Closes#4385
```[tasklist]
### Manual test cases (f2c8f47b3 passed)
- [x] Given there is no token on disk, when you start the app, then there is no notification
- [x] Given there is a token on disk, when you start the app and it signs in, then there is 1 notification
- [x] Given the app is signed out, when you sign in, then there is 1 notification (test this in a sign-out-sign-in cycle)
- [x] Given the app is signed in, when you sign out, then there is no notification
- [x] Given the app is signed in, when you change Wi-Fi networks, then there is no notification
```
This will work on Linux once the Linux GUI comes up
Fixes#4488
```[tasklist]
# Before merging
- [x] There's one call site that won't compile on Linux. Make this cross-platform.
- [x] Does the rule get removed every time when you quit gracefully?
- [x] Will this NRPT rule prevent connlib from re-resolving the portal IP if it needs to?
- [x] Test network switching. Does this work worse, better, or the same?
- [ ] Is the Windows DNS cache flushed exactly when it needs to be?
```
- After connlib connects to the portal, we add an NRPT rule asking
Windows to send **all** DNS queries to our sentinels. This should also
be called whenever the interface is re-configured, which might change
the sentinel IPs
- When exiting gracefully, we delete the rule to restore normal DNS
behavior without having to back up and restore the other IPs
- We also delete the rule at startup so that if Firezone crashes or
misbehaves, restarting it should restore normal DNS
- We also flush the system-wide DNS cache whenever we claim different
routes. This may flush too often, and it may also miss some flushes that
we should do. It needs double-checking.
- There is still a gap when changing networks, DNS can leak there, but I
don't think it's worse than before.
Bumps [hostname](https://github.com/svartalf/hostname) from 0.3.1 to
0.4.0.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/svartalf/hostname/blob/master/CHANGELOG.md">hostname's
changelog</a>.</em></p>
<blockquote>
<h2>[0.4.0] - 2024-04-01</h2>
<h3>Added</h3>
<ul>
<li>CI setup now covers almost all supported Tier 1 and Tier 2 platform
targets</li>
</ul>
<h3>Changed</h3>
<ul>
<li>Minimum Supported Rust version set to <code>1.67.0</code></li>
<li>Rust edition set to "2021"</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>Handle edge cases for POSIX systems (<a
href="https://redirect.github.com/svartalf/hostname/issues/14">#14</a>)</li>
<li>docs.rs documentation build</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="0e311b92ea"><code>0e311b9</code></a>
Release v0.4.0</li>
<li><a
href="e96d1fde34"><code>e96d1fd</code></a>
Updating the repo to make it usable again</li>
<li><a
href="ecf28ebbf4"><code>ecf28eb</code></a>
bump version-sync: 0.8 -> 0.9 (<a
href="https://redirect.github.com/svartalf/hostname/issues/17">#17</a>)</li>
<li><a
href="4a178ed8f4"><code>4a178ed</code></a>
Handle posix hostname edge cases (<a
href="https://redirect.github.com/svartalf/hostname/issues/14">#14</a>)</li>
<li><a
href="7e930e9aca"><code>7e930e9</code></a>
Upgrade rust edition and migrate dependices(cfg_if, windows_rs) (<a
href="https://redirect.github.com/svartalf/hostname/issues/18">#18</a>)</li>
<li>See full diff in <a
href="https://github.com/svartalf/hostname/compare/v0.3.1...v0.4.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Unfortunately I had to keep `linux-client` to get the compatibility
tests to pass. #4578 aims to remove that package.
