diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index ec9fa862..4fd8f553 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -42,12 +42,18 @@ jobs: export QIF_BIN_DIR=${{ runner.temp }}/Qt/Tools/QtInstallerFramework/${{ env.QIF_VERSION }}/bin bash deploy/build_linux.sh - - name: 'Upload artifact' + - name: 'Upload installer artifact' uses: actions/upload-artifact@v3 with: - name: AmneziaVPN_Linux + name: AmneziaVPN_Linux_installer path: deploy/AmneziaVPN_Linux_Installer - retention-days: 3 + retention-days: 7 + - name: 'Upload unpacked artifact' + uses: actions/upload-artifact@v3 + with: + name: AmneziaVPN_Linux_unpacked + path: deploy/AppDir + retention-days: 7 # ------------------------------------------------------ @@ -97,12 +103,18 @@ jobs: set QIF_BIN_DIR="${{ runner.temp }}\\Qt\\Tools\\QtInstallerFramework\\${{ env.QIF_VERSION }}\\bin" call deploy\\build_windows.bat - - name: 'Upload artifact' + - name: 'Upload installer artifact' uses: actions/upload-artifact@v3 with: - name: AmneziaVPN_Windows + name: AmneziaVPN_Windows_installer path: AmneziaVPN_x${{ env.BUILD_ARCH }}.exe - retention-days: 3 + retention-days: 7 + - name: 'Upload unpacked artifact' + uses: actions/upload-artifact@v3 + with: + name: AmneziaVPN_Windows_unpacked + path: deploy\\build_${{ env.BUILD_ARCH }}\\client\\Release + retention-days: 7 # ------------------------------------------------------ @@ -225,12 +237,18 @@ jobs: export QIF_BIN_DIR="${{ runner.temp }}/Qt/Tools/QtInstallerFramework/${{ env.QIF_VERSION }}/bin" bash deploy/build_macos.sh - - name: 'Upload artifact' + - name: 'Upload installer artifact' uses: actions/upload-artifact@v3 with: - name: AmneziaVPN_MacOS + name: AmneziaVPN_MacOS_installer path: AmneziaVPN.dmg - retention-days: 3 + retention-days: 7 + - name: 'Upload unpacked artifact' + uses: actions/upload-artifact@v3 + with: + name: AmneziaVPN_MacOS_unpacked + path: deploy/build/client/AmneziaVPN.app + retention-days: 7 # ------------------------------------------------------ diff --git a/CMakeLists.txt b/CMakeLists.txt index fa841819..e8dbd7c7 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -1,4 +1,4 @@ -cmake_minimum_required(VERSION 3.23.0 FATAL_ERROR) +cmake_minimum_required(VERSION 3.25.0 FATAL_ERROR) set(PROJECT AmneziaVPN) project(${PROJECT}) diff --git a/client/CMakeLists.txt b/client/CMakeLists.txt index e913c370..06fe6f55 100644 --- a/client/CMakeLists.txt +++ b/client/CMakeLists.txt @@ -1,4 +1,4 @@ -cmake_minimum_required(VERSION 3.23.0 FATAL_ERROR) +cmake_minimum_required(VERSION 3.25.0 FATAL_ERROR) set(PROJECT AmneziaVPN) project(${PROJECT} VERSION 2.1.2) @@ -16,6 +16,10 @@ if(ANDROID) add_definitions(-D_BSD_SOURCE) endif() +if(CMAKE_XCODE_BUILD_SYSTEM VERSION_GREATER_EQUAL 12) + cmake_policy(SET CMP0114 NEW) +endif() + set(CMAKE_AUTOMOC ON) set(CMAKE_AUTORCC ON) set(CMAKE_AUTOUIC ON) @@ -182,6 +186,7 @@ if(APPLE) set(CMAKE_XCODE_ATTRIBUTE_DEVELOPMENT_TEAM ${BUILD_VPN_DEVELOPMENT_TEAM}) set(CMAKE_XCODE_ATTRIBUTE_GROUP_ID_IOS ${BUILD_IOS_GROUP_IDENTIFIER}) + #set(CMAKE_RUNTIME_OUTPUT_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/../../build) if(NOT IOS) set(CMAKE_OSX_ARCHITECTURES "x86_64" CACHE INTERNAL "" FORCE) @@ -332,6 +337,8 @@ if(IOS) enable_language(OBJC) enable_language(OBJCXX) enable_language(Swift) + + #disbale in cicd include(cmake/osxtools.cmake) # set(CMAKE_XCODE_GENERATE_TOP_LEVEL_PROJECT_ONLY TRUE) @@ -343,12 +350,21 @@ if(IOS) set(CMAKE_XCODE_ATTRIBUTE_FRAMEWORK_SEARCH_PATHS ${CMAKE_CURRENT_LIST_DIR}/3rd/OpenVPNAdapter/build/Release-iphoneos) + #need to change for debug and relase set_target_properties(${PROJECT} PROPERTIES XCODE_ATTRIBUTE_PRODUCT_BUNDLE_IDENTIFIER "org.amnezia.${PROJECT}" XCODE_ATTRIBUTE_TARGETED_DEVICE_FAMILY "1" XCODE_ATTRIBUTE_DEVELOPMENT_TEAM "X7UJ388FXK" - XCODE_ATTRIBUTE_CODE_SIGN_IDENTITY "Apple Development" + XCODE_ATTRIBUTE_CODE_SIGN_IDENTITY "Apple Distribution" ) + + set_target_properties(${PROJECT} + PROPERTIES XCODE_ATTRIBUTE_PRODUCT_BUNDLE_IDENTIFIER "org.amnezia.${PROJECT}" + XCODE_ATTRIBUTE_TARGETED_DEVICE_FAMILY "1" + XCODE_ATTRIBUTE_DEVELOPMENT_TEAM "X7UJ388FXK" + XCODE_ATTRIBUTE_CODE_SIGN_IDENTITY[variant=Debug] "Apple Development" + ) + set(LIBS ${LIBS} ${CMAKE_CURRENT_LIST_DIR}/3rd/OpenSSL/lib/ios/iphone/libcrypto.a ${CMAKE_CURRENT_LIST_DIR}/3rd/OpenSSL/lib/ios/iphone/libssl.a @@ -442,6 +458,36 @@ set_source_files_properties( ) set_target_properties(${PROJECT} PROPERTIES XCODE_EMBED_FRAMEWORKS_CODE_SIGN_ON_COPY ON) set_target_properties(${PROJECT} PROPERTIES XCODE_LINK_BUILD_PHASE_MODE KNOWN_LOCATION) + + + set_target_properties("networkextension" + PROPERTIES XCODE_ATTRIBUTE_PRODUCT_BUNDLE_IDENTIFIER "org.amnezia.${PROJECT}.network-extension" + XCODE_ATTRIBUTE_TARGETED_DEVICE_FAMILY "1" + XCODE_ATTRIBUTE_DEVELOPMENT_TEAM "X7UJ388FXK" + XCODE_ATTRIBUTE_CODE_SIGN_IDENTITY "Apple Distribution" + ) + + set_target_properties("networkextension" + PROPERTIES XCODE_ATTRIBUTE_PRODUCT_BUNDLE_IDENTIFIER "org.amnezia.${PROJECT}.network-extension" + XCODE_ATTRIBUTE_TARGETED_DEVICE_FAMILY "1" + XCODE_ATTRIBUTE_DEVELOPMENT_TEAM "X7UJ388FXK" + XCODE_ATTRIBUTE_CODE_SIGN_IDENTITY[variant=Debug] "Apple Development" + ) + + set_target_properties (${PROJECT} PROPERTIES XCODE_ATTRIBUTE_CODE_SIGN_STYLE Manual) + + set_target_properties(${PROJECT} PROPERTIES XCODE_ATTRIBUTE_PROVISIONING_PROFILE_SPECIFIER "match AppStore org.amnezia.AmneziaVPN") + + set_target_properties(${PROJECT} PROPERTIES XCODE_ATTRIBUTE_PROVISIONING_PROFILE_SPECIFIER[variant=Debug] "match Development org.amnezia.AmneziaVPN") + + + set_target_properties ("networkextension" PROPERTIES XCODE_ATTRIBUTE_CODE_SIGN_STYLE Manual) + + set_target_properties("networkextension" PROPERTIES XCODE_ATTRIBUTE_PROVISIONING_PROFILE_SPECIFIER "match AppStore org.amnezia.AmneziaVPN.network-extension") + + set_target_properties("networkextension" PROPERTIES XCODE_ATTRIBUTE_PROVISIONING_PROFILE_SPECIFIER[variant=Debug] "match Development