From 493309ebb3860cad747bda97244b387396d0c37a Mon Sep 17 00:00:00 2001 From: Daniel Date: Tue, 16 Apr 2024 15:46:56 +0200 Subject: [PATCH 1/4] Fix build system for correct version metadata --- .earthlyignore | 74 ++++++++++++++++++++++++++++---------- Earthfile | 36 ++++++++----------- cmds/portmaster-core/build | 5 ++- 3 files changed, 75 insertions(+), 40 deletions(-) diff --git a/.earthlyignore b/.earthlyignore index 06918d0b..fb7de17a 100644 --- a/.earthlyignore +++ b/.earthlyignore @@ -1,25 +1,63 @@ -go.work -go.work.sum - -dist/ -node_modules/ - +# Ignore angular outputs. desktop/angular/node_modules desktop/angular/dist desktop/angular/dist-lib desktop/angular/dist-extension desktop/angular/.angular -# Assets are ignored here because the symlink wouldn't work in -# the buildkit container so we copy the assets directly in Earthfile. -desktop/angular/assets - - +# Ignore tauri outputs. desktop/tauri/src-tauri/target -.gitignore -AUTHORS -CODE_OF_CONDUCT.md -LICENSE -README.md -TESTING.md -TRADEMARKS \ No newline at end of file + +####################### +# Copy from .gitignore: + +# Compiled binaries +*.exe +dist/ + +# Dist dir +dist + +# Custom dev deops +go.mod.* + +# vendor dir +vendor + +# testing +testing + +# Compiled Object files, Static and Dynamic libs (Shared Objects) +*.a +*.so + +# Folders +_obj +_test + +# Architecture specific extensions/prefixes +*.[568vq] +[568vq].out + +*.cgo1.go +*.cgo2.c +_cgo_defun.c +_cgo_gotypes.go +_cgo_export.* + +_testmain.go + +*.exe +*.test +*.prof + +# Output of the go coverage tool, specifically when used with LiteIDE +*.out + +# OS specifics +.DS_Store + +# Custom dev scripts +win_dev_* +go.work +go.work.sum diff --git a/Earthfile b/Earthfile index a67bfcce..5acdb828 100644 --- a/Earthfile +++ b/Earthfile @@ -56,37 +56,29 @@ go-deps: go-base: FROM +go-deps - # Only copy go-code related files to improve caching. - # (i.e. do not rebuild go if only the angular app changed) - COPY cmds ./cmds - COPY runtime ./runtime - COPY service ./service - COPY spn ./spn + # Copy the full repo, as Go embeds whether the state is clean. + COPY . . - # The cmds/notifier embeds some icons but go:embed is not allowed - # to leave the package directory so there's a small go-package in - # assets. Once we drop the notify in favor of the tauri replacement - # we can remove the following line and also remove all go-code from - # ./assets - COPY assets ./assets - - # Copy the git folder and extract version information - COPY .git ./.git - - LET version = $(git tag --points-at) - IF [ "${version}" = "" ] - SET version = "$(git describe --tags --abbrev=0)_dev_build" + LET version = "$(git tag --points-at || true)" + IF [ -z "${version}" ] + LET dev_version = "$(git describe --tags --first-parent --abbrev=0 || true)" + IF [ -n "${dev_version}" ] + SET version = "${dev_version}_dev_build" + END END - IF [ "${version}" = "" ] + IF [ -z "${version}" ] SET version = "dev_build" END ENV VERSION="${version}" + RUN echo "Version: $VERSION" LET source = $( ( git remote -v | cut -f2 | cut -d" " -f1 | head -n 1 ) || echo "unknown" ) ENV SOURCE="${source}" + RUN echo "Source: $SOURCE" LET build_time = $(date -u "+%Y-%m-%dT%H:%M:%SZ" || echo "unknown") ENV BUILD_TIME = "${build_time}" + RUN echo "Build Time: $BUILD_TIME" # Explicitly cache here. SAVE IMAGE --cache-hint @@ -204,7 +196,6 @@ angular-deps: COPY desktop/angular/package.json . COPY desktop/angular/package-lock.json . - COPY assets/data ./assets RUN npm install @@ -215,6 +206,9 @@ angular-base: ARG configuration="production" COPY desktop/angular/ . + # Remove symlink and copy assets directly. + RUN rm ./assets + COPY assets/data ./assets IF [ "${configuration}" = "production" ] RUN npm run build-libs diff --git a/cmds/portmaster-core/build b/cmds/portmaster-core/build index 6caafe4a..6f6bb113 100755 --- a/cmds/portmaster-core/build +++ b/cmds/portmaster-core/build @@ -1,7 +1,10 @@ #!