Please add to this list if you think of anything:
```[tasklist]
# Things that may break that CI/CD won't catch
- [ ] Github release artifacts
- [ ] Knowledge base
- [ ] Docker images
- [ ] Docker containers
- [ ] Existing `linux-client` users
- [ ] Anything that downloads ghcr artifacts
- [ ] Nix (Not sure if it's built in CI. It had a merge conflict)
```
Refs #4515, and #3712, #3782
I think this is what Thomas and I agreed on in Slack / Github
---------
Signed-off-by: Reactor Scram <ReactorScram@users.noreply.github.com>
Co-authored-by: Thomas Eizinger <thomas@eizinger.io>
Bumps [reqwest](https://github.com/seanmonstar/reqwest) from 0.12.1 to
0.12.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/seanmonstar/reqwest/releases">reqwest's
releases</a>.</em></p>
<blockquote>
<h2>v0.12.2</h2>
<h2>What's Changed</h2>
<ul>
<li>Fix missing ALPN when connecting to socks5 proxy with rustls.</li>
<li>Fix TLS version limits with rustls.</li>
<li>Fix not detected ALPN h2 from server with native-tls.</li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/cxw620"><code>@cxw620</code></a> made
their first contribution in <a
href="https://redirect.github.com/seanmonstar/reqwest/pull/2165">seanmonstar/reqwest#2165</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/seanmonstar/reqwest/compare/v0.12.1...v0.12.2">https://github.com/seanmonstar/reqwest/compare/v0.12.1...v0.12.2</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/seanmonstar/reqwest/blob/master/CHANGELOG.md">reqwest's
changelog</a>.</em></p>
<blockquote>
<h2>v0.12.2</h2>
<ul>
<li>Fix missing ALPN when connecting to socks5 proxy with rustls.</li>
<li>Fix TLS version limits with rustls.</li>
<li>Fix not detected ALPN h2 from server with native-tls.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="6768a8e818"><code>6768a8e</code></a>
v0.12.2</li>
<li><a
href="fff307bc69"><code>fff307b</code></a>
fix(connect): ALPN missed when using socks5 proxy with rustls backend
(<a
href="https://redirect.github.com/seanmonstar/reqwest/issues/2164">#2164</a>)</li>
<li><a
href="04bf45f4ec"><code>04bf45f</code></a>
fix: tls version limit for rustls (<a
href="https://redirect.github.com/seanmonstar/reqwest/issues/2203">#2203</a>)</li>
<li><a
href="056f8c4ff4"><code>056f8c4</code></a>
fix(connect): not negotiate h2 when using native-tls backend (<a
href="https://redirect.github.com/seanmonstar/reqwest/issues/2165">#2165</a>)</li>
<li>See full diff in <a
href="https://github.com/seanmonstar/reqwest/compare/v0.12.1...v0.12.2">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jamil <jamilbk@users.noreply.github.com>
A wildcard match was the underlying bug fixed in #4486. Despite being a
bit annoying in some cases, I think it is worth having this lint turned
on to ensure we don't wildcard match in situations where it can have bad
consequences, like `poll` functions.
---------
Signed-off-by: Thomas Eizinger <thomas@eizinger.io>
Refs #3712 and #3713 (Linux and Windows tunnel process separation /
splitting)
This doesn't change the functionality of the GUI Client, but it adds a
boundary where:
- Windows can keep connlib in-process, so it stays stable during the
early phases of GA when I don't want to be fighting bugs caused by a big
architecture change
- Linux can move connlib into the tunnel process, which is required
before the Linux GUI Client reaches it own GA milestone
So it all looks redundant, because it's scaffolding until later this
year when both Linux and Windows are split. After that, some of this can
be removed.
Refs #3713
With this, the deb package for the Linux GUI Client contains a build of
the Linux CLI Client, at `/usr/bin/firezone-client-tunnel`. Future PRs
can add IPC to the code.
There is also a Windows stub, since Windows will eventually need a
tunnel process and a CLI Client.
In the future we might need to move or rename things, since the CLI
Clients and tunnel binaries for both Linux and Windows may all share
code or at least architecture. For now there is a slight duplication
with this being built as both "Firezone Client Tunnnel" and "Firezone
Linux Client"
Bumps
[@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node)
from 20.11.25 to 20.12.2.
