Awesome Privacy

Recent Commits

• Reactor Scram (28 Mar 24)

  test(firezone-tunnel): create a tunnel device in unit tests during CI (#4254) This catches two of the mutants, according to `cargo-mutants`. ~~Unfortunately since `cargo test` runs in one process, it's all-or-nothing for sudo, this will run all unit tests as sudo.~~ (This explanation is not exactly correct, `cargo test` does run _a_ subprocess, but still, there is no way to request sudo or non-sudo runners for specific tests, since it's just an environment variable, and since many tests run in parallel in different threads of the same process.) Here it is passing in Linux: https://github.com/firezone/firezone/actions/runs/8382799272/job/22957555987#step:5:3160 And Windows: https://github.com/firezone/firezone/actions/runs/8382799272/job/22957558003#step:5:1006 ```[tasklist] ### Before merging - [x] Try `#[ignore]` attribute - [x] Fail gracefully if `sudo` isn't available ```

• Reactor Scram (28 Mar 24)

  chore(firezone-tunnel): allow `cargo-mutants` to see Tun impls (#4253) Refs #3776 I think `Tun` could use some automated coverage, so here's the baseline if this PR goes in: For `cargo mutants -p firezone-tunnel -p firezone-gui-client --file connlib/tunnel/src/client.rs --file connlib/tunnel/src/device_channel/tun_windows.rs`, 113 mutants tested, 68 missed For `tun_linux.rs`, 128 tested, 76 missed This is only counting the unit tests, not integration tests or anything, but it's nice if we can cover some I/O stuff like `wintun` in unit tests locally.

• Thomas Eizinger (28 Mar 24)

  chore(phoenix-channel): reset heartbeat on reconnect (#4361) Looking through the logs of https://github.com/firezone/firezone/issues/4348, I noticed that we would instantly reconnect to the portal due to a "missed heartbeat" if the connection was reset for any other error. That happens because the timer within `Heartbeat` was still active and would immediately fire was soon as we are connected. To fix this, we introduce a `reset` method that gets called every time we establish a connection to the portal.

• Thomas Eizinger (28 Mar 24)

  chore: apply lints consistently across workspace (#4357) Motivated by: #4340. I also activated [`clippy::unnnecessary_wraps`](https://rust-lang.github.io/rust-clippy/master/#/unnecessary_wraps) which does create some false-positives for the platform-specific code but is IMO overall a net-positive. With the amount of Rust code and crates increasing, it is good to have tools point out simplifications like these as they are otherwise hard to spot, especially across crate boundaries.

• Gabi (28 Mar 24)

  chore(connlib): unit tests for additional fields in messages (#4337) Fixes #4308

• Gabi (28 Mar 24)

  feat(connlib): react to config updates (#4322) * Move the resource changes to `ClientState` to unit test easier * Add unit tests * Set new config on update from portal * Set parameters as told by portal on re-init Fixes: #2728

• Andrew Dryga (28 Mar 24)

  hotfix: reload dns config before sending it

• Andrew Dryga (28 Mar 24)

  hotfix: slug extraction from not formatted hubspot website url

• Reactor Scram (27 Mar 24)

  chore(phoenix-channel): remove stray `dbg` (#4340) This was introduced in #4296 and I'm guessing it shouldn't be there because we are standardized on `tracing::*` and this goes straight to stderr, can't be filtered out, etc.

• Reactor Scram (27 Mar 24)

  fix(apple client): sign in crash, closes #4350 (#4353)

• Andrew Dryga (27 Mar 24)

  chore(portal): Temporarily hide address description (#4351) Closes #4250

• Andrew Dryga (27 Mar 24)

  chore(portal): Encode client reply pid and socket ref instead of storing it (#4349)

• Brian Manifold (27 Mar 24)

  fix(portal): Fix bug in actor edit page preventing updates (#4347) Why: * A bug was present in the actor edit page that prevented updating an actor due to managed and synced groups being sent as part of the form submission. Along with that, if a user manually removed the managed group(s) from the form submission, the actor being edited would be removed from the managed group, which should not be allowed. * There was also another small bug which prevent an admin actor from being updated at all if they were the only admin in the account.

