Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

New updater/installer #1698

Open
wants to merge 63 commits into
base: v2.0
Choose a base branch
from
Open

New updater/installer #1698

wants to merge 63 commits into from

Conversation

vlabo
Copy link
Member

@vlabo vlabo commented Sep 17, 2024

Summary by CodeRabbit

  • New Features

    • Introduced a new linting job to the GitHub Actions workflow for improved code quality checks.
    • Added a dedicated linting section in the build process to ensure code adheres to standards.
  • Bug Fixes

    • Streamlined binary handling in the build process for better efficiency.
  • Documentation

    • Removed outdated updater package and related files to simplify resource management.
  • Chores

    • Enhanced the workflow by separating linting from the main build process.

Copy link
Contributor

coderabbitai bot commented Sep 17, 2024

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

📝 Walkthrough
📝 Walkthrough
📝 Walkthrough
📝 Walkthrough
📝 Walkthrough
📝 Walkthrough
📝 Walkthrough
📝 Walkthrough
📝 Walkthrough
📝 Walkthrough
📝 Walkthrough
📝 Walkthrough
📝 Walkthrough
📝 Walkthrough
📝 Walkthrough
📝 Walkthrough

Walkthrough

The changes include the addition of a new linting job in the GitHub Actions workflow, modifications to the Earthfile to streamline binary handling and introduce a linting section, and the removal of several files related to the updater package, which contained functionality for managing updates, file retrieval, and versioning. The deletions indicate a significant reduction in the updater's capabilities, as multiple methods and types associated with resource management and notifications have been eliminated.

Changes

File(s) Change Summary
.github/workflows/tauri.yml Added a new job lint that sets up the Earthly environment, checks out the repository, logs into GitHub Container Registry, and builds the Tauri project with linting.
Earthfile Modified tauri-build to simplify binary handling and added a new tauri-lint section for environment preparation and linting using cargo clippy.
base/updater/doc.go, export.go, fetch.go, file.go, filename.go, filename_test.go, get.go, indexes.go, indexes_test.go, notifier.go, registry.go Removed multiple files and their associated methods/types related to the updater functionality, indicating a complete removal of the updater package.

Sequence Diagram(s)

sequenceDiagram
    participant GitHub Actions
    participant Earthly
    participant Tauri Project

    GitHub Actions->>Earthly: Setup Environment
    Earthly->>GitHub Actions: Environment Ready
    GitHub Actions->>GitHub Actions: Checkout Repository
    GitHub Actions->>GitHub Container Registry: Login
    GitHub Actions->>Earthly: Build Tauri Project (+tauri-lint)
    Earthly->>Tauri Project: Execute Linting
Loading

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share
🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>, please review it.
    • Generate unit testing code for this file.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
    • @coderabbitai generate unit testing code for this file.
    • @coderabbitai modularize this function.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
    • @coderabbitai read src/utils.ts and generate unit testing code.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
    • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

  • @coderabbitai pause to pause the reviews on a PR.
  • @coderabbitai resume to resume the paused reviews.
  • @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
  • @coderabbitai full review to do a full review from scratch and review all the files again.
  • @coderabbitai summary to regenerate the summary of the PR.
  • @coderabbitai resolve resolve all the CodeRabbit review comments.
  • @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
  • @coderabbitai help to get help.

Other keywords and placeholders

  • Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
  • Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
  • Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

  • You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
  • Please see the configuration documentation for more information.
  • If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

  • Visit our Documentation for detailed information on how to use CodeRabbit.
  • Join our Discord Community to get help, request features, and share feedback.
  • Follow us on X/Twitter for updates and announcements.

@vlabo vlabo changed the title Feature/new installer New updater/installer Sep 17, 2024
Copy link
Member

@dhaavi dhaavi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a first glance at the update module. I haven't checked the other files yet.

Comments are mostly small things.

service/updates/bundle.go Outdated Show resolved Hide resolved
service/updates/bundle.go Outdated Show resolved Hide resolved
service/updates/bundle.go Outdated Show resolved Hide resolved
service/updates/bundle.go Outdated Show resolved Hide resolved
service/updates/bundle.go Outdated Show resolved Hide resolved
service/updates/bundle.go Outdated Show resolved Hide resolved
service/updates/index.go Outdated Show resolved Hide resolved
service/updates/index.go Outdated Show resolved Hide resolved
Comment on lines 32 to 39
for _, file := range files {
filepath := fmt.Sprintf("%s/%s", updateIndex.Directory, file.Name())
purgePath := fmt.Sprintf("%s/%s", updateIndex.PurgeDirectory, file.Name())
err := os.Rename(filepath, purgePath)
if err != nil {
return fmt.Errorf("failed to move file %s: %w", filepath, err)
}
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this should respect the ignore config.

service/updates/updater.go Outdated Show resolved Hide resolved
@vlabo
Copy link
Member Author

vlabo commented Sep 26, 2024

@coderabbitai review

Copy link
Contributor

coderabbitai bot commented Sep 26, 2024

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 46

🧹 Outside diff range and nitpick comments (55)
service/config.go (1)

5-8: LGTM: ServiceConfig structure is well-defined. Consider adding comments.

The ServiceConfig struct is well-designed with appropriate field types and clear naming. It effectively encapsulates the configuration for a service.

Consider adding comments to the struct and its fields to improve documentation:

+// ServiceConfig holds configuration details for the service
 type ServiceConfig struct {
+	// IsRunningAsService indicates whether the application is running as a service
 	IsRunningAsService    bool
+	// DefaultRestartCommand specifies the default command to restart the service
 	DefaultRestartCommand *exec.Cmd
 }
packaging/linux/postinst (3)

5-12: LGTM: Proper SELinux handling with a minor suggestion.

The SELinux-related commands are well-structured:

  1. Checking for 'semanage' availability is a good practice.
  2. Setting the correct SELinux context for the portmaster-core binary.
  3. Using 'restorecon' to apply the new security context.

Consider adding error handling for the 'restorecon' command. While errors are redirected, it might be helpful to log any issues. Here's a suggested improvement:

-    restorecon -R /usr/lib/portmaster/portmaster-core 2>/dev/null >&2 || :
+    if ! restorecon -R /usr/lib/portmaster/portmaster-core 2>/dev/null; then
+        echo "Warning: Failed to restore SELinux context for portmaster-core" >&2
+    fi

This change will log a warning if 'restorecon' fails, which could be useful for troubleshooting.


14-15: LGTM: Proper file management with a suggestion for improved error handling.

The file management commands correctly move the portmaster binary and create a symbolic link, maintaining accessibility while organizing files more appropriately.

Consider adding checks before moving the file and creating the symlink to handle potential errors gracefully. Here's a suggested improvement:

-mv /usr/bin/portmaster /usr/lib/portmaster/portmaster
-ln -s /usr/lib/portmaster/portmaster /usr/bin/portmaster 
+if [ -f /usr/bin/portmaster ]; then
+    mv /usr/bin/portmaster /usr/lib/portmaster/portmaster || { echo "Error: Failed to move portmaster binary" >&2; exit 1; }
+    ln -s /usr/lib/portmaster/portmaster /usr/bin/portmaster || { echo "Error: Failed to create symlink for portmaster" >&2; exit 1; }
+else
+    echo "Warning: /usr/bin/portmaster not found, skipping move and symlink creation" >&2
+fi

This change adds error checking and handling, ensuring the script fails gracefully if it encounters issues during file operations.


Line range hint 17-20: LGTM: Proper systemd handling and user notification.

The systemd commands correctly reload the daemon and enable the portmaster service. The reboot prompt is a good practice to ensure all changes take effect.

Consider adding a brief explanation of why a reboot is necessary. This can help users understand the importance of the action. Here's a suggested improvement:

-echo "Please reboot your system"
+echo "Please reboot your system to ensure all Portmaster changes are properly applied and the service starts correctly."

This change provides more context to the user about the necessity of the reboot.

.github/workflows/tauri.yml (1)

38-55: LGTM! New 'lint' job structure is consistent and well-defined.

The new 'lint' job is well-structured and consistent with the existing 'build' job, which is good for maintainability. The use of the latest actions versions and the Earthly setup is appropriate.

Consider optimizing the Container registry login step.

The Container registry login step (lines 47-52) might not be necessary for a linting job if no images are being pushed. Consider removing this step if it's not required for the linting process.

Recommendation for future scalability: Consider using a matrix strategy.

If you anticipate needing to run multiple linting tasks or support different environments in the future, consider implementing a matrix strategy. This would allow you to easily scale your linting workflow.

service/process/module.go (3)

16-16: LGTM: New field addition is appropriate.

The addition of the portmasterUIPath field to the ProcessModule struct is consistent with the changes in the Start method.

Consider adding a comment to document the purpose of this new field:

type ProcessModule struct {
	mgr      *mgr.Manager
	instance instance

+	// portmasterUIPath stores the path to the Portmaster UI binary
	portmasterUIPath string
}

24-28: LGTM: Improved UI binary path retrieval.

The changes to the Start method provide a more dynamic approach to retrieving the UI binary path. The error handling and logging are appropriate.

Consider returning the error instead of just logging it, to allow the caller to handle the failure:

func (pm *ProcessModule) Start() error {
	file, err := pm.instance.BinaryUpdates().GetFile("portmaster")
	if err != nil {
		log.Errorf("process: failed to get path of ui: %s", err)
+		return err
	} else {
		pm.portmasterUIPath = file.Path()
	}
	return nil
}

This change would make the error handling more consistent with Go's error handling patterns.


72-74: LGTM: Interface update is consistent with usage.

The addition of the BinaryUpdates() method to the instance interface is consistent with its usage in the Start method.

Consider adding a comment to document the purpose of this interface and its method:

+// instance represents the core functionality required by the ProcessModule.
type instance interface {
+	// BinaryUpdates returns an Updates object for managing binary updates.
	BinaryUpdates() *updates.Updates
}

This documentation will help other developers understand the purpose and usage of this interface.

service/intel/geoip/module.go (1)

Line range hint 1-69: Summary: Refactoring towards Intel-specific updates

The changes in this file reflect a shift from a general Updates() method to a more specific IntelUpdates() method. This modification appears to be part of a larger refactoring effort to specialize the update mechanism for Intel-related resources.

While the changes themselves are straightforward and consistent within this file, they may have broader implications for the codebase. It's crucial to ensure that:

  1. All implementations of the instance interface are updated to use IntelUpdates().
  2. All calls to Updates() related to this module are changed to IntelUpdates().
  3. The updates.Updates struct still contains all necessary fields and methods for Intel updates.

Consider running a comprehensive test suite to catch any potential issues arising from this refactoring.

desktop/tauri/src-tauri/README.md (3)

1-3: Improve the introduction and fix grammar.

The title is clear, but the introduction could be more informative. Also, there's a minor grammar issue in line 3.

Consider applying these changes:

 # Update Tauri guide
 
-Check latest versions of tauri packages and update them accordingly:
+Check the latest versions of Tauri packages and update them accordingly. This guide provides instructions for updating Tauri dependencies and the WIX installer template.
🧰 Tools
🪛 LanguageTool

[uncategorized] ~3-~3: You might be missing the article “the” here.
Context: # Update Tauri guide Check latest versions of tauri packages and update t...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)


4-29: Fix code block formatting and clarify plugin update note.

The instructions for updating Tauri packages are clear and helpful. However, there's a minor formatting issue with the TOML code block, and the note about plugin updates could be more specific.

Consider applying these changes:

  1. Fix the TOML code block formatting:
-```toml
+```toml
 [build-dependencies]
 tauri-build = { version = "2.0.0-beta.19", features = [] } # Update to latest
  1. Clarify the plugin update note:
-> The plugins will be auto updated based on tauri version.
+> Note: The Tauri plugins will be automatically updated based on the core Tauri version specified above.
🧰 Tools
🪛 LanguageTool

[uncategorized] ~24-~24: It appears that a hyphen is missing (if ‘auto’ is not used in the context of ‘cars’).
Context: ...te to latest > The plugins will be auto updated based on tauri version. Run:sh car...

(AUTO_HYPHEN)


31-41: Fix typo and improve clarity of WIX installer update instructions.

The instructions for updating the WIX installer template are clear and provide specific steps. However, there's a minor typo, and the purpose of the XML fragments could be clarified.

Consider applying these changes:

  1. Fix the typo on line 34:
-3. Replace the contents of `templates/main.wsx` and add the fallowing lines at the end of the file, inside the `Product` tag. 
+3. Replace the contents of `templates/main.wxs` and add the following lines at the end of the file, inside the `Product` tag:
  1. Add a brief explanation of the XML fragments:
+   <!-- The following XML fragments are required for Portmaster service installation and management -->
    <!-- Service fragments -->
    <CustomActionRef Id='InstallPortmasterService' />
    <CustomActionRef Id='StopPortmasterService' />
    <CustomActionRef Id='DeletePortmasterService' />
    <!-- End Service fragments -->
packaging/linux/portmaster.service (1)

36-36: Address TODO comment for future implementation.

There's a TODO comment suggesting a future change:

# TODO(ppacher): add --disable-software-updates once it's merged and the release process changed.

While this isn't part of the current changes, it's worth noting for future development.

Questions to consider:

  1. Is there a timeline for implementing this feature?
  2. Should this be tracked as a separate issue?
  3. How will this affect the update process and user experience?

