The `expect` attribute is similar to `allow` in that it will silence a
particular lint. In addition to `allow` however, `expect` will fail as
soon as the lint is no longer emitted. This ensures we don't end up with
stale `allow` attributes in our codebase. Additionally, it provides a
way of adding a `reason` to document, why the lint is being suppressed.
Bumps [tailwindcss](https://github.com/tailwindlabs/tailwindcss) from
3.4.7 to 3.4.10.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/tailwindlabs/tailwindcss/releases">tailwindcss's
releases</a>.</em></p>
<blockquote>
<h2>v3.4.10</h2>
<h3>Fixed</h3>
<ul>
<li>Bump versions of plugins in the Standalone CLI (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/14185">#14185</a>)</li>
</ul>
<h2>v3.4.9</h2>
<h3>Fixed</h3>
<ul>
<li>No longer warns when broad glob patterns are detecting
<code>vendor</code> folders</li>
</ul>
<h2>v3.4.8</h2>
<h3>Fixed</h3>
<ul>
<li>Fix minification when using nested CSS (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/14105">#14105</a>)</li>
<li>Warn when broad glob patterns are used in the content configuration
(<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/14140">#14140</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/tailwindlabs/tailwindcss/blob/v3.4.10/CHANGELOG.md">tailwindcss's
changelog</a>.</em></p>
<blockquote>
<h2>[3.4.10] - 2024-08-13</h2>
<h3>Fixed</h3>
<ul>
<li>Bump versions of plugins in the Standalone CLI (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/14185">#14185</a>)</li>
</ul>
<h2>[3.4.9] - 2024-08-08</h2>
<h3>Fixed</h3>
<ul>
<li>No longer warns when broad glob patterns are detecting
<code>vendor</code> folders</li>
</ul>
<h2>[3.4.8] - 2024-08-07</h2>
<h3>Fixed</h3>
<ul>
<li>Fix minification when using nested CSS (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/14105">#14105</a>)</li>
<li>Warn when broad glob patterns are used in the content configuration
(<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/14140">#14140</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="f07dbff2a7"><code>f07dbff</code></a>
3.4.10</li>
<li><a
href="c4f23621e1"><code>c4f2362</code></a>
Bump versions of plugins in the Standalone CLI (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/issues/14185">#14185</a>)</li>
<li><a
href="f65023efb9"><code>f65023e</code></a>
3.4.9</li>
<li><a
href="702ba6aaee"><code>702ba6a</code></a>
Don't warn about broad globs in vendor folders (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/issues/14147">#14147</a>)</li>
<li><a
href="1676118af9"><code>1676118</code></a>
3.4.8</li>
<li><a
href="69c81f2583"><code>69c81f2</code></a>
rename <code>master</code> to <code>main</code></li>
<li><a
href="858696a8bc"><code>858696a</code></a>
Warn when broad glob patterns are used in the content configuration (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/issues/14140">#14140</a>)</li>
<li><a
href="1f23c2e842"><code>1f23c2e</code></a>
Bump to latest cssnano v6 (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/issues/14105">#14105</a>)</li>
<li><a
href="28bd90eefb"><code>28bd90e</code></a>
Automate checksum generation for standalone CLI (<a
href="https://redirect.github.com/tailwindlabs/tailwindcss/issues/14081">#14081</a>)</li>
<li>See full diff in <a
href="https://github.com/tailwindlabs/tailwindcss/compare/v3.4.7...v3.4.10">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [flowbite](https://github.com/themesberg/flowbite) from 2.4.1 to
2.5.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/themesberg/flowbite/releases">flowbite's
releases</a>.</em></p>
<blockquote>
<h2>v2.5.1</h2>
<ul>
<li>fix plugin import error from the config file</li>
</ul>
<h2>v2.5.0</h2>
<ul>
<li>added new DataTable plugin and examples</li>
<li>minor bug fixes and improvements</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="362ad079dc"><code>362ad07</code></a>
chore(version): update to <code>v2.5.1</code></li>
<li><a
href="b30fd48555"><code>b30fd48</code></a>
fix(plugin): remove import</li>
<li><a
href="878ced1b62"><code>878ced1</code></a>
docs(datatables): add to readme</li>
<li><a
href="09105b8429"><code>09105b8</code></a>
chore(version): bump to <code>2.5.0</code></li>
<li><a
href="70411d572a"><code>70411d5</code></a>
docs(datatables): add docs for js init, options, and methods</li>
<li><a
href="fc26a5e4c9"><code>fc26a5e</code></a>
feat(datatables): finish coding the dropdowns for exporting</li>
<li><a
href="bab0a3317f"><code>bab0a33</code></a>
feat(datatables): inject export dropdown button inside table header</li>
<li><a
href="f842793de9"><code>f842793</code></a>
feat(datatables): add basic export files feature</li>
<li><a
href="e56f601069"><code>e56f601</code></a>
docs(datatables): finish row selection example and docs</li>
<li><a
href="ba771d4738"><code>ba771d4</code></a>
feat(datatables): add row selection example</li>
<li>Additional commits viewable in <a
href="https://github.com/themesberg/flowbite/compare/v2.4.1...v2.5.1">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
This moves about 2/3rds of the code from `firezone-gui-client` to
`firezone-gui-client-common`.
