Merge pull request #190 from safing/feature/improvements

Multiple small improvements
safing · Dec 22, 2023 · b7a8ff8 · b7a8ff8
2 parents 9e4bf33 + 91ed18b
commit b7a8ff8
Show file tree

Hide file tree

Showing 8 changed files with 136 additions and 300 deletions.
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
diff --git a/cmds/observation-hub/Dockerfile b/cmds/observation-hub/Dockerfile
@@ -5,9 +5,9 @@
 # Run: docker build -f cmds/observation-hub/Dockerfile -t safing/observation-hub:latest .
 # Check With: docker run -ti --rm safing/observation-hub:latest --help
 
-# golang 1.20.7 linux/amd64 on debian bullseye
-# https://github.com/docker-library/golang/blob/master/1.20/bullseye/Dockerfile
-FROM golang:1.21-bullseye as builder
+# golang 1.21 linux/amd64 on debian bookworm
+# https://github.com/docker-library/golang/blob/master/1.21/bookworm/Dockerfile
+FROM golang:1.21-bookworm as builder
 
 # Ensure ca-certficates are up to date
 RUN update-ca-certificates
@@ -29,7 +29,7 @@ CGO_ENABLED=0 ./build -o /go/bin/observation-hub
 
 # Use static image
 # https://github.com/GoogleContainerTools/distroless
-FROM gcr.io/distroless/static-debian11
+FROM gcr.io/distroless/static-debian12
 
 # Copy our static executable
 COPY --from=builder --chmod=0755 /go/bin/observation-hub /go/bin/observation-hub

diff --git a/crew/connect.go b/crew/connect.go
@@ -304,15 +304,23 @@ func establishRoute(route *navigator.Route) (dstPin *navigator.Pin, dstTerminal
 			// Wait for authOp result.
 			select {
 			case tErr := <-check.authOp.Result:
-				if !tErr.Is(terminal.ErrExplicitAck) {
-					// This should never happen, as all should have the same public keys
-					// and tokens are validated locally before using.
-					// Ignore Hub for a short amount of time.
-					// TODO: How can we better handle this?
+				switch {
+				case tErr.IsError():
+					// There was a network or authentication error.
 					check.pin.MarkAsFailingFor(3 * time.Minute)
 					log.Warningf("spn/crew: failed to auth to %s: %s", check.pin.Hub, tErr)
-
 					return nil, nil, tErr.Wrap("failed to authenticate to %s: %w", check.pin.Hub, tErr)
+
+				case tErr.Is(terminal.ErrExplicitAck):
+					// Authentication was successful.
+
+				default:
+					// Authentication was aborted.
+					if tErr != nil {
+						tErr = terminal.ErrUnknownError
+					}
+					log.Warningf("spn/crew: auth to %s aborted with %s", check.pin.Hub, tErr)
+					return nil, nil, tErr.Wrap("authentication to %s aborted: %w", check.pin.Hub, tErr)
 				}
 
 			case <-time.After(5 * time.Second):

diff --git a/go.mod b/go.mod
@@ -1,49 +1,55 @@
 module github.com/safing/spn
 
-go 1.21
+go 1.21.1
+
+toolchain go1.21.2
 
 require (
 	github.com/awalterschulze/gographviz v2.0.3+incompatible
 	github.com/brianvoe/gofakeit v3.18.0+incompatible
 	github.com/ghodss/yaml v1.0.0
 	github.com/mr-tron/base58 v1.2.0
 	github.com/r3labs/diff/v3 v3.0.1
-	github.com/rot256/pblind v0.0.0-20230622102829-4dc2c6e4b857
-	github.com/safing/jess v0.3.1
-	github.com/safing/portbase v0.18.5
-	github.com/safing/portmaster v1.5.1-0.20231013101135-a386cf72f139
-	github.com/spf13/cobra v1.7.0
+	github.com/rot256/pblind v0.0.0-20231024115251-cd3f239f28c1
+	github.com/safing/jess v0.3.3
+	github.com/safing/portbase v0.18.9
+	github.com/safing/portmaster v1.6.4-0.20231222132644-ce3d81067ffe
+	github.com/spf13/cobra v1.8.0
 	github.com/stretchr/testify v1.8.4
 	github.com/tevino/abool v1.2.0
-	golang.org/x/exp v0.0.0-20231006140011-7918f672742d
-	golang.org/x/net v0.17.0
+	golang.org/x/exp v0.0.0-20231219180239-dc181d75b848
+	golang.org/x/net v0.19.0
 )
 