Would you like me to create a GitHub issue to track this TODO item?

service/broadcasts/module.go (1)

11-11: Summary: New Intel Updates functionality introduced

The changes in this file introduce support for Intel Updates:

  1. A new import for the updates package.
  2. A new IntelUpdates() method in the instance interface.

These changes seem to be part of a larger update to the system. While the modifications here are correct, it's crucial to ensure that:

  1. The updates package and its Updates type are properly implemented.
  2. All implementations of the instance interface are updated to include the new IntelUpdates() method.
  3. The rest of the codebase is adjusted to utilize this new functionality where appropriate.

Consider adding documentation comments to the instance interface to explain the purpose and expected behavior of the IntelUpdates() method. This will help maintain clarity as the codebase evolves.

Also applies to: 95-97

service/ui/module.go (2)

60-63: LGTM: Variable grouping improves readability.

Grouping shimLoaded and module under a single var block improves code organization and follows Go best practices. The new module variable of type *UI is correctly declared.

Consider adding a comment explaining the purpose of the module variable, especially since it's now a package-level variable:

 var (
 	shimLoaded atomic.Bool
+	// module holds the singleton instance of the UI
 	module     *UI
 )

71-74: LGTM: Singleton pattern implemented for UI module.

The change to assign the new UI instance to the global module variable implements a singleton pattern, ensuring only one instance of UI is created and globally accessible. This is consistent with the new module variable declaration.

Consider adding error handling to ensure module is set to nil if an error occurs during preparation:

 	module = &UI{
 		mgr:      m,
 		instance: instance,
 	}

 	if err := prep(); err != nil {
+		module = nil
 		return nil, err
 	}

 	return module, nil

This ensures that module remains nil if initialization fails, maintaining consistency with the singleton pattern.

desktop/tauri/src-tauri/templates/files.wxs (4)

3-11: LGTM: Appropriate directory structure defined.

The directory structure is well-defined using CommonAppDataFolder as the base, which is suitable for shared application data. The Portmaster directory with its intel subdirectory is correctly set up.

Consider adding comments to explain the purpose of each directory, especially for the "intel" subdirectory, to improve maintainability. For example:

<!-- Directory for Intel-specific files -->
<Directory Id="IntelDir" Name="intel" />

13-30: Components are well-defined, but consider improving maintainability and cross-platform compatibility.

The BinaryFiles and IntelFiles components are correctly defined with unique GUIDs, and the file specifications are clear.

  1. Consider using variables for the source paths to improve maintainability. This will make it easier to update paths if the directory structure changes. For example:
<?define BinariesDir = "..\..\..\..\binaries\" ?>
...
<File Id="BinIndexJson" Source="$(var.BinariesDir)bin-index.json" />
  1. The portmaster-kext.sys file suggests Windows-specific components. For cross-platform compatibility, consider conditionally including platform-specific files. You can use the <?if?> preprocessor directive for this purpose:
<?if $(var.Platform) = x64 ?>
  <File Id="PortmasterKextSys" Source="$(var.BinariesDir)portmaster-kext.sys" />
<?endif?>
  1. Add comments to explain the purpose of each file, especially for less obvious ones like base.dsdl or urgent.dsdl.

33-38: LGTM: ComponentGroup is correctly defined.

The BinaryAndIntelFiles ComponentGroup is well-structured, referencing both the BinaryFiles and IntelFiles components. This setup facilitates easy inclusion of all necessary files in the installation process.

Consider adding a comment to explain the purpose of this ComponentGroup, which will improve readability for other developers. For example:

<!-- ComponentGroup for all Portmaster files to be installed -->
<ComponentGroup Id="BinaryAndIntelFiles">
  ...
</ComponentGroup>

1-39: Overall, the WiX configuration is well-structured but could benefit from some enhancements.

The files.wxs file provides a solid foundation for packaging and installing the Portmaster application on Windows. The directory structure, components, and file definitions are correctly implemented.

To further improve this configuration:

  1. Consider using variables for file paths to enhance maintainability.
  2. Implement conditional inclusion of platform-specific files for better cross-platform support.
  3. Add comments throughout the file to explain the purpose of directories, components, and files.
  4. Ensure that all necessary files are included and that the relative paths will remain correct in the build environment.

As the project evolves, consider splitting this configuration into multiple files if it grows significantly. This can help manage complexity, especially if you need to support multiple platforms or have a large number of components.

service/firewall/interception/module.go (1)

11-11: Please clarify the purpose and security implications of this integration.

The addition of the updates package and the new BinaryUpdates() method in the instance interface suggests a tighter integration between the Interception module and the update system. Could you please provide more context on:

  1. The purpose of giving the Interception module access to binary updates?
  2. Any potential security implications of combining network interception with update functionality?
  3. How this integration fits into the overall architecture of the system?

This information will help ensure that the changes align with the project's design principles and security requirements.

Also applies to: 101-103

service/core/core.go (3)

117-117: LGTM: New Restart() method added.

The addition of the Restart() method to the instance interface is appropriate and enhances the core functionality.

Consider adding a comment to describe the expected behavior of this method, especially if there are any side effects or important considerations when restarting.


119-120: LGTM: New update-related methods added.

The addition of BinaryUpdates() and IntelUpdates() methods to the instance interface is appropriate and provides clear access to update functionality for different components.

Consider adding comments to describe the purpose and expected behavior of these methods. For example:

// BinaryUpdates returns the update manager for binary updates.
BinaryUpdates() *updates.Updates

// IntelUpdates returns the update manager for intelligence updates.
IntelUpdates() *updates.Updates

19-19: Summary: New updater functionality integrated into core service.

The changes to this file successfully integrate new updater and restart functionality into the core service. The additions are well-structured and consistent with the PR objectives. Here's a summary of the changes:

  1. Added import for the updates package.
  2. Introduced a Restart() method in the instance interface.
  3. Added BinaryUpdates() and IntelUpdates() methods to manage different types of updates.

These changes lay the groundwork for improved update management and service control. The code is clean and follows Go conventions.

As this change introduces new core functionality, ensure that:

  1. The implementation of these new methods is thoroughly tested.
  2. Error handling for update processes is robust and well-documented.
  3. The restart functionality is implemented safely, considering potential impacts on running operations.
  4. Documentation is updated to reflect these new capabilities in the core service.

Also applies to: 117-120

desktop/tauri/src-tauri/Cargo.toml (2)

2-2: LGTM! Consider bumping the package version.

The changes to the package name, default-run, and Rust version are consistent and appropriate. The update to Rust 1.64 is good for potential security and performance improvements.

Given these significant changes, consider bumping the package version (currently at 0.1.0) to reflect the updates.

Also applies to: 8-8, 10-10


84-85: Good addition of Clippy metadata, but use caution with allowed lints.

Adding Clippy metadata is beneficial for customizing linting rules. However, allowing "clippy::collapsible_else_if" might reduce code readability in some cases.

Consider reviewing the instances where this lint is triggered and ensure that allowing it doesn't compromise code clarity. You might want to address these instances individually rather than allowing the lint globally.

service/intel/filterlists/module.go (1)

Line range hint 1-145: Overall impact assessment and suggestion for comprehensive review

The changes in this file represent a good step towards improving code organization by making the update mechanism more specific to intel-related updates. The consistency between the method call and interface definition is well-maintained.

However, given the nature of this change (renaming a method that's part of an interface), it's crucial to ensure that these modifications are consistently applied throughout the entire codebase.

I recommend conducting a comprehensive review of the entire codebase to:

  1. Identify and update all implementations of the instance interface to use IntelUpdates() instead of Updates().
  2. Locate and modify all calls to Updates() that should now be using IntelUpdates().
  3. Update any documentation or comments that reference the old method name.

This thorough review will help prevent any potential runtime errors or inconsistencies that could arise from partially implemented changes.

To assist with this review, you can use the following script to search for potential areas that might need updating:

#!/bin/bash
# Description: Comprehensive search for Updates() related code that might need updating

# Search for Updates() method calls
echo "Searching for Updates() method calls:"
rg --type go -A 5 '\bUpdates\(\)'

# Search for Updates method implementations
echo "Searching for Updates method implementations:"
ast-grep --lang go --pattern 'func $_($_) *Updates() { $$$ }'

# Search for interface definitions including Updates()
echo "Searching for interface definitions including Updates():"
ast-grep --lang go --pattern 'type $_ interface {
  $$$
  Updates() *updates.Updates
  $$$
}'

# Search for struct types implementing Updates()
echo "Searching for struct types implementing Updates():"
ast-grep --lang go --pattern 'type $_ struct {
  $$$
}

func ($_) Updates() *updates.Updates {
  $$$
}'

Review the results carefully and make necessary updates to ensure consistency across the codebase.

service/profile/module.go (1)

Line range hint 1-153: Summary of changes and potential impact

The main changes in this file involve the removal of the updatesPath variable and associated logic. This change is likely part of the larger "New updater/installer" effort mentioned in the PR title. While the migrations variable remains unchanged, ensuring that migration functionality is preserved, the modifications to the start() function (which are not fully visible in the provided code) may have altered how updates are handled in the profile module.

These changes could have significant implications for the update process and how the profile module interacts with the new updater/installer. It's important to ensure that:

  1. All references to updatesPath have been properly removed or updated throughout the codebase.
  2. The start() function still initializes all necessary components correctly.
  3. The new updater/installer functionality is properly integrated with the profile module, if required.

Consider documenting these changes and their implications in the project's documentation or changelog. This will help other developers understand the new update handling process and any potential changes in the profile module's behavior.

desktop/tauri/src-tauri/src/cli.rs (3)

9-25: LGTM: Well-structured and documented CliArguments struct

The CliArguments struct is well-defined with clear documentation for each field. The use of appropriate types for each field is commendable.

Consider adding the #[derive(Default)] attribute to the struct. This would allow for easy creation of a default instance, which could be useful in testing or when partial configuration is needed.

-#[derive(Debug)]
+#[derive(Debug, Default)]
 pub struct CliArguments {
     // ... existing fields ...
 }

27-39: LGTM: Effective log level parsing method

The parse_log method is well-implemented, using a match statement to handle different log level strings and falling back to the default level for unrecognized inputs.

Consider returning a Result from parse_log to explicitly handle invalid inputs:

fn parse_log(&mut self, level: String) -> Result<(), String> {
    self.log_level = match level.as_ref() {
        "off" => LevelFilter::Off,
        "error" => LevelFilter::Error,
        "warn" => LevelFilter::Warn,
        "info" => LevelFilter::Info,
        "debug" => LevelFilter::Debug,
        "trace" => LevelFilter::Trace,
        _ => return Err(format!("Invalid log level: {}", level)),
    };
    Ok(())
}

This change would allow the caller to handle invalid inputs more explicitly, potentially improving error reporting.


1-107: Overall: Solid CLI argument parsing implementation with room for refinement

This new CLI argument parsing system for the Tauri application is well-structured and comprehensive. It effectively handles both long and short flags for various configuration options. The use of clap_lex for low-level parsing and the clear separation of concerns in the code structure are commendable.

However, there are several areas where the implementation could be improved:

  1. Error Handling: Consider implementing more robust error handling, especially for unexpected flags and invalid inputs.
  2. Code Duplication: There's some repetition in the parsing logic for long and short flags that could be refactored.
  3. Short Flag Parsing: The current approach to parsing short flag values could be simplified and made more robust.
  4. Default Implementation: Adding a Default derive to the CliArguments struct could simplify its usage in other parts of the codebase.

Addressing these points would enhance the reliability and maintainability of the CLI parsing system. Additionally, ensure that any changes to the parse function's interface or behavior are reflected in its usage throughout the codebase.

As this is a new file introducing CLI functionality, consider the following architectural advice:

  1. Testability: Add unit tests for the parse function and CliArguments methods to ensure correct behavior under various input scenarios.
  2. Documentation: While the code is generally well-commented, consider adding doc comments (///) to public items for better IDE integration and potential documentation generation.
  3. Error Types: If CLI parsing errors are expected to be handled higher up in the application, consider creating a custom error type for CLI-related errors.

These improvements will contribute to a more robust and maintainable CLI system as the application evolves.

service/intel/geoip/database.go (1)

200-211: LGTM! Consider removing commented code.

The openAndUnpack function has been renamed to open and simplified, removing the unpacking logic. This change is consistent with the overall simplification of the update process and the use of uncompressed database files.

Consider removing the commented-out code (lines 206-209) if it's no longer needed. If there's a reason to keep it for future reference, add a comment explaining why it's retained and under what circumstances it might be reintroduced.

service/ui/serve.go (1)

Line range hint 1-180: Ensure comprehensive testing of the update system

The changes in this file appear to be part of a larger refactoring of the update system. While the modifications look good, it's crucial to ensure that these changes are consistent with the rest of the codebase and that the new update system functions as expected.

Consider the following recommendations:

  1. Conduct thorough integration tests to verify that the new update retrieval method works correctly in various scenarios.
  2. Update any documentation related to the update system to reflect these changes.
  3. Review other parts of the codebase that might be affected by this refactoring, especially those that interact with the update system.

These steps will help ensure that the new updater/installer functions correctly and maintains consistency across the entire application.

desktop/tauri/src-tauri/tauri.conf.json5 (1)

63-73: Review file structure and consider security implications

The new file mappings for the Debian package are logically organized, separating core binaries and intel data. However, there are a couple of points to consider:

  1. Placing user-modifiable data (like intel files) in /usr/lib might not align with the Filesystem Hierarchy Standard (FHS). Consider moving these to /var/lib/portmaster for better compliance and to separate static from variable data.

