mirror of
https://github.com/outbackdingo/firezone.git
synced 2026-01-27 18:18:55 +00:00
a2bd667c69
We already have a pretty powerful IPC framework in place to communicate between the GUI and the service process. The deeplink implemenation uses the same IPC mechanisms (UDS / pipes), yet it is effectively a re-implementation of what we already have, just with less functionality. In order to provide a more sophisticated handling of the case where Firezone is launched again while it is already running, we refactor the deeplink module to reuse the existing IPC framework. This makes it quite easy to then reuse this in order to ping the already running Firezone process that a new instance was launched. For now, this doesn't do anything other than writing a log entry. This however lays enough ground-work for us to then implement a more sophisticated handling of that case in the future, e.g. open new windows etc. One caveat here is that we are now trying to connect to an existing IPC socket on every startup, even the first one. Our IPC code has a retry loop of 10 iterations to be more resilient on Windows when connecting to pipes. Without any further changes, this would now delay the start of Firezone always by 1s because we would try to connect to the socket 10x before concluding that we are the first instance. To fix this, we make the number of attempts configurable and set it to 1 when attempting to the GUI IPC socket to avoid unnecessary delays in starting up the Client. Related: #5143.
45 lines
1.2 KiB
Bash
Executable File
45 lines
1.2 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
|
|
# The integration tests call this to test security for Linux IPC.
|
|
# Only users in the `firezone` group should be able to control the privileged tunnel process.
|
|
|
|
source "./scripts/tests/lib.sh"
|
|
|
|
BINARY_NAME=firezone-client-ipc
|
|
FZ_GROUP="firezone-client"
|
|
SERVICE_NAME=firezone-client-ipc
|
|
SOCKET=/run/dev.firezone.client/tunnel.sock
|
|
export RUST_LOG=info
|
|
|
|
cd rust || exit 1
|
|
cargo build --bin "$BINARY_NAME"
|
|
cd ..
|
|
|
|
function debug_exit() {
|
|
systemctl status "$SERVICE_NAME"
|
|
exit 1
|
|
}
|
|
|
|
# Copy the Linux Client out of the build dir
|
|
sudo cp "rust/target/debug/$BINARY_NAME" "/usr/bin/$BINARY_NAME"
|
|
|
|
# Set up the systemd service
|
|
sudo cp "rust/gui-client/src-tauri/deb_files/$SERVICE_NAME.service" /usr/lib/systemd/system/
|
|
sudo cp "scripts/tests/systemd/env" "/etc/default/firezone-client-ipc"
|
|
|
|
# The firezone group must exist before the daemon starts
|
|
sudo groupadd "$FZ_GROUP"
|
|
sudo systemctl start "$SERVICE_NAME" || debug_exit
|
|
|
|
# Make sure the socket has the right permissions
|
|
if [ "root $FZ_GROUP" != "$(stat -c '%U %G' $SOCKET)" ]
|
|
then
|
|
exit 1
|
|
fi
|
|
|
|
# Stop the service in case other tests run on the same VM
|
|
sudo systemctl stop "$SERVICE_NAME"
|
|
|
|
# Explicitly exiting is needed when we're intentionally having commands fail
|
|
exit 0
|