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Motivated by: #4340.
I also activated
[`clippy::unnnecessary_wraps`](https://rust-lang.github.io/rust-clippy/master/#/unnecessary_wraps)
which does create some false-positives for the platform-specific code
but is IMO overall a net-positive. With the amount of Rust code and
crates increasing, it is good to have tools point out simplifications
like these as they are otherwise hard to spot, especially across crate
boundaries.
Not sure if this will fix#3999 but the ~~colors for the existing icon
are wrong, so we need to fix them anyway.~~
Removes unused Tauri app icons.
Refs #3999
On ice until after GA
```[tasklist]
# Before merging
- [x] Re-frame it as upgrading the Linux CLI to add IPC / systemd autostart support instead of replacing the CLI (thanks Thomas)
```
Bumps [reqwest](https://github.com/seanmonstar/reqwest) from 0.11.27 to
0.12.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/seanmonstar/reqwest/releases">reqwest's
releases</a>.</em></p>
<blockquote>
<h2>v0.12.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Fix <code>ClientBuilder::interface()</code> when no TLS is
enabled.</li>
<li>Fix <code>TlsInfo::peer_certificate()</code> being truncated with
rustls.</li>
<li>Fix panic if <code>http2</code> feature disabled but TLS negotiated
h2 in ALPN.</li>
<li>Fix <code>Display</code> for <code>Error</code> to not include its
source error.</li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/atouchet"><code>@atouchet</code></a>
made their first contribution in <a
href="https://redirect.github.com/seanmonstar/reqwest/pull/2193">seanmonstar/reqwest#2193</a></li>
<li><a href="https://github.com/mbme"><code>@mbme</code></a> made their
first contribution in <a
href="https://redirect.github.com/seanmonstar/reqwest/pull/2195">seanmonstar/reqwest#2195</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/seanmonstar/reqwest/compare/v0.12.0...v0.12.1">https://github.com/seanmonstar/reqwest/compare/v0.12.0...v0.12.1</a></p>
<h2>v0.12.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Upgrade to <code>hyper</code>, <code>http</code>, and
<code>http-body</code> v1.</li>
<li>Add better support for converting to and from
<code>http::Request</code> and <code>http::Response</code>.</li>
<li>Add <code>http2</code> optional cargo feature, default on.</li>
<li>Add <code>charset</code> optional cargo feature, default on.</li>
<li>Add <code>macos-system-configuration</code> cargo feature, default
on.</li>
<li>Change all optional dependencies to no longer be exposed as implicit
features.</li>
<li>Add <code>ClientBuilder::interface(str)</code> to specify the local
interface to bind to.</li>
<li>Experimental: disables the <code>http3</code> feature
temporarily.</li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/seanmonstar/reqwest/compare/v0.11.27...v0.12.0">https://github.com/seanmonstar/reqwest/compare/v0.11.27...v0.12.0</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/seanmonstar/reqwest/blob/master/CHANGELOG.md">reqwest's
changelog</a>.</em></p>
<blockquote>
<h2>v0.12.1</h2>
<ul>
<li>Fix <code>ClientBuilder::interface()</code> when no TLS is
enabled.</li>
<li>Fix <code>TlsInfo::peer_certificate()</code> being truncated with
rustls.</li>
<li>Fix panic if <code>http2</code> feature disabled but TLS negotiated
h2 in ALPN.</li>
<li>Fix <code>Display</code> for <code>Error</code> to not include its
source error.</li>
</ul>
<h1>v0.12.0</h1>
<ul>
<li>Upgrade to <code>hyper</code>, <code>http</code>, and
<code>http-body</code> v1.</li>
<li>Add better support for converting to and from
<code>http::Request</code> and <code>http::Response</code>.</li>
<li>Add <code>http2</code> optional cargo feature, default on.</li>
<li>Add <code>charset</code> optional cargo feature, default on.</li>
<li>Add <code>macos-system-configuration</code> cargo feature, default
