This was a bug in my test harness, not `firezone-connection`:
For the relay test to succeed, we need to communicate all candidates
between the partys. I noticed that in the tests that failed, one side
did not receive all the candidates. In particular, the `relay` candidate
was sometimes missing which makes it impossible for the two clients to
communicate.
The candidates are communicated over redis and the events from redis are
retrieved together with polling of the event-loop. `tokio::select!`
polls those futures simultaneously but **drops** the other one when one
becomes ready. If that future is "half-way" through receiving a
candidate from the redis DB, it will be lost.
To mitigate this, we now use an `mpsc::channel` between the `Eventloop`
and a separately spawned task that can read from redis without being
interrupted.
Bumps [plug_cowboy](https://github.com/elixir-plug/plug_cowboy) from
2.6.1 to 2.6.2.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/elixir-plug/plug_cowboy/blob/master/CHANGELOG.md">plug_cowboy's
changelog</a>.</em></p>
<blockquote>
<h2>v2.6.2</h2>
<h3>Enhancements</h3>
<ul>
<li>Fix warnings on Elixir v1.15+</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="9b9151e501"><code>9b9151e</code></a>
Release v2.6.2</li>
<li><a
href="3960916cf0"><code>3960916</code></a>
Fix calls to deprecated Logger.warn/2 (<a
href="https://redirect.github.com/elixir-plug/plug_cowboy/issues/94">#94</a>)</li>
<li>See full diff in <a
href="https://github.com/elixir-plug/plug_cowboy/compare/v2.6.1...v2.6.2">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Test basic connectivity with the headless client after the portal API
restarts.
Based on top of #3364 to test that portal restarts don't cause a
cascading failure.
Bumps [env_logger](https://github.com/rust-cli/env_logger) from 0.10.1
to 0.10.2.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/rust-cli/env_logger/blob/main/CHANGELOG.md">env_logger's
changelog</a>.</em></p>
<blockquote>
<h2>[0.10.2] - 2024-01-18</h2>
<h3>Performance</h3>
<ul>
<li>Avoid extra UTF-8 validation performed in some cases</li>
</ul>
<h3>Fixes</h3>
<ul>
<li>Ensure custom pipes/stdout get flushed</li>
<li>Don't panic on broken pipes when <code>color</code> is disabled</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="7929b7fc3d"><code>7929b7f</code></a>
chore: Release env_logger version 0.10.2</li>
<li><a
href="3df552c315"><code>3df552c</code></a>
docs: Update changelog</li>
<li><a
href="6ec4104864"><code>6ec4104</code></a>
Merge pull request <a
href="https://redirect.github.com/rust-cli/env_logger/issues/296">#296</a>
from epage/refactor</li>
<li><a
href="939687dd75"><code>939687d</code></a>
style: Make clippy happy</li>
<li><a
href="c088820ae8"><code>c088820</code></a>
fix(fmt): Ensure stream gets flushed</li>
<li><a
href="2b3f26fc29"><code>2b3f26f</code></a>
perf(fmt): Avoid UTF-8 validation</li>
<li><a
href="7428386da3"><code>7428386</code></a>
refactor(fmt): Pull out stream lookup from write</li>
<li><a
href="e8674a237b"><code>e8674a2</code></a>
refactor(fmt): Consolidate target printing</li>
<li><a
href="f5f3392886"><code>f5f3392</code></a>
refactor(fmt): Pull is_test into the target</li>
<li><a
href="87008fdf78"><code>87008fd</code></a>
fix(fmt): Don't panic on broken pipes without termcolor</li>
<li>Additional commits viewable in <a
href="https://github.com/rust-cli/env_logger/compare/v0.10.1...v0.10.2">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [ex_cldr_numbers](https://github.com/elixir-cldr/cldr_numbers)
from 2.32.3 to 2.32.4.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/elixir-cldr/cldr_numbers/releases">ex_cldr_numbers's
releases</a>.</em></p>
<blockquote>
<h2>Cldr Numbers version 2.32.4</h2>
<h3>Bug Fixes</h3>
<ul>
<li>Fix formatting a number when a currency is specified but the format
has no currency symbol. Closes <a
href="https://redirect.github.com/kipcole9/money/issues/162">ex_money
