Commit Graph

1274 Commits

Author SHA1 Message Date
Jason A. Donenfeld d8568b0e31 Kit: Go: bump module and simplify API
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-12-23 13:40:24 +01:00
Andrej Mihajlov 373bb2ae99 UI: pause VPN configurations observer while adding or removing multiple tunnels
Signed-off-by: Andrej Mihajlov <and@mullvad.net>
2020-12-22 12:47:02 +01:00
Andrej Mihajlov 631286e2d1 UI: use NotificationToken to properly clean up observers
When the variable goes out of scope, the observer isn't removed unless
an explicit call is made to the token.

Signed-off-by: Andrej Mihajlov <and@mullvad.net>
2020-12-22 12:46:30 +01:00
Andrej Mihajlov 74cd7041dc Keychain: prevent call to stat() when determining appex path
Signed-off-by: Andrej Mihajlov <and@mullvad.net>
2020-12-22 12:46:14 +01:00
Jason A. Donenfeld 21d920c8b0 Kit: Go: use Windows-style retry sleep loop on bind updates
Something odd happens in the network extension that we still don't
understand. Attempt to poke it in this terrible way.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-12-18 23:53:39 +01:00
Jason A. Donenfeld 44c4df1cd5 UI: Model: remove 0.0.0.0/8 from non-private IPs
macOS freaks out if you try to explicitly route to 0.0.0.0/8 in its
includedRoutes parameter. Even though 0.0.0.0/8 isn't RFC1918, it is
marked in RFC6890 as "this host on this network", so removing it from
the Internet routes makes sense semantically too.

This commit changes 0.0.0.0/5 into:
- 1.0.0.0/8
- 2.0.0.0/8
- 3.0.0.0/8
- 4.0.0.0/6

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-12-18 23:53:39 +01:00
Jason A. Donenfeld a4fc0f64b8 UI: iOS: remove donation link
Apple forbids us from having a simple link to wireguard.com/donations/
in the version info window, citing the existence of this link as a form
of payment outside of their in-app purchase framework that requires 30%.
The link had been there for around two years. After rejecting an app
update for a critical networking regression unrelated to this, they
wrote:

    Dec 17, 2020 at 8:35 PM
    From Apple

    3.1.1 - Business - Payments - In-App Purchase

    We noticed that your app allows users to contribute donations to the
    development of your app with a mechanism other than the in-app
    purchase API, which is not appropriate for the App Store.

    Next Steps

    To resolve this issue, please revise your app to use the in-app
    purchase API to pay for this type of transaction. Please note that
    even though tipping another individual is optional, the tip is
    connected to or associated with the receipt of digital content or
    services in your app and must be purchased through in-app purchase
    in accordance with guideline 3.1.1 of the App Store Review
    Guidelines.

    Please see attached screenshot for details.

Trying to appeal this or reason with Apple is not going to be a fruitful
endeavor, so instead we simply cut our losses and remove the donation
link entirely. The goal, anyway, is to get a timely critical update into
the hands of users, and encouraging Apple to block that further would be
a disservice.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-12-17 22:44:30 +01:00
Andrej Mihajlov 9269c7c1c1 UI: macOS: Fix UTF-8 and UTF-16 conversions in highlighter code
NSString uses UTF-16 internally, while String uses UTF-8 in Swift 5.

Signed-off-by: Andrej Mihajlov <and@mullvad.net>
2020-12-17 17:36:46 +01:00
Jason A. Donenfeld 403ee63615 project: generate more stable locale IDs
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-12-17 12:41:23 +01:00
Andrej Mihajlov b622fde291 build: disable hardened runtime on iOS but keep it enabled on macOS
Signed-off-by: Andrej Mihajlov <and@mullvad.net>
2020-12-17 11:58:50 +01:00
Jason A. Donenfeld 386fe4eb12 Version bump
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-12-17 00:43:38 +01:00
Jason A. Donenfeld 49b7d083f1 UI: add missing translations to incomplete locales
This is the wrong way to fix the problem. The correct way will involve
moving away from the whacky tr() macro and using translations functions
properly. But migrating to that will require some heavy scripting work.
So for now, use a hammer.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-12-17 00:40:42 +01:00
Jason A. Donenfeld db4e2915f3 Kit: Adapter: do not treat NE settings timeouts as fatal
The general Network Extension framework is incredibly buggy, and a
timeout when setting the network settings does not necessarily imply
that the whole operation failed. Simply log the condition and move on.
This restores the app's old behavior.