• Andrew Dryga (27 Mar 24)

  fix(portal): Allow deleting synced actors after all identities are removed (#4346)

• Andrew Dryga (27 Mar 24)

  fix(portal): Fix pagination issues with flows and activities, improve error handling around live tables (#4330) Fixes issues from logs. Closes #4274 and similar issues for activities. Simplifies error handling for live tables (we just reset filters with a message when they are invalid because just showing an error 422 is not actionable).

• Jamil (27 Mar 24)

  chore(apple): Fix tunnelStore state bug = .invalid (#4343) Fixes an issue caused by the order of PRs getting merged... I would prefer keeping the number of PRs lower for Apple until we can get some tests in to prevent semantic/developer bugs.

• Jamil (27 Mar 24)

  fix(apple): sync tunnel configuration after saving (#4338) Fixes #4321 Fixes #4339

• Gabi (27 Mar 24)

  fix(connlib): only update the interface when setting dns if the effective dns changed (#4327) Supersedes #4320, closes #4318 Updates the interface if effective dns have changed. Fixes a bug where we could set upstream_dns to have sentinel dns Adds corresponding unit tests. --------- Signed-off-by: Gabi <gabrielalejandro7@gmail.com> Co-authored-by: Reactor Scram <ReactorScram@users.noreply.github.com>

• Andrew Dryga (27 Mar 24)

  Deploy more relays Closes #4043

• Jamil (27 Mar 24)

  chore(gui-client): Remove unused Tauri app icons (#4304) Not sure if this will fix #3999 but the ~~colors for the existing icon are wrong, so we need to fix them anyway.~~ Removes unused Tauri app icons. Refs #3999

• Jamil (27 Mar 24)

  fix(apple): Use keychain from the tunnel process *only* (#4335) This fixes another long-standing bug with the Apple client: Keychain groups. Apple's Keychain docs are woefully unclear and lacking on the Keychain. These are the main takeaways: - Apple wants you to use the "[Data protection keychain](https://developer.apple.com/documentation/security/ksecusedataprotectionkeychain)" on macOS which allows it to behave like an iOS keychain. That opens up the door for possible to sync to iCloud (which we don't use). - Data protection keychain items, [it appears](https://forums.developer.apple.com/forums/thread/710758), cannot be created by Network Extensions. - However, we _can_ save to the regular keychain (by default the system keychain for root procs like us), which is file-based. - Keychain items can be shared (both read/write) between apps, but **not between users**. The tunnel process and gui process run as different users. The only way for this to happen is to use the old file-based Keychain and use [very deprecated](https://developer.apple.com/documentation/technotes/tn3137-on-mac-keychains) APIs to allow both "users" access, which is what we were doing before. - To fix this, we limit all keychain operations to the tunnel proc only. The GUI passes the auth token in during the `startTunnel` call, which the system then passes to our `PacketTunnelProvider` class. This uses the file-based Keychain, but since we need to use that keychain as the root tunnel proc, we don't have much choice. The "Allow access" dialog bug on macOS 12 is fixed by the fact that we are only accessing it from the same user (tunnel proc) that created it now.

• Jamil (27 Mar 24)

  fix(apple): Avoid getting stuck at the "load resources" view (#4336) This was a race condition that was covered up by the long connecting time of the old tunnel, and is now more prevalent because we connect much more quickly. The issue was that we respond to changes in the tunnel's status and resource list separately, which can cause an issue where the view moved to the `connected` state before the resource list is initialized. Since those vars don't get updated after that, the view gets stuck in that state. This PR fixes that by combining those handlers into a single one that responds to either so we'll end up at a view that's populated and connected.

• Jamil (27 Mar 24)

  fix(apple): Debounce sign in button (#4334) The handler for opening the webview can sometimes take a few seconds, so this is to prevent users from accidentally double-tapping the sign in button.