  2. Ensure that appropriate permissions are set for these files, especially for sensitive data like intelligence files.

Consider restructuring the file paths as follows:

  • Keep core binaries and assets in /usr/lib/portmaster/
  • Move intel files to /var/lib/portmaster/intel/

This separation will improve security and maintainability.

service/firewall/interception/windowskext2/kext.go (1)

65-67: Approve the nil check with suggestions for improvement.

The addition of the nil check for kextFile is a good defensive programming practice. It prevents potential null pointer dereferences and provides a clear error message.

However, consider the following suggestions:

  1. Add a log warning when this error occurs, as it might indicate an unexpected state.
  2. Review the Start function to ensure kextFile is always properly initialized.
  3. Consider adding similar checks for service to ensure consistent error handling.

Here's a suggested improvement:

 func Stop() error {
 	if kextFile == nil {
-		return fmt.Errorf("kextfile is nil")
+		log.Warning("winkext: attempting to stop with nil kextFile")
+		return fmt.Errorf("kextFile is nil, possibly not initialized")
 	}
+	if service == nil {
+		log.Warning("winkext: attempting to stop with nil service")
+		return fmt.Errorf("service is nil, possibly not initialized")
+	}
 	// Prepare kernel for shutdown
 	err := shutdownRequest()
 	if err != nil {
 		log.Warningf("winkext: shutdown request failed: %s", err)
 	}
 	// ... rest of the function

This change adds logging and a check for service, providing more context for debugging if these errors occur.

desktop/tauri/src-tauri/src/portmaster/notifications.rs (2)

Line range hint 84-89: Approved: Consistent naming and potential refactoring opportunity.

The renaming of Payload::JSON to Payload::Json in both Linux and Windows implementations is consistent with the earlier change and improves adherence to Rust naming conventions.

Consider refactoring the common parts of the Linux and Windows show_notification functions into a shared helper function to reduce code duplication. For example:

fn create_notification_payload(value: String) -> Payload {
    Payload::Json(
        json!({
            "SelectedActionID": value
        })
        .to_string(),
    )
}

This function could then be used in both platform-specific implementations, reducing duplication and improving maintainability.

Also applies to: 128-133


Line range hint 1-143: Summary of changes and recommendations.

  1. The logic for skipping notifications in the notification_handler function has been inverted. This significant change requires verification to ensure it aligns with the intended behavior.

  2. Enum variants have been consistently renamed from JSON to Json, improving adherence to Rust naming conventions.

  3. Consider refactoring the platform-specific show_notification functions to reduce code duplication, particularly in the creation of the notification payload.

Overall, while the naming changes are improvements, the logic change in notification handling is crucial and should be carefully reviewed and tested to ensure it doesn't introduce unintended behavior.

desktop/tauri/src-tauri/src/window.rs (1)

Line range hint 56-62: Improved environment variable check: Approved with suggestion

The change to use std::env::var("TAURI_SHOW_IMMEDIATELY").is_ok() is a good simplification. It makes the code more readable while maintaining the same functionality.

For consistency with Rust's error handling practices, consider using the is_ok_and() method introduced in Rust 1.62.0:

if std::env::var("TAURI_SHOW_IMMEDIATELY").is_ok_and(|v| !v.is_empty()) {
    // ...
}

This change would ensure that the environment variable is not only present but also non-empty.

desktop/tauri/src-tauri/src/portapi/message.rs (1)

189-263: Consistent test updates and comprehensive coverage.

The test cases have been correctly updated to use the new enum variant names (Json and Unknown), maintaining consistency with the earlier changes. The tests cover various scenarios for parsing and creating Payload and Message instances, including error handling for edge cases.

Consider adding a test case for parsing a message with an unknown payload type to ensure the Payload::Unknown variant is correctly handled. For example:

#[test]
fn parse_message_with_unknown_payload() {
    let m = "10|insert|some:key|Xunknown_payload"
        .parse::<Message>()
        .expect("Expected message to parse");

    assert_eq!(
        m,
        Message {
            id: 10,
            cmd: "insert".to_string(),
            key: Some("some:key".to_string()),
            payload: Some(Payload::Unknown("Xunknown_payload".to_string())),
        }
    );
}

This additional test would help ensure that the parsing logic correctly handles payloads with unknown prefixes.

service/intel/filterlists/index.go (1)

Line range hint 1-290: Summary of changes and recommendations

The changes in this file represent a significant shift in the update mechanism for filter lists. Here's a summary of the main points and recommendations:

  1. The update mechanism has been changed from updater.File to updates.File, which seems to be part of a larger refactoring effort.
  2. Version checking and upgrade availability logic have been removed or commented out, simplifying the update process but potentially removing important safeguards.
  3. The new update retrieval method uses a more modular approach, which could improve the overall architecture.

Recommendations:

  1. Ensure consistency of the new update mechanism across the entire codebase.
  2. Verify and potentially improve error handling for the new update retrieval method.
  3. Reconsider the removal of version checks and upgrade availability checks, or provide clear justification for their removal.
  4. Remove commented-out code if it's no longer needed, or add explanatory comments if it's kept for future reference.
  5. Document the new update strategy and its implications on the system's behavior.

These changes have the potential to significantly impact the system's update process. Please review the individual comments for more detailed feedback and verification steps.

desktop/tauri/src-tauri/src/service/systemd.rs (1)

234-238: LGTM: Simplified file existence checks

The changes in the get_sudo_cmd() function improve code clarity by directly using is_ok() instead of pattern matching. This simplification maintains the same functionality while making the code more concise and potentially slightly more efficient.

Consider using the std::path::Path API for a more idiomatic approach to file checks:

if Path::new("/usr/bin/pkexec").exists() {
    return Ok(SudoCommand::Pkexec);
}

if Path::new("/usr/bin/gksudo").exists() {
    return Ok(SudoCommand::Gksu);
}

This change would make the code more consistent with Rust's standard library conventions for file system operations.

service/core/api.go (3)

108-120: LGTM! Consider adding error handling.

The new endpoint for triggering update checks is well-implemented. It correctly uses POST method and user-level write permissions.

Consider adding error handling for TriggerUpdateCheck() calls if these methods can potentially return errors. This would provide more robust error reporting to the API consumer.


122-134: LGTM! Consider adding error handling.

The new endpoint for applying updates is well-implemented. It correctly uses POST method and user-level write permissions.

Consider adding error handling for TriggerApplyUpdates() calls if these methods can potentially return errors. This would provide more robust error reporting to the API consumer.


179-179: TODO: Implement updates debug info

There's a TODO comment indicating that debug information for updates needs to be added.

Would you like assistance in implementing the updates.AddToDebugInfo(di) function? This could involve creating a new function in the updates package that adds relevant update information to the debug output. Let me know if you'd like me to draft an implementation or create a GitHub issue to track this task.

desktop/tauri/src-tauri/src/xdg/mod.rs (1)

395-396: Consider using double quotes for string literal

While the change from double quotes to single quotes doesn't affect functionality, it's generally more idiomatic in Rust to use double quotes for string literals. Single quotes are typically reserved for character literals.

Consider reverting this change:

-       .split('-')
+       .split("-")
Earthfile (2)

636-671: New Tauri linting process added

A new tauri-lint target has been added to the Earthfile. This is a positive addition to the build process as it introduces static code analysis using Clippy, the Rust linter. The setup includes:

  1. Preparing the build environment similar to the tauri-build target.
  2. Setting up necessary directories and copying required binaries.
  3. Running cargo clippy with all targets and features, treating warnings as errors.

This addition will help maintain code quality and catch potential issues early in the development process.

However, there are a couple of points to consider:

  1. The binary copying process is duplicated from the tauri-build target. Consider extracting this into a separate function to reduce code duplication.
  2. The linting process doesn't save any artifacts or output. Consider adding a step to save the linting results for later review or CI/CD integration.

To reduce code duplication, consider creating a shared function for binary copying:

+COPY_TAURI_BINARIES:
+    FUNCTION
+    ARG --required target
+    
+    RUN mkdir /tmp/gobuild
+    RUN mkdir ./binaries
+    
+    DO +RUST_TO_GO_ARCH_STRING --rustTarget="${target}"
+    COPY (+go-build/output --CMDS="portmaster-core" --GOOS="${GOOS}" --GOARCH="${GOARCH}" --GOARM="${GOARM}") /tmp/gobuild
+    
+    FOR bin IN $(ls /tmp/gobuild)
+        RUN set -e ; \
+            dest="./binaries/${bin}" ; \
+            cp "/tmp/gobuild/${bin}" "${dest}" ;
+    END

 tauri-build:
     ...
-    RUN mkdir /tmp/gobuild
-    RUN mkdir ./binaries
-    ...
-    COPY (+go-build/output --CMDS="portmaster-core" --GOOS="${GOOS}" --GOARCH="${GOARCH}" --GOARM="${GOARM}") /tmp/gobuild
-    ...
-    FOR bin IN $(ls /tmp/gobuild)
-        RUN set -e ; \
-            dest="./binaries/${bin}" ; \
-            cp "/tmp/gobuild/${bin}" "${dest}" ;
-    END
+    DO +COPY_TAURI_BINARIES --target="${target}"
     ...

 tauri-lint:
     ...
-    RUN mkdir /tmp/gobuild
-    RUN mkdir ./binaries
-    ...
-    COPY (+go-build/output --CMDS="portmaster-start portmaster-core" --GOOS="${GOOS}" --GOARCH="${GOARCH}" --GOARM="${GOARM}") /tmp/gobuild
-    ...
-    FOR bin IN $(ls /tmp/gobuild)
-        RUN set -e ; \
-            dest="./binaries/${bin}-${target}" ; \
-            if [ -z "${bin##*.exe}" ]; then \
-                dest="./binaries/${bin%.*}-${target}.exe" ; \
-            fi ; \
-            cp "/tmp/gobuild/${bin}" "${dest}" ;
-    END
+    DO +COPY_TAURI_BINARIES --target="${target}"
     ...

This refactoring will make the code more maintainable and reduce the risk of inconsistencies between the build and lint processes.


Line range hint 1-771: Overall improvements to the build process

The changes made to this Earthfile represent significant improvements to the build process:

  1. The Tauri build process has been streamlined, with simplified binary handling and more consistent artifact naming.
  2. A new linting step has been introduced, which will help maintain code quality.
  3. The Windows bundle creation process has been refined, with better versioning and packaging.

These changes should lead to a more maintainable and robust build process. However, there's still room for improvement in terms of reducing code duplication, particularly in the binary copying steps between the build and lint processes.

Consider further modularizing common operations in the Earthfile to reduce duplication and improve maintainability. This could include creating shared functions for operations like binary copying, version extraction, and artifact naming.

desktop/tauri/src-tauri/templates/nsis_install_hooks.nsh (1)

22-22: Typographical error in comment: "restire" should be "restore"

There is a misspelling in the comment on line 22. The word "restire" should be corrected to "restore".

Apply this diff to fix the typo:

- ; restire previous state
+ ; restore previous state
cmds/portmaster-core/main_linux.go (2)

18-18: Remove unused variable defaultRestartCommand

The variable defaultRestartCommand is declared but never used. Consider removing it to clean up the code.


107-122: Unused function isRunningAsService()

The function isRunningAsService() is defined but never called in this file. If it's not needed, consider removing it to reduce unnecessary code.

service/updates/bundle.go (1)

119-120: Correct typo in error message

The error message on line 119 has a typographical error. It should read "file exists but the hash does not match" instead of "file exist but the hash does not match".

Apply this diff to fix the typo:

-return false, fmt.Errorf("file exist but the hash does not match: %s", filename)
+return false, fmt.Errorf("file exists but the hash does not match: %s", filename)
cmds/portmaster-core/main_windows.go (1)

99-101: Typographical error in log messages

The word "shuting" is misspelled in the log messages. It should be "shutting".

Apply this diff to correct the typo:

-log.Infof("shuting down service with error: %s", sErr)
+log.Infof("shutting down service with error: %s", sErr)

-log.Infof("shuting down service")
+log.Infof("shutting down service")
desktop/tauri/src-tauri/src/main.rs (1)

Line range hint 130-145: Inconsistent logging behavior between Linux and Windows

On Linux, when cli_args.data is provided, the log_target is set to a folder inside data_dir. On Windows, even if cli_args.data is provided, the log_target defaults to the system log directory and does not utilize data_dir. This inconsistency may lead to confusion and inconsistent logging locations across platforms.

Consider aligning the Windows behavior with the Linux implementation or documenting the reason for this discrepancy. If permissions for the logs/app2 folder are not guaranteed on Windows (as noted in the TODO comment), it might be helpful to handle this case explicitly or provide a fallback mechanism.

service/updates/downloader.go (1)

240-241: Improve error log messages for clarity and consistency

In the downloadFile function, the error log messages are inconsistent and could be clearer. For instance:

  • Line 240: "failed to create GET request to %s: %s" – clear and includes the URL.
  • Line 248: "failed a get file request to: %s" – less clear and missing the URL.

Consider standardizing the log messages for better readability. Ensure all messages include relevant information like the URL and use consistent phrasing.