I tested it in aarch64 Windows and cycled through sign-in and sign-out
and closing and re-opening the GUI process while the IPC service stays
running. IPC and updates each get their own MPSC channel in this, so I
wanted to be sure it didn't break.
---------
Signed-off-by: Reactor Scram <ReactorScram@users.noreply.github.com>
Co-authored-by: Thomas Eizinger <thomas@eizinger.io>
With this PR we made internet resource disabled by default.
Since no other resource is disalable and internet resource behavior is
particular we remove all client code to make non internet resource
disalable.
Also, since the portal never makes the internet resource that can't be
disabled we remove the whole code path to handle that.
Additionally, some other smaller refactors across the UI wrt internet
resource
Fix#6509
---------
Signed-off-by: conectado <gabrielalejandro7@gmail.com>
Co-authored-by: conectado <conectado@conectados-MacBook-Air.local>
Co-authored-by: Thomas Eizinger <thomas@eizinger.io>
Refs #6547
Given a valid token is on disk, when the Client tries to auto-sign-in to
Firezone and something breaks during sign-in, then...
**Old behavior:** ...then the GUI silently implodes and we can't export
logs. When you restart the GUI, it reloads the token and immediately
implodes again.
**New behavior:** ...then the GUI doesn't silently implode, it silently
signs out. Which is still weird, but exporting logs will work.
This addresses an issue where a customer couldn't export logs while
helping us debug #6547.
Bumps
[@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node)
from 22.0.2 to 22.5.2.
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Updates `windows` crates to 0.58 without the bug in #6551.
Supersedes #6556.
The bug was calling `try_send()?` on an MPSC channel of capacity 1,
which would bail out of the worker thread if we got 2 DNS change
notifications faster than the controller task / thread could process the
first one.
This reverts commit d8f25f9bf8.
#6506 broke the Clients and I guess I didn't do any manual smoke test,
so I didn't catch it.
I have leads for a permanent fix in #6551 but I don't want to leave
`main` broken since it will screw up bisects.
Bumps [keyring](https://github.com/hwchen/keyring-rs) from 3.2.0 to
3.2.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/hwchen/keyring-rs/releases">keyring's
releases</a>.</em></p>
<blockquote>
<h2>v3.2.1: Re-enable access to v1 credentials</h2>
<p>The v3.2.0 release, which fixed <a
href="https://redirect.github.com/hwchen/keyring-rs/issues/204">#204</a>,
had an unfortunate side effect: it broke compatibility with credentials
that were originally written by a v1.x release (see <a
href="https://redirect.github.com/hwchen/keyring-rs/issues/207">#207</a>).
This bug-fix release restores that compatibility.</p>
<p>With this change, the CLI changes in v3.2.0 have been reverted,
because they are no longer necessary.</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="55789e3c5e"><code>55789e3</code></a>
Merge pull request <a
href="https://redirect.github.com/hwchen/keyring-rs/issues/209">#209</a>
from brotskydotcom/issue-207</li>
<li><a
href="a583eb3edb"><code>a583eb3</code></a>
Fix disallowed move in async secret service.</li>
<li><a
href="ae8396a3c0"><code>ae8396a</code></a>
Update version to 3.2.1.</li>
<li><a
href="a1ba734574"><code>a1ba734</code></a>
Update docs.</li>
<li><a
href="42f1ea3e98"><code>42f1ea3</code></a>
Update the README.</li>
<li><a
href="c207407e29"><code>c207407</code></a>
Re-enable access to secret-servce items with no <code>target</code>
attribute.</li>
<li>See full diff in <a
href="https://github.com/hwchen/keyring-rs/compare/v3.2.0...v3.2.1">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
If we get rid of Tauri we'll have to remove `webkit2gtk` and add
`libxdotool3` as dependencies.
For now this does nothing, since we're still using Tauri.
We want to get rid of Tauri because Tauri 1 only works on Ubuntu 22.04
and older, and Tauri 2 only works on 24.04 and newer, and we assume
supporting both Tauri 1 and Tauri 2 side-by-side and bundling them with
a shim is too much work.