on.</li>
<li>Change all optional dependencies to no longer be exposed as implicit
features.</li>
<li>Add <code>ClientBuilder::interface(str)</code> to specify the local
interface to bind to.</li>
<li>Experimental: disables the <code>http3</code> feature
temporarily.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="e0ea15bd65"><code>e0ea15b</code></a>
v0.12.1</li>
<li><a
href="3d78fcbbb5"><code>3d78fcb</code></a>
fix: Display for Error shouldn't include source (<a
href="https://redirect.github.com/seanmonstar/reqwest/issues/2199">#2199</a>)</li>
<li><a
href="c53572410d"><code>c535724</code></a>
Fix binding interface when no TLS is used (<a
href="https://redirect.github.com/seanmonstar/reqwest/issues/2200">#2200</a>)</li>
<li><a
href="d5adcba6a2"><code>d5adcba</code></a>
fix: rustls extraction of <code>TlsInfo::peer_certificate()</code> being
truncated (<a
href="https://redirect.github.com/seanmonstar/reqwest/issues/2195">#2195</a>)</li>
<li><a
href="7a5df21260"><code>7a5df21</code></a>
fix: could panic if http2 disabled but TLS negotiated h2 (<a
href="https://redirect.github.com/seanmonstar/reqwest/issues/2194">#2194</a>)</li>
<li><a
href="d5051f9bee"><code>d5051f9</code></a>
Update version number in Readme</li>
<li><a
href="92aa28caab"><code>92aa28c</code></a>
v0.12.0</li>
<li><a
href="6c6170b1a7"><code>6c6170b</code></a>
feat: Make encoding_rs an optional dependency called
<code>charset</code></li>
<li><a
href="d1022b3b9f"><code>d1022b3</code></a>
Support conversion to http::Response</li>
<li><a
href="a29c7f9011"><code>a29c7f9</code></a>
Add macos-system-configuration feature flag</li>
<li>Additional commits viewable in <a
href="https://github.com/seanmonstar/reqwest/compare/v0.11.27...v0.12.1">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Our sockets need to be initialized within a tokio runtime context. To
achieve this, we don't actually initialize anything on `Sockets::new`.
Instead, we call `rebind` within the constructor of `Tunnel` which
already runs in a tokio context.
Fixes: #4282
---------
Signed-off-by: Jamil <jamilbk@users.noreply.github.com>
Co-authored-by: Thomas Eizinger <thomas@eizinger.io>
Co-authored-by: Reactor Scram <ReactorScram@users.noreply.github.com>
```[tasklist]
### Before merging
- [x] Manual test of MSI from CI
```
Bumps
[tauri-winrt-notification](https://github.com/tauri-apps/winrt-notification)
from 0.1.3 to 0.2.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/tauri-apps/winrt-notification/releases">tauri-winrt-notification's
releases</a>.</em></p>
<blockquote>
<h2>tauri-winrt-notification v0.2.0</h2>
<p>Updating crates.io index</p>
<!-- raw HTML omitted -->
<pre><code>Fetching advisory database from
`https://github.com/RustSec/advisory-db.git`
Loaded 613 security advisories (from /home/runner/.cargo/advisory-db)
Updating crates.io index
Scanning Cargo.lock for vulnerabilities (15 crate dependencies)
</code></pre>
<!-- raw HTML omitted -->
<h2>[0.2.0]</h2>
<ul>
<li><a
href="1427bbfadc"><code>1427bbf</code></a>(<a
href="https://redirect.github.com/tauri-apps/winrt-notification/pull/18">#18</a>)
Update MSRV to <code>1.62</code></li>
<li><a
href="1427bbfadc"><code>1427bbf</code></a>(<a
href="https://redirect.github.com/tauri-apps/winrt-notification/pull/18">#18</a>)
Update <code>windows</code> crate to <code>0.54</code></li>
</ul>
<!-- raw HTML omitted -->
<pre><code>`\`\`
Updating crates.io index
Packaging tauri-winrt-notification v0.2.0
(/home/runner/work/winrt-notification/winrt-notification)
Updating crates.io index
Packaged 29 files, 82.9KiB (40.8KiB compressed)
Uploading tauri-winrt-notification v0.2.0
(/home/runner/work/winrt-notification/winrt-notification)
Uploaded tauri-winrt-notification v0.2.0 to registry `crates-io`
note: Waiting for `tauri-winrt-notification v0.2.0` to be available at
registry `crates-io`.