Apply this diff for consistency:

     req, err := http.NewRequestWithContext(ctx, http.MethodGet, url, http.NoBody)
     if err != nil {
-        log.Warningf("failed to create GET request to %s: %s", url, err)
+        log.Warningf("failed to create GET request to %s: %s", url, err)
         continue
     }
     if UserAgent != "" {
         req.Header.Set("User-Agent", UserAgent)
     }
     resp, err := d.httpClient.Do(req)
     if err != nil {
-        log.Warningf("failed a get file request to: %s", err)
+        log.Warningf("failed to make GET request to %s: %s", url, err)
         continue
     }

Also applies to: 248-249

desktop/tauri/src-tauri/src/traymenu.rs (1)

556-558: Redundant SPN UI state update

The SPN UI state is being set to false in both the tray_handler loop exit (lines 489-491) and in the load_theme function (lines 556-558). Verify if this redundancy is necessary or if one of the updates can be removed to simplify the code.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Files that changed from the base of the PR and between cfd8777 and 61babe2.

⛔ Files ignored due to path filters (1)
  • desktop/tauri/src-tauri/Cargo.lock is excluded by !**/*.lock
📒 Files selected for processing (82)
  • .github/workflows/tauri.yml (1 hunks)
  • Earthfile (4 hunks)
  • base/updater/doc.go (0 hunks)
  • base/updater/export.go (0 hunks)
  • base/updater/fetch.go (0 hunks)
  • base/updater/file.go (0 hunks)
  • base/updater/filename.go (0 hunks)
  • base/updater/filename_test.go (0 hunks)
  • base/updater/get.go (0 hunks)
  • base/updater/indexes.go (0 hunks)
  • base/updater/indexes_test.go (0 hunks)
  • base/updater/notifier.go (0 hunks)
  • base/updater/registry.go (0 hunks)
  • base/updater/registry_test.go (0 hunks)
  • base/updater/resource.go (0 hunks)
  • base/updater/resource_test.go (0 hunks)
  • base/updater/signing.go (0 hunks)
  • base/updater/state.go (0 hunks)
  • base/updater/storage.go (0 hunks)
  • base/updater/storage_test.go (0 hunks)
  • base/updater/unpacking.go (0 hunks)
  • base/updater/updating.go (0 hunks)
  • cmds/portmaster-core/main.go (3 hunks)
  • cmds/portmaster-core/main_linux.go (1 hunks)
  • cmds/portmaster-core/main_windows.go (1 hunks)
  • desktop/tauri/src-tauri/Cargo.toml (3 hunks)
  • desktop/tauri/src-tauri/README.md (1 hunks)
  • desktop/tauri/src-tauri/src/cli.rs (1 hunks)
  • desktop/tauri/src-tauri/src/main.rs (7 hunks)
  • desktop/tauri/src-tauri/src/portapi/message.rs (7 hunks)
  • desktop/tauri/src-tauri/src/portapi/models/config.rs (2 hunks)
  • desktop/tauri/src-tauri/src/portmaster/commands.rs (3 hunks)
  • desktop/tauri/src-tauri/src/portmaster/mod.rs (3 hunks)
  • desktop/tauri/src-tauri/src/portmaster/notifications.rs (3 hunks)
  • desktop/tauri/src-tauri/src/service/systemd.rs (2 hunks)
  • desktop/tauri/src-tauri/src/traymenu.rs (14 hunks)
  • desktop/tauri/src-tauri/src/window.rs (3 hunks)
  • desktop/tauri/src-tauri/src/xdg/mod.rs (5 hunks)
  • desktop/tauri/src-tauri/tauri.conf.json5 (4 hunks)
  • desktop/tauri/src-tauri/templates/files.wxs (1 hunks)
  • desktop/tauri/src-tauri/templates/main.wxs (1 hunks)
  • desktop/tauri/src-tauri/templates/nsis_install_hooks.nsh (1 hunks)
  • desktop/tauri/src-tauri/templates/service.wxs (1 hunks)
  • packaging/linux/portmaster.service (1 hunks)
  • packaging/linux/postinst (1 hunks)
  • packaging/linux/postrm (1 hunks)
  • service/broadcasts/data.go (1 hunks)
  • service/broadcasts/module.go (2 hunks)
  • service/broadcasts/notify.go (1 hunks)
  • service/config.go (1 hunks)
  • service/core/api.go (3 hunks)
  • service/core/core.go (2 hunks)
  • service/firewall/api.go (1 hunks)
  • service/firewall/interception/interception_windows.go (1 hunks)
  • service/firewall/interception/module.go (2 hunks)
  • service/firewall/interception/windowskext2/kext.go (1 hunks)
  • service/firewall/module.go (2 hunks)
  • service/instance.go (8 hunks)
  • service/intel/filterlists/database.go (4 hunks)
  • service/intel/filterlists/index.go (3 hunks)
  • service/intel/filterlists/module.go (2 hunks)
  • service/intel/filterlists/updater.go (3 hunks)
  • service/intel/geoip/database.go (4 hunks)
  • service/intel/geoip/module.go (2 hunks)
  • service/netenv/main.go (2 hunks)
  • service/netenv/online-status.go (1 hunks)
  • service/network/api.go (1 hunks)
  • service/process/module.go (2 hunks)
  • service/process/profile.go (1 hunks)
  • service/profile/module.go (1 hunks)
  • service/ui/module.go (3 hunks)
  • service/ui/serve.go (1 hunks)
  • service/updates/api.go (0 hunks)
  • service/updates/bundle.go (1 hunks)
  • service/updates/config.go (0 hunks)
  • service/updates/downloader.go (1 hunks)
  • service/updates/export.go (0 hunks)
  • service/updates/get.go (0 hunks)
  • service/updates/helper/electron.go (0 hunks)
  • service/updates/helper/indexes.go (0 hunks)
  • service/updates/helper/signing.go (0 hunks)
  • service/updates/helper/updates.go (0 hunks)
⛔ Files not processed due to max files limit (12)
  • service/updates/main.go
  • service/updates/module.go
  • service/updates/notify.go
  • service/updates/os_integration_default.go
  • service/updates/os_integration_linux.go
  • service/updates/registry.go
  • service/updates/restart.go
  • service/updates/state.go
  • service/updates/upgrader.go
  • spn/captain/hooks.go
  • spn/captain/intel.go
  • spn/captain/module.go
💤 Files not reviewed due to no reviewable changes (28)
  • base/updater/doc.go
  • base/updater/export.go
  • base/updater/fetch.go
  • base/updater/file.go
  • base/updater/filename.go
  • base/updater/filename_test.go
  • base/updater/get.go
  • base/updater/indexes.go
  • base/updater/indexes_test.go
  • base/updater/notifier.go
  • base/updater/registry.go
  • base/updater/registry_test.go
  • base/updater/resource.go
  • base/updater/resource_test.go
  • base/updater/signing.go
  • base/updater/state.go
  • base/updater/storage.go
  • base/updater/storage_test.go
  • base/updater/unpacking.go
  • base/updater/updating.go
  • service/updates/api.go
  • service/updates/config.go
  • service/updates/export.go
  • service/updates/get.go
  • service/updates/helper/electron.go
  • service/updates/helper/indexes.go
  • service/updates/helper/signing.go
  • service/updates/helper/updates.go
🧰 Additional context used
🪛 LanguageTool
desktop/tauri/src-tauri/README.md

[uncategorized] ~3-~3: You might be missing the article “the” here.
Context: # Update Tauri guide Check latest versions of tauri packages and update t...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)


[uncategorized] ~24-~24: It appears that a hyphen is missing (if ‘auto’ is not used in the context of ‘cars’).
Context: ...te to latest > The plugins will be auto updated based on tauri version. Run:sh car...

(AUTO_HYPHEN)

🔇 Additional comments (95)
service/config.go (2)

3-3: LGTM: Import statement is correct and necessary.

The import of "os/exec" is required for the exec.Cmd type used in the ServiceConfig struct. It's a standard library import and is used appropriately.


5-8: Verify usage of ServiceConfig in the codebase

The introduction of ServiceConfig is a significant change that may affect other parts of the codebase. It's important to ensure that this new structure is properly integrated and used consistently throughout the project.

Run the following script to check for usage of ServiceConfig:

This will help identify where ServiceConfig is being used and where it might need to be introduced.

✅ Verification successful

ServiceConfig usage verified successfully

The ServiceConfig structure is properly integrated and consistently used throughout the codebase. No issues were found.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check for usage of ServiceConfig in the codebase

# Search for ServiceConfig usage
echo "Searching for ServiceConfig usage:"
rg --type go "ServiceConfig" -C 3

# Search for potential places where ServiceConfig should be used
echo "\nSearching for potential places where ServiceConfig might be needed:"
rg --type go "IsRunningAsService|RestartCommand" -C 3

Length of output: 5453

packaging/linux/postrm (1)

2-6: LGTM: Improved readability and documentation.

The addition of an empty line and a clear comment block enhances the script's readability and provides valuable context for the new functionality.

desktop/tauri/src-tauri/src/portapi/models/config.rs (2)

2-2: LGTM: Uncommented serde import

The uncommented import of serde::* aligns with the existing use of serde derive macros in the BooleanValue struct. This change improves code clarity and explicitly shows the dependencies.


16-16: Verify consistency of Payload enum usage

The change from Payload::JSON(str) to Payload::Json(str) looks good and follows better naming conventions. However, it's important to ensure this change is consistent across the entire project.

Let's verify the usage of Payload::Json across the project:

This script will help identify any inconsistencies in the usage of the Payload enum throughout the project.

✅ Verification successful

Consistency of Payload enum usage verified successfully

All instances of the Payload enum use Payload::Json. No occurrences of Payload::JSON were found.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check for any remaining instances of Payload::JSON and list all usages of Payload::Json

echo "Checking for any remaining instances of Payload::JSON:"
rg --type rust "Payload::JSON"

echo "\nListing all usages of Payload::Json:"
rg --type rust "Payload::Json"

Length of output: 1182

packaging/linux/postinst (1)

3-3: LGTM: Correct permission setting for portmaster-core.

The chmod command correctly sets the executable permission for the portmaster-core binary, which is necessary for its proper execution.

desktop/tauri/src-tauri/templates/service.wxs (1)

6-6: 🛠️ Refactor suggestion

Improved service installation method, but consider addressing potential issues.

The change from using portmaster-start.exe to sc.exe for service installation is a good improvement. It aligns better with Windows standards for service management and allows for more control over service properties. Additionally, moving the data directory to [CommonAppDataFolder] is a better practice for storing application data.

However, there are a few potential issues to consider:

  1. Backwards Compatibility: This change might break existing installations. Ensure there's a migration path for users upgrading from previous versions.

  2. Error Handling: The sc.exe command doesn't include any error handling. Consider wrapping this in a script that can check for and report errors.

  3. Hardcoded Service Name: "PortmasterCore" is hardcoded. It might be better to use a variable for the service name to allow for easier changes in the future and avoid potential conflicts.

Consider the following improvements:

  1. Add error handling:
<CustomAction Id="InstallPortmasterService"
              Directory="INSTALLDIR"
              ExeCommand="powershell.exe -Command &quot;&amp; { $result = sc.exe create PortmasterCore binPath= '[INSTALLDIR]portmaster-core.exe --data [CommonAppDataFolder]Portmaster\data'; if ($LASTEXITCODE -ne 0) { throw $result } }&quot;"
              Execute="commit"
              Return="check"
              Impersonate="no"
/>
  1. Use a property for the service name:
<Property Id="SERVICENAME" Value="PortmasterCore" />
...
<CustomAction Id="InstallPortmasterService"
              Directory="INSTALLDIR"
              ExeCommand="sc.exe create [SERVICENAME] binPath= &quot;[INSTALLDIR]portmaster-core.exe --data [CommonAppDataFolder]Portmaster\data&quot;"
              Execute="commit"
              Return="check"
              Impersonate="no"
/>

Also, ensure that the StopPortmasterService and DeletePortmasterService custom actions are updated to use the new service name.

To ensure the changes don't introduce conflicts, let's check for any other occurrences of the service name:

service/process/module.go (1)

7-7: LGTM: Import addition is appropriate.

The addition of the log package import is consistent with the new error logging in the Start method.

service/intel/geoip/module.go (1)

69-69: Please run the following corrected scripts to verify interface implementations and usage:

#!/bin/bash
# Description: Corrected scripts to check interface implementations and usage

# Test 1: Search for struct types that implement the instance interface by defining IntelUpdates method
ast-grep --lang go --pattern 'func ($_) IntelUpdates() *updates.Updates { $$$ }'

# Test 2: Search for usage of the IntelUpdates() method
rg --type go '\bIntelUpdates\(\)'
packaging/linux/portmaster.service (2)

37-37: Approve WorkingDirectory change and verify data migration.

Setting the WorkingDirectory to /var/lib/portmaster/data is a good practice. It ensures that the service operates from a specific, dedicated directory.

Please confirm:

  1. Is there a data migration plan if the previous working directory was different?
  2. Are all file paths in the application code updated to reflect this new working directory?

You can use the following script to check for any hardcoded paths that might need updating:

#!/bin/bash
# Description: Search for potential hardcoded paths that might need updating

echo "Searching for potential hardcoded paths:"
rg --type cpp --type go "/var/lib/portmaster(?!/data)"
rg --type cpp --type go "/opt/safing/portmaster"

This will help identify any paths that might need to be updated to match the new working directory.


