Merge pull request #597 from safing/fix/things

Fix minor updater related issues and rule comments
This commit is contained in:
Daniel
2022-04-13 11:16:09 +02:00
committed by GitHub
7 changed files with 69 additions and 16 deletions

View File

@@ -11,7 +11,10 @@ import (
"github.com/safing/portmaster/updates/helper" "github.com/safing/portmaster/updates/helper"
) )
var reset bool var (
reset bool
intelOnly bool
)
func init() { func init() {
rootCmd.AddCommand(updateCmd) rootCmd.AddCommand(updateCmd)
@@ -19,6 +22,7 @@ func init() {
flags := updateCmd.Flags() flags := updateCmd.Flags()
flags.BoolVar(&reset, "reset", false, "Delete all resources and re-download the basic set") flags.BoolVar(&reset, "reset", false, "Delete all resources and re-download the basic set")
flags.BoolVar(&intelOnly, "intel-only", false, "Only make downloading intel updates mandatory")
} }
var ( var (
@@ -49,6 +53,11 @@ func indexRequired(cmd *cobra.Command) bool {
} }
func downloadUpdates() error { func downloadUpdates() error {
// Check if only intel data is mandatory.
if intelOnly {
helper.IntelOnly()
}
// Set required updates. // Set required updates.
registry.MandatoryUpdates = helper.MandatoryUpdates() registry.MandatoryUpdates = helper.MandatoryUpdates()
registry.AutoUnpack = helper.AutoUnpackUpdates() registry.AutoUnpack = helper.AutoUnpackUpdates()
@@ -97,9 +106,11 @@ func downloadUpdates() error {
return fmt.Errorf("failed to unpack resources: %w", err) return fmt.Errorf("failed to unpack resources: %w", err)
} }
// Fix chrome-sandbox permissions if !intelOnly {
if err := helper.EnsureChromeSandboxPermissions(registry); err != nil { // Fix chrome-sandbox permissions
return fmt.Errorf("failed to fix electron permissions: %w", err) if err := helper.EnsureChromeSandboxPermissions(registry); err != nil {
return fmt.Errorf("failed to fix electron permissions: %w", err)
}
} }
return nil return nil

View File

@@ -216,6 +216,10 @@ func SetInternetLocation(ip net.IP, source DeviceLocationSource) (dl *DeviceLoca
log.Warningf("netenv: failed to get geolocation data of %s (from %s): %s", ip, source, err) log.Warningf("netenv: failed to get geolocation data of %s (from %s): %s", ip, source, err)
return nil, false return nil, false
} }
// Only use location if there is data for it.
if geoLoc.Country.ISOCode == "" {
return nil, false
}
loc.Location = geoLoc loc.Location = geoLoc
addLocation(loc) addLocation(loc)
@@ -271,6 +275,13 @@ func GetInternetLocation() (deviceLocations *DeviceLocations, ok bool) {
} }
locationNetworkChangedFlag.Refresh() locationNetworkChangedFlag.Refresh()
// Reset locations.
func() {
locationsLock.Lock()
defer locationsLock.Unlock()
locations = &DeviceLocations{}
}()
// Get all assigned addresses. // Get all assigned addresses.
v4s, v6s, err := GetAssignedAddresses() v4s, v6s, err := GetAssignedAddresses()
if err != nil { if err != nil {