You may press ctrl-c to skip waiting; the crate should be available
shortly.
Published tauri-winrt-notification v0.2.0 at registry `crates-io`
</code></pre>
<!-- raw HTML omitted -->
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/tauri-apps/winrt-notification/blob/dev/CHANGELOG.md">tauri-winrt-notification's
changelog</a>.</em></p>
<blockquote>
<h2>[0.2.0]</h2>
<ul>
<li><a
href="1427bbfadc"><code>1427bbf</code></a>(<a
href="https://redirect.github.com/tauri-apps/winrt-notification/pull/18">#18</a>)
Update MSRV to <code>1.62</code></li>
<li><a
href="1427bbfadc"><code>1427bbf</code></a>(<a
href="https://redirect.github.com/tauri-apps/winrt-notification/pull/18">#18</a>)
Update <code>windows</code> crate to <code>0.54</code></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="e43754023c"><code>e437540</code></a>
Publish New Versions (<a
href="https://redirect.github.com/tauri-apps/winrt-notification/issues/19">#19</a>)</li>
<li><a
href="1427bbfadc"><code>1427bbf</code></a>
chore(deps): update <code>windows</code> crate to 0.54 (<a
href="https://redirect.github.com/tauri-apps/winrt-notification/issues/18">#18</a>)</li>
<li>See full diff in <a
href="https://github.com/tauri-apps/winrt-notification/compare/tauri-winrt-notification-v0.1.3...tauri-winrt-notification-v0.2">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Reactor Scram <ReactorScram@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: ReactorScram <ReactorScram@users.noreply.github.com>
```[tasklist]
- [x] Ensure whatever method we use to read the DNS servers actually works here, and doesn't have a strange memory ordering problem. If it does, read them from the registry by hand.
- [x] Graceful exit
- [x] Error handling
- [x] Clean it up and integrate it with the Tauri client
- [x] Replace `Notify` with channel of size one
- [x] Remove `Arc`
- [x] Replace `close` with panics
- [x] Remove `Pin`
- [x] Unit-test what happens if we register with RegNotify, close the handle, then modify our key
- [x] Merge with main and call `set_dns`
```
This updates connlib to follow the new guidelines described in #4262. I
only made the bare-minimum changes to the clients. With these changes
`reconnect` should only be called when the network interface actually
changed, meaning clients have to be updated to reflect that.
Running as sudo / root causes a lot of problems for GUI programs, so
we're unwinding that. In this case we can go back to using Tauri's "open
URL" function, which is great.
Closes#4103
Refs #3713
Affects #3972 - I was finally able to debug it because it came up
constantly during this PR
Refs #3713
```[tasklist]
### Before merging
- [ ] Is 'firezone-client-tunnel' okay for the binary name?
- [ ] Using a library and building it as two binaries is correct, right? `cargo run -p firezone-client-tunnel` takes 1 second. `cargo run -p firezone-gui-client --bin firezone-client-tunnel` takes 1m42s because it builds all the GUI deps.
```
I thought this was going to use `cargo-deb` but it was actually easy
with the Tauri deb bundling we already use.