org.amnezia.AmneziaVPN.network-extension") + + endif() if(ANDROID) @@ -531,3 +577,6 @@ if(NOT IOS AND NOT ANDROID) COMMAND_EXPAND_LISTS ) endif() +if(IOS) + #include(cmake/ios-arch-fixup.cmake) +endif() diff --git a/client/cmake/golang.cmake b/client/cmake/golang.cmake index 2e16db70..21cc2725 100644 --- a/client/cmake/golang.cmake +++ b/client/cmake/golang.cmake @@ -5,6 +5,58 @@ ## Find the absolute path to the go build tool. find_program(GOLANG_BUILD_TOOL NAMES go REQUIRED) +## Build a library file from a golang project. +function(build_go_archive OUTPUT_NAME MODULE_FILE) + cmake_parse_arguments(GOBUILD + "" + "GOOS;GOARCH" + "CGO_CFLAGS;CGO_LDFLAGS;SOURCES" + ${ARGN}) + + string(REGEX REPLACE "\\.[^/]*$" ".h" GOBUILD_HEADER_FILE ${OUTPUT_NAME}) + get_filename_component(GOBUILD_MODULE_ABS ${MODULE_FILE} ABSOLUTE) + get_filename_component(GOBUILD_MODULE_DIR ${GOBUILD_MODULE_ABS} DIRECTORY) + set(GOBUILD_ARGS -buildmode=c-archive -trimpath -v) + if(IS_DIRECTORY ${GOBUILD_MODULE_DIR}/vendor) + list(APPEND GOBUILD_ARGS -mod vendor) + endif() + + ## Collect arguments, or find their defaults. + if(NOT GOBUILD_CGO_CFLAGS) + execute_process(OUTPUT_VARIABLE GOBUILD_CGO_CFLAGS OUTPUT_STRIP_TRAILING_WHITESPACE COMMAND ${GOLANG_BUILD_TOOL} env CGO_CFLAGS) + separate_arguments(GOBUILD_CGO_CFLAGS NATIVE_COMMAND ${GOBUILD_CGO_CFLAGS}) + endif() + if(NOT GOBUILD_CGO_LDFLAGS) + execute_process(OUTPUT_VARIABLE GOBUILD_CGO_LDFLAGS OUTPUT_STRIP_TRAILING_WHITESPACE COMMAND ${GOLANG_BUILD_TOOL} env CGO_LDFLAGS) + separate_arguments(GOBUILD_CGO_LDFLAGS NATIVE_COMMAND ${GOBUILD_CGO_LDFLAGS}) + endif() + if(NOT GOBUILD_GOOS) + execute_process(OUTPUT_VARIABLE GOBUILD_GOOS OUTPUT_STRIP_TRAILING_WHITESPACE COMMAND ${GOLANG_BUILD_TOOL} env GOOS) + endif() + if(NOT GOBUILD_GOARCH) + execute_process(OUTPUT_VARIABLE GOBUILD_GOARCH OUTPUT_STRIP_TRAILING_WHITESPACE COMMAND ${GOLANG_BUILD_TOOL} env GOARCH) + endif() + + ## Use a go-cache isolated to our project + set(GOCACHE ${CMAKE_BINARY_DIR}/go-cache) + set_directory_properties(PROPERTIES ADDITIONAL_MAKE_CLEAN_FILES ${CMAKE_BINARY_DIR}/go-cache) + + ## The command that does the building + get_filename_component(ABS_OUTPUT_NAME ${OUTPUT_NAME} ABSOLUTE) + add_custom_command( + OUTPUT ${OUTPUT_NAME} ${GOBUILD_HEADER_FILE} + DEPENDS ${MODULE_FILE} ${GOBUILD_SOURCES} + WORKING_DIRECTORY ${GOBUILD_MODULE_DIR} + COMMAND ${CMAKE_COMMAND} -E env GOCACHE=${GOCACHE} + CGO_ENABLED=1 + CGO_CFLAGS="${GOBUILD_CGO_CFLAGS}" + CGO_LDFLAGS="${GOBUILD_CGO_LDFLAGS}" + GOOS=${GOBUILD_GOOS} + GOARCH=${GOBUILD_GOARCH} + ${GOLANG_BUILD_TOOL} build ${GOBUILD_ARGS} -o ${ABS_OUTPUT_NAME} + ) +endfunction(build_go_archive) + ## Create a library target built from a golang c-archive. function(add_go_library GOTARGET SOURCE) cmake_parse_arguments(GOLANG diff --git a/client/cmake/ios-arch-fixup.cmake b/client/cmake/ios-arch-fixup.cmake new file mode 100644 index 00000000..0f349f8d --- /dev/null +++ b/client/cmake/ios-arch-fixup.cmake @@ -0,0 +1,43 @@ +if(NOT XCODE) + return() +endif() + +## Enumerate