Fixes the compile warning in macOS for the `version-check` CI job.
Removes some error variants that were never matched on, folding them
into `anyhow::Error`s
Using the current thread in apple was causing a crashloop, since
connlib's thread was taken down by the network extension after
`WrappedSession::connect` returned.
Now we force the runtime to create the thread to prevent it from being
taken down.
Currently, each use of `Session` creates its own `Runtime`. That is
unnecessary because some platforms already have a tokio runtime running.
Instead of creating another one, we simply ask the caller to provide us
with a `Handle` to an existing tokio runtime. For Android and iOS we
spawn a new single-threaded runtime to satisfy this new requirement.
This adds the same kind of HTTP health-check that is already present in
the relay to the gateway. The health-check returns 200 OK for as long as
the gateway is active. The gateway automatically shuts down on fatal
errors (like authentication failures with the portal).
To enable this, I've extracted a crate `http-health-check` that shares
this code between the relay and the gateway.
Resolves: #2465.
---------
Signed-off-by: Thomas Eizinger <thomas@eizinger.io>
Co-authored-by: Reactor Scram <ReactorScram@users.noreply.github.com>
With the use of `snownet`, we now have explicit control over how we read
and write messages to sockets. As such, we can make the remaining
stack-allocated buffer heap-allocated and remove the increased
stack-size on our tokio worker threads.
This refactors `Session` to allow for commands to be sent to the
`Eventloop`. Currently, we only send a `Stop` command. With #3429, we
will add more commands like refreshing and updating the DNS servers.
Right now it only works on my dev VM, not on my test VMs, due to #4053
and #4103, but it passes tests and should be safe to merge.
There's one doc fix and one script fix which are unrelated and could be
their own PRs, but they'd be tiny, so I left them in here.
Ref #4106 and #3713 for the plan to fix all this by splitting the tunnel
process off so that the GUI runs as a normal user.
This is heavily inspired by how `str0m`'s `IceAgent` is tested. I left a
link for attribution. We can copy / move this later to write unit tests
for the `Tunnel`.
Bumps [@tauri-apps/cli](https://github.com/tauri-apps/tauri) from 1.5.10
to 1.5.11.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/tauri-apps/tauri/releases"><code>@tauri-apps/cli</code>'s
releases</a>.</em></p>
<blockquote>
<h2><code>@tauri-apps/cli</code> v1.5.11</h2>
<h2>[1.5.11]</h2>
<h3>Bug Fixes</h3>
<ul>
<li><a
href="b15948b11c"><code>b15948b11</code></a>(<a
href="https://redirect.github.com/tauri-apps/tauri/pull/8903">#8903</a>)
Fix <code>.taurignore</code> failing to ignore in some cases.</li>
</ul>
<h3>Dependencies</h3>
<ul>
<li>Upgraded to <code>tauri-cli@1.5.11</code></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="b705f89a10"><code>b705f89</code></a>
Apply Version Updates From Current Changes (v1) (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/9074">#9074</a>)</li>
<li><a
href="97a05145fb"><code>97a0514</code></a>
fix(cli): migrate to stable features of <code>log</code> crate (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/9119">#9119</a>)</li>
<li><a
href="b15948b11c"><code>b15948b</code></a>
fix(cli): use <code>matched_path_or_any_parents</code> when checking if
a file is ignore...</li>
<li><a
href="5163861588"><code>5163861</code></a>
fix(bundler): escape potentially problematic strings in an XML (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/9040">#9040</a>)</li>
<li><a
href="80a215a6f3"><code>80a215a</code></a>
Apply Version Updates From Current Changes (v1) (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/9013">#9013</a>)</li>
<li><a
href="01ae1218dc"><code>01ae121</code></a>
ci: downgrade thread_local to 1.1.7 in msrv list (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/9012">#9012</a>)</li>
<li><a
href="d42668ce17"><code>d42668c</code></a>
fix(runtime-wry): avoid panic during clipboard initialization on wayland
(<a
href="https://redirect.github.com/tauri-apps/tauri/issues/9003">#9003</a>)</li>
<li><a
href="1ab0db6352"><code>1ab0db6</code></a>
chore: port PR template from <code>dev</code> branch (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/9004">#9004</a>)</li>
<li><a
href="e816a46b95"><code>e816a46</code></a>
chore: update lock files</li>
<li><a
href="a4b82d9dba"><code>a4b82d9</code></a>
chore: bump tauri-utils</li>
<li>See full diff in <a
href="https://github.com/tauri-apps/tauri/compare/@tauri-apps/cli-v1.5.10...@tauri-apps/cli-v1.5.11">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Reactor Scram <ReactorScram@users.noreply.github.com>
Followup from #4100:
- Add `perf/relay` and `debug/relay` etc data plane images in
`firezone-staging`.
- The `perf` images are `debug` stage images and have tooling installed,
but use release binaries.
- The `debug` images are `debug` binaries inside `debug` images
- `firezone-prod` contains only release binaries -- these image names
haven't changed
Adds a working example of the simplest way to deploy Gateways to GCP
that is also mostly cloud platform agnostic.
I avoided using COS and Docker for this because:
- Systemd is already installed and supports IPv6 already
- Can be more easily adapted to other platforms where Docker may not be
available or trickier to setup (E.g. CentOS 7)
- COS is Google-specific
---------
Signed-off-by: Jamil <jamilbk@users.noreply.github.com>
Co-authored-by: Andrew Dryga <andrew@dryga.com>
Previously, the relay neither scheduled a `Wake` command nor did it
register a `TimedAction` to expire a channel binding. Such an action was
only scheduled after the first refresh.
This PR fixes this and adds a test that asserts we can re-bind the same
channel to a different peer after 15 minutes.
Resolves: #3979.
Unfortunately, the current logs don't allow us to correlate, which
allocation and thus which client the expired channel binding relates to.
This PR fixes this by adding more fields to the relevant log messages.
Fixes some issues encountered after the merge of #4049
- Fix performance tests to only run using base_ref and head_ref to avoid
dependence on `main`
- Fixes some typos
- Prevents a catch-22 condition where breaking compatibility meant we
wouldn't be able to deploy production