Reported-by: Filipe Mendonça <cfilipem@gmail.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-12-17 00:26:00 +01:00
Jason A. Donenfeld 20bdf46792 Kit: PacketTunnelSettingsGenerator: do not require DNS queries if no DNS
Prior, we would set matchDomains=[""] even if the user didn't provide
any DNS servers. This was kind of incoherent, but I guess we had in mind
some kind of non-sensical leakproof scheme that never really worked
anyway. NetworkExtension didn't like this, so setTunnelNetworkSettings
would, rather than return an error, simply timeout and never call its
callback function. But everything worked fine, so we had code in the UI
to check to make sure everything was okay after 5 seconds or so of no
callback. Recent changes made the timeout fatal on the network extension
side, so rather than succeed, configs with no DNS server started
erroring out, causing user reports.

This commit attempts to handle the root cause of the timeout issue by
not twiddling with DNS settings if no DNS server was specified. For now,
however, it leaves the hard-timeout semantics in place.

Reported-by: Filipe Mendonça <cfilipem@gmail.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-12-17 00:10:28 +01:00
Jason A. Donenfeld 4ded3f6bfe UI: macOS: remove donation link
Apple forbids us from having a simple donation link in the "About
WireGuard" dialog, due to new policies. And arguing with the giant is
not going to be a fruitful battle. Do the practical thing and just
remove it.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-12-16 00:04:32 +01:00
Jason A. Donenfeld b51113f680 Version bump
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-12-15 16:18:07 +01:00
Andrej Mihajlov be96dea04a WireGuardApp: Refactor TunnelListCell
Signed-off-by: Andrej Mihajlov <and@mullvad.net>
2020-12-15 15:56:22 +01:00
Andrej Mihajlov a786f5df60 WireGuardApp: Replace AnyObject with a concrete NSKeyValueObservation
Signed-off-by: Andrej Mihajlov <and@mullvad.net>
2020-12-15 15:56:22 +01:00
Andrej Mihajlov 9a483a46fa WireGuardApp: Animate switch control in TunnelListCell
Signed-off-by: Andrej Mihajlov <and@mullvad.net>
2020-12-15 15:56:22 +01:00
Andrej Mihajlov 5d2a337332 WireGuardApp: Remove 200ms delay when updating tunnel status switch
Signed-off-by: Andrej Mihajlov <and@mullvad.net>
2020-12-15 15:56:22 +01:00
Andrej Mihajlov facf776602 WireGuardApp: Pin status switch to cell margin
Signed-off-by: Andrej Mihajlov <and@mullvad.net>
2020-12-15 15:56:22 +01:00
Andrej Mihajlov d3400e3a80 WireGuardApp: Refactor indicator view initialization
Signed-off-by: Andrej Mihajlov <and@mullvad.net>
2020-12-15 15:56:22 +01:00
Andrej Mihajlov 92517bd21e WireGuardApp: Use Bundle.forInfoDictionaryKey to access Info.plist fields
Signed-off-by: Andrej Mihajlov <and@mullvad.net>
2020-12-15 15:56:22 +01:00
Andrej Mihajlov 761f635e16 WireGuardApp: Refactor indicator initialization
Signed-off-by: Andrej Mihajlov <and@mullvad.net>
2020-12-15 15:56:22 +01:00
Andrej Mihajlov 44704ba892 WireGuardApp: Fix window background color to default black
Signed-off-by: Andrej Mihajlov <and@mullvad.net>
2020-12-15 15:56:22 +01:00
Jason A. Donenfeld 9231c03513 global: support DNS search domains
This has been supported by Windows and Linux for quite some time. Add
support here for iOS and macOS.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-12-15 15:54:12 +01:00
Jason A. Donenfeld 27b32e60b2 WireGuardKitGo: update to latest wireguard-go tag
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-12-15 13:16:52 +01:00
Jason A. Donenfeld 9d5b376dcf Revert "[REVERT ME SOON] TunnelsManager: Workaround for macOS Catalina deleting tunnels arbitrarily"
This reverts commit 028e76eb3f.