33-34: Verify the necessity and security implications of new capabilities.

The service now includes additional capabilities: cap_sys_resource, cap_bpf, and cap_perfmon. While these may be necessary for new features or improved performance, they also expand the potential attack surface.

Please confirm:

  1. Are these new capabilities essential for the updated functionality?
  2. Have the security implications of these additions been thoroughly assessed?
  3. Is there documentation explaining the need for these capabilities?

To help verify the usage of these new capabilities, you can run the following script:

This will help identify where and how these new capabilities are being used in the code.

service/broadcasts/module.go (1)

11-11: LGTM. Verify usage of the new import.

The import statement for the updates package is correctly added. This aligns with the changes made to the instance interface.

To ensure the new import is being used, run the following command:

✅ Verification successful

Verified usage of the new import.

The updates package is utilized in the IntelUpdates method, aligning correctly with the modifications made to the instance interface.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify the usage of the "updates" package in the file.

# Test: Search for usage of the "updates" package. Expect: At least one occurrence.
rg --type go 'updates\.' service/broadcasts/module.go

Length of output: 88

service/ui/module.go (3)

11-11: LGTM: New import for updates package.

The new import for the updates package is correctly added and follows Go conventions. This import is likely required for the new BinaryUpdates() method in the instance interface.


Line range hint 1-85: Overall assessment: Changes improve module structure and add new functionality.

The modifications to service/ui/module.go successfully implement a singleton pattern for the UI module and introduce binary update functionality. The code changes are well-structured and follow Go best practices. Minor suggestions for improvements have been provided, including adding comments and error handling. Please ensure that all implementations of the instance interface are updated to include the new BinaryUpdates() method.


85-85: LGTM: New method for binary updates added to interface.

The new BinaryUpdates() method is correctly added to the instance interface, following Go naming conventions. This addition provides access to binary update functionality in the UI module.

To ensure the correctness of this change, please verify that all implementations of the instance interface have been updated to include this new method. Run the following script to check for potential missing implementations:

This script will help identify any structs that implement the instance interface but might be missing the new BinaryUpdates() method.

✅ Verification successful

LGTM: No existing implementations of instance interface found.

No structs embedding the instance interface were identified in the codebase. Therefore, there are no existing implementations that require the addition of the BinaryUpdates() method at this time.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check for implementations of the 'instance' interface that might be missing the new 'BinaryUpdates()' method.

# Search for struct types that embed the 'instance' interface
structs_with_instance=$(rg --type go -n 'type\s+\w+\s+struct\s*{[^}]*\binstance\b' --glob '!service/ui/module.go')

# For each struct found, check if it implements BinaryUpdates()
echo "Checking implementations of 'instance' interface:"
echo "$structs_with_instance" | while IFS=: read -r file line content; do
    struct_name=$(echo "$content" | sed -n 's/type\s\+\(\w\+\).*/\1/p')
    if ! rg --type go -q "func\s*\(\s*\w+\s+\*?${struct_name}\s*\)\s*BinaryUpdates\s*\(\s*\)\s*\*updates\.Updates" "$file"; then
        echo "Warning: $file:$line - Struct $struct_name might be missing BinaryUpdates() method"
    fi
done

echo "Verification complete."

Length of output: 848


Script:

#!/bin/bash
# Description: Check for implementations of the 'instance' interface that might be missing the new 'BinaryUpdates()' method.

# Search for struct types that embed the 'instance' interface
structs_with_instance=$(rg --type go -n 'type\s+\w+\s+struct\s*{\s*[^}]*\binstance\b' --glob '!service/ui/module.go')

# For each struct found, check if it implements BinaryUpdates()
echo "Checking implementations of 'instance' interface:"
echo "$structs_with_instance" | while IFS=: read -r file line content; do
    struct_name=$(echo "$content" | sed -n 's/type\s\+\(\w\+\).*/\1/p')
    if ! rg --type go -q "func\s*\(\s*\w+\s+\*${struct_name}\s*\)\s*BinaryUpdates\s*\(\s*\)\s*\*updates\.Updates" "$file"; then
        echo "Warning: $file:$line - Struct $struct_name might be missing BinaryUpdates() method"
    fi
done

echo "Verification complete."

Length of output: 853


Script:

#!/bin/bash
# Description: Check for implementations of the 'instance' interface that might be missing the new 'BinaryUpdates()' method.

# Corrected regex to accurately match struct definitions embedding the 'instance' interface
structs_with_instance=$(rg --type go -n 'type\s+\w+\s+struct\s*{\s*[^}]*\binstance\b[^}]*}' --glob '!service/ui/module.go')

# For each struct found, check if it implements BinaryUpdates()
echo "Checking implementations of 'instance' interface:"
echo "$structs_with_instance" | while IFS=: read -r file line content; do
    struct_name=$(echo "$content" | sed -n 's/type\s\+\(\w\+\)\s\+struct.*/\1/p')
    if [ -n "$struct_name" ]; then
        if ! rg --type go -q "func\s*\(\s*\w+\s+\*${struct_name}\s*\)\s*BinaryUpdates\s*\(\s*\)\s*\*updates\.Updates" "$file"; then
            echo "Warning: $file:$line - Struct $struct_name might be missing BinaryUpdates() method"
        fi
    fi
done

echo "Verification complete."

Length of output: 623


Script:

#!/bin/bash
# Description: Use ast-grep to find structs embedding the 'instance' interface and verify implementation of BinaryUpdates() method.

# Find all struct names that embed the 'instance' interface
structs=$(ast-grep --lang go --pattern '
type $_Struct struct {
    $$$
    instance
    $$$
}' --name '*' | jq -r '.matches[] | .Struct')

echo "Found structs embedding 'instance' interface:"
echo "$structs"

# Iterate over each struct to check for BinaryUpdates() method implementation
for struct in $structs; do
    if ! ast-grep --lang go --pattern "
    func ($_ *$struct) BinaryUpdates() *updates.Updates {
        $$$
    }
    " --files '*' | grep -q .; then
        echo "Warning: Struct '$struct' is missing the BinaryUpdates() method implementation."
    else
        echo "Struct '$struct' correctly implements BinaryUpdates()."
    fi
done

echo "Verification complete."

Length of output: 509


Script:

#!/bin/bash
# Description: Corrected script to find structs embedding the 'instance' interface and verify implementation of BinaryUpdates() method using ripgrep (rg).

# Corrected regex pattern with escaped curly braces
pattern='type\s+\w+\s+struct\s*\{\s*[^}]*\binstance\b[^}]*\}'

# Search for struct types that embed the 'instance' interface, excluding service/ui/module.go
structs_with_instance=$(rg --type go -n "$pattern" --glob '!service/ui/module.go')

echo "Found structs embedding 'instance' interface:"
echo "$structs_with_instance"

# Check if any structs were found
if [ -z "$structs_with_instance" ]; then
    echo "No structs embedding 'instance' interface found."
    echo "Verification complete."
    exit 0
fi

# Iterate over each struct found and extract struct names
echo "$structs_with_instance" | while IFS=: read -r file line content; do
    # Extract struct name using sed
    struct_name=$(echo "$content" | sed -n 's/type\s\+\(\w\+\)\s\+struct.*/\1/p')
    
    if [ -n "$struct_name" ]; then
        # Search for the BinaryUpdates() method implementation for the struct
        method_exists=$(rg --type go "func\s+\(\s*\w+\s+\*${struct_name}\s*\)\s*BinaryUpdates\s*\(\s*\)\s*\*updates\.Updates" "$file")
        
        if [ -z "$method_exists" ]; then
            echo "Warning: $file:$line - Struct '$struct_name' is missing BinaryUpdates() method implementation."
        else
            echo "Struct '$struct_name' correctly implements BinaryUpdates()."
        fi
    else
        echo "Warning: Unable to extract struct name from line $line in file $file."
    fi
done

echo "Verification complete."

Length of output: 503

desktop/tauri/src-tauri/templates/files.wxs (1)

1-2: LGTM: Correct XML declaration and root element.

The XML declaration and Wix root element are correctly defined with the appropriate namespace for Windows Installer XML.

service/netenv/main.go (2)

11-11: LGTM: New import added correctly

The new import for the updates package is correctly added and follows the existing import style. This import is necessary for the changes made to the instance interface.


Line range hint 92-92: Verify usage of updated instance interface

The New function uses the instance interface, which has been updated. Please verify that the usage of instance in the New function and throughout the package is consistent with the new interface definition. Ensure that the IntelUpdates method is properly utilized where necessary.

To assist in this verification, you can run the following script:

#!/bin/bash
# Description: Check usage of the `instance` interface in the `New` function and throughout the package

echo "Usages of 'instance' in the New function:"
rg --type go -n "func\s+New.*instance" service/netenv

echo -e "\nUsages of 'instance' throughout the package:"
rg --type go -n "instance\." service/netenv

echo -e "\nNote: Review the output to ensure proper usage of the updated 'instance' interface."
service/firewall/interception/module.go (1)

11-11: LGTM: New import statement is correct and necessary.

The addition of the updates package import is correctly placed and is required for the new BinaryUpdates() method in the instance interface.

service/core/core.go (1)

19-19: LGTM: New import for updates package.

The addition of the updates package import is appropriate and aligns with the new functionality being introduced in this file.

desktop/tauri/src-tauri/Cargo.toml (1)

Line range hint 1-85: Overall changes and structure look good.

The modifications to the Cargo.toml file are consistent with the project's evolution. The changes to package metadata, dependencies, and linting rules are well-structured and don't introduce any unexpected modifications to the overall file layout.

service/intel/filterlists/module.go (2)

145-145: Approve interface update with verification suggestion

The update to the instance interface, changing Updates() to IntelUpdates(), is consistent with the earlier modification and maintains type safety. This is a good change that improves code organization and specificity.

To ensure that this interface change is properly implemented across the codebase, please run the following script to identify all implementations of the instance interface:

#!/bin/bash
# Description: Find all implementations of the instance interface

# Search for struct types that implement the instance interface
echo "Searching for instance interface implementations:"
ast-grep --lang go --pattern 'type $_ struct {
  $$$
}

func ($_) IntelUpdates() *updates.Updates {
  $$$
}'

# Search for potential missed Updates() method implementations
echo "Searching for potential missed Updates() method implementations:"
ast-grep --lang go --pattern 'func ($_) Updates() *updates.Updates {
  $$$
}'

Review the results to ensure all implementations have been updated to use IntelUpdates() instead of Updates().


60-65: Approve changes with suggestions for verification

The changes look good overall. Here are some points to consider:

  1. The switch from Updates() to IntelUpdates() suggests a more specific update mechanism for intel-related updates, which is a good improvement in terms of code organization.

  2. The addition of the debug log statement enhances visibility into the update process, which is beneficial for troubleshooting and monitoring.

To ensure that this change doesn't introduce any issues, please verify that all occurrences of Updates() related to intel have been updated accordingly throughout the codebase. Run the following script to check for any remaining instances:

Review the results to ensure all relevant occurrences have been updated.

service/profile/module.go (3)

18-18: LGTM: migrations variable remains unchanged

The migrations variable has been preserved, which is good as it suggests that the migration functionality is still needed and operational.


Line range hint 1-18: Verify the impact of removing the updatesPath variable

The updatesPath variable has been removed from this file. This change might affect how updates are handled in the profile module.

Please run the following script to check for any remaining references to updatesPath in the codebase:

If there are any remaining references, they may need to be updated or removed to maintain consistency with this change.


Line range hint 67-110: Request for clarification on changes to the start() function

The start() function has been modified, but the exact changes are not visible in the provided code. Given the removal of the updatesPath variable, it's likely that some update-related logic has been removed or modified.

Could you please provide more details on the specific changes made to the start() function? Additionally, run the following script to verify the current implementation:

This will help ensure that all necessary components are still being initialized correctly and that the removal of update-related logic hasn't introduced any issues.

service/broadcasts/data.go (1)

20-32: ⚠️ Potential issue

Address the removal of version information and implement TODO

The commented-out code has removed functionality for collecting and processing version information. This change has several implications:

  1. The data map no longer contains "Updates", "Version", or "NumericVersion" keys.
  2. Error handling for version conversion has been removed.

To address these changes:

  1. Implement the TODO comment to reintroduce version data collection.
  2. Ensure that any code depending on the removed version information is updated accordingly.

Run the following script to check for potential dependencies on the removed version information:

Would you like me to create a GitHub issue to track the implementation of the TODO for version data collection?

✅ Verification successful

Version Information Removal Verified

The commented-out code removes the collection and processing of version information in data.go. After searching the codebase:

  • No active code depends on the "Updates", "Version", or "NumericVersion" keys outside of the commented-out sections.
  • The CategoryAnnotation: "Updates" in release.go appears unrelated to the removed version data collection.
🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Search for usage of removed version keys in the codebase

# Test: Search for "Updates", "Version", and "NumericVersion" keys
rg --type go '"Updates"|"Version"|"NumericVersion"'

Length of output: 450

service/firewall/interception/interception_windows.go (1)

19-19: Approve change in binary file retrieval method.

The modification to use module.instance.BinaryUpdates().GetFile("portmaster-kext.sys") instead of the previous updates.GetPlatformFile method appears to be part of a refactoring effort to improve binary update management. This change likely provides better encapsulation and a more centralized approach to handling binary updates.

