mirror of
https://github.com/outbackdingo/firezone.git
synced 2026-01-27 10:18:54 +00:00
1bdba3601a
The name IPC service is not very descriptive. By nature of being separate processes, we need to use IPC to communicate between them. The important thing is that the service process has control over the tunnel. Therefore, we rename everything to "Tunnel service". The only part that is not changed are historic changelog entries. Resolves: #9048
45 lines
1.2 KiB
Bash
Executable File
45 lines
1.2 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
|
|
# The integration tests call this to test security for Linux IPC.
|
|
# Only users in the `firezone` group should be able to control the privileged tunnel process.
|
|
|
|
source "./scripts/tests/lib.sh"
|
|
|
|
BINARY_NAME=firezone-client-tunnel
|
|
FZ_GROUP="firezone-client"
|
|
SERVICE_NAME=firezone-client-tunnel
|
|
SOCKET=/run/dev.firezone.client/tunnel.sock
|
|
export RUST_LOG=info
|
|
|
|
cd rust || exit 1
|
|
cargo build --bin "$BINARY_NAME"
|
|
cd ..
|
|
|
|
function debug_exit() {
|
|
systemctl status "$SERVICE_NAME"
|
|
exit 1
|
|
}
|
|
|
|
# Copy the Linux Client out of the build dir
|
|
sudo cp "rust/target/debug/$BINARY_NAME" "/usr/bin/$BINARY_NAME"
|
|
|
|
# Set up the systemd service
|
|
sudo cp "rust/gui-client/src-tauri/deb_files/$SERVICE_NAME.service" /usr/lib/systemd/system/
|
|
sudo cp "scripts/tests/systemd/env" "/etc/default/firezone-client-tunnel"
|
|
|
|
# The firezone group must exist before the daemon starts
|
|
sudo groupadd "$FZ_GROUP"
|
|
sudo systemctl start "$SERVICE_NAME" || debug_exit
|
|
|
|
# Make sure the socket has the right permissions
|
|
if [ "root $FZ_GROUP" != "$(stat -c '%U %G' $SOCKET)" ]
|
|
then
|
|
exit 1
|
|
fi
|
|
|
|
# Stop the service in case other tests run on the same VM
|
|
sudo systemctl stop "$SERVICE_NAME"
|
|
|
|
# Explicitly exiting is needed when we're intentionally having commands fail
|
|
exit 0
|