It's been over a year. I really hope this is fixed by Apple.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-12-11 12:51:16 +01:00
Jason A. Donenfeld 8fd4883d7e WireGuardApp: modify xcodeproj when syncing translations
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-12-11 12:39:43 +01:00
Andrej Mihajlov d414cec9aa WireGuardKit: Let wireguard-go backend run in offline on macOS
Signed-off-by: Andrej Mihajlov <and@mullvad.net>
2020-12-11 11:56:05 +01:00
Jason A. Donenfeld 54e3333b72 WireGuardApp: add CrowdIn syncer and run it
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-12-11 11:34:19 +01:00
Andrej Mihajlov 9f8d0e24df WireGuardKit: Conditionally turn on/off wireguard-go
Signed-off-by: Andrej Mihajlov <and@mullvad.net>
2020-12-11 11:15:22 +01:00
Jason A. Donenfeld 3de7c99301 WireGuardGoKit: drop support for armv7
Apple and Go have both dropped it, so we do the same.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-12-09 15:56:35 +01:00
Jason A. Donenfeld d4fd17cd8f global: fix remaining swiftlint violations
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-12-09 14:35:21 +01:00
Jason A. Donenfeld d875266db5 WireGuardKitGo: get rid of missing -Wno-unused-command-line-argument flag
Recent toolchains error out on it, and it's no longer needed.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-12-09 14:25:22 +01:00
Jason A. Donenfeld d696e31b6e WireGuardKitGo: rebase boottime patch onto Go 1.15.6
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-12-09 14:08:45 +01:00
Jason A. Donenfeld 90acf2b220 global: bump year in header
A bit overdue, but better late than never.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-12-04 12:15:29 +01:00
Andrej Mihajlov 27ef0c6dba WireGuardApp: Update target membership to exclude sources that are only used in network extensions
Signed-off-by: Andrej Mihajlov <and@mullvad.net>
2020-12-04 11:50:44 +01:00
Andrej Mihajlov 8f67435d4a WireGuardKit: Delegate IPv*Address initialization to self.init
Signed-off-by: Andrej Mihajlov <and@mullvad.net>
2020-12-04 11:50:44 +01:00
Andrej Mihajlov b4ebe2440f WireGuardApp: Remove backend version call in Logger.swift & extract wireguard-go version script from network extension targets
Signed-off-by: Andrej Mihajlov <and@mullvad.net>
2020-12-04 11:50:44 +01:00
Andrej Mihajlov d440a91b0e WireGuardKit: Log XLAT resolution errors
Signed-off-by: Andrej Mihajlov <and@mullvad.net>
2020-12-04 11:50:43 +01:00
Andrej Mihajlov 9e909a3294 WireGuardApp: Disable SWIFT_PRECOMPILE_BRIDGING_HEADER
Clang automatically picks up module.modulemap files from WireGuardKit directories when precompiling bridging header file, which causes the compiler to fail with obscure error.

Signed-off-by: Andrej Mihajlov <and@mullvad.net>
2020-12-04 09:39:09 +01:00
Andrej Mihajlov 75bcf97ab2 WireGuardApp: Update swift version from 4.2 to 5.0
Signed-off-by: Andrej Mihajlov <and@mullvad.net>
2020-12-04 09:39:09 +01:00
Andrej Mihajlov 0edde8b46f Update checkout path in README
Signed-off-by: Andrej Mihajlov <and@mullvad.net>
2020-12-04 09:39:09 +01:00
Andrej Mihajlov bcc34e0bb6 Keychain: Avoid roundtrip via items when accessing item label (stored in kSecAttrLabel)
Signed-off-by: Andrej Mihajlov <and@mullvad.net>
2020-12-04 09:39:09 +01:00
Andrej Mihajlov 90b41aed89 Keychain: Remove unnecessary cast to String in Keychain queries
Signed-off-by: Andrej Mihajlov <and@mullvad.net>
2020-12-04 09:39:09 +01:00
Andrej Mihajlov 7930b94981 WireGuardApp: Remove WireGuardKit.swift from Xcode source tree
Signed-off-by: Andrej Mihajlov <and@mullvad.net>
2020-12-04 09:39:09 +01:00
Andrej Mihajlov 54a89f6a0e WireGuadKit: Rename WireGuardAdapter.version -> .backendVersion & remove `var wireGuardVersion` with WireGuardKit.swift
Signed-off-by: Andrej Mihajlov <and@mullvad.net>
2020-12-04 09:39:09 +01:00
Andrej Mihajlov 8976a53b05 WireGuardApp: Add back the wireguard-go version extraction script and use WIREGUARD_GO_VERSION directly
Avoids linking against libwg-go.a in order to access the WireGuard backend version.

Signed-off-by: Andrej Mihajlov <and@mullvad.net>
2020-12-04 09:39:05 +01:00
Andrej Mihajlov 9849dedf1d WireGuardApp: Include headers from WireGuardKitC
Signed-off-by: Andrej Mihajlov <and@mullvad.net>
2020-12-04 09:38:31 +01:00