@@ -7,26 +7,54 @@ actor Manager {
7
7
let cfg : ManagerConfig
8
8
let telemetryEnricher : TelemetryEnricher
9
9
10
- let tunnelHandle : TunnelHandle
10
+ let tunnelDaemon : TunnelDaemon
11
11
let speaker : Speaker < Vpn_ManagerMessage , Vpn_TunnelMessage >
12
12
var readLoop : Task < Void , any Error > !
13
13
14
- // /var/root/Downloads
15
- private let dest = FileManager . default. urls ( for: . downloadsDirectory, in: . userDomainMask)
16
- . first!. appending ( path: " coder-vpn.dylib " )
14
+ #if arch(arm64)
15
+ private static let binaryName = " coder-darwin-arm64 "
16
+ #else
17
+ private static let binaryName = " coder-darwin-amd64 "
18
+ #endif
19
+
20
+ // /var/root/Library/Application Support/com.coder.Coder-Desktop/coder-darwin-{arm64,amd64}
21
+ private let dest = try ? FileManager . default
22
+ . url ( for: . applicationSupportDirectory, in: . userDomainMask, appropriateFor: nil , create: true )
23
+ . appendingPathComponent ( Bundle . main. bundleIdentifier ?? " com.coder.Coder-Desktop " , isDirectory: true )
24
+ . appendingPathComponent ( binaryName)
25
+
17
26
private let logger = Logger ( subsystem: Bundle . main. bundleIdentifier!, category: " manager " )
18
27
19
28
// swiftlint:disable:next function_body_length
20
29
init ( cfg: ManagerConfig ) async throws ( ManagerError) {
21
30
self . cfg = cfg
22
31
telemetryEnricher = TelemetryEnricher ( )
23
- #if arch(arm64)
24
- let dylibPath = cfg. serverUrl. appending ( path: " bin/coder-vpn-darwin-arm64.dylib " )
25
- #elseif arch(x86_64)
26
- let dylibPath = cfg. serverUrl. appending ( path: " bin/coder-vpn-darwin-amd64.dylib " )
27
- #else
28
- fatalError ( " unknown architecture " )
29
- #endif
32
+ guard let dest else {
33
+ // This should never happen
34
+ throw . fileError( " Failed to create path for binary destination " +
35
+ " (/var/root/Library/Application Support/com.coder.Coder-Desktop) " )
36
+ }
37
+ do {
38
+ try FileManager . default. ensureDirectories ( for: dest)
39
+ } catch {
40
+ throw . fileError( " Failed to create directories for binary destination: \( error. localizedDescription) " )
41
+ }
42
+ let client = Client ( url: cfg. serverUrl)
43
+ let buildInfo : BuildInfoResponse
44
+ do {
45
+ buildInfo = try await client. buildInfo ( )
46
+ } catch {
47
+ throw . serverInfo( error. description)
48
+ }
49
+ guard let serverSemver = buildInfo. semver else {
50
+ throw . serverInfo( " invalid version: \( buildInfo. version) " )
51
+ }
52
+ guard SignatureValidator . minimumCoderVersion
53
+ . compare ( serverSemver, options: . numeric) != . orderedDescending
54
+ else {
55
+ throw . belowMinimumCoderVersion( actualVersion: serverSemver)
56
+ }
57
+ let binaryPath = cfg. serverUrl. appending ( path: " bin " ) . appending ( path: Manager . binaryName)
30
58
do {
31
59
let sessionConfig = URLSessionConfiguration . default
32
60
// The tunnel might be asked to start before the network interfaces have woken up from sleep
@@ -35,7 +63,7 @@ actor Manager {
35
63
sessionConfig. timeoutIntervalForRequest = 60
36
64
sessionConfig. timeoutIntervalForResource = 300
37
65
try await download (
38
- src: dylibPath ,
66
+ src: binaryPath ,
39
67
dest: dest,
40
68
urlSession: URLSession ( configuration: sessionConfig)
41
69
) { progress in
@@ -45,48 +73,44 @@ actor Manager {
45
73
throw . download( error)
46
74
}
47
75
pushProgress ( stage: . validating)
48
- let client = Client ( url: cfg. serverUrl)
49
- let buildInfo : BuildInfoResponse
50
76
do {
51
- buildInfo = try await client . buildInfo ( )
77
+ try SignatureValidator . validate ( path : dest )
52
78
} catch {
53
- throw . serverInfo( error. description)
54
- }
55
- guard let semver = buildInfo. semver else {
56
- throw . serverInfo( " invalid version: \( buildInfo. version) " )
79
+ throw . validation( error)
57
80
}
81
+
82
+ // Without this, the TUN fd isn't recognised as a socket in the
83
+ // spawned process, and the tunnel fails to start.
