Merge pull request #1509 from safing/fix/version-metadata-and-perm-verdicts

Fix version metadata, perm verdicts, build system

.earthlyignore

@@ -1,25 +1,63 @@
-go.work
+# Ignore angular outputs.
-go.work.sum
-
-dist/
-node_modules/
-
 desktop/angular/node_modules
 desktop/angular/dist
 desktop/angular/dist-lib
 desktop/angular/dist-extension
 desktop/angular/.angular
 
-# Assets are ignored here because the symlink wouldn't work in
+# Ignore tauri outputs.
-# the buildkit container so we copy the assets directly in Earthfile.
-desktop/angular/assets
-
-
 desktop/tauri/src-tauri/target
-.gitignore
+
-AUTHORS
+#######################
-CODE_OF_CONDUCT.md
+# Copy from .gitignore:
-LICENSE
+
-README.md
+# Compiled binaries
-TESTING.md
+*.exe
-TRADEMARKS
+dist/
+
+# Dist dir
+dist
+
+# Custom dev deops
+go.mod.*
+
+# vendor dir
+vendor
+
+# testing
+testing
+
+# Compiled Object files, Static and Dynamic libs (Shared Objects)
+*.a
+*.so
+
+# Folders
+_obj
+_test
+
+# Architecture specific extensions/prefixes
+*.[568vq]
+[568vq].out
+
+*.cgo1.go
+*.cgo2.c
+_cgo_defun.c
+_cgo_gotypes.go
+_cgo_export.*
+
+_testmain.go
+
+*.exe
+*.test
+*.prof
+
+# Output of the go coverage tool, specifically when used with LiteIDE
+*.out
+
+# OS specifics
+.DS_Store
+
+# Custom dev scripts
+win_dev_*
+go.work
+go.work.sum

Earthfile

@@ -56,37 +56,29 @@ go-deps:
 go-base:
     FROM +go-deps
 
-    # Only copy go-code related files to improve caching.
+    # Copy the full repo, as Go embeds whether the state is clean.
-    # (i.e. do not rebuild go if only the angular app changed)
+    COPY . .
-    COPY cmds ./cmds
-    COPY runtime ./runtime
-    COPY service ./service
-    COPY spn ./spn
 
-    # The cmds/notifier embeds some icons but go:embed is not allowed
+    LET version = "$(git tag --points-at || true)"
-    # to leave the package directory so there's a small go-package in
+    IF [ -z "${version}" ]
-    # assets. Once we drop the notify in favor of the tauri replacement
+        LET dev_version = "$(git describe --tags --first-parent --abbrev=0 || true)"
-    # we can remove the following line and also remove all go-code from
+        IF [ -n "${dev_version}" ]
-    # ./assets
+            SET version = "${dev_version}_dev_build"
-    COPY assets ./assets
+        END
-
-    # Copy the git folder and extract version information
-    COPY .git ./.git
-
-    LET version = $(git tag --points-at)
-    IF [ "${version}" = "" ]
-        SET version = "$(git describe --tags --abbrev=0)_dev_build"
     END
-    IF [ "${version}" = "" ]
+    IF [ -z "${version}" ]
         SET version = "dev_build"
     END
     ENV VERSION="${version}"
+    RUN echo "Version: $VERSION"
 
     LET source = $( ( git remote -v | cut -f2 | cut -d" " -f1 | head -n 1 ) || echo "unknown" )
     ENV SOURCE="${source}"
+    RUN echo "Source: $SOURCE"
 
     LET build_time = $(date -u "+%Y-%m-%dT%H:%M:%SZ" || echo "unknown")
     ENV BUILD_TIME = "${build_time}"
+    RUN echo "Build Time: $BUILD_TIME"
 
     # Explicitly cache here.
     SAVE IMAGE --cache-hint
@@ -204,7 +196,6 @@ angular-deps:
 
     COPY desktop/angular/package.json .
     COPY desktop/angular/package-lock.json .
-    COPY assets/data ./assets
 
     RUN npm install
 
@@ -215,6 +206,9 @@ angular-base:
     ARG configuration="production"
 
     COPY desktop/angular/ .
+    # Remove symlink and copy assets directly.
+    RUN rm ./assets
+    COPY assets/data ./assets
 