162</a>.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/elixir-cldr/cldr_numbers/blob/main/CHANGELOG.md">ex_cldr_numbers's
changelog</a>.</em></p>
<blockquote>
<h2>Cldr Numbers v2.32.4</h2>
<p>This is the changelog for Cldr v2.32.4 released on January 18th,
2023. For older changelogs please consult the release tag on <a
href="https://github.com/elixir-cldr/cldr_numbers/tags">GitHub</a></p>
<h3>Bug Fixes</h3>
<ul>
<li>Fix formatting a number when a currency is specified but the format
has no currency symbol. Closes <a
href="https://redirect.github.com/kipcole9/money/issues/162">ex_money
162</a>.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="2dbb8a4630"><code>2dbb8a4</code></a>
Fix formatting number with currency but format has no currency
symbol</li>
<li><a
href="86d70c1243"><code>86d70c1</code></a>
Fix changelog version</li>
<li>See full diff in <a
href="https://github.com/elixir-cldr/cldr_numbers/compare/v2.32.3...v2.32.4">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
In case of symmetric NATs, `firezone-connection` needs to fallback to
using TURN to allow peers to communicate with each other. Usage of TURN
requires us to make an allocation on each TURN server and bind channels
for each socket that we expect the remote to send data from. Once set
up, `str0m`s ICE state machine will select a candidate pair for us which
in the case of symmetric NATs will be a pair of relay candidates.
Allocations and channels are what makes operating a TURN server
expensive. As a result, the spec requires those to be continuously
refreshed if they are still in use. `firezone-connection` handles this
in the `Allocation` state machine.
Last but not least, this PR also slightly changes the API to tell the
caller from which source socket it has to send the data. This is
important to make hole-punching work if we are listening on multiple
sockets.
* Small typo in AWS bastion host was preventing unattended upgrades.
* Update all AWS modules to recreate the EC2 instance if the `user_data`
is ever changed.
Currently, only the gateway has a reconnect logic for (transient) errors
when connecting to the portal. Instead of duplicating this for the
relay, I moved the reconnect state machine to `phoenix-channel`. This
means the relay now automatically gets it too and in the future, the
clients will also benefit from it.
As a nice benefit, this also greatly simplifies the gateway's
`Eventloop` and removes a bunch of cruft with channels.
Resolves: #2915.
- [x] Confirm that the PID of the pipe client matches the PID of the
subprocess we just spawned
- [x] (redundant?) Send a unique cookie to the child process' stdin and
require it to be echoed back over the named pipe. An attacker could not
intercept the token since the stdin belongs to the subprocess we just
spawned
I didn't realize, but named pipes and CLI args are both readable by
other process, so any other process could connect to our named pipe and
do a MITM.
I don't know how Chromium protects itself from this, so I did some
research and just made something up.
After this I'll probably break it up into submodules, `ipc.rs` is about
600 lines and probably more than half is just tests.
---------
Signed-off-by: Reactor Scram <ReactorScram@users.noreply.github.com>
Why:
* The previous terraform was not replacing the EC2 instance when the
`user_data` changed. This resulted in the instance only being restarted,
which meant the latest gateway image would not be pulled down. This also
highlighted the fact that the systemd unit file for the gateway was not
quite correct and if the system were to ever reboot the gateway would
not start automatically. Both issues have been corrected with this
commit.
This required making `allow_access` `async` which is ugly, but we can
fix it later like we did it with `set_peer_connection_request`, but
doing this ASAP otherwise this would block the `peers_by_ip` struct and
also block the executor a bunch of times and slow everything down.
