Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

macOS system extension #1942

Merged
merged 17 commits into from
Aug 16, 2022
Merged

macOS system extension #1942

merged 17 commits into from
Aug 16, 2022

Conversation

jagerman
Copy link
Member

@jagerman jagerman commented Jun 22, 2022
edited
Loading

Still needs:

  • Wiring up lokinet start/stop from the GUI
  • Script to package the GUI + sign everything

@jagerman jagerman mentioned this pull request Jul 20, 2022
Closed
@jagerman jagerman added this to the 0.9.10 milestone Jul 20, 2022
@majestrate majestrate force-pushed the macos-sysex branch 5 times, most recently from 43741aa to 76d30e5 Compare July 26, 2022 12:43
@jagerman jagerman marked this pull request as ready for review August 12, 2022 23:21
Jeff and others added 6 commits August 12, 2022 20:23
@jagerman
add lokinet.swift cli args
5dd7199 
* add --start flag to start lokinet
* add --stop flag to stop
* by default lokinet on macos needs a flag or it will be a nop
@jagerman
Require explicit disabling of codesigning
49b2878 
Make the mac build require passing either an explicit -DCODESIGN=OFF or
the code signing identities.
@jagerman
Change permissions for system extension
93421c6
@jagerman
Make sure BUILD_SHARED_LIBS is a cache variable
4c39a2d 
Otherwise cmake warns about propagation of normal variables into cache
variables when it hits the option in the oxen-mq submodule.
@jagerman
Fix platform::is_apple value
e977527
@majestrate @jagerman
on apple write packets back to interface when it is for us because th…
61d7ff3 
…at does not have a route spec for the interace ip on loopback as apple finds having sensible defaults bothersome internally
@jagerman jagerman changed the title [WIP] macos system extension macOS system extension Aug 12, 2022
@jagerman
Copy link
Member Author

Now works. Relies on oxen-io/lokinet-gui#17

@jagerman
Copy link
Member Author

We have a new mac icon (added as an svg here and built during the build), but it still requires some tweaks (that can come in a separate PR though).

@jagerman
Copy link
Member Author

The way this now works is the following. It is dumb, but this is macos and apparently that's how Apple wants it to be.

// If we are invoked with no arguments then exec the gui.  This is dumb, but there doesn't seem to
// be a nicer way to do this on Apple's half-baked platform because:
// - we have three "bundles" we need to manage: the GUI app, the system extension, and the Lokinet
//   app (this file) which loads the system extension.
// - if we embed the system extension directly inside the GUI then it fails to launch because the
//   electron GUI's requirements (needed for JIT) conflict with the ability to load a system
//   extensions.
// - if we embed Lokinet.app inside Lokinet-GUI.app and then the system extension inside Lokinet.app
//   then it works, but macos loses track of the system extension and doesn't remove it when you
//   remove the application.  (It breaks your system, leaving an impossible-to-remove system
//   extension, in just the same way it breaks if you don't use Finder to remove the Application.
//   Apple used to say (around 2 years ago as of writing) that they would fix this situation "soon",
//   but hasn't, and has stopped saying anything about it.)
// - if we try to use multiple executables (one to launch the system extension, one simple shell
//   script to execs the embedded GUI app) inside the Lokinet.app and make the GUI the default for
//   the application then Lokinet gets killed by gatekeeper because code signing only applies the
//   (required-for-system-extensions) provisioningprofile to the main binary in the app.
//
// So we are left needing *one* single binary that isn't the GUI but has to do double-duty for both
// exec'ing the binary and loading lokinet, depending on how it is called.
//
// But of course there is no way to specify command-line arguments to the default binary macOS runs,
// so we can't use a `--gui` flag or anything so abhorrent to macos purity, thus this nasty
// solution:
//   - no args -- exec the GUI
//   - `--start` -- load the system extension and start lokinet
//   - `--stop` -- stop lokinet
//
// macOS: land of half-baked implementations and nasty hacks to make anything work.

jagerman and others added 5 commits August 12, 2022 21:13
@jagerman
macOS system extension support
0937299 
Adds support for building Lokinet as a system extension, and fixes
various problems in the macos implementation found during development of
the system extension support.
@jagerman
Handle Apple's trash servers when polling for notarization
5530ec3 
Apple's servers have a gateway timeout a small but noticeable percentage
of the time, which was breaking the script.  Detect such Apple flakiness
and keep trying.
@jagerman
maker packet tunnel provider compile
279b571
@jagerman
build gui and assemble app bundles into one singular app bundle
b889674
@jagerman
Update mingw zmq patch
c504c03 
The one we were applying for closesocket breaks on some versions.
jagerman and others added 5 commits August 12, 2022 21:13
@jagerman
Remove disabled submodule check
7b2b114 
It's easy enough to add -DSUBMODULE_CHECK=OFF yourself if you really
won't want it, and much more useful to have it enabled as a default.
@jagerman
Build apple/macos GUI from lokinet project
181de21 
This adds the gui as a submodule, and consolidates the GUI handling a
bit between the two platforms.
@jagerman
contrib/windows.sh: do a release build by default
8c2f417
@jagerman
Stub out the peer stats sqlite_orm code
496c1d2 
This avoids needing to build it and include it in static builds since we
aren't currently making use of it.
@jagerman
Working signed macOS GUI build
2b7b1fc
majestrate
majestrate approved these changes Aug 14, 2022
View reviewed changes
Copy link
Contributor

@majestrate majestrate left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

other than the cmake ponderings this looks good to merge

@majestrate majestrate merged commit 13c71c3 into oxen-io:dev Aug 16, 2022
@jagerman jagerman mentioned this pull request Aug 30, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@majestrate majestrate majestrate approved these changes

Assignees

@majestrate majestrate

Labels
None yet
Projects
None yet
Milestone
0.9.10
Development

Successfully merging this pull request may close these issues.
2 participants
@jagerman @majestrate