all the targets in the project +get_directory_property(IOS_SUBDIRS SUBDIRECTORIES) +get_directory_property(IOS_TARGETS BUILDSYSTEM_TARGETS) +while(IOS_SUBDIRS) + list(POP_FRONT IOS_SUBDIRS SUBDIR) + + get_directory_property(SUBDIR_TARGETS DIRECTORY ${SUBDIR} BUILDSYSTEM_TARGETS) + list(APPEND IOS_TARGETS ${SUBDIR_TARGETS}) + + get_directory_property(SUBDIR_NESTED DIRECTORY ${SUBDIR} SUBDIRECTORIES) + list(APPEND IOS_SUBDIRS ${SUBDIR_NESTED}) +endwhile() + +## The set of target types that we want to modify. +set(IOS_TARGET_COMPILED_TYPES + STATIC_LIBRARY + MODULE_LIBRARY + SHARED_LIBRARY + OBJECT_LIBRARY + EXECUTABLE +) + +## Inspect all the targets, and add extra properties if necessary. +while(IOS_TARGETS) + list(POP_FRONT IOS_TARGETS TARGET_NAME) + + get_target_property(TARGET_TYPE ${TARGET_NAME} TYPE) + list(FIND IOS_TARGET_COMPILED_TYPES ${TARGET_TYPE} IOS_TARGET_TYPE_INDEX) + if(IOS_TARGET_TYPE_INDEX LESS 0) + continue() + endif() + + ## I just want to say it's amazing this doesn't explode with syntax errors. + message("Patching architectures for ${TARGET_NAME}") + set_target_properties(${TARGET_NAME} PROPERTIES + XCODE_ATTRIBUTE_ARCHS[sdk=iphoneos*] "arm64" + XCODE_ATTRIBUTE_ARCHS[sdk=iphonesimulator*] "x86_64" + ) +endwhile() \ No newline at end of file diff --git a/client/configurators/cloak_configurator.cpp b/client/configurators/cloak_configurator.cpp index 50f554dc..0cfd74fc 100644 --- a/client/configurators/cloak_configurator.cpp +++ b/client/configurators/cloak_configurator.cpp @@ -43,7 +43,7 @@ QString CloakConfigurator::genCloakConfig(const ServerCredentials &credentials, config.insert("StreamTimeout", 300); // transfer params to protocol runner - config.insert(config_key::transport_proto, "$OPENVPN_TRANSPORT_PROTO"); + config.insert(config_key::transport_proto, "tcp"); config.insert(config_key::remote, credentials.hostName); config.insert(config_key::port, "$CLOAK_SERVER_PORT"); diff --git a/client/ios/networkextension/CMakeLists.txt b/client/ios/networkextension/CMakeLists.txt index ec59cad4..bbe591c8 100644 --- a/client/ios/networkextension/CMakeLists.txt +++ b/client/ios/networkextension/CMakeLists.txt @@ -79,29 +79,36 @@ target_sources(networkextension PRIVATE target_include_directories(networkextension PRIVATE ${CLIENT_ROOT_DIR}) target_include_directories(networkextension PRIVATE ${CMAKE_CURRENT_BINARY_DIR}) -## HACK: Build only the first architecture, this will break universal builds -## for now, but they are already broken for mobile, which uses the arch to -## determine iOS vs. simulator builds :) -if(NOT CMAKE_OSX_ARCHITECTURES) - set(OSXARCH arm64) -else() - list(GET CMAKE_OSX_ARCHITECTURES 0 OSXARCH) -endif() - -## Build the wireguard go library -## TODO: The upstream makefile also makes an attempt to patch the golang runtime -## to provide the boot-time clock instead of an uptime clock. We should probably -## make an attempt to do the same, somehow? include(${CLIENT_ROOT_DIR}/cmake/golang.cmake) -if(OSXARCH