Co-authored-by: Jamil <jamilbk@users.noreply.github.com>
Why:
* The previous command that was used to start the gateway running in AWS
was not explicitly using any `sysctl` flags in the command. This ended
up causing issues with IPv6 in the container, even though the sysctl
properties on the host were set as expected. Adding the `sysctl` flags
to the command allows the container to work as expected.
Bumps [clap](https://github.com/clap-rs/clap) from 4.4.17 to 4.4.18.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/clap-rs/clap/releases">clap's
releases</a>.</em></p>
<blockquote>
<h2>v4.4.18</h2>
<h2>[4.4.18] - 2024-01-16</h2>
<h3>Fixes</h3>
<ul>
<li><em>(error)</em> When lacking <code>usage</code> feature, ensure the
list of required arguments is unique</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/clap-rs/clap/blob/master/CHANGELOG.md">clap's
changelog</a>.</em></p>
<blockquote>
<h2>[4.4.18] - 2024-01-16</h2>
<h3>Fixes</h3>
<ul>
<li><em>(error)</em> When lacking <code>usage</code> feature, ensure the
list of required arguments is unique</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="0134f45ff0"><code>0134f45</code></a>
chore: Release</li>
<li><a
href="995ee03277"><code>995ee03</code></a>
docs: Update changelog</li>
<li><a
href="2f1890907e"><code>2f18909</code></a>
Merge pull request <a
href="https://redirect.github.com/clap-rs/clap/issues/5314">#5314</a>
from epage/required</li>
<li><a
href="0a635b9a20"><code>0a635b9</code></a>
fix(parser): Don't duplicate requireds when usage disabled</li>
<li><a
href="e648e086f3"><code>e648e08</code></a>
Merge pull request <a
href="https://redirect.github.com/clap-rs/clap/issues/5311">#5311</a>
from sourcefrog/doc-exitcode</li>
<li><a
href="8c83971b8c"><code>8c83971</code></a>
docs: Link to exit code info</li>
<li><a
href="b250c0b5f5"><code>b250c0b</code></a>
Merge pull request <a
href="https://redirect.github.com/clap-rs/clap/issues/5310">#5310</a>
from epage/pty</li>
<li><a
href="c742b8eb0c"><code>c742b8e</code></a>
chore(complete): Update completest-pty</li>
<li><a
href="f524d84c1d"><code>f524d84</code></a>
chore: Release</li>
<li><a
href="944fb81cf5"><code>944fb81</code></a>
docs: Update changelog</li>
<li>Additional commits viewable in <a
href="https://github.com/clap-rs/clap/compare/v4.4.17...v4.4.18">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [uuid](https://github.com/uuid-rs/uuid) from 1.6.1 to 1.7.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/uuid-rs/uuid/releases">uuid's
releases</a>.</em></p>
<blockquote>
<h2>1.7.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Add missing test for invalid parse_str by <a
href="https://github.com/CXWorks"><code>@CXWorks</code></a> in <a
href="https://redirect.github.com/uuid-rs/uuid/pull/723">uuid-rs/uuid#723</a></li>
<li>Upgrade borsh unstable dependency to v1.0 and make it stable by <a
href="https://github.com/bgeron"><code>@bgeron</code></a> in <a
href="https://redirect.github.com/uuid-rs/uuid/pull/724">uuid-rs/uuid#724</a></li>
<li>Reduce the package size of uuid by <a
href="https://github.com/KodrAus"><code>@KodrAus</code></a> in <a
href="https://redirect.github.com/uuid-rs/uuid/pull/726">uuid-rs/uuid#726</a></li>
<li>Make use of newer Cargo features for specifying dependencies by <a
href="https://github.com/KodrAus"><code>@KodrAus</code></a> in <a
