Skip to content

chore: use slim binary over dylib #210

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: ethan/xpc-validation
Choose a base branch
from
Open

chore: use slim binary over dylib #210

wants to merge 1 commit into from
+497 −219

Conversation

ethanndickson
Copy link
Member

@ethanndickson ethanndickson commented Jul 30, 2025
edited
Loading

Closes #201.

This PR:

  • Replaces the dylib download with a slim binary download.
  • Removes signature validation checks that are inappropriate for the slim binary.
  • Replaces TunnelHandle with TunnelDaemon, an abstraction which runs posix_spawn on the slim binary, and manages the spawned process.
  • Adds tests for TunnelDaemon.

In a future PR:

  • Bump the minimum server version for Coder Desktop for macOS (to v2.25 once it's released)

This was referenced Jul 30, 2025
Open
Draft
@ethanndickson Graphite App
Copy link
Member Author

ethanndickson commented Jul 30, 2025
edited
Loading

Warning

This pull request is not mergeable via GitHub because a downstack PR is open. Once all requirements are satisfied, merge this PR as a stack on Graphite.
Learn more

This stack of pull requests is managed by Graphite. Learn more about stacking.

This was referenced Jul 30, 2025
Closed
Open
@ethanndickson ethanndickson force-pushed the ethan/slim-over-dylib branch from 7ef8131 to 8f00c6a Compare July 31, 2025 03:57
@ethanndickson ethanndickson force-pushed the ethan/xpc-validation branch from 547fd97 to 6687411 Compare July 31, 2025 03:57
@ethanndickson ethanndickson force-pushed the ethan/slim-over-dylib branch from 8f00c6a to 479576a Compare July 31, 2025 04:25
ethanndickson
ethanndickson commented Jul 31, 2025
View reviewed changes
Coder-Desktop/VPNLib/Receiver.swift
@@ -69,7 +69,7 @@ actor Receiver<RecvMsg: Message> {
},
onCancel: {
self.logger.debug("async stream canceled")
self.dispatch.close()
self.dispatch.close(flags: [.stop])
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This causes any currently running dispatch.read calls to supply their callback with an error which lets us actually end the read loop and cause the manager and all of it's children to be deallocated, including pipe file descriptors.
Previously we would leak pipes, but it didn't matter because the process would die each time.

Coder-Desktop/VPNLib/Validate.swift
Comment on lines -104 to -127
private static func validateInfo(infoPlist: [String: AnyObject], expectedVersion: String) throws(ValidationError) {
guard let plistIdent = infoPlist[infoIdentifierKey] as? String, plistIdent == expectedIdentifier else {
throw .invalidIdentifier(identifier: infoPlist[infoIdentifierKey] as? String)
}

guard let plistName = infoPlist[infoNameKey] as? String, plistName == expectedName else {
throw .invalidIdentifier(identifier: infoPlist[infoNameKey] as? String)
}

// Downloaded dylib must match the version of the server
guard let dylibVersion = infoPlist[infoShortVersionKey] as? String,
expectedVersion == dylibVersion
else {
throw .invalidVersion(version: infoPlist[infoShortVersionKey] as? String)
}

// Downloaded dylib must be at least the minimum Coder server version
guard let dylibVersion = infoPlist[infoShortVersionKey] as? String,
// x.compare(y) is .orderedDescending if x > y
minimumCoderVersion.compare(dylibVersion, options: .numeric) != .orderedDescending
else {
throw .belowMinimumCoderVersion
}
}
Copy link
Member Author

@ethanndickson ethanndickson Jul 31, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Unfortunate, but because we don't build the slim binary with an external linker (previously xcode via cgo for the dylib) we can no longer create an info.plist section in the binary with -sectcreate. If we ever need to build the slim binary with cgo then we can add this back.

Copy link
Member Author

@ethanndickson ethanndickson Jul 31, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'll add another PR to check the version by exec'ing.

@ethanndickson ethanndickson marked this pull request as ready for review July 31, 2025 04:44
@ethanndickson ethanndickson self-assigned this Jul 31, 2025
@ethanndickson ethanndickson force-pushed the ethan/xpc-validation branch from 6687411 to ef370db Compare July 31, 2025 07:26
@ethanndickson ethanndickson force-pushed the ethan/slim-over-dylib branch from 479576a to e9e15db Compare July 31, 2025 07:26
@ethanndickson ethanndickson mentioned this pull request Jul 31, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@deansheather deansheather Awaiting requested review from deansheather

@spikecurtis spikecurtis Awaiting requested review from spikecurtis

Assignees

@ethanndickson ethanndickson

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@ethanndickson