STREQUAL "x86_64") - set(GOARCH amd64) -else() - set(GOARCH ${FIRST_OSX_ARCHITECTURE}) -endif() -add_go_library(libwg-go ${CLIENT_ROOT_DIR}/3rd/wireguard-apple/Sources/WireGuardKitGo/api-apple.go +## Build the wireguard go library for iOS simulation. +## TODO: Some special handling around GOARCH for +execute_process(OUTPUT_VARIABLE SIM_SDKROOT OUTPUT_STRIP_TRAILING_WHITESPACE COMMAND xcrun --sdk iphonesimulator --show-sdk-path) +build_go_archive(${CMAKE_CURRENT_BINARY_DIR}/libwg-sim.a ${CMAKE_SOURCE_DIR}/3rd/wireguard-apple/Sources/WireGuardKitGo/go.mod GOOS ios - GOARCH ${GOARCH} - CGO_CFLAGS -arch ${OSXARCH} - CGO_LDFLAGS -arch ${OSXARCH} + GOARCH amd64 + CGO_CFLAGS -arch x86_64 -isysroot ${SIM_SDKROOT} + CGO_LDFLAGS -arch x86_64 -isysroot ${SIM_SDKROOT} ) -target_link_libraries(networkextension PRIVATE libwg-go) \ No newline at end of file + +## Build the wireguard go library for iOS devices. +execute_process(OUTPUT_VARIABLE IOS_SDKROOT OUTPUT_STRIP_TRAILING_WHITESPACE COMMAND xcrun --sdk ${CMAKE_OSX_SYSROOT} --show-sdk-path) +build_go_archive(${CMAKE_CURRENT_BINARY_DIR}/libwg-dev.a ${CMAKE_SOURCE_DIR}/3rd/wireguard-apple/Sources/WireGuardKitGo/go.mod + GOOS ios + GOARCH arm64 + CGO_CFLAGS -arch arm64 -isysroot ${IOS_SDKROOT} + CGO_LDFLAGS -arch arm64 -isysroot ${IOS_SDKROOT} +) + +## Unify the wireguard go libraries. +add_custom_target(libwg_builder + DEPENDS + ${CMAKE_CURRENT_BINARY_DIR}/libwg-dev.a + ${CMAKE_CURRENT_BINARY_DIR}/libwg-sim.a + BYPRODUCTS ${CMAKE_CURRENT_BINARY_DIR}/libwg-unified.a + WORKING_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR} + COMMAND lipo -create -output libwg-unified.a libwg-dev.a libwg-sim.a +) + +## Link and depend on the wireguard library. +add_dependencies(networkextension libwg_builder) +target_link_libraries(networkextension PRIVATE ${CMAKE_CURRENT_BINARY_DIR}/libwg-unified.a) \ No newline at end of file diff --git a/client/protocols/openvpnovercloakprotocol.cpp b/client/protocols/openvpnovercloakprotocol.cpp index 5ba2c587..55939895 100644 --- a/client/protocols/openvpnovercloakprotocol.cpp +++ b/client/protocols/openvpnovercloakprotocol.cpp @@ -109,8 +109,6 @@ QString OpenVpnOverCloakProtocol::cloakExecPath() { #ifdef Q_OS_WIN return Utils::executable(QString("cloak/ck-client"), true); -#elif defined Q_OS_LINUX - return Utils::usrExecutable("ck-client"); #else return Utils::executable(QString("/ck-client"), true); #endif diff --git a/client/protocols/shadowsocksvpnprotocol.cpp b/client/protocols/shadowsocksvpnprotocol.cpp index 7e55b6f3..82ae08b8 100644 --- a/client/protocols/shadowsocksvpnprotocol.cpp +++ b/client/protocols/shadowsocksvpnprotocol.cpp @@ -109,8 +109,6 @@ QString ShadowSocksVpnProtocol::shadowSocksExecPath() { #ifdef Q_OS_WIN return Utils::executable(QString("ss/ss-local"), true); -#elif defined Q_OS_LINUX - return Utils::usrExecutable(QString("ss-local")); #else return Utils::executable(QString("/ss-local"), true); #endif @@ -118,5 +116,17 @@ QString