However, Tauri's bundler is convenient, especially for Windows MSIs, so
we want to keep that around a little bit longer. To use Tauri's bundler
on Debian without listing WebKit as a dependency and compiling Tauri
itself, we need to hack around it and tell the deb file not to depend on
WebKit.
Supersedes #5913
This required a big refactor because `HANDLE` is no longer `Send` and
was never supposed to be.
So we add a worker thread for listening to DNS changes, since that
requires us to hold a `HANDLE` across `await` points and I couldn't find
any simpler way to do it.
I could add integration tests for this in a future PR that prove the
notifiers work by poking the registry or setting DNS servers and seeing
if we pick up the changes on time. But setting DNS servers without the
tunnel up may be tricky, so I left it out of scope for this PR.
```[tasklist]
- [x] Fix force-kill bug
```
This publishes the 1.3.0 clients and gateways so that Internet Resources
will work.
The feature is still disabled for the Stripe plans until we publish the
launch post. Select customers have the feature enabled.
Closes#2667
Closes#5811
<img width="206" alt="image"
src="https://github.com/user-attachments/assets/a2c46bb6-c76a-49ca-a933-4363597d4029">
- Waits a random amount of time up to 24 hours before the first network
check, to avoid the thundering herd problem
- Polls every 24 hours (86,400 seconds) after that
- Saves the network response to disk so we ~~can show "Update ready"
immediately at startup~~ won't notify twice about the same version
- Not clear whether suspending the computer suspends the timer - "it is
also not specified whether system suspends count as elapsed time or not.
The behavior varies across platforms and Rust versions."
---------
Signed-off-by: Reactor Scram <ReactorScram@users.noreply.github.com>
- No known issues from the knowledge base were fixed
- I confirmed on the Windows laptop that the fix for #6469 is in this
MSI.
- The changelog looks good in the Vercel preview
---------
Signed-off-by: Reactor Scram <ReactorScram@users.noreply.github.com>
Closes#6289
Since the IPC service deletes its own logs now, we don't need to allow
users in the group `firezone-client` to have write permissions on the
logs
[Refs](https://github.com/firezone/firezone/pull/6299#discussion_r1724108733)
The problem right now, after #6325 we send the internet resource up to
the clients. The clients expect a certain format for the resources and
panic if it isn't followed.
Particularly, in the case of no `address` or no `name`.
To fix this, we add a name and an address for the internet resource when
it is converted to the callback type.
Setting the `name` at that point actually makes a lot of sense since it
homogenizes the name across all platforms. But the internet resource
having an address makes no sense.
So in a next PR, when I do the last UI changes I plan to make `address`
optional for all resources on the clients and specialize the display of
the internet resource.
For now I wanted to get this in so that we don't ever panic on the
internet resource existing. (This was tested on all platforms and it
works)
Closes#6175 (formerly closed as unable to replicate)
In some cases GNOME keyring will hide the attributes of credentials, so
`keyring` would throw an `Ambiguous` error when trying to sign in or
sign out, making it impossible to do anything.
The new version of `keyring` unlocks the keyring in this case, so the
attributes are shown and we can sign in correctly.
Thanks to @brotskydotcom for debugging and fixing this!
The output of `git describe` always refers to the last tag that it can
find. This leads to confusing versions being printed such as:
```
2024-08-19T00:24:08.983891Z INFO firezone_headless_client: arch="x86_64" git_version="gateway-1.1.5-30-gf82fee162-modified"
```
Note that this is code running in the headless-client and it refers to
the gateway tag. Whilst not wrong from git's PoV, it is certainly
confusing.
We can fix this by providing a glob-pattern to `git describe` via
`--match`. This makes git ignore any other tags and print a version
identifier that refers to the current program:
```
2024-08-19T00:39:48.634191Z INFO firezone_headless_client: arch="x86_64" git_version="headless-client-1.1.7-31-ga08a3411d-modified"
```
Bumps [minidumper](https://github.com/EmbarkStudios/crash-handling) from
0.8.2 to 0.8.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/EmbarkStudios/crash-handling/releases">minidumper's
releases</a>.</em></p>
<blockquote>
<h2>minidumper-0.8.3</h2>
<ul>
<li>Lint fix</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="a5553466de"><code>a555346</code></a>
chore: Release</li>
<li><a
href="45a469c86e"><code>45a469c</code></a>
chore: Release</li>
<li><a
href="d4d6f25cce"><code>d4d6f25</code></a>
chore: Release</li>
<li><a
href="7818928239"><code>7818928</code></a>
Update CHANGELOGs</li>
<li><a
href="e524a897c2"><code>e524a89</code></a>
Add heap corruption exception handling (<a
href="https://redirect.github.com/EmbarkStudios/crash-handling/issues/86">#86</a>)</li>
<li>See full diff in <a
href="https://github.com/EmbarkStudios/crash-handling/compare/minidumper-0.8.2...minidumper-0.8.3">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Parsing the current Git version within `firezone-bin-shared` means this
crate (and all its dependents) need to be rebuilt everytime one makes a
commit, even if none of the code actually changes.