```[tasklist]
### Before merging
- [x] Make sure every file in the Tauri deb is also in our deb (e.g. icons)
```
Currently, an error returned by `Tunnel::poll_next_event` is only
logged. In other words, they are never fatal. This creates a tricky to
understand relationship on what kind of errors should be returned from
callbacks. Because connlib is used on multiple operating systems, it has
no idea how fatal a particular error is.
This PR removes all of these `Result` return values with the following
consequences:
- For Android, we now panic when a callback fails. This is a slight
change in behaviour. I believe that previously, any exception thrown by
a callback into Android was caught and returned as an error. Now, we
panic because in the FFI layer, we don't have any information on how
fatal the error is. For non-fatal errors, the Android app should simply
not throw an exception. The panics will cause the connlib task to be
shut down which triggers an `on_disconnect`.
- For Swift, there is no behaviour change. The FFI layer already did not
support `Result`s for those callbacks. I don't know how exceptions from
Swift are translated across the FFI layer but there is no change to what
we had before.
- For the Tauri client:
- I chose to log errors on ERROR level and continue gracefully for the
DNS resolvers.
- We panic in case the controller channel is full / closed. That should
really never happen in practice though unless we are currently shutting
down the app.
Resolves: #4064.
AppImages won't work with process splitting. (#3713)
As far as I can tell, they just produce one binary. Internally they use
FUSE or something to mount a squashfs image, but that image won't be
able to hook into systemd and run with root permissions and everything.
I don't think it's practical, and Tauri's AppImage bundling doesn't have
the features for it.
Even their deb bundler doesn't have any way to specify a path for a
daemon to be installed. The sidecar feature only seems intended for the
GUI app to call, not anything else on the system.
(There is such a thing as installing AppImages, but I don't think it's
worth pursuing - We should just do debs)
Closes#3699 if successful
Ref #3972
I don't understand why it started working. There's at least 3
possibilities:
- Some unrelated change in the last few weeks fixed it (Maybe bumping
Tauri to 1.6.1? https://github.com/firezone/firezone/pull/3881)
- It was a bug in the Github CI runner image that they fixed
- It's an awful race condition and adding `tracing::debug!` fixed it
---------
Signed-off-by: Reactor Scram <ReactorScram@users.noreply.github.com>
This isn't really user-facing, so I marked it down from `feat` to
`chore`. Closes#3817
- If we exit gracefully, `/etc/resolv.conf` is reverted
- We always keep the `.before-firezone` backup in case we lose power and
the revert transaction is corrupted or rolled back
- We use a magic header to detect whether the last run was a crash or
not. If Firezone crashes and the user wants to modify their default DNS,
they need to delete that header so that Firezone won't accidentally
revert its backup and trash their change.
- All error variants for this module replaced with `anyhow::Error` since
they were never matched by callers.
I ran `cargo mutants` locally and it helped me validate the unit tests
and it picked up a `match` branch that I forgot to delete.
```[tasklist]
- [x] (Failed: Integration tests didn't like it) ~~Add the system default resolvers below Firezone's sentinels~~
- [x] `tracing::info` "Last run crashed" if we have to revert the file at startup
```
---------
Signed-off-by: Reactor Scram <ReactorScram@users.noreply.github.com>
Internal (Not private, just un-interesting to most users) docs and
research to explain the DNS control methods.
I think Jamil was right, we should revert `/etc/resolv.conf` on exit in
case it's used on some minimal Debian kitten. We can keep that and the
`systemd-resolved` method around to support desktop Ubuntu. Everything
else is going to be "When someone needs it".
Bumps
[follow-redirects](https://github.com/follow-redirects/follow-redirects)
from 1.15.5 to 1.15.6.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="35a517c586"><code>35a517c</code></a>
Release version 1.15.6 of the npm package.</li>
<li><a
href="c4f847f851"><code>c4f847f</code></a>
Drop Proxy-Authorization across hosts.</li>
<li><a
href="8526b4a1b2"><code>8526b4a</code></a>
Use GitHub for disclosure.</li>
<li>See full diff in <a
href="https://github.com/follow-redirects/follow-redirects/compare/v1.15.5...v1.15.6">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/firezone/firezone/network/alerts).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Reactor Scram <ReactorScram@users.noreply.github.com>
Fixes the compile warning in macOS for the `version-check` CI job.
