Add upgrade locking mechanism to core ui serving module

service/ui/module.go

@@ -1,27 +1,55 @@
 package ui
 
 import (
-	"errors"
 	"os"
 	"path/filepath"
+	"sync"
 	"sync/atomic"
 
 	"github.com/safing/portmaster/base/api"
 	"github.com/safing/portmaster/base/log"
 	"github.com/safing/portmaster/base/utils"
 	"github.com/safing/portmaster/service/mgr"
-	"github.com/safing/portmaster/service/updates"
+	"github.com/spkg/zipfs"
 )
 
-func prep() error {
-	if err := registerAPIEndpoints(); err != nil {
-		return err
-	}
+// UI serves the user interface files.
+type UI struct {
+	mgr      *mgr.Manager
+	instance instance
 
-	return registerRoutes()
+	archives     map[string]*zipfs.FileSystem
+	archivesLock sync.RWMutex
+
+	upgradeLock atomic.Bool
 }
 
-func start() error {
+// New returns a new UI module.
+func New(instance instance) (*UI, error) {
+	m := mgr.New("UI")
+	ui := &UI{
+		mgr:      m,
+		instance: instance,
+
+		archives: make(map[string]*zipfs.FileSystem),
+	}
+
+	if err := ui.registerAPIEndpoints(); err != nil {
+		return nil, err
+	}
+	if err := ui.registerRoutes(); err != nil {
+		return nil, err
+	}
+
+	return ui, nil
+}
+
+func (ui *UI) Manager() *mgr.Manager {
+	return ui.mgr
+}
+
+// Start starts the module.
+func (ui *UI) Start() error {
 	// Create a dummy directory to which processes change their working directory
 	// to. Currently this includes the App and the Notifier. The aim is protect
 	// all other directories and increase compatibility should any process want
@@ -30,7 +58,7 @@ func start() error {
 	// may seem dangerous, but proper permission on the parent directory provide
 	// (some) protection.
 	// Processes must _never_ read from this directory.
-	execDir := filepath.Join(module.instance.DataDir(), "exec")
+	execDir := filepath.Join(ui.instance.DataDir(), "exec")
 	err := os.MkdirAll(execDir, 0o0777) //nolint:gosec // This is intentional.
 	if err != nil {
 		log.Warningf("ui: failed to create safe exec dir: %s", err)
@@ -45,52 +73,67 @@ func start() error {
 	return nil
 }
 
-// UI serves the user interface files.
-type UI struct {
-	mgr *mgr.Manager
-
-	instance instance
-}
-
-func (ui *UI) Manager() *mgr.Manager {
-	return ui.mgr
-}
-
-// Start starts the module.
-func (ui *UI) Start() error {
-	return start()
-}
-
 // Stop stops the module.
 func (ui *UI) Stop() error {
 	return nil
 }
 
-var (
-	shimLoaded atomic.Bool
-	module     *UI
-)
+func (ui *UI) getArchive(name string) (archive *zipfs.FileSystem, ok bool) {
+	ui.archivesLock.RLock()
+	defer ui.archivesLock.RUnlock()
 
-// New returns a new UI module.
-func New(instance instance) (*UI, error) {
-	if !shimLoaded.CompareAndSwap(false, true) {
-		return nil, errors.New("only one instance allowed")
-	}
-	m := mgr.New("UI")
-	module = &UI{
-		mgr:      m,
-		instance: instance,
+	archive, ok = ui.archives[name]
+	return
+}
+
+func (ui *UI) setArchive(name string, archive *zipfs.FileSystem) {
+	ui.archivesLock.Lock()
+	defer ui.archivesLock.Unlock()
+
+	ui.archives[name] = archive
+}
+
+// CloseArchives closes all open archives.
+func (ui *UI) CloseArchives() {
+	if ui == nil {
+		return
 	}
 
-	if err := prep(); err != nil {
-		return nil, err
+	ui.archivesLock.Lock()
+	defer ui.archivesLock.Unlock()
+
+	// Close archives.
+	for _, archive := range ui.archives {
+		if err := archive.Close(); err != nil {
+			ui.mgr.Warn("failed to close ui archive", "err", err)
+		}
 	}
 
-	return module, nil
+	// Reset map.
+	clear(ui.archives)
+}
+
+// EnableUpgradeLock enables the upgrade lock and closes all open archives.
+func (ui *UI) EnableUpgradeLock() {
+	if ui == nil {
+		return
+	}
+
+	ui.upgradeLock.Store(true)
+	ui.CloseArchives()
+}
+
+// DisableUpgradeLock disables the upgrade lock.
+func (ui *UI) DisableUpgradeLock() {
+	if ui == nil {
+		return
+	}
+
+	ui.upgradeLock.Store(false)
 }
 
 type instance interface {
 	DataDir() string
 	API() *api.API
-	BinaryUpdates() *updates.Updater
+	GetBinaryUpdateFile(name string) (path string, err error)
 }