/bin/bash # Gather build metadata. -VERSION="$(git tag --points-at)"; test -z "$VERSION" && VERSION="$(git describe --tags --abbrev=0)_dev_build"; test -z "$VERSION" && VERSION="dev_build" +VERSION="$(git tag --points-at)" || true +test -z "$VERSION" && DEV_VERSION="$(git describe --tags --first-parent --abbrev=0)" || true +test -n "$DEV_VERSION" && VERSION="${DEV_VERSION}_dev_build" +test -z "$VERSION" && VERSION="dev_build" SOURCE=$( ( git remote -v | cut -f2 | cut -d" " -f1 | head -n 1 ) || echo "unknown" ) BUILD_TIME=$(date -u "+%Y-%m-%dT%H:%M:%SZ" || echo "unknown") From 154b0454fcbe25bcbae1108f344a323cc26fad9a Mon Sep 17 00:00:00 2001 From: Daniel Date: Tue, 16 Apr 2024 17:12:32 +0200 Subject: [PATCH 2/4] Use new version number metadata endpoint --- service/updates/upgrader.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/service/updates/upgrader.go b/service/updates/upgrader.go index 9467dc73..03ec64db 100644 --- a/service/updates/upgrader.go +++ b/service/updates/upgrader.go @@ -108,7 +108,7 @@ func upgradeCoreNotify() error { pmCoreUpdate = newFile // check for new version - if info.GetInfo().Version != pmCoreUpdate.Version() { + if info.VersionNumber() != pmCoreUpdate.Version() { n := notifications.Notify(¬ifications.Notification{ EventID: "updates:core-update-available", Type: notifications.Info, From 5550c46c5caa1852e9488bcd06eba8f42f09e2af Mon Sep 17 00:00:00 2001 From: Daniel Date: Tue, 16 Apr 2024 17:12:54 +0200 Subject: [PATCH 3/4] Fix not applying permanent verdicts to ICMP --- service/firewall/packet_handler.go | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/service/firewall/packet_handler.go b/service/firewall/packet_handler.go index 6934be5f..46cc83f0 100644 --- a/service/firewall/packet_handler.go +++ b/service/firewall/packet_handler.go @@ -559,10 +559,14 @@ func issueVerdict(conn *network.Connection, pkt packet.Packet, verdict network.V // Enable permanent verdict. if allowPermanent && !conn.VerdictPermanent { - // Only enable if enabled in config and it is not ICMP. - // ICMP is handled differently based on payload, so we cannot use persistent verdicts. - conn.VerdictPermanent = permanentVerdicts() && !reference.IsICMP(conn.Entity.Protocol) - if conn.VerdictPermanent { + switch { + case !permanentVerdicts(): + // Permanent verdicts are disabled by configuration. + case conn.Entity != nil && reference.IsICMP(conn.Entity.Protocol): + case pkt != nil && reference.IsICMP(uint8(pkt.Info().Protocol)): + // ICMP is handled differently based on payload, so we cannot use persistent verdicts. + default: + conn.VerdictPermanent = true conn.SaveWhenFinished() } } From 5eb0f14a85fc19aa38b45846c7551936865f7eb9 Mon Sep 17 00:00:00 2001 From: Daniel Date: Wed, 17 Apr 2024 11:49:37 +0200 Subject: [PATCH 4/4] Update portbase --- go.mod | 2 +- go.sum | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/go.mod b/go.mod index 6585c62b..2a52ff35 100644 --- a/go.mod +++ b/go.mod @@ -33,7 +33,7 @@ require ( github.com/r3labs/diff/v3 v3.0.1 github.com/rot256/pblind v0.0.0-20231024115251-cd3f239f28c1 github.com/safing/jess v0.3.3 - github.com/safing/portbase v0.19.3 + github.com/safing/portbase v0.19.4 github.com/safing/portmaster-android/go v0.0.0-20230830120134-3226ceac3bec github.com/shirou/gopsutil v3.21.11+incompatible github.com/spf13/cobra v1.8.0 diff --git a/go.sum b/go.sum index 28b0fab5..154b520e 100644 --- a/go.sum +++ b/go.sum @@ -249,6 +249,8 @@ github.com/safing/portbase v0.19.2 h1:qGF5Jv9eEE33d2aIxeBQdnitnBoF44BGVFtboqfE+1 github.com/safing/portbase v0.19.2/go.mod h1:Qrh3ck+7VZloFmnozCs9Hj8godhJAi55cmiDiC7BwTc= github.com/safing/portbase v0.19.3 h1:fzb4d2nzhmRq4Lt6sgn9R20iykireAkBNyf9pfGqQjk= github.com/safing/portbase v0.19.3/go.mod h1:Qrh3ck+7VZloFmnozCs9Hj8godhJAi55cmiDiC7BwTc= +github.com/safing/portbase v0.19.4 h1:Oh7oUBp6xn5whhKtvnNKS5rhHqyXJDDxfxwf+gRswhQ= +github.com/safing/portbase v0.19.4/go.mod h1:Qrh3ck+7VZloFmnozCs9Hj8godhJAi55cmiDiC7BwTc= github.com/safing/portmaster-android/go v0.0.0-20230830120134-3226ceac3bec h1:oSJY1seobofPwpMoJRkCgXnTwfiQWNfGMCPDfqgAEfg= github.com/safing/portmaster-android/go v0.0.0-20230830120134-3226ceac3bec/go.mod h1:abwyAQrZGemWbSh/aCD9nnkp0SvFFf/mGWkAbOwPnFE= github.com/safing/spn v0.7.5 h1:WfkMs2omLrwxBWccGGG9Akx0AvsvJLG+W7rjWQpQhl4=