     IF [ "${configuration}" = "production" ]
         RUN npm run build-libs

cmds/portmaster-core/build

@@ -1,7 +1,10 @@
 #!/bin/bash
 
 # Gather build metadata.
-VERSION="$(git tag --points-at)"; test -z "$VERSION" && VERSION="$(git describe --tags --abbrev=0)_dev_build"; test -z "$VERSION" && VERSION="dev_build"
+VERSION="$(git tag --points-at)" || true
+test -z "$VERSION" && DEV_VERSION="$(git describe --tags --first-parent --abbrev=0)" || true
+test -n "$DEV_VERSION" && VERSION="${DEV_VERSION}_dev_build"
+test -z "$VERSION" && VERSION="dev_build"
 SOURCE=$( ( git remote -v | cut -f2 | cut -d" " -f1 | head -n 1 ) || echo "unknown" )
 BUILD_TIME=$(date -u "+%Y-%m-%dT%H:%M:%SZ" || echo "unknown")
 

go.mod

@@ -33,7 +33,7 @@ require (
 	github.com/r3labs/diff/v3 v3.0.1
 	github.com/rot256/pblind v0.0.0-20231024115251-cd3f239f28c1
 	github.com/safing/jess v0.3.3
-	github.com/safing/portbase v0.19.3
+	github.com/safing/portbase v0.19.4
 	github.com/safing/portmaster-android/go v0.0.0-20230830120134-3226ceac3bec
 	github.com/shirou/gopsutil v3.21.11+incompatible
 	github.com/spf13/cobra v1.8.0

go.sum

@@ -249,6 +249,8 @@ github.com/safing/portbase v0.19.2 h1:qGF5Jv9eEE33d2aIxeBQdnitnBoF44BGVFtboqfE+1
 github.com/safing/portbase v0.19.2/go.mod h1:Qrh3ck+7VZloFmnozCs9Hj8godhJAi55cmiDiC7BwTc=
 github.com/safing/portbase v0.19.3 h1:fzb4d2nzhmRq4Lt6sgn9R20iykireAkBNyf9pfGqQjk=
 github.com/safing/portbase v0.19.3/go.mod h1:Qrh3ck+7VZloFmnozCs9Hj8godhJAi55cmiDiC7BwTc=
+github.com/safing/portbase v0.19.4 h1:Oh7oUBp6xn5whhKtvnNKS5rhHqyXJDDxfxwf+gRswhQ=
+github.com/safing/portbase v0.19.4/go.mod h1:Qrh3ck+7VZloFmnozCs9Hj8godhJAi55cmiDiC7BwTc=
 github.com/safing/portmaster-android/go v0.0.0-20230830120134-3226ceac3bec h1:oSJY1seobofPwpMoJRkCgXnTwfiQWNfGMCPDfqgAEfg=
 github.com/safing/portmaster-android/go v0.0.0-20230830120134-3226ceac3bec/go.mod h1:abwyAQrZGemWbSh/aCD9nnkp0SvFFf/mGWkAbOwPnFE=
 github.com/safing/spn v0.7.5 h1:WfkMs2omLrwxBWccGGG9Akx0AvsvJLG+W7rjWQpQhl4=

service/firewall/packet_handler.go

@@ -559,10 +559,14 @@ func issueVerdict(conn *network.Connection, pkt packet.Packet, verdict network.V
 
 	// Enable permanent verdict.
 	if allowPermanent && !conn.VerdictPermanent {
-		// Only enable if enabled in config and it is not ICMP.
+		switch {
-		// ICMP is handled differently based on payload, so we cannot use persistent verdicts.
+		case !permanentVerdicts():
-		conn.VerdictPermanent = permanentVerdicts() && !reference.IsICMP(conn.Entity.Protocol)
+			// Permanent verdicts are disabled by configuration.
-		if conn.VerdictPermanent {
+		case conn.Entity != nil && reference.IsICMP(conn.Entity.Protocol):
+		case pkt != nil && reference.IsICMP(uint8(pkt.Info().Protocol)):
+			// ICMP is handled differently based on payload, so we cannot use persistent verdicts.
+		default:
+			conn.VerdictPermanent = true
 			conn.SaveWhenFinished()
 		}
 	}

service/updates/upgrader.go

@@ -108,7 +108,7 @@ func upgradeCoreNotify() error {
 	pmCoreUpdate = newFile
 
 	// check for new version
-	if info.GetInfo().Version != pmCoreUpdate.Version() {
+	if info.VersionNumber() != pmCoreUpdate.Version() {
 		n := notifications.Notify(&notifications.Notification{
 			EventID: "updates:core-update-available",
 			Type:    notifications.Info,