Removes some error variants that were never matched on, folding them
into `anyhow::Error`s
Currently, each use of `Session` creates its own `Runtime`. That is
unnecessary because some platforms already have a tokio runtime running.
Instead of creating another one, we simply ask the caller to provide us
with a `Handle` to an existing tokio runtime. For Android and iOS we
spawn a new single-threaded runtime to satisfy this new requirement.
This refactors `Session` to allow for commands to be sent to the
`Eventloop`. Currently, we only send a `Stop` command. With #3429, we
will add more commands like refreshing and updating the DNS servers.
Right now it only works on my dev VM, not on my test VMs, due to #4053
and #4103, but it passes tests and should be safe to merge.
There's one doc fix and one script fix which are unrelated and could be
their own PRs, but they'd be tiny, so I left them in here.
Ref #4106 and #3713 for the plan to fix all this by splitting the tunnel
process off so that the GUI runs as a normal user.
Bumps [@tauri-apps/cli](https://github.com/tauri-apps/tauri) from 1.5.10
to 1.5.11.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/tauri-apps/tauri/releases"><code>@tauri-apps/cli</code>'s
releases</a>.</em></p>
<blockquote>
<h2><code>@tauri-apps/cli</code> v1.5.11</h2>
<h2>[1.5.11]</h2>
<h3>Bug Fixes</h3>
<ul>
<li><a
href="b15948b11c"><code>b15948b11</code></a>(<a
href="https://redirect.github.com/tauri-apps/tauri/pull/8903">#8903</a>)
Fix <code>.taurignore</code> failing to ignore in some cases.</li>
</ul>
<h3>Dependencies</h3>
<ul>
<li>Upgraded to <code>tauri-cli@1.5.11</code></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="b705f89a10"><code>b705f89</code></a>
Apply Version Updates From Current Changes (v1) (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/9074">#9074</a>)</li>
<li><a
href="97a05145fb"><code>97a0514</code></a>
fix(cli): migrate to stable features of <code>log</code> crate (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/9119">#9119</a>)</li>
<li><a
href="b15948b11c"><code>b15948b</code></a>
fix(cli): use <code>matched_path_or_any_parents</code> when checking if
a file is ignore...</li>
<li><a
href="5163861588"><code>5163861</code></a>
fix(bundler): escape potentially problematic strings in an XML (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/9040">#9040</a>)</li>
<li><a
href="80a215a6f3"><code>80a215a</code></a>
Apply Version Updates From Current Changes (v1) (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/9013">#9013</a>)</li>
<li><a
href="01ae1218dc"><code>01ae121</code></a>
ci: downgrade thread_local to 1.1.7 in msrv list (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/9012">#9012</a>)</li>
<li><a
href="d42668ce17"><code>d42668c</code></a>
fix(runtime-wry): avoid panic during clipboard initialization on wayland
(<a
href="https://redirect.github.com/tauri-apps/tauri/issues/9003">#9003</a>)</li>
<li><a
href="1ab0db6352"><code>1ab0db6</code></a>
chore: port PR template from <code>dev</code> branch (<a
href="https://redirect.github.com/tauri-apps/tauri/issues/9004">#9004</a>)</li>
<li><a
href="e816a46b95"><code>e816a46</code></a>
chore: update lock files</li>
<li><a
href="a4b82d9dba"><code>a4b82d9</code></a>
chore: bump tauri-utils</li>
<li>See full diff in <a
href="https://github.com/tauri-apps/tauri/compare/@tauri-apps/cli-v1.5.10...@tauri-apps/cli-v1.5.11">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Reactor Scram <ReactorScram@users.noreply.github.com>