ShadowSocksVpnProtocol::shadowSocksExecPath() void ShadowSocksVpnProtocol::readShadowSocksConfiguration(const QJsonObject &configuration) { - m_shadowSocksConfig = configuration.value(ProtocolProps::key_proto_config_data(Proto::ShadowSocks)).toObject(); + QJsonObject shadowSocksConfig = configuration.value(ProtocolProps::key_proto_config_data(Proto::ShadowSocks)).toObject(); + bool isLocalPortConvertOk = false; + bool isServerPortConvertOk = false; + int localPort = shadowSocksConfig.value("local_port").toString().toInt(&isLocalPortConvertOk); + int serverPort = shadowSocksConfig.value("server_port").toString().toInt(&isServerPortConvertOk); + if (!isLocalPortConvertOk) { + qDebug() << "Error when converting local_port field in ShadowSocks config"; + } else if (!isServerPortConvertOk) { + qDebug() << "Error when converting server_port field in ShadowSocks config"; + } + shadowSocksConfig["local_port"] = localPort; + shadowSocksConfig["server_port"] = serverPort; + m_shadowSocksConfig = shadowSocksConfig; } diff --git a/client/server_scripts/openvpn_cloak/template.ovpn b/client/server_scripts/openvpn_cloak/template.ovpn index 4fc2b2c3..7f9494b9 100644 --- a/client/server_scripts/openvpn_cloak/template.ovpn +++ b/client/server_scripts/openvpn_cloak/template.ovpn @@ -1,6 +1,6 @@ client dev tun -proto $OPENVPN_TRANSPORT_PROTO +proto tcp resolv-retry infinite nobind persist-key diff --git a/deploy/data/linux/client/bin/ck-client b/deploy/data/linux/client/bin/ck-client new file mode 100755 index 00000000..a6ef310c Binary files /dev/null and b/deploy/data/linux/client/bin/ck-client differ diff --git a/deploy/data/linux/client/bin/ss-local b/deploy/data/linux/client/bin/ss-local new file mode 100755 index 00000000..292abf6f Binary files /dev/null and b/deploy/data/linux/client/bin/ss-local differ diff --git a/service/CMakeLists.txt b/service/CMakeLists.txt index abde0c70..567e9d49 100644 --- a/service/CMakeLists.txt +++ b/service/CMakeLists.txt @@ -1,4 +1,4 @@ -cmake_minimum_required(VERSION 3.23.0 FATAL_ERROR) +cmake_minimum_required(VERSION 3.25.0 FATAL_ERROR) set(PROJECT service) project(${PROJECT}) @@ -16,4 +16,4 @@ endif() if(WIN32) add_subdirectory(wireguard-service) -endif() \ No newline at end of file +endif() diff --git a/service/server/CMakeLists.txt b/service/server/CMakeLists.txt index 637adb09..687b382a 100644 --- a/service/server/CMakeLists.txt +++ b/service/server/CMakeLists.txt @@ -1,4 +1,4 @@ -cmake_minimum_required(VERSION 3.23.0 FATAL_ERROR) +cmake_minimum_required(VERSION 3.25.0 FATAL_ERROR) set(PROJECT AmneziaVPN-service) project(${PROJECT}) diff --git a/service/wireguard-service/CMakeLists.txt b/service/wireguard-service/CMakeLists.txt index 6e064f71..33a3d584 100644 --- a/service/wireguard-service/CMakeLists.txt +++ b/service/wireguard-service/CMakeLists.txt @@ -1,4 +1,4 @@ -cmake_minimum_required(VERSION 3.23.0 FATAL_ERROR) +cmake_minimum_required(VERSION 3.25.0 FATAL_ERROR) set(PROJECT wireguard-service) project(${PROJECT} LANGUAGES CXX)