 require (
-	github.com/VictoriaMetrics/metrics v1.24.0 // indirect
+	github.com/VictoriaMetrics/metrics v1.29.1 // indirect
 	github.com/aead/ecdh v0.2.0 // indirect
 	github.com/aead/serpent v0.0.0-20160714141033-fba169763ea6 // indirect
 	github.com/armon/go-radix v1.0.0 // indirect
 	github.com/bluele/gcache v0.0.2 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/fogleman/gg v1.3.0 // indirect
 	github.com/fxamacker/cbor v1.5.1 // indirect
 	github.com/fxamacker/cbor/v2 v2.5.0 // indirect
 	github.com/go-ole/go-ole v1.3.0 // indirect
 	github.com/godbus/dbus/v5 v5.1.0 // indirect
 	github.com/gofrs/uuid v4.4.0+incompatible // indirect
+	github.com/golang/freetype v0.0.0-20170609003504-e2365dfdc4a0 // indirect
 	github.com/google/btree v1.1.2 // indirect
 	github.com/google/gopacket v1.1.19 // indirect
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
-	github.com/gorilla/mux v1.8.0 // indirect
-	github.com/gorilla/websocket v1.5.0 // indirect
+	github.com/gorilla/mux v1.8.1 // indirect
+	github.com/gorilla/websocket v1.5.1 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/go-multierror v1.1.1 // indirect
 	github.com/hashicorp/go-version v1.6.0 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
-	github.com/kr/pretty v0.3.1 // indirect
-	github.com/miekg/dns v1.1.56 // indirect
+	github.com/klauspost/cpuid/v2 v2.2.6 // indirect
+	github.com/mat/besticon v3.12.0+incompatible // indirect
+	github.com/miekg/dns v1.1.57 // indirect
 	github.com/mitchellh/copystructure v1.2.0 // indirect
 	github.com/mitchellh/reflectwalk v1.0.2 // indirect
+	github.com/nfnt/resize v0.0.0-20180221191011-83c6a9932646 // indirect
 	github.com/oschwald/maxminddb-golang v1.12.0 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/safing/portmaster-android/go v0.0.0-20230830120134-3226ceac3bec // indirect
@@ -54,27 +60,31 @@ require (
 	github.com/spf13/pflag v1.0.5 // indirect
 	github.com/spkg/zipfs v0.7.1 // indirect
 	github.com/tannerryan/ring v1.1.2 // indirect
+	github.com/tc-hib/winres v0.2.1 // indirect
 	github.com/tidwall/gjson v1.17.0 // indirect
 	github.com/tidwall/match v1.1.1 // indirect
 	github.com/tidwall/pretty v1.2.1 // indirect
 	github.com/tidwall/sjson v1.2.5 // indirect
-	github.com/tklauser/go-sysconf v0.3.12 // indirect
-	github.com/tklauser/numcpus v0.6.1 // indirect
+	github.com/tklauser/go-sysconf v0.3.13 // indirect
+	github.com/tklauser/numcpus v0.7.0 // indirect
 	github.com/umahmood/haversine v0.0.0-20151105152445-808ab04add26 // indirect
 	github.com/valyala/fastrand v1.1.0 // indirect
 	github.com/valyala/histogram v1.2.0 // indirect
-	github.com/vmihailenco/msgpack/v5 v5.4.0 // indirect
+	github.com/vincent-petithory/dataurl v1.0.0 // indirect
+	github.com/vmihailenco/msgpack/v5 v5.4.1 // indirect
 	github.com/vmihailenco/tagparser/v2 v2.0.0 // indirect
 	github.com/x448/float16 v0.8.4 // indirect
 	github.com/yusufpapurcu/wmi v1.2.3 // indirect
-	go.etcd.io/bbolt v1.3.7 // indirect
-	golang.org/x/crypto v0.14.0 // indirect
-	golang.org/x/mod v0.13.0 // indirect
-	golang.org/x/sync v0.4.0 // indirect
-	golang.org/x/sys v0.13.0 // indirect
-	golang.org/x/time v0.3.0 // indirect
-	golang.org/x/tools v0.14.0 // indirect
+	github.com/zeebo/blake3 v0.2.3 // indirect
+	go.etcd.io/bbolt v1.3.8 // indirect
+	golang.org/x/crypto v0.17.0 // indirect
+	golang.org/x/image v0.14.0 // indirect
+	golang.org/x/mod v0.14.0 // indirect
+	golang.org/x/sync v0.5.0 // indirect
+	golang.org/x/sys v0.15.0 // indirect
+	golang.org/x/time v0.5.0 // indirect
+	golang.org/x/tools v0.16.1 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
-	gvisor.dev/gvisor v0.0.0-20231013035111-c134ec92830b // indirect
+	gvisor.dev/gvisor v0.0.0-20231222013827-149350e5c428 // indirect
 )