in.
Previously the `ran_before` flag was set after the first GUI startup.
Tested on Windows once.
Bumps [arboard](https://github.com/1Password/arboard) from 3.3.2 to
3.4.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/1Password/arboard/releases">arboard's
releases</a>.</em></p>
<blockquote>
<h2>v3.4.0</h2>
<h3>Added</h3>
<ul>
<li>Added a <code>wait_until</code> method for Linux, as a superset of
the existing <code>wait</code> functionality.
This is a helper for letting an application wait without manual timeout
handling.</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>Transparency in copied images now behaves better in certain Windows
apps.</li>
</ul>
<h3>Changed</h3>
<ul>
<li>Updated <code>image</code> to <code>0.25</code>.</li>
<li>Removed direct <code>thiserror</code> dependency.</li>
<li>Fixed Linux documentation links</li>
<li>Raised MSRV to 1.67.1</li>
<li>Reverted timeout behavior of <code>Clipboard::new()</code> on
platforms using X11. Applications are
encouraged to wrap constructor calls in their own thread/channel timeout
mechanisms instead
to make sure the behavior matches each usecase.</li>
<li>Migrated away from <code>objc</code> to the <code>objc2</code>
ecosystem for the Apple clipboard implementation.</li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/1Password/arboard/compare/v3.3.2...v3.4.0">https://github.com/1Password/arboard/compare/v3.3.2...v3.4.0</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/1Password/arboard/blob/master/CHANGELOG.md">arboard's
changelog</a>.</em></p>
<blockquote>
<h2>3.4.0 on 2024-29-04</h2>
<h3>Added</h3>
<ul>
<li>Added a <code>wait_until</code> method for Linux, as a superset of
the existing <code>wait</code> functionality.
This is a helper for letting an application wait without manual timeout
handling.</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>Transparency in copied images now behaves better in certain Windows
apps.</li>
</ul>
<h3>Changed</h3>
<ul>
<li>Updated <code>image</code> to <code>0.25</code>.</li>
<li>Removed direct <code>thiserror</code> dependency.</li>
<li>Fixed Linux documentation links</li>
<li>Raised MSRV to 1.67.1</li>
<li>Reverted timeout behavior of <code>Clipboard::new()</code> on
platforms using X11. Applications are
encouraged to wrap constructor calls in their own thread/channel timeout
mechanisms instead
to make sure the behavior matches each usecase.</li>
<li>Migrated away from <code>objc</code> to the <code>objc2</code>
ecosystem for the Apple clipboard implementation.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="151e679ee5"><code>151e679</code></a>
Release 3.4.0</li>
<li><a
href="610e29ba81"><code>610e29b</code></a>
Remove direct thiserror dependency</li>
<li><a
href="83740b7ab0"><code>83740b7</code></a>
Copy image as PNG file on Windows (<a
href="https://redirect.github.com/1Password/arboard/issues/141">#141</a>)</li>
<li><a
href="0bff1e07ea"><code>0bff1e0</code></a>
Use objc2 and its framework crates</li>
<li><a
href="1cca83d7e5"><code>1cca83d</code></a>
Revert "add timeout to RustConnection::connect to X11
server"</li>
<li><a
href="b4646f6c5f"><code>b4646f6</code></a>
Increase version of clipboard-win used by default</li>
<li><a
href="e2846f9288"><code>e2846f9</code></a>
Fix clippy errors</li>
<li><a
href="2f4b502508"><code>2f4b502</code></a>
Move <code>WaitConfig</code> to src/platform/linux/mod.rs, use
<code>WaitConfig</code> inside `stru...</li>
<li><a
href="6cf324cc44"><code>6cf324c</code></a>
Added <code>WaitConfig</code>, fix <code>wait_until</code> note in
docs</li>
<li><a
href="eabb191df0"><code>eabb191</code></a>
add notice for X11 in <code>SetExtLinux#wait_until</code> docs</li>
<li>Additional commits viewable in <a
href="https://github.com/1Password/arboard/compare/v3.3.2...v3.4.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Reactor Scram <ReactorScram@users.noreply.github.com>
Ready for review.
Closes#3712.
Supersedes #4940.
Refs #4963.
I haven't figured out if it needs any new automated tests (unit,
integration, etc.) but the code itself is ready for review. There is
more refactoring that could be done, or could be left for later.
