Tap address to connect/select provider server, rather than a
separate column.
In the future, make country tappable to mean "connect to random
server of this country".
Fixes#1117
Assume OpenVPN to be interactive if credentials are empty but required
(--auth-user-pass).
For this change, change paywall restriction to OTP only. Allow
interactive login similar to OpenVPN Connect "Save username/password".
NE link writes are blocking and don't support timeout. When shutting
down a UDP session, the OCCPacket may fail to send and lock the session
in a stale state ("Active" but dead), with an infinite loop of "Failed
TUN read" messages in the log.
- First, [add cancellation handlers to NE UDP/TCP
sockets](https://github.com/passepartoutvpn/passepartoutkit-source/pull/464)
- Then, rather than writing the exit packet in the foreground and
scheduling cancellation:
- Write the packet in a background task
- Wait until timeout in the actor
- Cancel the pending write and go ahead
This may still leak if NE socket cancellation doesn't work, but will
prevent deadlock.
The new OpenVPN parser was painfully slow due to allocating
NSRegularExpression zillion times, which resulted in poor performance
(4x time!) when processing long PUSH_REPLY messages. This is a hard
regression from v2 because [TunnelKit created the regexes
statically](339b509ddf/Sources/TunnelKitOpenVPNCore/ConfigurationParser.swift (L42)).
Solution: pre-allocate the regular expressions at parser creation time.
Optimize long fragmented replies further by catching PUSH_REPLY
continuations early, rather than parsing line by line.
Clean up the naive abuse of async/await in OpenVPNSession. Encapsulate
the instances of ControlChannel/DataChannel inside the Negotiator actor,
so that actor-isolation for them becomes automatically unnecessary.
Synchronous methods inside the actor are the way to go.
After that, handle control packets in orderly fashion, because this is
not being done and may spoil negotiation very easily. Probably also
happening in TunnelKit.
Ultimately, skip some unnecessary XOR processing in UDP when no XOR
method is actually set.
The ubiquity token does not seem to be a reliable source of truth for
the state of CloudKit. Faced with tvOS, now also with Advanced Data
Protection. It is nil, but CloudKit actually works.
Therefore, start a CloudKit container regardless of the ubiquity token.
The only downside is that the iCloud/TV icons of a profile will now only
appear crossed in case of in-app ineligibility, but this is in favor of
better functionality.
URL.startAccessingSecurityScopedResource() fails in that case, but
permission is not required at all.
Could reproduce by importing .ovpn file from a Telegram chat.
- Move availableLogs() / purgeLogs() to library
- Append and rotate logs by size (500k)
- Add marker between app/tunnel launches
- Purge logs on each save (3 days)
- Unify debug log content view across platforms
- macOS: Table + inspect full line
- iOS/tvOS: Use List
- Scroll to bottom onLoad()
- Simplify build/version updates by moving MARKETING_VERSION and
CURRENT_PROJECT_VERSION to Config.xcconfig
- Provide Ruby (for fastlane) and Bash (for CI) versions of
xconfig-get/set
- Copy release notes atomically inside the lane to guarantee they are
included in the version commit
- Add -nt to skip the build tag
Eligibility is ensured on iOS/macOS "remote" apps and profiles are not editable on TV. The day they can be edited, this will need a rework, but today it should be fine.
Regression due to BuildProducts not being credited on Apple TV.