href="https://redirect.github.com/uuid-rs/uuid/pull/727">uuid-rs/uuid#727</a></li>
<li>Prepare for 1.7.0 release by <a
href="https://github.com/KodrAus"><code>@KodrAus</code></a> in <a
href="https://redirect.github.com/uuid-rs/uuid/pull/728">uuid-rs/uuid#728</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/CXWorks"><code>@CXWorks</code></a> made
their first contribution in <a
href="https://redirect.github.com/uuid-rs/uuid/pull/723">uuid-rs/uuid#723</a></li>
<li><a href="https://github.com/bgeron"><code>@bgeron</code></a> made
their first contribution in <a
href="https://redirect.github.com/uuid-rs/uuid/pull/724">uuid-rs/uuid#724</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/uuid-rs/uuid/compare/1.6.1...1.7.0">https://github.com/uuid-rs/uuid/compare/1.6.1...1.7.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="cefc353334"><code>cefc353</code></a>
Merge pull request <a
href="https://redirect.github.com/uuid-rs/uuid/issues/728">#728</a> from
uuid-rs/cargo/1.7.0</li>
<li><a
href="3255b5414b"><code>3255b54</code></a>
prepare for 1.7.0 release</li>
<li><a
href="403bb17c1a"><code>403bb17</code></a>
Merge pull request <a
href="https://redirect.github.com/uuid-rs/uuid/issues/727">#727</a> from
uuid-rs/chore/cargo-cleanup</li>
<li><a
href="b7c6e26fea"><code>b7c6e26</code></a>
make use of newer Cargo features for specifying dependencies</li>
<li><a
href="ed13c73c7c"><code>ed13c73</code></a>
Merge pull request <a
href="https://redirect.github.com/uuid-rs/uuid/issues/726">#726</a> from
uuid-rs/chore/pkg-size</li>
<li><a
href="2e92a3d45f"><code>2e92a3d</code></a>
Merge pull request <a
href="https://redirect.github.com/uuid-rs/uuid/issues/724">#724</a> from
bgeron/borsh-1</li>
<li><a
href="38f01ffccf"><code>38f01ff</code></a>
rename workflow</li>
<li><a
href="eab4b85919"><code>eab4b85</code></a>
reduce the package size of uuid</li>
<li><a
href="421d752847"><code>421d752</code></a>
Make the borsh feature work by itself, without having to specify private
feat...</li>
<li><a
href="2534949aa3"><code>2534949</code></a>
Continue making feature borsh stable, as suggested by <a
href="https://github.com/KordAus"><code>@KordAus</code></a></li>
<li>Additional commits viewable in <a
href="https://github.com/uuid-rs/uuid/compare/1.6.1...1.7.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps
[async-compression](https://github.com/Nullus157/async-compression) from
0.4.5 to 0.4.6.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/Nullus157/async-compression/releases">async-compression's
releases</a>.</em></p>
<blockquote>
<h2>async-compression: v0.4.6</h2>
<ul>
<li>Flush available data in decoder even when there's no incoming
input.</li>
<li>Return errors instead of panicking in all encode and decode
operations.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/Nullus157/async-compression/blob/main/CHANGELOG.md">async-compression's
changelog</a>.</em></p>
<blockquote>
<h2>0.4.6</h2>
<ul>
<li>Flush available data in decoder even when there's no incoming
input.</li>
<li>Return errors instead of panicking in all encode and decode
operations.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="d913b2710c"><code>d913b27</code></a>
Merge pull request <a
href="https://redirect.github.com/Nullus157/async-compression/issues/257">#257</a>
from Nullus157/rel-046</li>
<li><a
href="ea4bb3cd22"><code>ea4bb3c</code></a>