To ensure consistency across the codebase, please run the following verification script:

If this change is part of a larger refactoring effort, consider updating the relevant documentation to reflect the new approach to binary update management.

✅ Verification successful

Binary file retrieval method updated correctly.

All instances of GetPlatformFile have been successfully replaced with BinaryUpdates().GetFile, and BinaryUpdates() methods are consistently used across the codebase. No unintended references to portmaster-kext.sys were found outside the specified file.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check for any remaining uses of the old update method and identify other potential update methods in use.

# Test 1: Search for any remaining uses of GetPlatformFile
echo "Searching for remaining uses of GetPlatformFile:"
rg --type go "GetPlatformFile"

# Test 2: Search for other methods of BinaryUpdates to ensure consistent usage
echo "Searching for other BinaryUpdates methods:"
rg --type go "BinaryUpdates\(\)\.(\w+)"

# Test 3: Search for potential inconsistencies in file path for portmaster-kext.sys
echo "Searching for portmaster-kext.sys references:"
rg --type go "portmaster-kext\.sys"

Length of output: 1130

desktop/tauri/src-tauri/src/cli.rs (3)

1-7: LGTM: Appropriate use of conditional compilation for log levels

The import and constant declarations are well-structured. The use of conditional compilation to set different default log levels for debug and release builds is a good practice, allowing for more verbose logging during development while keeping it minimal in production.


41-53: LGTM: Well-structured argument parsing setup

The parse function is well-designed with a flexible input type and appropriate use of clap_lex for low-level argument parsing. The initialization of CliArguments with default values and skipping of the binary name are both good practices.


54-107: ⚠️ Potential issue

Comprehensive argument parsing with room for improvement

The argument parsing logic is thorough, handling both long and short flags efficiently. The use of pattern matching for different flags is clear and effective.

However, there are a few areas that could be improved:

  1. Error Handling: Silently ignoring unexpected flags might lead to unnoticed configuration errors. Consider logging warnings for unexpected flags or returning an error.

  2. Short Flag Parsing: The removal of the first character from short flag values (lines 86 and 93) seems unnecessary and potentially error-prone. This assumes that the value always starts with '=', which may not always be the case.

  3. Code Duplication: There's some duplication in the logic for parsing log levels and data paths between long and short flags.

To address these issues, consider the following refactoring:

  1. Add error logging for unexpected flags:
_ => {
    eprintln!("Warning: Unexpected flag '{}'", long);
}
  1. Remove the character removal for short flags and handle the '=' case explicitly:
if let Some(value) = shorts.next_value_os() {
    let str = value.to_string_lossy();
    let str = str.strip_prefix('=').unwrap_or(&str);
    cli.parse_log(str.to_string());
}
  1. Consider extracting the log level and data path parsing into separate methods to reduce duplication.

To ensure that these changes don't introduce new issues, we should verify the usage of this CLI parser throughout the codebase. Run the following script to check for any direct usage of the parse function:

This will help us understand the impact of any changes to the parse function's interface or behavior.

✅ Verification successful

CLI Parse Function Usage Verified

The cli::parse function is only utilized in desktop/tauri/src-tauri/src/main.rs. This confirms that the proposed changes to the argument parsing logic in cli.rs will not affect other parts of the codebase.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check for usage of the `parse` function in the codebase

rg --type rust "cli::parse\(" -C 5

Length of output: 851

desktop/tauri/src-tauri/src/portmaster/commands.rs (4)

89-89: Improved string emptiness check

The change from if id == "" to if id.is_empty() is a good improvement. It follows Rust idioms and enhances code readability without altering the logic.

This modification:

  1. Is more idiomatic Rust code.
  2. Potentially offers better performance, as is_empty() directly checks the length.
  3. Improves code consistency if similar checks are used elsewhere in the codebase.

140-140: Consistent improvement in string emptiness check

The change from if id == "" to if id.is_empty() is consistent with the previous modification in the get_app_info function. This maintains code consistency throughout the file.

This change continues to improve code readability and adhere to Rust best practices.


164-164: Consistent application of improved string emptiness check

The change from if id == "" to if id.is_empty() has been consistently applied across all relevant functions in this file. This demonstrates a thorough and systematic approach to code improvement.

The consistent application of this change across get_app_info, get_service_manager_status, and start_service functions:

  1. Improves overall code quality.
  2. Enhances maintainability by using a uniform approach.
  3. Reduces the likelihood of inconsistencies in future modifications.

Line range hint 89-164: Overall improvement in code quality

The changes made in this file consistently replace if id == "" with if id.is_empty() across multiple functions. This systematic improvement enhances code readability, follows Rust idioms, and maintains consistent behavior throughout the file. The modifications demonstrate attention to detail and a commitment to code quality.

service/firewall/module.go (2)

19-19: New import added for binary updates functionality.

The addition of the updates package import suggests that binary update functionality is being introduced to the firewall module. This change aligns with the PR title "New updater/installer".


164-164: New method added to instance interface for binary updates.

The addition of the BinaryUpdates() *updates.Updates method to the instance interface introduces binary update capabilities to the firewall module. This change is consistent with the new import and the PR objectives.

However, we need to ensure that all implementations of the instance interface are updated to include this new method.

Let's verify the impact of this change on the codebase:

This script will help us identify any existing implementations of the instance interface and check if they include the new BinaryUpdates method. Please review the results to ensure all implementations are updated accordingly.

service/intel/geoip/database.go (4)

183-188: LGTM! Simplified database opening process.

The getGeoIPDB function has been updated to use open instead of openAndUnpack, aligning with the removal of the unpacking logic. The error handling has also been simplified, improving code readability.


Line range hint 1-13: Verify import statements.

Given the changes in the code, particularly the switch from updater.File to updates.File, it's important to ensure that the import statements are up-to-date.

Please run the following command to check the imports:

#!/bin/bash
# Description: Check import statements

# Test: List all imports in the file
echo "Current imports in the file:"
rg --type go --no-filename "^import \(" -A 20 service/intel/geoip/database.go

# Test: Check for any unused imports
echo "Checking for unused imports:"
go vet ./service/intel/geoip/database.go

After running these checks, please ensure that:

  1. The updates package is correctly imported.
  2. Any unused imports (like the updater package, if it's no longer used) are removed.
  3. All necessary packages for the current implementation are included.

30-30: LGTM! Verify impact of package change.

The file field type has been updated from *updater.File to *updates.File, indicating a shift in the file management approach. This change aligns with the overall modifications to streamline the update process.

Let's verify if this change is consistent throughout the codebase and if any other occurrences of updater.File need to be updated:

#!/bin/bash
# Description: Check for any remaining references to updater.File and confirm updates.File usage

# Test: Search for updater.File references
echo "Searching for updater.File references:"
rg --type go "updater\.File"

# Test: Confirm updates.File usage
echo "Confirming updates.File usage:"
rg --type go "updates\.File"

24-25: LGTM! Verify impact on database handling.

The change from .mmdb.gz to .mmdb for the resource constants suggests that the GeoIP databases are no longer compressed. This aligns with the removal of unpacking logic mentioned in the AI summary.

Let's verify if this change is consistent throughout the codebase:

✅ Verification successful

Verification Successful: GeoIP Database Handling Consistent

The removal of .mmdb.gz references is confirmed, and all GeoIP database usages consistently utilize the updated .mmdb resource constants. No incorrect .mmdb usages were found in the codebase.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check for any remaining references to .mmdb.gz files

# Test: Search for .mmdb.gz references
echo "Searching for .mmdb.gz references:"
rg --type go "\.mmdb\.gz"

# Test: Confirm .mmdb references
echo "Confirming .mmdb references:"
rg --type go "\.mmdb[^.]"

Length of output: 753


Script:

#!/bin/bash
# Description: Verify all references to .mmdb files are consistent and correctly implemented

# Test: Search for any instance where .mmdb is used incorrectly
echo "Searching for incorrect .mmdb usages (e.g., typos or incorrect extensions):"
rg --type go '\.mmdb[^a-zA-Z0-9]'

# Test: Ensure that all GeoIP database references use the updated constants
echo "Verifying usage of GeoIP database resource constants:"
rg --type go 'v4MMDBResource|v6MMDBResource'

Length of output: 800

service/ui/serve.go (1)

94-96: Verify the new update retrieval method and error handling

The changes to the file retrieval method and error handling look good, but there are a few points to consider:

  1. The new method module.instance.BinaryUpdates().GetFile() suggests a shift to a module-specific update system. Ensure that module.instance is properly initialized before this method call.

  2. The error type has changed from updater.ErrNotFound to updates.ErrNotFound. Verify that these error types are equivalent in their meaning and usage across the codebase.

To ensure these changes are consistent and correct, please run the following checks:

✅ Verification successful

Verified the update retrieval method and error handling

All changes to the file retrieval method and error handling have been properly implemented. There are no remaining references to updater.ErrNotFound, and module.instance is consistently used across the codebase.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Check for proper initialization of module.instance
rg --type go "module\.instance\s*=|module\.instance.*BinaryUpdates"

# Verify the usage of updates.ErrNotFound
rg --type go "updates\.ErrNotFound"

# Check for any remaining uses of updater.ErrNotFound
rg --type go "updater\.ErrNotFound"

Length of output: 896

service/intel/filterlists/database.go (3)

Line range hint 1-20: LGTM: Import statements updated correctly

The changes in the import statements are consistent with the migration from the updater package to the updates package. All other imports remain unchanged, which is appropriate.


Line range hint 1-248: Summary: Consistent updates for package migration

The changes in this file are part of a larger refactoring effort to migrate from the updater package to the updates package. The modifications include:

  1. Updated import statements
  2. Simplified file path constants
  3. Changed file type declarations
  4. Updated function signatures

These changes appear to be consistent and complete within this file. However, given the nature of this refactoring, it's crucial to verify the impact on the broader codebase.

To ensure the refactoring has been applied consistently across the project, please run the following script:

#!/bin/bash
# Description: Verify the complete migration from updater to updates package

# Test: Search for any remaining usage of the updater package
echo "Searching for any remaining usage of the updater package:"
rg "\"github\.com/safing/portmaster/updater\""
rg "updater\."

# Test: Search for usage of the updates package
echo "Searching for usage of the updates package:"
rg "\"github\.com/safing/portmaster/service/updates\""
rg "updates\."

# Test: Search for any TODO comments related to this refactoring
echo "Searching for any TODO comments related to this refactoring:"
rg "TODO.*updater|TODO.*updates"

Review the results to ensure:

  1. There are no unintended remaining uses of the updater package.
  2. The updates package is used consistently where needed.
  3. There are no remaining TODO comments related to this refactoring.

If any inconsistencies are found, please address them to complete the migration process.


80-80: LGTM: Function signature updated correctly

The update of the processListFile function signature to use *updates.File instead of *updater.File is consistent with the migration to the updates package.

To ensure all calls to this function have been updated correctly, please run the following script:

Review the results to ensure that all calls to processListFile are using the correct argument types, especially for the file parameter.

✅ Verification successful

LGTM: Function signature updated correctly

The update of the processListFile function signature to use *updates.File instead of *updater.File is consistent with the migration to the updates package. No existing calls to this function were found, ensuring that there are no outdated references needing updates.

Consider removing the processListFile function if it is no longer in use to maintain a clean codebase.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify calls to processListFile function

# Test: Search for calls to processListFile
echo "Searching for calls to processListFile:"
rg "processListFile\s*\("

Length of output: 11569


Script:

#!/bin/bash
# Description: Comprehensive search for calls to processListFile function

echo "Searching for direct and indirect calls to processListFile:"
rg "processListFile\s*\("

echo "Searching for any references to processListFile in comments or documentation:"
rg "processListFile"

Length of output: 1789

desktop/tauri/src-tauri/tauri.conf.json5 (2)

87-97: Consistent file mappings for RPM package

The file mappings for the RPM package are consistent with those added for the Debian package. This consistency is good for maintainability across different package formats.

The same considerations regarding file structure and security mentioned in the previous comment for the Debian package also apply here. Please refer to that comment for suggested improvements.


112-115: Windows installer configuration looks good

The changes to the "wix" section for Windows packaging are appropriate:

  1. The new fragment path "templates/files.wxs" likely contains the definitions for the binary and intel files.
  2. The added component group reference "BinaryAndIntelFiles" ensures these files are included in the Windows installer.

To ensure completeness, please verify that the "templates/files.wxs" file exists and contains the correct definitions for all the binary and intel files. You can use the following script to check:

✅ Verification successful

Windows installer configuration verified

The templates/files.wxs file exists and includes the necessary definitions for all binary and Intel files, as well as the BinaryAndIntelFiles component group.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Check if the files.wxs template exists and contains necessary definitions
if [ -f "desktop/tauri/src-tauri/templates/files.wxs" ]; then
    echo "files.wxs template found. Checking contents..."
    grep -E "BinaryAndIntelFiles|portmaster-core|assets\.zip|intel-index\.json" desktop/tauri/src-tauri/templates/files.wxs
else
    echo "Error: files.wxs template not found!"
fi

Length of output: 568

desktop/tauri/src-tauri/src/portmaster/notifications.rs (2)

32-33: Verify the logic change in notification handling.

The condition for skipping notifications has been inverted. Previously, notifications were skipped if selected_action_id was not empty. Now, they are skipped if it is empty. This is a significant change in the notification handling logic.