```[tasklist]
- [x] Move wintun setup from GUI to IPC service / headless client
- [x] Make sure the device ID is in a sensible place
- [x] Export IPC service logs in the zips
- [x] Test GUI + SC IPC service on Windows (f4db808919a passed)
- [x] Make sure IPC service does not busy-loop
- [x] Test un-install checklist for Windows
- [x] Test upgrade checklist for Windows
- [x] Test GUI + systemd IPC service on Linux (c4ab7e7 passed)
- [x] Test upgrade checklist for Linux
- [x] Test un-install checklist for Linux
- [x] Make sure the IPC service logs out and deactivates DNS control if the GUI crashes
- [x] Test network changing
- [x] (it's intended behavior) ~~Look into spurious `on_update_resources` (fad86babd7)~~
- [x] ~~Test max partition time on offline laptop~~ (I ended up just setting a 30-day default in the code)
- [x] Make sure headless Client does not busy-loop
- [x] Test standalone headless on Linux
- [ ] Add unit / integration tests
- [ ] Think about security a bit #3971
```
---------
Signed-off-by: Reactor Scram <ReactorScram@users.noreply.github.com>
Co-authored-by: Jamil <jamilbk@users.noreply.github.com>
The API of connlib is designed around a uni-directional dataflow where
commands flow one way and events flow the other way. By design, this
creates a system of eventual consistency: We don't exactly know when
connlib will emit an event. This is important because it gives us
flexibility in what the internals of connlib look like. It also forces
the downstream apps to be able to handle any event at any point which
avoids bugs where clients rely on a certain order that may just be an
implementation detail.
To achieve all of this, it is important that we don't introduce APIs
with return values. As soon as a function returns a value, it commits to
being able to compute this return value _synchronously_. Any refactoring
that may make the computation of the return value asynchronous is then a
breaking change.
Consequently, APIs like `handle_timeout` should never return a value.
Instead, they should queue an event that the layer above reacts to
accordingly.
This came up while working on #4994 while writing the proptests I
noticed that the precondition could panic since we don't have this check
there and would cause shrinking to fail.
- Ensure IP address appears on newline always
- Dedicate 3/12 width for table columns that can contain IPv6 addresses
- Removes the `(IP)` parentheses because that makes it hard to
copy/paste the IP
Fixes#4992
This PR introduces site's `Status`. That's used to report to the client
the status, either, unknown, online or offline, mostly as a hint to
users as what's wrong with a connection.
This are the criteria for an online or offline resource
* If all sites related to a resource are offline the resource is
considered offline, since there's no gateway that can respond to that
resource's connection
* If any site is online the resource is online, since that same peer can
be used to reach that resource
* Any other case is unknown
Right now resources are single site so it doesn't matter too much but
tracking online/offline per-site instead of per-gateway or resource
seems like the better long-term solution.
The way to "find out" the site's status is:
* If a response to a connection details is offline, all sites related to
that resource must be offline otherwise there would've been a gateway in
the response
* At the point we connect to a gateway, the site that corresponds to
that gateway must be online
* When a connection to a peer stops it's considered unknown again
Fixes#4738
Why:
* The new flow for creating an identity provider in Firezone allows the
user to not have to worry what features their plan has enabled. It will
allow the user to select which identity provider they use and will take
them to the appropriate form depending on the features they have enabled
on their plan.
## Screenshots
### Selecting an identity provider
<img width="937" alt="Screenshot 2024-05-14 at 11 53 17 AM"
src="https://github.com/firezone/firezone/assets/2646332/31337ad9-13c8-43a2-942c-adb0a951167c">
### New OIDC form when a custom provider is selected but IDP sync is not
enabled for account
<img width="903" alt="Screenshot 2024-05-14 at 11 54 58 AM"
src="https://github.com/firezone/firezone/assets/2646332/2e18d788-60c3-4fad-b749-351559a24aca">
It typically takes about 1 minute to run in CI. We don't have any leads
on fixing this issue, and it may be a regression in a recent release of
WebView2. https://github.com/firezone/firezone/pull/4935
Bumps [base64](https://github.com/marshallpierce/rust-base64) from
0.22.0 to 0.22.1.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/marshallpierce/rust-base64/blob/master/RELEASE-NOTES.md">base64's
changelog</a>.</em></p>
<blockquote>
<h1>0.22.1</h1>
<ul>
<li>Correct the symbols used for the predefined
<code>alphabet::BIN_HEX</code>.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="e144006974"><code>e144006</code></a>
v0.22.1</li>
<li><a
href="64cca59ddb"><code>64cca59</code></a>
Merge pull request <a
href="https://redirect.github.com/marshallpierce/rust-base64/issues/271">#271</a>
from JobanSD/patch-1</li>
<li><a
href="838355e0ac"><code>838355e</code></a>
Correct BinHex 4.0 alphabet according to specifications</li>
<li><a
href="bf15ccf30a"><code>bf15ccf</code></a>
Merge pull request <a
href="https://redirect.github.com/marshallpierce/rust-base64/issues/270">#270</a>
from marshallpierce/mp/clippy</li>
<li><a
href="fc6aabee8a"><code>fc6aabe</code></a>
Appease clippy</li>
<li><a
href="9a518a2d5d"><code>9a518a2</code></a>
Merge pull request <a
href="https://redirect.github.com/marshallpierce/rust-base64/issues/267">#267</a>
from bdura/patch-1</li>
<li><a
href="d96c80f242"><code>d96c80f</code></a>
Merge branch 'marshallpierce:master' into patch-1</li>
<li><a
href="e8e4a22761"><code>e8e4a22</code></a>
docs: fix trailing ``` in mod.rs example</li>
<li>See full diff in <a
href="https://github.com/marshallpierce/rust-base64/compare/v0.22.0...v0.22.1">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