• Reactor Scram (27 Mar 24)

  feat(linux-client): load token from `/etc/dev.firezone.client` ... (#4328) If it's not in CLI / env var This is more convenient for development, and it's a step towards getting the systemd service to work. The token: - Can't go in `/usr/lib/systemd/system/firezone-client.service` because that file is updated by `dpkg` - Probably shouldn't be in the CLI because CLI args can be seen by other processes - Could go in env vars, but those can also be snooped in theory It has to be stored on disk somewhere for headless operation, so we can just read it directly from disk.

• Reactor Scram (27 Mar 24)

  chore(windows-client): change "About" to "About Firezone" to match macOS Client (#4326) Closes #4325 Also extracted string constants for some of the system tray menu stuff.

• Jamil (27 Mar 24)

  feat(apple): Handle network changes reliably on macOS and iOS (#4133) Tried to organize this PR into commits so that it's a bit easier to review. 1. Involves simplifying the logic in Adapter.swift so that us mortals can maintain it confidently: - The `.stoppingTunnel`, `.stoppedTunnelTemporarily`, and `.stoppingTunnelTemporarily` states have been removed. - I also removed the `self.` prefix from local vars when it's not necessary to use it, to be more consistent. - `onTunnelReady` and `getSystemDefaultResolvers` has been removed, and `onUpdateRoutes` wired up, along with cleanup necessary to support that. 2. Involves adding the `reconnect` and `set_dns` stubs in the FFI and fixing the log filter so that we can log them (see #4182 ) 3. Involves getting the path update handler working well on macOS using `SystemConfiguration` to read DNS servers. 4. Involves getting the path update handler working well on iOS by employing careful trickery to prevent path update cycles by detecting if `path.gateways` has changed, and avoid setting new DNS if it hasn't. Refs #4028 Fixes #4297 Fixes #3565 Fixes #3429 Fixes #4175 Fixes #4176 Fixes #4309 --------- Signed-off-by: Jamil <jamilbk@users.noreply.github.com> Co-authored-by: Reactor Scram <ReactorScram@users.noreply.github.com>

• Gabi (27 Mar 24)

  chore: set rust log level to info for gateways and client (#4319) - [x] Updated log level string for client and gateways to info or higher - [x] Update logs to hide DNS information I also removed `hickory_resolve` errors which could contain sensitive info from our general error and hide the logs that specifically relates to them. @bmanifold double checking that the log levels in the gateway's `*.tf` files are just used for our own gateways. Also, the relays still have `debug`, since only we see that I think that makes sense but double checking with @jamilbk Fixes: #3618. --------- Signed-off-by: Gabi <gabrielalejandro7@gmail.com> Co-authored-by: Reactor Scram <ReactorScram@users.noreply.github.com>

• dependabot[bot] (26 Mar 24)