58
84
do {
59
- try SignatureValidator . validate ( path : dest , expectedVersion : semver )
85
+ try unsetCloseOnExec ( fd : cfg . tunFd )
60
86
} catch {
61
- throw . validation ( error)
87
+ throw . cloexec ( error)
62
88
}
63
89
64
90
do {
65
- try tunnelHandle = TunnelHandle ( dylibPath: dest)
91
+ try tunnelDaemon = await TunnelDaemon ( binaryPath: dest) { err in
92
+ Task { try ? await NEXPCServerDelegate . cancelProvider ( error:
93
+ makeNSError ( suffix: " TunnelDaemon " , desc: " Tunnel daemon: \( err. description) " )
94
+ ) }
95
+ }
66
96
} catch {
67
97
throw . tunnelSetup( error)
68
98
}
69
99
speaker = await Speaker < Vpn_ManagerMessage , Vpn_TunnelMessage > (
70
- writeFD: tunnelHandle . writeHandle,
71
- readFD: tunnelHandle . readHandle
100
+ writeFD: tunnelDaemon . writeHandle,
101
+ readFD: tunnelDaemon . readHandle
72
102
)
73
103
do {
74
104
try await speaker. handshake ( )
75
105
} catch {
76
106
throw . handshake( error)
77
107
}
78
- do {
79
- try await tunnelHandle. openTunnelTask? . value
80
- } catch let error as TunnelHandleError {
81
- logger. error ( " failed to wait for dylib to open tunnel: \( error, privacy: . public) " )
82
- throw . tunnelSetup( error)
83
- } catch {
84
- fatalError ( " openTunnelTask must only throw TunnelHandleError " )
85
- }
86
108
87
109
readLoop = Task { try await run ( ) }
88
110
}
89
111
112
+ deinit { logger. debug ( " manager deinit " ) }
113
+
90
114
func run( ) async throws {
91
115
do {
92
116
for try await m in speaker {
@@ -99,14 +123,14 @@ actor Manager {
99
123
}
100
124
} catch {
101
125
logger. error ( " tunnel read loop failed: \( error. localizedDescription, privacy: . public) " )
102
- try await tunnelHandle . close ( )
126
+ try await tunnelDaemon . close ( )
103
127
try await NEXPCServerDelegate . cancelProvider ( error:
104
128
makeNSError ( suffix: " Manager " , desc: " Tunnel read loop failed: \( error. localizedDescription) " )
105
129
)
106
130
return
107
131
}
108
132
logger. info ( " tunnel read loop exited " )
109
- try await tunnelHandle . close ( )
133
+ try await tunnelDaemon . close ( )
110
134
try await NEXPCServerDelegate . cancelProvider ( error: nil )
111
135
}
112
136
@@ -204,6 +228,12 @@ actor Manager {
204
228
if !stopResp. success {
205
229
throw . errorResponse( msg: stopResp. errorMessage)
206
230
}
231
+ do {
232
+ try await tunnelDaemon. close ( )
233
+ } catch {
234
+ throw . tunnelFail( error)
235
+ }
236
+ readLoop. cancel ( )
207
237
}
208
238
209
239
// Retrieves the current state of all peers,
@@ -239,28 +269,32 @@ struct ManagerConfig {
239
269
240
270
enum ManagerError : Error {
241
271
case download( DownloadError )
242
- case tunnelSetup( TunnelHandleError )
272
+ case fileError( String )
273
+ case tunnelSetup( TunnelDaemonError )
243
274
case handshake( HandshakeError )
244
275
case validation( ValidationError )
245
276
case incorrectResponse( Vpn_TunnelMessage )
277
+ case cloexec( POSIXError )
246
278
case failedRPC( any Error )
247
279
case serverInfo( String )
248
280
case errorResponse( msg: String )
249
- case noTunnelFileDescriptor
250
- case noApp
251
- case permissionDenied
252
281
case tunnelFail( any Error )
282
+ case belowMinimumCoderVersion( actualVersion: String )
253
283
254
284
var description : String {
255
285
switch self {
256
286
case let . download( err) :
257
287
" Download error: \( err. localizedDescription) "
288
+ case let . fileError( msg) :
289
+ msg
258
290
case let . tunnelSetup( err) :
259
291
" Tunnel setup error: \( err. localizedDescription) "
260
292
case let . handshake( err) :
261
293
" Handshake error: \( err. localizedDescription) "
262
294
case let . validation( err) :
263
295
" Validation error: \( err. localizedDescription) "
296
+ case let . cloexec( err) :
297
+ " Failed to mark TUN fd as non-cloexec: \( err. localizedDescription) "
264
298
case . incorrectResponse:
265
299
" Received unexpected response over tunnel "
266
300
case let . failedRPC( err) :
@@ -269,14 +303,13 @@ enum ManagerError: Error {
269
303
msg
270
304
case let . errorResponse( msg) :
271
305
msg
272
- case . noTunnelFileDescriptor:
273
- " Could not find a tunnel file descriptor "
274
- case . noApp:
275
- " The VPN must be started with the app open during first-time setup. "
276
- case . permissionDenied:
277
- " Permission was not granted to execute the CoderVPN dylib "
278
306
case let . tunnelFail( err) :
279
- " Failed to communicate with dylib over tunnel: \( err. localizedDescription) "
307
+ " Failed to communicate with daemon over tunnel: \( err. localizedDescription) "
308
+ case let . belowMinimumCoderVersion( actualVersion) :
309
+ """
310
+ The Coder deployment must be version \( SignatureValidator . minimumCoderVersion)
311
+ or higher to use Coder Desktop. Current version: \( actualVersion)
312
+ """
280
313
}
281
314
}
282
315
@@ -297,9 +330,16 @@ func writeVpnLog(_ log: Vpn_Log) {
297
330
case . UNRECOGNIZED: . info
298
331
}
299
332
let logger = Logger (
300
- subsystem: " \( Bundle . main. bundleIdentifier!) .dylib " ,
333
+ subsystem: " \( Bundle . main. bundleIdentifier!) .daemon " ,
301
334
category: log. loggerNames. joined ( separator: " . " )
302
335
)
303
336
let fields = log. fields. map { " \( $0. name) : \( $0. value) " } . joined ( separator: " , " )
304
337
logger. log ( level: level, " \( log. message, privacy: . public) \( fields. isEmpty ? " " : " : \( fields) " , privacy: . public) " )
305
338
}
339
+
340
+ extension FileManager {
341
+ func ensureDirectories( for url: URL ) throws {
342
+ let dir = url. hasDirectoryPath ? url : url. deletingLastPathComponent ( )
343
+ try createDirectory ( at: dir, withIntermediateDirectories: true , attributes: nil )
344
+ }
345
+ }
0 commit comments