Merge branch 'main' into rel-046</li>
<li><a
href="6e3996d821"><code>6e3996d</code></a>
Merge pull request <a
href="https://redirect.github.com/Nullus157/async-compression/issues/247">#247</a>
from Nullus157/fix-123</li>
<li><a
href="e323ad9c0c"><code>e323ad9</code></a>
chore: prepare release 0.4.6</li>
<li><a
href="db0d11f5f4"><code>db0d11f</code></a>
fix merge error</li>
<li><a
href="22ed0ac4ca"><code>22ed0ac</code></a>
flush data still available in the decoder when no input (<a
href="https://redirect.github.com/Nullus157/async-compression/issues/123">#123</a>)</li>
<li><a
href="7a57dfd374"><code>7a57dfd</code></a>
style: consistent use of io::Error* (<a
href="https://redirect.github.com/Nullus157/async-compression/issues/256">#256</a>)</li>
<li><a
href="5926e78444"><code>5926e78</code></a>
Merge pull request <a
href="https://redirect.github.com/Nullus157/async-compression/issues/255">#255</a>
from garypen/garypen/fewer-panics</li>
<li><a
href="3daaee7b7a"><code>3daaee7</code></a>
Add missing Use statements</li>
<li><a
href="cf7a1df61b"><code>cf7a1df</code></a>
Replacing panics with errors improves the usability of the crate</li>
<li>See full diff in <a
href="https://github.com/Nullus157/async-compression/compare/async-compression-v0.4.5...async-compression-v0.4.6">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [shlex](https://github.com/comex/rust-shlex) from 1.2.0 to 1.3.0.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/comex/rust-shlex/blob/master/CHANGELOG.md">shlex's
changelog</a>.</em></p>
<blockquote>
<h1>1.3.0</h1>
<ul>
<li>Full fix for the high-severity security vulnerability <a
href="https://rustsec.org/advisories/RUSTSEC-2024-0006.html">RUSTSEC-2024-0006</a>
a.k.a. <a
href="https://github.com/comex/rust-shlex/security/advisories/GHSA-r7qv-8r2h-pg27">GHSA-r7qv-8r2h-pg27</a>:
<ul>
<li>Deprecates quote APIs in favor of <code>try_</code> equivalents that
complain about nul bytes.</li>
<li>Also adds a builder API, which allows re-enabling nul bytes without
using the deprecated interface, and in the future can allow other things
(as discussed in quoting_warning).</li>
<li>Adds documentation about various security risks that remain,
particularly with interactive shells.</li>
</ul>
</li>
<li>Adds explicit MSRV of 1.46.0.</li>
</ul>
<h1>1.2.1</h1>
<ul>
<li>Partial fix for the high-severity security vulnerability <a
href="https://rustsec.org/advisories/RUSTSEC-2024-0006.html">RUSTSEC-2024-0006</a>
a.k.a. <a
href="https://github.com/comex/rust-shlex/security/advisories/GHSA-r7qv-8r2h-pg27">GHSA-r7qv-8r2h-pg27</a>
without bumping MSRV:
<ul>
<li>The bytes <code>{</code> and <code>\xa0</code> are now escaped by
quoting functions.</li>
</ul>
</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/comex/rust-shlex/commits">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/firezone/firezone/network/alerts).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Probably needs some refactoring and prettifying before it comes out of
drafts.
---------
Signed-off-by: Reactor Scram <ReactorScram@users.noreply.github.com>
I tested this by temporarily putting panics in `test_ipc_manager` and
`test_ipc_worker`.
It looks like, if a process crashes, Windows will clean up its named
pipe, and the process waiting on the other side of the named pipe will
get an error.