  build(deps): Bump axum from 0.7.4 to 0.7.5 in /rust (#4298) Bumps [axum](https://github.com/tokio-rs/axum) from 0.7.4 to 0.7.5. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/tokio-rs/axum/releases">axum's releases</a>.</em></p> <blockquote> <h2>axum-extra - v0.7.5</h2> <ul> <li><strong>fixed:</strong> Remove explicit auto deref from <code>PrivateCookieJar</code> example (<a href="https://redirect.github.com/tokio-rs/axum/issues/2028">#2028</a>)</li> </ul> <p><a href="https://redirect.github.com/tokio-rs/axum/issues/2028">#2028</a>: <a href="https://redirect.github.com/tokio-rs/axum/pull/2028">tokio-rs/axum#2028</a></p> <h2>axum - v0.7.5</h2> <ul> <li><strong>fixed:</strong> Fixed layers being cloned when calling <code>axum::serve</code> directly with a <code>Router</code> or <code>MethodRouter</code> (<a href="https://redirect.github.com/tokio-rs/axum/issues/2586">#2586</a>)</li> <li><strong>fixed:</strong> <code>h2</code> is no longer pulled as a dependency unless the <code>http2</code> feature is enabled (<a href="https://redirect.github.com/tokio-rs/axum/issues/2605">#2605</a>)</li> </ul> <p><a href="https://redirect.github.com/tokio-rs/axum/issues/2586">#2586</a>: <a href="https://redirect.github.com/tokio-rs/axum/pull/2586">tokio-rs/axum#2586</a> <a href="https://redirect.github.com/tokio-rs/axum/issues/2605">#2605</a>: <a href="https://redirect.github.com/tokio-rs/axum/pull/2605">tokio-rs/axum#2605</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/tokio-rs/axum/commit/ef8a9e812c1b49b61d21813cb30f5982d8da56df"><code>ef8a9e8</code></a> Release axum and axum-extra (<a href="https://redirect.github.com/tokio-rs/axum/issues/2676">#2676</a>)</li> <li><a href="https://github.com/tokio-rs/axum/commit/c6fd8528446e8738d14a0e6e916acea51f951330"><code>c6fd852</code></a> Update <code>sync_wrapper</code> to 1.0.0 from 0.1.1</li> <li><a href="https://github.com/tokio-rs/axum/commit/2ec68d6c4dab10b83b9195c3acd4ccc7c26d0e8a"><code>2ec68d6</code></a> Add rejection tracing to all extractors (<a href="https://redirect.github.com/tokio-rs/axum/issues/2584">#2584</a>)</li> <li><a href="https://github.com/tokio-rs/axum/commit/2ce382f0ab18bee084b2eda2248d163d79bd8fc7"><code>2ce382f</code></a> Remove h2 from dependencies when http2 feature is off (<a href="https://redirect.github.com/tokio-rs/axum/issues/2605">#2605</a>)</li> <li><a href="https://github.com/tokio-rs/axum/commit/8b13d4cf3c75beed927f08502e87d8f8b505102d"><code>8b13d4c</code></a> Add axum-typed-routing to ECOSYSTEM.md (<a href="https://redirect.github.com/tokio-rs/axum/issues/2608">#2608</a>)</li> <li><a href="https://github.com/tokio-rs/axum/commit/19f6f7900f4997c23dfe978c7e903211f98a624c"><code>19f6f79</code></a> Fix layers being cloned for each request (<a href="https://redirect.github.com/tokio-rs/axum/issues/2586">#2586</a>)</li> <li><a href="https://github.com/tokio-rs/axum/commit/3569950a2e5a8ccee481a1b7632638a976a0cd7d"><code>3569950</code></a> Make nightly_error_messages feature compatible with latest nightly</li> <li><a href="https://github.com/tokio-rs/axum/commit/b6b203b3065e4005bda01efac8429176da055ae2"><code>b6b203b</code></a> fix typo in prometheus_metrics_example (<a href="https://redirect.github.com/tokio-rs/axum/issues/2627">#2627</a>)</li> <li><a href="https://github.com/tokio-rs/axum/commit/b03f6c1184723bdc079215222fc168ef96847dea"><code>b03f6c1</code></a> Fix typo in CONTRIBUTING.md (<a href="https://redirect.github.com/tokio-rs/axum/issues/2612">#2612</a>)</li> <li><a href="https://github.com/tokio-rs/axum/commit/4d65ba0215b57797193ec49245d32d4dd79bb701"><code>4d65ba0</code></a> ci: Unbreak cargo-deny action (<a href="https://redirect.github.com/tokio-rs/axum/issues/2613">#2613</a>)</li> <li>Additional commits viewable in <a href="https://github.com/tokio-rs/axum/compare/axum-v0.7.4...axum-v0.7.5">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

• Reactor Scram (26 Mar 24)

  chore(gui-client): update process split doc (#4269) On ice until after GA ```[tasklist] # Before merging - [x] Re-frame it as upgrading the Linux CLI to add IPC / systemd autostart support instead of replacing the CLI (thanks Thomas) ```

• Gabi (26 Mar 24)

  chore(android): remove onTunnelReady callback (#4315) Fixes #4223