@qpjoy/tunnel-cli 0.1.5 → 0.1.6

package/README.md

@@ -45,7 +45,9 @@ The command:
 - downloads the HDO manifest from `electron-server`
 - writes a local WireGuard config
 - stores local HDO state and refresh credentials
-- starts a system-level tunnel at boot
+- starts a system-level tunnel at boot. On Linux, if `wg-quick@.service` is not
+  installed by the OS, the CLI writes a compatible systemd unit that uses the
+  bundled WireGuard tools from the npm package.
 
 Useful follow-up commands:
 

package/README.setup.md

@@ -13,4 +13,7 @@ sudo qp-tunnel-cli server-on
 sudo qp-tunnel-cli status
 
 qp-tunnel-cli curl google.com
+
+# 删除mac的HDO进程
+qp-tunnel-cli hdo down --interface hdo-client
 ```

package/dist/hdo.js

@@ -78,6 +78,8 @@ Examples:
 
 Notes:
   Linux writes /etc/wireguard and enables wg-quick@<interface>.
+  If Linux does not provide wg-quick@.service, this CLI installs a compatible
+  systemd unit that uses the bundled WireGuard tools from npm.
   macOS installs a LaunchDaemon and may prompt for an administrator password.
   Windows installs a WireGuard tunnel service and may show a UAC prompt.
 
@@ -182,21 +184,26 @@ function statusCommand(input) {
     const interfaceName = sanitizeInterfaceName(input.interfaceName || state.interfaceName || defaultInterfaceName);
     const configPath = resolveConfigPath(input.configPath || state.configPath, interfaceName);
     const installDir = resolveInstallDir(input.installDir || state.installDir);
+    const runtime = (0, electron_core_wireguard_1.resolveWireGuardConnectionRuntime)({
+        installDir,
+        allowSystemFallback: true,
+    });
     process.stdout.write(`State file: ${stateFile}\n`);
     process.stdout.write(`Server URL: ${state.serverUrl || 'unset'}\n`);
     process.stdout.write(`Device: ${state.deviceId || 'unset'}\n`);
     process.stdout.write(`Overlay IP: ${state.overlayIp || 'unset'}\n`);
     process.stdout.write(`WireGuard config: ${configPath}\n\n`);
     if (process.platform === 'linux') {
-        inherit('systemctl', ['status', `wg-quick@${interfaceName}`, '--no-pager']);
-        process.stdout.write('\n');
-        inherit('wg', ['show', interfaceName]);
+        if (commandAvailable('systemctl')) {
+            inherit('systemctl', ['status', `wg-quick@${interfaceName}`, '--no-pager']);
+            process.stdout.write('\n');
+        }
+        else {
+            process.stdout.write('systemctl unavailable; showing WireGuard runtime status only.\n\n');
+        }
+        printWireGuardRuntimeStatus(runtime, configPath);
         return;
     }
-    const runtime = (0, electron_core_wireguard_1.resolveWireGuardConnectionRuntime)({
-        installDir,
-        allowSystemFallback: true,
-    });
     if (process.platform === 'darwin') {
         const daemon = (0, electron_core_wireguard_1.getDarwinWireGuardLaunchDaemonStatus)({ runtime, configPath });
         process.stdout.write(`LaunchDaemon: ${daemon.loaded ? 'loaded' : 'not loaded'}; running=${daemon.running}\n`);
@@ -225,7 +232,18 @@ async function downCommand(input) {
     const configPath = resolveConfigPath(input.configPath || state.configPath, interfaceName);
     const installDir = resolveInstallDir(input.installDir || state.installDir);
     if (process.platform === 'linux') {
-        inheritRequired('systemctl', ['disable', '--now', `wg-quick@${interfaceName}`]);
+        const runtime = (0, electron_core_wireguard_1.resolveWireGuardConnectionRuntime)({
+            installDir,
+            allowSystemFallback: true,
+        });
+        if (commandAvailable('systemctl') && systemdUnitExists('wg-quick@.service')) {
+            inheritRequired('systemctl', ['disable', '--now', `wg-quick@${interfaceName}`]);
+            return;
+        }
+        const result = await (0, electron_core_wireguard_1.setWireGuardTunnelState)({ runtime, configPath, action: 'down' });
+        if (!result.ok)
+            throw new Error(result.message);
+        process.stdout.write(`${result.message}\n`);
         return;
     }
     const runtime = (0, electron_core_wireguard_1.resolveWireGuardConnectionRuntime)({
@@ -451,6 +469,15 @@ function resolveKeypair(options, previous, installDir) {
 }
 async function startSystemTunnel(interfaceName, configPath, installDir) {
     if (process.platform === 'linux') {
+        const runtime = await ensureLinuxWireGuardRuntime(installDir);
+        if (!commandAvailable('systemctl')) {
+            const result = await (0, electron_core_wireguard_1.setWireGuardTunnelState)({ runtime, configPath, action: 'restart' });
+            if (!result.ok)
+                throw new Error(result.message);
+            return `${result.message} systemctl is unavailable, so this tunnel is not installed as a boot service.`;
+        }
+        ensureLinuxWgQuickSystemdUnit(runtime);
+        inheritRequired('systemctl', ['daemon-reload']);
         inheritRequired('systemctl', ['enable', `wg-quick@${interfaceName}`]);
         inheritRequired('systemctl', ['restart', `wg-quick@${interfaceName}`]);
         return `Enabled and restarted wg-quick@${interfaceName}.`;
@@ -596,6 +623,138 @@ function inheritRequired(command, args) {
     const result = (0, node_child_process_1.spawnSync)(command, args, { stdio: 'inherit' });
     assertSpawnOk(command, args, result);
 }
+function printWireGuardRuntimeStatus(runtime, configPath) {
+    process.stdout.write(`Runtime: ${runtime.method}\n`);
+    if (runtime.warnings.length) {
+        process.stdout.write(`Runtime warnings: ${runtime.warnings.join('; ')}\n`);
+    }
+    try {
+        const tunnel = (0, electron_core_wireguard_1.getWireGuardTunnelStatus)({ runtime, configPath });
+        process.stdout.write(`WireGuard active: ${tunnel.active}\n`);
+        if (tunnel.realInterfaceName)
+            process.stdout.write(`Interface: ${tunnel.realInterfaceName}\n`);
+        if (tunnel.peers.length)
+            process.stdout.write(`Peers: ${tunnel.peers.length}\n`);
+        if (tunnel.error)
+            process.stdout.write(`Status detail: ${tunnel.error}\n`);
+    }
+    catch (err) {
+        process.stdout.write(`WireGuard status detail: ${errorMessage(err)}\n`);
+    }
+}
+async function ensureLinuxWireGuardRuntime(installDir) {
+    let runtime = (0, electron_core_wireguard_1.resolveWireGuardConnectionRuntime)({
+        installDir,
+        allowSystemFallback: true,
+    });
+    if (runtime.available)
+        return runtime;
+    const installed = installLinuxWireGuardTools();
+    runtime = (0, electron_core_wireguard_1.resolveWireGuardConnectionRuntime)({
+        installDir,
+        allowSystemFallback: true,
+    });
+    if (runtime.available)
+        return runtime;
+    throw new Error(installed
+        ? runtime.error ?? 'WireGuard runtime unavailable after installing wireguard-tools.'
+        : `${runtime.error ?? 'WireGuard runtime unavailable'}. Install wireguard-tools or use an npm package with the matching @qpjoy/electron-core-wireguard-engine package.`);
+}
+function installLinuxWireGuardTools() {
+    const installers = [
+        { probe: 'apt-get', label: 'apt-get', commands: [['apt-get', 'update'], ['apt-get', 'install', '-y', 'wireguard-tools']] },
+        { probe: 'dnf', label: 'dnf', commands: [['dnf', 'install', '-y', 'wireguard-tools']] },
+        { probe: 'yum', label: 'yum', commands: [['yum', 'install', '-y', 'epel-release'], ['yum', 'install', '-y', 'wireguard-tools']] },
+        { probe: 'apk', label: 'apk', commands: [['apk', 'add', '--no-cache', 'wireguard-tools']] },
+        { probe: 'zypper', label: 'zypper', commands: [['zypper', '--non-interactive', 'install', 'wireguard-tools']] },
+        { probe: 'pacman', label: 'pacman', commands: [['pacman', '-Sy', '--noconfirm', 'wireguard-tools']] },
+    ];
+    for (const installer of installers) {
+        if (!commandAvailable(installer.probe))
+            continue;
+        process.stdout.write(`WireGuard tools are missing; installing wireguard-tools with ${installer.label}.\n`);
+        for (const command of installer.commands) {
+            const [name, ...args] = command;
+            const result = (0, node_child_process_1.spawnSync)(name, args, { stdio: 'inherit' });
+            if (result.status !== 0) {
+                process.stdout.write(`wireguard-tools install step failed: ${command.join(' ')}\n`);
+                return false;
+            }
+        }
+        return true;
+    }
+    return false;
+}
+function ensureLinuxWgQuickSystemdUnit(runtime) {
+    if (systemdUnitUsable())
+        return;
+    const wgQuick = runtime.wgQuick?.command;
+    if (!wgQuick) {
+        throw new Error(runtime.error ?? 'wg-quick unavailable; cannot install systemd boot service.');
+    }
+    const unitPath = '/etc/systemd/system/wg-quick@.service';
+    if ((0, node_fs_1.existsSync)(unitPath)) {
+        throw new Error(`${unitPath} exists but wg/wg-quick is not available in PATH. Install wireguard-tools or fix the existing unit.`);
+    }
+    (0, node_fs_1.mkdirSync)((0, node_path_1.dirname)(unitPath), { recursive: true });
+    (0, node_fs_1.writeFileSync)(unitPath, renderLinuxWgQuickSystemdUnit(runtime, wgQuick), { mode: 0o644 });
+    chmodSyncSafe(unitPath, 0o644);
+    process.stdout.write(`Installed ${unitPath} using bundled WireGuard tools.\n`);
+}
+function renderLinuxWgQuickSystemdUnit(runtime, wgQuick) {
+    const pathDirs = uniqueStrings([
+        runtime.wg.command ? (0, node_path_1.dirname)(runtime.wg.command) : '',
+        runtime.wgQuick?.command ? (0, node_path_1.dirname)(runtime.wgQuick.command) : '',
+        runtime.wireGuardGo?.command ? (0, node_path_1.dirname)(runtime.wireGuardGo.command) : '',
+        '/usr/local/sbin',
+        '/usr/local/bin',
+        '/usr/sbin',
+        '/usr/bin',
+        '/sbin',
+        '/bin',
+    ].filter(Boolean));
+    return `[Unit]
+Description=WireGuard via wg-quick(8) for %I
+Documentation=man:wg-quick(8) man:wg(8)
+Wants=network-online.target
+After=network-online.target nss-lookup.target
+ConditionPathExists=/etc/wireguard/%i.conf
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+Environment=${systemdQuote(`PATH=${pathDirs.join(':')}`)}
+Environment=WG_ENDPOINT_RESOLUTION_RETRIES=infinity
+ExecStart=${systemdQuote(wgQuick)} up %i
+ExecStop=${systemdQuote(wgQuick)} down %i
+
+[Install]
+WantedBy=multi-user.target
+`;
+}
+function systemdUnitUsable() {
+    return systemdUnitExists('wg-quick@.service') && commandAvailable('wg') && commandAvailable('wg-quick');
+}
+function systemdUnitExists(unitName) {
+    const paths = [
+        `/etc/systemd/system/${unitName}`,
+        `/run/systemd/system/${unitName}`,
+        `/lib/systemd/system/${unitName}`,
+        `/usr/lib/systemd/system/${unitName}`,
+    ];
+    if (paths.some((path) => (0, node_fs_1.existsSync)(path)))
+        return true;
+    if (!commandAvailable('systemctl'))
+        return false;
+    const result = (0, node_child_process_1.spawnSync)('systemctl', ['cat', unitName], { stdio: 'ignore' });
+    return result.status === 0;
+}
+function commandAvailable(command) {
+    const result = (0, node_child_process_1.spawnSync)('sh', ['-c', 'command -v "$1" >/dev/null 2>&1', 'sh', command], {
+        stdio: 'ignore',
+    });
+    return result.status === 0;
+}
 function uninstallDarwinLaunchDaemonByInterface(interfaceName) {
     const component = sanitizeLaunchDaemonComponent(interfaceName);
     const label = `com.qpjoy.hdo.wireguard.${component}`;
@@ -676,6 +835,9 @@ function sanitizeLaunchDaemonComponent(value) {
 function shellQuote(value) {
     return `'${String(value).replace(/'/g, `'\\''`)}'`;
 }
+function systemdQuote(value) {
+    return `"${String(value).replace(/%/g, '%%').replace(/\\/g, '\\\\').replace(/"/g, '\\"')}"`;
+}
 function appleScriptString(value) {
     return `"${value.replace(/\\/g, '\\\\').replace(/"/g, '\\"')}"`;
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@qpjoy/tunnel-cli",
-  "version": "0.1.5",
+  "version": "0.1.6",
   "description": "Global QPJoy Tunnel CLI for mihomo-client and cross-platform HDO mesh enrollment.",
   "private": false,
   "type": "commonjs",