Please confirm if this change is intentional and aligns with the expected behavior. If it's correct, consider adding a comment explaining the rationale behind this change to improve code clarity.


38-38: Approved: Consistent naming convention.

The renaming of ParseError::JSON to ParseError::Json improves consistency with Rust naming conventions.

desktop/tauri/src-tauri/src/window.rs (2)

9-10: Simplified constant type declarations: Approved

The change from &'static [u8] to &[u8] for LIGHT_PM_ICON and DARK_PM_ICON is a good simplification. This change doesn't affect functionality as these constants are inherently static. The new type is more flexible and aligns with Rust's preference for eliding lifetimes when possible.


94-94: Idiomatic return statement: Approved

The simplification of the return statement by removing the return keyword is a good change. It aligns with Rust's idiomatic style of using expression-based returns. The functionality remains the same, but the code is now more concise and idiomatic.

desktop/tauri/src-tauri/src/portapi/message.rs (7)

30-33: Improved naming consistency and documentation.

The changes to the Payload enum and its documentation are well-done:

  1. The updated comment provides clearer information about the JSON payload prefix.
  2. Renaming the enum variants from JSON to Json and UNKNOWN to Unknown follows Rust naming conventions (CamelCase for variants).

These modifications enhance code readability and maintain consistency throughout the codebase.

Also applies to: 38-39


46-49: Consistent enum variant renaming.

The renaming of ParseError enum variants from JSON to Json and UNKNOWN to Unknown is consistent with the changes made to the Payload enum. This maintains naming consistency throughout the file and improves overall code readability.


54-62: Improved method signature and consistent pattern matching.

The changes to the parse method are well-implemented:

  1. The updated method signature pub fn parse<'a, T>(&'a self) simplifies the reference to self without altering the functionality.
  2. The pattern matching has been correctly updated to use the new enum variant names (Json and Unknown), maintaining consistency with the earlier changes.

These modifications improve code clarity and ensure the parse method works correctly with the renamed enum variants.


Line range hint 68-81: Consistent updates in From implementation.

The From<String> implementation for Payload has been correctly updated to use the new enum variant names (Json and Unknown). This change maintains consistency with the earlier enum modifications while preserving the existing logic for determining the payload type based on the first character of the input string.


90-93: Consistent updates in Display implementation.

The Display implementation for Payload has been correctly updated to use the new enum variant names (Json and Unknown). This change maintains consistency with the earlier enum modifications while preserving the existing functionality, including the 'J' prefix for JSON payloads.


101-103: Minor formatting improvements.

The changes in these segments are minor formatting improvements, including adjustments to comments and whitespace. These modifications enhance code readability without affecting the functionality.

Also applies to: 116-120, 123-127, 132-134


Line range hint 142-172: Improved formatting in from_str implementation.

The changes in the from_str implementation for Message are minor formatting improvements that enhance code readability. The parsing logic remains unchanged and correctly handles all fields of the Message struct (id, cmd, key, and payload).

service/intel/filterlists/index.go (2)

178-178: Verify error handling for the new update retrieval method.

The change to use module.instance.IntelUpdates().GetFile(listIndexFilePath) is consistent with the type change of listIndexUpdate. This approach seems more modular and may improve the overall architecture.

Please ensure that error handling for this new method is appropriate. Run the following script to check the implementation of IntelUpdates() and its error handling:

#!/bin/bash
# Description: Check the implementation of IntelUpdates() and its error handling

# Test: Search for the IntelUpdates() method implementation
ast-grep --lang go --pattern $'func ($_) IntelUpdates() $_'

# Test: Check error handling in the GetFile method of the returned type
ast-grep --lang go --pattern $'func ($_ $_) GetFile($_) ($_, error) {
  $$$
}'

Review the results to ensure proper error handling is in place for the new update retrieval method.


165-165: Verify the consistency of the update mechanism change.

The type of listIndexUpdate has been changed from *updater.File to *updates.File. This change suggests a shift in the update handling mechanism.

Please ensure that this change is consistent throughout the codebase. Run the following script to check for any remaining references to the old updater.File type:

If any results are found, they may need to be updated to use the new updates.File type.

✅ Verification successful

Update handling mechanism change is consistent throughout the codebase. No remaining references to updater.File or the old updater package were found.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check for remaining references to updater.File

# Test: Search for updater.File usage
rg --type go 'updater\.File'

# Test: Search for imports of the old updater package
rg --type go '^import.*"github\.com/safing/portmaster/updater"'

Length of output: 779

service/broadcasts/notify.go (1)

70-70: LGTM! Verify the new update retrieval method.

The change from updates.GetFile(broadcastsResourcePath) to module.instance.IntelUpdates().GetFile(broadcastsResourcePath) looks good. It appears to be a more specific and possibly better-encapsulated approach to fetching updates.

To ensure the new method behaves as expected, please run the following verification:

Please review the results to confirm that:

  1. The IntelUpdates() method is properly defined.
  2. The GetFile() method is available on the object returned by IntelUpdates().
  3. There are no remaining instances of the old updates.GetFile method in the codebase.
✅ Verification successful

Verification Successful: Update Retrieval Method Confirmed

The new method module.instance.IntelUpdates().GetFile is correctly defined and replaces the old updates.GetFile. All usages of the old method have been removed from the codebase.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify the new update retrieval method and its usage

# Test 1: Check if the new method is defined and accessible
ast-grep --lang go --pattern 'func ($$_) IntelUpdates() $$_'

# Test 2: Verify that the GetFile method is available on the returned object
ast-grep --lang go --pattern 'func ($$_) GetFile($$_) $$_'

# Test 3: Check for any remaining uses of the old update retrieval method
rg --type go 'updates\.GetFile'

Length of output: 983

desktop/tauri/src-tauri/src/service/systemd.rs (2)

29-29: LGTM: Simplified error message handling

The change from unwrap_or_else(|| "Failed to run systemctl".to_string()) to unwrap_or_else(|| "Failed to run systemctl".to_string()) simplifies the code without altering its functionality. This minor refactoring improves readability.


Line range hint 1-242: Overall assessment: Positive improvements

The changes in this file are well-implemented, improving code clarity and conciseness without altering the functionality. The simplifications in error handling and file existence checks are beneficial. Consider the suggested minor improvement for file checks using the Path API for even better idiomatic Rust code.

service/network/api.go (1)

96-96: Consider adding more context to the TODO comment and verify debugging capabilities.

The commented-out call to updates.AddToDebugInfo(di) suggests that update-related debug information is no longer being included in the debug output. This change appears to be related to the removal of several updater-related files mentioned in the PR summary.

  1. Consider adding more context to the TODO comment to explain why this function call was commented out and what conditions need to be met to re-enable it.
  2. Verify that removing this debug information doesn't negatively impact the ability to troubleshoot update-related issues.
  3. Ensure that the corresponding import statement for the updates package has been removed to avoid unused imports.

To confirm the removal of the import statement and check for any remaining references to the updates package, run the following script:

✅ Verification successful

Import removal and references to updates package have been successfully verified.

The updates package import has been removed, and there are no remaining active references to it in service/network/api.go aside from the commented-out TODO line. This ensures that the codebase remains clean and free of unused imports related to updates.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check for references to the 'updates' package and verify import removal

# Test 1: Check if the import statement for the 'updates' package still exists
echo "Checking for 'updates' import statement:"
rg --type go 'import.*"github.com/safing/portmaster/service/updates"' service/network/api.go

# Test 2: Search for any remaining references to the 'updates' package
echo "Searching for references to 'updates' package:"
rg --type go 'updates\.' service/network/api.go

# Test 3: Check if there are any other TODO comments related to the 'updates' package
echo "Checking for other TODO comments related to 'updates':"
rg --type go 'TODO.*updates' service/network/api.go

Length of output: 623

service/core/api.go (2)

151-152: LGTM! Please provide more context on this change.

The modification to directly call module.instance.Restart() looks correct and simplifies the restart process.

Could you please provide more context on why this change was made? It seems to be related to the removal of the updater package. Are there any potential side effects or changes in behavior that we should be aware of?

To verify the impact of this change, let's check for any other usages of the previous restart method:

✅ Verification successful

Verified! The modification to module.instance.Restart() is consistent with existing usages in the codebase and effectively streamlines the restart process.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Search for previous usages of updates.Restart() or similar
rg --type go 'updates.*Restart'

Length of output: 73


Script:

#!/bin/bash
# Search for all Restart method invocations in Go files
rg --type go '\bRestart\('

Length of output: 709


Line range hint 1-324: Overall LGTM, but more context needed on update system changes

The changes to this file look good overall. They introduce new endpoints for checking and applying updates, simplify the restart process, and flag a TODO for adding update debug info.

These changes seem to be part of a larger refactoring of the update system, as mentioned in the AI summary about the removal of the updater package. To better understand the full scope of these changes:

  1. Could you provide more information about the overall update system refactoring?
  2. Are there any changes in update behavior that users or developers should be aware of?
  3. Are there any additional files or components that need to be updated as part of this refactoring?

To verify the extent of the update system changes, let's check for removed files and major changes in update-related code:

This information will help ensure that all necessary changes have been made and that the new update system is fully integrated.

desktop/tauri/src-tauri/src/portmaster/mod.rs (5)

38-38: LGTM: Simplified constant declaration

The change from a static lifetime string to a regular string reference for PORTMASTER_BASE_URL is a good simplification. It doesn't affect the functionality and makes the code slightly cleaner.


41-41: Approved: Improved method signature

The removal of the explicit unit return type -> () from the on_connect method signature is a good change. It aligns with Rust's idiomatic style and improves code clarity without altering the method's behavior.


83-83: LGTM: Improved code conciseness

The use of map.get(&key).cloned() is a great improvement. It replaces the previous verbose match statement with a more concise and idiomatic Rust expression. This change enhances readability while maintaining the same functionality.


128-129: Approved: Simplified API client retrieval

The simplification of the get_api method is a good improvement. Using (*api).clone() instead of a match statement reduces the code's verbosity while maintaining the same functionality. This change enhances readability and makes the code more concise.


Line range hint 1-300: Overall assessment: Positive improvements

The changes made to this file consistently improve code clarity, conciseness, and adherence to Rust idioms. The modifications focus on simplifying constant declarations, method signatures, and code expressions without altering the underlying functionality. These improvements enhance readability and maintainability of the codebase.

Key improvements include:

  1. Simplified constant declaration
  2. Improved method signature in the Handler trait
  3. More concise implementation of the get_state method
  4. Simplified API client retrieval in the get_api method

These changes collectively contribute to a cleaner and more idiomatic Rust codebase.

service/netenv/online-status.go (1)

223-223: Update triggering mechanism changed

The change from updates.TriggerUpdate(false, false) to module.instance.IntelUpdates().EventResourcesUpdated.Submit(struct{}{}) appears to be part of a larger refactoring effort to move towards an event-driven update system. This change looks good and aligns with modern software design principles.

To ensure consistency across the codebase:

  1. Verify that all other occurrences of updates.TriggerUpdate have been similarly refactored.
  2. Check if any documentation needs updating to reflect this new update triggering process.

Run the following script to find any remaining instances of the old update triggering method:

If this change is part of a larger refactoring effort, consider updating the relevant documentation to reflect the new event-driven update system.

desktop/tauri/src-tauri/templates/main.wxs (1)

349-354: Verify the impact of relocating CustomActionRef elements

The CustomActionRef elements for Portmaster service operations (InstallPortmasterService, StopPortmasterService, DeletePortmasterService) have been moved to a new location within the Product element. While this change organizes the XML structure more clearly, it's important to ensure that this relocation doesn't affect the execution order of these custom actions.

To confirm that this change doesn't introduce any unintended side effects, please run the following verification steps:

  1. Build the installer with these changes.
  2. Test the installation process, paying special attention to the Portmaster service operations.
  3. Verify that the service is properly installed, can be stopped, and is correctly removed during uninstallation.

If the verification steps pass without issues, this change can be approved.

desktop/tauri/src-tauri/src/xdg/mod.rs (4)

148-148: LGTM: Simplified error message construction

The change from format! to to_string() for error message construction is a good simplification. It maintains the same functionality while slightly improving code readability.


180-180: LGTM: Consistent error handling improvement

This change is consistent with the previous modification at line 148. It simplifies the error message construction while maintaining the same functionality.


556-556: LGTM: Improved error handling in test

The change from expect to unwrap_or_else is a good improvement. It provides a more informative panic message by including the dynamic values bin and cmd. This change makes the test more maintainable and easier to debug if it fails.


Line range hint 1-580: Overall assessment: Good improvements with minor suggestions

The changes in this file primarily focus on improving error handling and code readability. Most modifications are beneficial, including the simplified error message construction and the enhanced error handling in the test function. These changes contribute to better code maintainability and easier debugging.

There's one minor stylistic suggestion regarding the use of quotes for string literals, but this doesn't affect functionality.

Overall, the changes represent a positive step in improving the code quality of the XDG-related operations.

Earthfile (3)

465-474: Simplified binary handling for Tauri app

The changes here streamline the process of copying and preparing binaries for the Tauri app. The code now copies only the portmaster-core binary instead of both portmaster-core and portmaster-start. This simplification could potentially reduce the build time and complexity.