To avoid this whilst still allowing `firezone-bin-shared` to export a
useful, shared function, we export a macro instead that can be called
from the respective crates that need the GIT version. This means only
those binaries will be marked as dirty and rebuilds of e.g. unit tests
don't need to rebuild these workspace crates.
Last PR for #6074
This adds Enable/Disable for tauri clients.
In windows, edge seems to hold on to the sockets for a bit too long
after disabling the resources. This will be solved for the internet
resource probably by modifying the firewall, in another PR.
With the upgrade to 0.23, `tokio-tungstenite` pulls in `rustls` 0.27
which supports multiple crypto providers. By default, this uses the
`aws-lc-crypto` provider. The previous default was `ring`.
This PR bumps the necessary versions and installs the `ring` crypto
provider at the beginning of each application, before connlib starts. We
try and do this as early as possible to make it obvious that it only
needs to happen once per process.
Resolves: #5380.
Currently, `connlib` can only handle "simple" DNS wildcards where `*`
matches any number of subdomains, including zero and `?` matches a
single subdomain.
With this PR, we expand `connlib'`s capabilities to allow for a much
more complex matching of domains that more closely resembles glob
patterns:
- `**` matches any number of subdomains. This supersedes the previous
`*` operator.
- `*` matches a single subdomain. This supersedes the previous `?`
operator.
- `?` matches a single character. This wasn't possible before.
- Additionally, any of these can be combined. Previously, only `*` or
`?` was allowed and they were only accepted at the front of the domain
name pattern.
Resolves: #5056.
---------
Signed-off-by: Thomas Eizinger <thomas@eizinger.io>
Closes#5453
Tested once on the Windows aarch64 VM. Should always leave 4 files
behind, a `.log` and a `.jsonl` for the GUI and for the IPC service. The
"log directory" is a bit of a lie since it's consistently 2 directories
on both platforms now.
```[tasklist]
- [x] Update changelog
- [x] Make a note to remove the known issue from the website when the next release is cut after this PR merges
```
Most of `connlib-shared` exists only for historical reasons. The
`Tunnel` has since been decoupled from the `Callbacks` and most error
variants on `ConnlibError` are not actually used.
This allows us to move a few things around and trim down `ConnlibError`
to just the variants that actually cause a call to `on_disconnect`.
Moving everything related to `proptest`s to `firezone-tunnel` also
requires us to delete the specialisation for printing IDs in a shorter
format during the tests. That is a bit unfortunate but was always kind
of a hack. I'd rather make progress on getting rid of `connlib-shared`
though and perhaps re-introduce that feature once the messages are fully
moved into the tunnel.
Related: #4470.
Setting up a logger is something that pretty much every entrypoint needs
to do, be it a test, a shared library embedded in another app or a
standalone application. Thus, it makes sense to introduce a dedicated
crate that allows us to bundle all the things together, how we want to
do logging.
This allows us to introduce convenience functions like
`firezone_logging::test` which allow you to construct a logger for a
test as a one-liner.
Crucially though, introducing `firezone-logging` gives us a place to
store a default log directive that silences very noisy crates. When
looking into a problem, it is common to start by simply setting the
log-filter to `debug`. Without further action, this floods the output
with logs from crates like `netlink_proto` on Linux. It is very unlikely
that those are the logs that you want to see. Without a preset filter,
the only alternative here is to explicitly turn off the log filter for
`netlink_proto` by typing something like
`RUST_LOG=netlink_proto=off,debug`. Especially when debugging issues
with customers, this is annoying.
Log filters can be overridden, i.e. a 2nd filter that matches the exact
same scope overrides a previous one. Thus, with this design it is still
possible to activate certain logs at runtime, even if they have silenced
by default.
I'd expect `firezone-logging` to attract more functionality in the
future. For example, we want to support re-loading of log-filters on
other platforms. Additionally, where logs get stored could also be
defined in this crate.
---------
Signed-off-by: Thomas Eizinger <thomas@eizinger.io>
Co-authored-by: Reactor Scram <ReactorScram@users.noreply.github.com>