View File

@@ -29,29 +29,43 @@ func GetIPScope(ip net.IP) IPScope { //nolint:gocognit
// IPv4 // IPv4
switch { switch {
case ip4[0] == 127: case ip4[0] == 127:
// 127.0.0.0/8 // 127.0.0.0/8 (RFC1918)
return HostLocal return HostLocal
case ip4[0] == 169 && ip4[1] == 254: case ip4[0] == 169 && ip4[1] == 254:
// 169.254.0.0/16 // 169.254.0.0/16 (RFC3927)
return LinkLocal return LinkLocal
case ip4[0] == 10: case ip4[0] == 10:
// 10.0.0.0/8 // 10.0.0.0/8 (RFC1918)
return SiteLocal return SiteLocal
case ip4[0] == 172 && ip4[1]&0xf0 == 16: case ip4[0] == 100 && ip4[1]&0b11000000 == 64:
// 172.16.0.0/12 // 100.64.0.0/10 (RFC6598)
return SiteLocal return SiteLocal
case ip4[0] == 172 && ip4[1]&0b11110000 == 16:
// 172.16.0.0/12 (RFC1918)
return SiteLocal
case ip4[0] == 192 && ip4[1] == 0 && ip4[2] == 2:
// 192.0.2.0/24 (TEST-NET-1, RFC5737)
return Invalid
case ip4[0] == 192 && ip4[1] == 168: case ip4[0] == 192 && ip4[1] == 168:
// 192.168.0.0/16 // 192.168.0.0/16 (RFC1918)
return SiteLocal return SiteLocal
case ip4[0] == 198 && ip4[1] == 51 && ip4[2] == 100:
// 198.51.100.0/24 (TEST-NET-2, RFC5737)
return Invalid
case ip4[0] == 203 && ip4[1] == 0 && ip4[2] == 113:
// 203.0.113.0/24 (TEST-NET-3, RFC5737)
return Invalid
case ip4[0] == 224: case ip4[0] == 224:
// 224.0.0.0/8 // 224.0.0.0/8 (RFC5771)
return LocalMulticast return LocalMulticast
case ip4[0] == 233 && ip4[1] == 252 && ip4[2] == 0:
// 233.252.0.0/24 (MCAST-TEST-NET; RFC5771, RFC6676)
return Invalid
case ip4[0] >= 225 && ip4[0] <= 238: case ip4[0] >= 225 && ip4[0] <= 238:
// 225.0.0.0/8 - 238.0.0.0/8 // 225.0.0.0/8 - 238.0.0.0/8 (RFC5771)
return GlobalMulticast return GlobalMulticast
case ip4[0] == 239: case ip4[0] == 239:
// 239.0.0.0/8 // 239.0.0.0/8 (RFC2365)
// RFC2365 - https://tools.ietf.org/html/rfc2365
return LocalMulticast return LocalMulticast
case ip4[0] == 255 && ip4[1] == 255 && ip4[2] == 255 && ip4[3] == 255: case ip4[0] == 255 && ip4[1] == 255 && ip4[2] == 255 && ip4[3] == 255:
// 255.255.255.255/32 // 255.255.255.255/32

View File

@@ -208,6 +208,14 @@ func parseEndpoint(value string) (endpoint Endpoint, err error) { //nolint:gocog
return nil, fmt.Errorf(`invalid endpoint definition: "%s"`, value) return nil, fmt.Errorf(`invalid endpoint definition: "%s"`, value)
} }
// Remove comment.
for i, field := range fields {
if strings.HasPrefix(field, "#") {
fields = fields[:i]
break
}
}
// any // any
if endpoint, err = parseTypeAny(fields); endpoint != nil || err != nil { if endpoint, err = parseTypeAny(fields); endpoint != nil || err != nil {
return return

View File

@@ -62,11 +62,13 @@ entriesLoop:
// ListEntryValidationRegex is a regex to bullshit check endpoint list entries. // ListEntryValidationRegex is a regex to bullshit check endpoint list entries.
var ListEntryValidationRegex = strings.Join([]string{ var ListEntryValidationRegex = strings.Join([]string{
`^(\+|\-) `, // Rule verdict. `^(\+|\-) `, // Rule verdict.
`(! +)?`, // Invert matching.
`[A-z0-9\.:\-*/]+`, // Entity matching. `[A-z0-9\.:\-*/]+`, // Entity matching.
`( `, // Start of optional matching. `( `, // Start of optional matching.
`[A-z0-9*]+`, // Protocol matching. `[A-z0-9*]+`, // Protocol matching.
`(/[A-z0-9]+(\-[A-z0-9]+)?)?`, // Port and port range matching. `(/[A-z0-9]+(\-[A-z0-9]+)?)?`, // Port and port range matching.
`)?$`, // End of optional matching. `)?`, // End of optional matching.
`( +#.*)?`, // Optional comment.
}, "") }, "")
// ValidateEndpointListConfigOption validates the given value. // ValidateEndpointListConfigOption validates the given value.

View File

@@ -1,6 +1,7 @@
package helper package helper
import ( import (
"errors"
"fmt" "fmt"
"os" "os"
"path/filepath" "path/filepath"
@@ -34,6 +35,9 @@ func EnsureChromeSandboxPermissions(reg *updater.ResourceRegistry) error {
var err error var err error
pmElectronUpdate, err = reg.GetFile(identifier) pmElectronUpdate, err = reg.GetFile(identifier)
if err != nil { if err != nil {
if errors.Is(err, updater.ErrNotAvailableLocally) {
return nil
}
return fmt.Errorf("failed to get file: %w", err) return fmt.Errorf("failed to get file: %w", err)
} }

View File

@@ -269,7 +269,10 @@ func checkForUpdates(ctx context.Context) (err error) {
func stop() error { func stop() error {
if registry != nil { if registry != nil {
return registry.Cleanup() err := registry.Cleanup()
if err != nil {
log.Warningf("updates: failed to clean up registry: %s", err)
}
} }
return stopVersionExport() return stopVersionExport()