This is good but it's not air-tight - ~~We could still have a situation
where a worker process locks up, and the main process crashes, and the
worker process then leaks.~~ #3311 will fix that
For that case I'll try this
https://stackoverflow.com/questions/53208/how-do-i-automatically-destroy-child-processes-in-windows
---------
Signed-off-by: Reactor Scram <ReactorScram@users.noreply.github.com>
Bumps [wintun](https://github.com/nulldotblack/wintun) from 0.3.2 to
0.4.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/nulldotblack/wintun/releases">wintun's
releases</a>.</em></p>
<blockquote>
<h2>v0.4.0</h2>
<h2>Added</h2>
<ul>
<li><code>Adapter::get_mtu</code>, <code>set_dns_servers</code>, and
<code>Adapter::get_active_network_interface_gateways</code>: <a
href="https://redirect.github.com/nulldotblack/wintun/pull/13">nulldotblack/wintun#13</a></li>
<li><code>Error::ShuttingDown</code>: <a
href="https://redirect.github.com/nulldotblack/wintun/pull/14">nulldotblack/wintun#14</a></li>
</ul>
<h3>Breaking Changes</h3>
<ul>
<li>Adding the <code>ShuttingDown</code> variant to
<code>wintun::Error</code> breaks exhastive matches on previous
versions. <code>wintun::Error</code> is now marked
<code>#[non_exhaustive]</code> to make future additions backwards
compatable</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/nulldotblack/wintun/blob/main/CHANGELOG.md">wintun's
changelog</a>.</em></p>
<blockquote>
<h2>[0.4.0] - 2024-01-12</h2>
<h2>Added</h2>
<ul>
<li><code>Adapter::get_mtu</code>, <code>set_dns_servers</code>, and
<code>Adapter::get_active_network_interface_gateways</code>: <a
href="https://redirect.github.com/nulldotblack/wintun/pull/13">nulldotblack/wintun#13</a></li>
<li><code>Error::ShuttingDown</code>: <a
href="https://redirect.github.com/nulldotblack/wintun/pull/14">nulldotblack/wintun#14</a></li>
</ul>
<h3>Breaking Changes</h3>
<ul>
<li>Adding the <code>ShuttingDown</code> variant to
<code>wintun::Error</code> breaks exhastive matches on previous
versions. <code>wintun::Error</code> is now marked
<code>#[non_exhaustive]</code> to make future additions backwards
compatable</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/nulldotblack/wintun/commits/v0.4.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
</details>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Reactor Scram <ReactorScram@users.noreply.github.com>
Before, any user logging into via the OIDC connector would need to have
an identity created beforehand with their known `sub` id. This presented
a chicken-and-egg scenario where this was only populated in the
`Identity Providers` settings flow by an admin, preventing regular users
from signing in.
With this change, Admins can now create identities for actors and
specify an `email` address or `sub` claim value to match against for
incoming authentications to the connector.
This will allow end-users to authenticate with the configured OIDC
connector.
Fixes#3308
To work around #2975 I want to run connlib in a subprocess.
We're already using Tokio' `named_pipe` module for deep links, so I made
a generic request-response IPC system with it.
This can get merged in as its own PR, and the actual moving of the
connlib `Session` will be a later PR atop this.
Bumps [h2](https://github.com/hyperium/h2) from 0.3.23 to 0.3.24.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/hyperium/h2/releases">h2's
releases</a>.</em></p>
<blockquote>
<h2>v0.3.24</h2>
<h2>Fixed</h2>
<ul>
<li>Limit error resets for misbehaving connections.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/hyperium/h2/blob/v0.3.24/CHANGELOG.md">h2's
changelog</a>.</em></p>
<blockquote>
<h1>0.3.24 (January 17, 2024)</h1>
<ul>
<li>Limit error resets for misbehaving connections.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="7243ab5854"><code>7243ab5</code></a>
Prepare v0.3.24</li>
<li><a
href="d919cd6fd8"><code>d919cd6</code></a>
streams: limit error resets for misbehaving connections</li>
<li>See full diff in <a
href="https://github.com/hyperium/h2/compare/v0.3.23...v0.3.24">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/firezone/firezone/network/alerts).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Closes#3211
Also generally reduces our dependence on Tauri a lot, breaking some
cycles of "I need this initialized to initialize Tauri, but I need Tauri
initialized to initialize this"
Specifically deep linking had some problems:
- Passing PIPE_ID when there was no other possible valid argument
- Production use case accidentally flowed through a debug subcommand
- Unused subcommands that were ready to be removed
Why:
* The Sites edit page was toggling the routing option in the page on and
off every time a change to the page was made (i.e. every time something
was clicked or typed). This was causing the Site to not be editable in
certain situations. It ended up being because the form field value being
set was not consistently the same type. It would come back as either an
atom or a string, but the radio button input was only checking for
atoms.
Fixes: #3239