506-507: Updated artifact saving for Tauri app binaries

The artifact saving logic has been updated to use more specific filenames:

  • portmaster is now saved as portmaster-app
  • portmaster.exe is now saved as portmaster-app.exe

This change improves clarity and consistency in naming conventions for the Tauri app binaries.


575-577: Updated Windows bundle naming and packaging

The changes in this section improve the versioning and packaging of the Windows bundle:

  1. The executable is now renamed to include the version suffix.
  2. A zip file is created containing both the renamed executable and the WebView2Loader.dll.
  3. The artifact is saved with a more descriptive name.

These changes enhance the organization and clarity of the build artifacts for Windows. The inclusion of the version in the filename will make it easier to manage different versions of the application.

cmds/portmaster-core/main.go (3)

36-38: Refactored main function enhances clarity and maintainability

By delegating initialization and execution to the initialize() and run(instance) functions, the main function becomes cleaner and more focused, improving code readability and maintainability.


Line range hint 40-88: Modular initialize() function centralizes setup logic

Encapsulating the initialization steps within the initialize() function—including flag parsing, setting application info, configuring metrics, and creating the service instance—promotes better code organization and reusability.


58-61: Service instance creation with appropriate configuration parameters

Initializing the service instance with service.New and passing ServiceConfig ensures that the service is configured correctly based on whether it is running as a service and the default restart command. This provides flexibility and aligns with best practices.

cmds/portmaster-core/main_windows.go (1)

3-6: Ensure compliance with the original license when using external code

The code references external examples and mentions the original license. Please verify that the usage complies with the license terms of the original code and that any necessary licenses are included in the project.

desktop/tauri/src-tauri/src/traymenu.rs (3)

456-457: Check for None before updating SPN UI state

The call to value.value.unwrap_or(false) assumes that value.value might be None, defaulting to false in that case. Ensure that this is the desired behavior, and consider handling the None case explicitly if necessary.


489-491: Ensure SPN UI state is updated on shutdown

When the event loop exits, the SPN UI state is set to false. Confirm that this correctly reflects the application's state and that the user interface accurately represents the SPN status after shutdown.


256-261: Update function signature to reflect change in SPN status handling

Ensure that all calls to update_icon are updated to match the new function signature, and that the menu parameter is appropriately passed. This helps maintain consistency and prevents potential runtime errors.

service/instance.go (8)

6-10: Imports added are appropriate

The new imports are necessary for the added functionality.


72-91: New struct fields added to 'Instance'

The addition of fields like binaryUpdates and intelUpdates enhances the update management capabilities of the Instance struct.


107-110: Struct fields for service management added correctly

The inclusion of isRunningAsService and defaultRestartCommand fields will aid in managing service restarts effectively.


112-128: Function 'getCurrentBinaryFolder' implemented correctly

The function accurately retrieves the directory of the running executable with proper error handling.


230-234: Initialization of update modules is correct

The binaryUpdates and intelUpdates modules are properly initialized with error handling.


361-362: Update modules added to service group

The binaryUpdates and intelUpdates modules are correctly included in the service group for proper lifecycle management.


461-468: Getter methods for update modules added appropriately

The new methods BinaryUpdates and IntelUpdates correctly expose the update modules for external access.


681-681: 'Restart' method now delegates to 'serviceRestart'

Updating the Restart method to call serviceRestart improves the restart mechanism, especially when handling service-specific restart logic.

packaging/linux/postrm Show resolved Hide resolved
Comment on lines +54 to +55
- name: Build tauri project
run: earthly --ci --remote-cache=ghcr.io/safing/build-cache --push +tauri-lint
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codebase verification

+tauri-lint Target Missing in Earthfile

The +tauri-lint target referenced in .github/workflows/tauri.yml does not exist in your Earthfile. Please define the +tauri-lint target with the necessary linting commands to ensure the linting job executes correctly.

🔗 Analysis chain

Verify the +tauri-lint target in the Earthfile.

The use of a separate +tauri-lint target for the linting job is a good practice. However, please ensure that this target is properly defined in your Earthfile with the appropriate linting commands.

Run the following script to verify the +tauri-lint target:

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify the +tauri-lint target in the Earthfile

# Test: Search for the +tauri-lint target definition
rg --type-add 'earthfile:*.earth' --type earthfile '^\+tauri-lint:'

# If the above command doesn't find anything, check for any mention of tauri-lint
rg --type-add 'earthfile:*.earth' --type earthfile 'tauri-lint'

Length of output: 431


Script:

#!/bin/bash
# Description: Locate Earthfiles and verify the +tauri-lint target

# Find all Earthfiles (with and without .earth extension)
find . -type f \( -iname 'Earthfile' -o -iname '*.earth' \) > earthfiles_list.txt

# Check if any Earthfiles were found
if [ -s earthfiles_list.txt ]; then
  echo "Earthfiles found:"
  cat earthfiles_list.txt
  
  # Search for the +tauri-lint target within the found Earthfiles
  echo "Searching for '+tauri-lint' target in Earthfiles..."
  while IFS= read -r file; do
    echo "Checking in $file:"
    rg '^\+tauri-lint:' "$file" || echo "No '+tauri-lint' target found in $file."
    echo ""
  done < earthfiles_list.txt
else
  echo "No Earthfiles found in the repository."
fi

Length of output: 551

@@ -19,7 +19,7 @@ func (g *GeoIP) Manager() *mgr.Manager {
}

func (g *GeoIP) Start() error {
module.instance.Updates().EventResourcesUpdated.AddCallback(
module.instance.IntelUpdates().EventResourcesUpdated.AddCallback(
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codebase verification

Update remaining usages of Updates() method in test files.

The Updates() method is still used in the following test files:

  • spn/navigator/module_test.go
  • spn/instance.go
  • spn/hub/hub_test.go
  • service/profile/endpoints/endpoints_test.go
  • service/resolver/main_test.go
  • service/netenv/init_test.go
  • service/intel/geoip/init_test.go

Please update these usages to IntelUpdates() to maintain consistency across the codebase.

🔗 Analysis chain

LGTM. Verify usage of IntelUpdates() across the codebase.

The change from Updates() to IntelUpdates() is consistent with the interface modification. This shift suggests a move towards a more specific Intel update mechanism.

To ensure this change doesn't introduce inconsistencies, please run the following script to check for any remaining usage of Updates() method in the codebase:

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check for any remaining usage of Updates() method

# Test: Search for Updates() method calls
rg --type go '\bUpdates\(\)'

# Test: Search for Updates method declarations
ast-grep --lang go --pattern 'Updates() $_'

Length of output: 1109

desktop/tauri/src-tauri/README.md Show resolved Hide resolved
Comment on lines 38 to 39
ExecStart=/usr/lib/portmaster/portmaster-core --data /var/lib/portmaster/data -devmode -- $PORTMASTER_ARGS
ExecStopPost=-/usr/bin/portmaster/portmaster-core recover-iptables
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codebase verification

⚠️ Potential issue

Ensure Consistent Binary Paths and Validate -devmode Usage.

The portmaster.service file has inconsistent paths for the portmaster-core binary:

  1. Path Inconsistency:

    • ExecStart uses /usr/lib/portmaster/portmaster-core.
    • ExecStopPost uses /usr/bin/portmaster/portmaster-core.
  2. -devmode Parameter:

    • The -devmode flag in ExecStart may not be appropriate for production environments.

Please address the following:

  1. Align Paths:

    • Ensure both ExecStart and ExecStopPost reference the same portmaster-core binary path.
  2. Review -devmode:

    • Confirm whether the -devmode parameter is intended for production use.
    • If not necessary, consider removing it or making it configurable based on the deployment environment.
🔗 Analysis chain

Address path inconsistency and verify -devmode usage.

There are a few concerns with the ExecStart and ExecStopPost changes:

  1. Path inconsistency: ExecStart uses /usr/lib/portmaster/portmaster-core, while ExecStopPost uses /usr/bin/portmaster/portmaster-core.
  2. The addition of the -devmode parameter in ExecStart might not be suitable for a production environment.

Please address the following:

  1. Correct the path inconsistency. Both ExecStart and ExecStopPost should use the same path for the portmaster-core binary.
  2. Verify if the -devmode parameter is intentional for production use. If not, consider removing it or making it configurable.

Here's a suggested fix for the path inconsistency:

-ExecStart=/usr/lib/portmaster/portmaster-core --data /var/lib/portmaster/data -devmode -- $PORTMASTER_ARGS
-ExecStopPost=-/usr/bin/portmaster/portmaster-core recover-iptables
+ExecStart=/usr/lib/portmaster/portmaster-core --data /var/lib/portmaster/data -devmode -- $PORTMASTER_ARGS
+ExecStopPost=-/usr/lib/portmaster/portmaster-core recover-iptables

To ensure the correct binary location is used consistently throughout the project, run the following script:

This will help identify any other places where the binary path might need to be updated for consistency.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Search for references to portmaster-core binary

echo "Searching for portmaster-core binary references:"
rg --type cpp --type go --type sh "portmaster-core"

Length of output: 459

@@ -402,10 +391,10 @@ pub async fn tray_handler(cli: PortAPI, app: tauri::AppHandle) {
Ok(n) => {
subsystems.insert(n.id.clone(), n);

update_icon(icon.clone(), subsystems.clone(), spn_status.clone());
update_icon(icon.clone(), app.menu(), subsystems.clone(), spn_status.clone());
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Avoid unnecessary cloning of subsystems

In the call to update_icon, subsystems.clone() is used, which can be costly for large data structures. After modifying update_icon to accept a reference, consider passing &subsystems instead to avoid this clone:

update_icon(icon.clone(), app.menu(), &subsystems, spn_status.clone());

@@ -434,10 +423,10 @@ pub async fn tray_handler(cli: PortAPI, app: tauri::AppHandle) {
debug!("SPN status update: {}", value.status);
spn_status = value.status.clone();

update_icon(icon.clone(), subsystems.clone(), spn_status.clone());
update_icon(icon.clone(), app.menu(), subsystems.clone(), spn_status.clone());
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Avoid unnecessary cloning of spn_status

Similarly, the spn_status is cloned when calling update_icon. After modifying the function to accept a string slice, you can pass a reference to avoid cloning:

update_icon(icon.clone(), app.menu(), &subsystems, &spn_status);

Comment on lines +134 to 136
let spn_status = MenuItemBuilder::with_id(SPN_STATUS_KEY, "SPN: Disabled")
.enabled(false)
.build(app)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Handle potential errors when building menu items

The unwrap() calls after building spn_status and spn_button will cause a panic if an error occurs. For better error handling and user experience, consider using ? to propagate the error or handling it gracefully:

let spn_status = MenuItemBuilder::with_id(SPN_STATUS_KEY, "SPN: Disabled")
    .enabled(false)
    .build(app)?;

Also applies to: 140-142

Comment on lines 145 to 146
IndexURLs: []string{"http://192.168.88.11:8000/test-binary.json"},
IndexFile: "bin-index.json",
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Replace hardcoded test URLs with configurable production URLs

The IndexURLs fields contain hardcoded test URLs pointing to local IP addresses and localhost. This will prevent the updater from functioning correctly in a production environment.

Consider replacing these URLs with production URLs or making them configurable through a settings file or environment variables.

Also applies to: 155-156, 166-167, 176-177

Comment on lines 718 to 727
restartCommand, exists := os.LookupEnv("PORTMASTER_RESTART_COMMAND")

log.Debugf(`instance: running command "%s", %v`, restartCommand, exists)
if exists && restartCommand != "" {
commandSplit := strings.Split(restartCommand, " ")
cmd = exec.Command(commandSplit[0], commandSplit[1:]...)
}
log.Debugf("instance: running command %s", cmd.String())
_ = cmd.Run()
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Improve command parsing and error handling in 'serviceRestart'

Using strings.Split to parse restartCommand may not handle arguments with spaces or quoted strings correctly, leading to potential errors when executing the restart command. Additionally, the error from cmd.Run() is being ignored.

Consider updating the code to properly handle command parsing and error checking:

if exists && restartCommand != "" {
-   commandSplit := strings.Split(restartCommand, " ")
-   cmd = exec.Command(commandSplit[0], commandSplit[1:]...)
+   cmd = exec.Command("sh", "-c", restartCommand)
}

Handle the error from cmd.Run():

- _ = cmd.Run()
+ if err := cmd.Run(); err != nil {
+     log.Errorf("failed to run restart command: %v", err)
+ }

This ensures that the restart command executes correctly regardless of the content and that any execution errors are properly logged.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
restartCommand, exists := os.LookupEnv("PORTMASTER_RESTART_COMMAND")
log.Debugf(`instance: running command "%s", %v`, restartCommand, exists)
if exists && restartCommand != "" {
commandSplit := strings.Split(restartCommand, " ")
cmd = exec.Command(commandSplit[0], commandSplit[1:]...)
}
log.Debugf("instance: running command %s", cmd.String())
_ = cmd.Run()
}
restartCommand, exists := os.LookupEnv("PORTMASTER_RESTART_COMMAND")
log.Debugf(`instance: running command "%s", %v`, restartCommand, exists)
if exists && restartCommand != "" {
cmd = exec.Command("sh", "-c", restartCommand)
}
log.Debugf("instance: running command %s", cmd.String())
if err := cmd.Run(); err != nil {
log.Errorf("failed to run restart command: %v", err)
}
}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants