pairling 0.2.5 → 0.2.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (29) hide show
  1. package/README.md +11 -9
  2. package/bin/pairling.mjs +5 -2
  3. package/package.json +3 -3
  4. package/payload/mac/SOURCE_BRANCH +1 -1
  5. package/payload/mac/SOURCE_REVISION +1 -1
  6. package/payload/mac/VERSION +1 -1
  7. package/payload/mac/companiond/pairling_connectd_status.py +57 -7
  8. package/payload/mac/companiond/pairling_devices.py +35 -0
  9. package/payload/mac/companiond/pairling_pairing.py +67 -20
  10. package/payload/mac/companiond/pairlingd.py +269 -16
  11. package/payload/mac/companiond/push_dispatcher.py +31 -1
  12. package/payload/mac/connectd/cmd/pairling-connectd/identity_test.go +65 -0
  13. package/payload/mac/connectd/cmd/pairling-connectd/main.go +150 -1
  14. package/payload/mac/connectd/cmd/pairling-connectd/peer_identity_test.go +86 -0
  15. package/payload/mac/connectd/cmd/pairling-tailnet-mintd/main.go +121 -0
  16. package/payload/mac/connectd/cmd/pairling-tailnet-mintd/mintd.go +418 -0
  17. package/payload/mac/connectd/cmd/pairling-tailnet-mintd/mintd_test.go +894 -0
  18. package/payload/mac/connectd/internal/gateway/adversarial_verify_test.go +99 -0
  19. package/payload/mac/connectd/internal/gateway/funnel_bootstrap_test.go +265 -0
  20. package/payload/mac/connectd/internal/gateway/funnel_contract_test.go +56 -0
  21. package/payload/mac/connectd/internal/gateway/proxy.go +233 -19
  22. package/payload/mac/connectd/internal/gateway/proxy_test.go +71 -0
  23. package/payload/mac/connectd/internal/runtime/config.go +19 -0
  24. package/payload/mac/connectd/internal/runtime/config_test.go +25 -0
  25. package/payload/mac/connectd/internal/status/status.go +67 -1
  26. package/payload/mac/connectd/internal/status/status_test.go +138 -0
  27. package/payload/mac/install/install-runtime.sh +299 -20
  28. package/payload/mac/install/render-launchd.py +54 -10
  29. package/payload-manifest.json +63 -21
@@ -4,6 +4,7 @@
4
4
  from __future__ import annotations
5
5
 
6
6
  import argparse
7
+ import os
7
8
  import plistlib
8
9
  from pathlib import Path
9
10
 
@@ -11,6 +12,7 @@ PAIRLING_DAEMON_LABEL = "dev.pairling.companiond"
11
12
  PAIRLING_GUARDIAN_LABEL = "dev.pairling.power-guardian"
12
13
  PAIRLING_CONNECTD_LABEL = "dev.pairling.connectd"
13
14
  PAIRLING_PTYBROKER_LABEL = "dev.pairling.ptybroker"
15
+ PAIRLING_MINTD_LABEL = "dev.pairling.mintd"
14
16
  PAIRLING_RUNTIME_PORT = "7773"
15
17
 
16
18
 
@@ -20,21 +22,27 @@ def write_plist(path: Path, payload: dict) -> None:
20
22
  plistlib.dump(payload, fh, sort_keys=False)
21
23
 
22
24
 
23
- def daemon_plist(current: Path, logs: Path, python_bin: str) -> dict:
25
+ def daemon_plist(current: Path, logs: Path, python_bin: str, mint_enabled: bool = False) -> dict:
26
+ env = {
27
+ "PAIRLING_RUNTIME_PORT": PAIRLING_RUNTIME_PORT,
28
+ "COMPANION_DAEMON_PORT": PAIRLING_RUNTIME_PORT,
29
+ "PAIRLING_BIND_MODE": "all",
30
+ "PAIRLING_APP_SUPPORT_ROOT": str(current.parent.parent),
31
+ "PAIRLING_LOGS_ROOT": str(logs),
32
+ "PATH": "/opt/homebrew/bin:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin",
33
+ }
34
+ if mint_enabled:
35
+ # Architecture B is on only when the separate-uid mint broker is
36
+ # installed. Persisting the flag here keeps it across daemon restarts
37
+ # and reboots, instead of relying on an ephemeral launchctl setenv.
38
+ env["PAIRLING_MINT_ENABLED"] = "1"
24
39
  return {
25
40
  "Label": PAIRLING_DAEMON_LABEL,
26
41
  "ProgramArguments": [
27
42
  python_bin,
28
43
  str(current / "companiond" / "pairlingd.py"),
29
44
  ],
30
- "EnvironmentVariables": {
31
- "PAIRLING_RUNTIME_PORT": PAIRLING_RUNTIME_PORT,
32
- "COMPANION_DAEMON_PORT": PAIRLING_RUNTIME_PORT,
33
- "PAIRLING_BIND_MODE": "all",
34
- "PAIRLING_APP_SUPPORT_ROOT": str(current.parent.parent),
35
- "PAIRLING_LOGS_ROOT": str(logs),
36
- "PATH": "/opt/homebrew/bin:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin",
37
- },
45
+ "EnvironmentVariables": env,
38
46
  "RunAtLoad": True,
39
47
  "KeepAlive": True,
40
48
  "ThrottleInterval": 10,
@@ -96,6 +104,39 @@ def connectd_plist(current: Path, logs: Path) -> dict:
96
104
  }
97
105
 
98
106
 
107
+ def mintd_plist(current: Path, logs: Path) -> dict:
108
+ system_root = Path("/Library/Application Support/Pairling")
109
+ system_logs = Path("/Library/Logs/Pairling")
110
+ return {
111
+ "Label": PAIRLING_MINTD_LABEL,
112
+ "UserName": "_pairling_mint",
113
+ "GroupName": "staff",
114
+ "ProgramArguments": [
115
+ str(system_root / "mint" / "pairling-tailnet-mintd"),
116
+ "--secret-path",
117
+ str(system_root / "mint" / "client_secret.json"),
118
+ "--socket-path",
119
+ str(system_root / "run" / "mintd" / "mintd.sock"),
120
+ "--state-path",
121
+ str(system_root / "mint" / "state.json"),
122
+ "--audit-path",
123
+ str(system_root / "mint" / "audit.jsonl"),
124
+ "--alert-path",
125
+ str(system_root / "run" / "mintd" / "alerts.jsonl"),
126
+ "--authorized-uid",
127
+ str(os.getuid()),
128
+ ],
129
+ "EnvironmentVariables": {
130
+ "PATH": "/Applications/Tailscale.app/Contents/MacOS:/opt/homebrew/bin:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin",
131
+ },
132
+ "RunAtLoad": True,
133
+ "KeepAlive": True,
134
+ "ThrottleInterval": 10,
135
+ "StandardOutPath": str(system_logs / "mintd.log"),
136
+ "StandardErrorPath": str(system_logs / "mintd.err"),
137
+ }
138
+
139
+
99
140
  def ptybroker_plist(current: Path, logs: Path, python_bin: str) -> dict:
100
141
  app_support = current.parent.parent
101
142
  return {
@@ -125,16 +166,19 @@ def main() -> int:
125
166
  parser.add_argument("--daemon-python", default="/usr/local/bin/python3")
126
167
  parser.add_argument("--guardian-python", default="/usr/bin/python3")
127
168
  parser.add_argument("--mirror-python", default="/usr/local/bin/python3", help=argparse.SUPPRESS)
169
+ parser.add_argument("--mint-enabled", action="store_true",
170
+ help="set PAIRLING_MINT_ENABLED=1 in the companiond env (Architecture B)")
128
171
  args = parser.parse_args()
129
172
 
130
173
  current = Path(args.current_root)
131
174
  logs = Path(args.logs_root)
132
175
  out = Path(args.output_dir)
133
176
 
134
- write_plist(out / f"{PAIRLING_DAEMON_LABEL}.plist", daemon_plist(current, logs, args.daemon_python))
177
+ write_plist(out / f"{PAIRLING_DAEMON_LABEL}.plist", daemon_plist(current, logs, args.daemon_python, args.mint_enabled))
135
178
  write_plist(out / f"{PAIRLING_PTYBROKER_LABEL}.plist", ptybroker_plist(current, logs, args.daemon_python))
136
179
  write_plist(out / f"{PAIRLING_GUARDIAN_LABEL}.plist", guardian_plist(current, logs, args.guardian_python))
137
180
  write_plist(out / f"{PAIRLING_CONNECTD_LABEL}.plist", connectd_plist(current, logs))
181
+ write_plist(out / f"{PAIRLING_MINTD_LABEL}.plist", mintd_plist(current, logs))
138
182
  return 0
139
183
 
140
184
 
@@ -1,18 +1,18 @@
1
1
  {
2
2
  "connectd": {
3
3
  "darwin-arm64": {
4
- "sha256": "96400014bc7d32bd1b976216eb6dc76a6621d9da34a2ef02da87c72957dea170",
4
+ "sha256": "d6d23a4cf72a2c44cde10adfd58d58dc1a29226da10e0bfa7c147b2c0e9bd1a7",
5
5
  "team_id": "965AVD34A3"
6
6
  },
7
7
  "darwin-x64": {
8
- "sha256": "bb4df01a72f6c2032c8d7341f5d243fa3e6c99295c033dbf3f99a7d7eed650b7",
8
+ "sha256": "d1f7cfb6fcb1a9542ac4852ef41610a8866e010aff299b86a349b06bcc5ec465",
9
9
  "team_id": "965AVD34A3"
10
10
  }
11
11
  },
12
12
  "files": [
13
13
  {
14
14
  "path": "payload/mac/SOURCE_BRANCH",
15
- "sha256": "34d6a94dacb895403529caac12a19aed745c6caca7a8d0f4ed631999044f76e8"
15
+ "sha256": "b7cda4715ebe6bb92ec69b85df0e99668564bde99f03d6e04109b399538000b2"
16
16
  },
17
17
  {
18
18
  "path": "payload/mac/SOURCE_DIRTY",
@@ -20,11 +20,11 @@
20
20
  },
21
21
  {
22
22
  "path": "payload/mac/SOURCE_REVISION",
23
- "sha256": "6fba526ba8b27c395d71b9d6067bb09fe9458c5d650a92af80541ad7971a3ba3"
23
+ "sha256": "1746356edd4da4f8f46f7c3481696eb0481563f5d9d24e67be7545fdc4fb4b4b"
24
24
  },
25
25
  {
26
26
  "path": "payload/mac/VERSION",
27
- "sha256": "e959f750e92dbb7614ae28ac96f0a37272caed81d8bbb758791af7bfbb6106a0"
27
+ "sha256": "be3c6d2c6c406a64d44f0b6464a887e290416dd90c524094485b1be00936d6d7"
28
28
  },
29
29
  {
30
30
  "path": "payload/mac/companiond/app_attest_lan.py",
@@ -72,15 +72,15 @@
72
72
  },
73
73
  {
74
74
  "path": "payload/mac/companiond/pairling_connectd_status.py",
75
- "sha256": "c44ce738f39aa791b5252e27719c79119406ad143b4ad4627a84acd3bff89a97"
75
+ "sha256": "243b0319b31919bbaca3742fc288097e05bef800432d0409d9a1f70df682386f"
76
76
  },
77
77
  {
78
78
  "path": "payload/mac/companiond/pairling_devices.py",
79
- "sha256": "ef82052d0560863e43476ba9098db7435d924fc473d3ebb747954663a975c85b"
79
+ "sha256": "79ffd7aeb999c70a10b76f6b6ea1e9f4f63fff0446ecb76863a4d46403e7601b"
80
80
  },
81
81
  {
82
82
  "path": "payload/mac/companiond/pairling_pairing.py",
83
- "sha256": "e125501b4c41f57fb9f4acee705f523c0c320fe207c48d4cb5286c8413085e0f"
83
+ "sha256": "6d6aab5cfa12daff6b83f25c6844253432dfec3f20bec30a072875a19dba23cb"
84
84
  },
85
85
  {
86
86
  "path": "payload/mac/companiond/pairling_psk.py",
@@ -96,7 +96,7 @@
96
96
  },
97
97
  {
98
98
  "path": "payload/mac/companiond/pairlingd.py",
99
- "sha256": "1e65b91c2015451502ca07c15f35c8145a3ceb3d4c79fb0d11aad63c66a65861"
99
+ "sha256": "ee2a9115531a15f9cc3aff0680be3bb7ab7b42c7cf001eac05b33cbf36755842"
100
100
  },
101
101
  {
102
102
  "path": "payload/mac/companiond/providers/__init__.py",
@@ -136,7 +136,7 @@
136
136
  },
137
137
  {
138
138
  "path": "payload/mac/companiond/push_dispatcher.py",
139
- "sha256": "5b7eda4d80e031b1321873db967194f0c85bee208bbc1c731a583eb7efc78d7d"
139
+ "sha256": "93aadbb99321cd6f17461254edbffbc11ba99086ba48b20b26ffbebdcd2c6381"
140
140
  },
141
141
  {
142
142
  "path": "payload/mac/companiond/push_event_catalog.py",
@@ -194,14 +194,34 @@
194
194
  "path": "payload/mac/connectd/cmd/pairling-connectd/authkey_test.go",
195
195
  "sha256": "844ca4d83d952339fb394c1b3ccbe9c0717f8fe500a9b7282eede9291bfc284b"
196
196
  },
197
+ {
198
+ "path": "payload/mac/connectd/cmd/pairling-connectd/identity_test.go",
199
+ "sha256": "5ef8ad69a4571019d8092973c94da4c1b317e11d84dd411ce6064e7024a133d5"
200
+ },
197
201
  {
198
202
  "path": "payload/mac/connectd/cmd/pairling-connectd/main.go",
199
- "sha256": "7bed187e340124860c49e5161a5b60338e3282d8467eec83d2f75c766f417e3c"
203
+ "sha256": "4582664c189db3c13fef81328172d69fa0bcd6b064396c0a811a154da98f7f21"
204
+ },
205
+ {
206
+ "path": "payload/mac/connectd/cmd/pairling-connectd/peer_identity_test.go",
207
+ "sha256": "044c1260387b990de073d4f09fa516c3ce15ded7c255b5e1ac3d57f3f5810c27"
200
208
  },
201
209
  {
202
210
  "path": "payload/mac/connectd/cmd/pairling-connectd/upstream_health_test.go",
203
211
  "sha256": "dc5b6d3a8d11f38bcc198287bdbc95f058d35792ca6cf34bc49ca0bed22bfacf"
204
212
  },
213
+ {
214
+ "path": "payload/mac/connectd/cmd/pairling-tailnet-mintd/main.go",
215
+ "sha256": "64fd4527c97397fce10793001af8d59ac3154c75c7ed9e1b532f8f2e4bf88bd4"
216
+ },
217
+ {
218
+ "path": "payload/mac/connectd/cmd/pairling-tailnet-mintd/mintd.go",
219
+ "sha256": "ca49b8ab8216eeec770ad6e9e8111aca819a9a88b050d7eefbdf69c0fad20376"
220
+ },
221
+ {
222
+ "path": "payload/mac/connectd/cmd/pairling-tailnet-mintd/mintd_test.go",
223
+ "sha256": "14a9af6b9575ba89314ce05f2fe465844fea3bb40b3eba5e0d33d059608bfb1f"
224
+ },
205
225
  {
206
226
  "path": "payload/mac/connectd/go.mod",
207
227
  "sha256": "c96748d396598b0952b4c0d43f7f85ca3a56f4019761088267421b22518d5905"
@@ -210,29 +230,41 @@
210
230
  "path": "payload/mac/connectd/go.sum",
211
231
  "sha256": "af76807df4c698a707e5e6f9e8b3d091cf8be7a4b7f5ecee98361be2eee51ade"
212
232
  },
233
+ {
234
+ "path": "payload/mac/connectd/internal/gateway/adversarial_verify_test.go",
235
+ "sha256": "5065aac2f8e682557fe1d12854d5436b0320ab4c10f9f682f0a6ecd1f2d12fab"
236
+ },
237
+ {
238
+ "path": "payload/mac/connectd/internal/gateway/funnel_bootstrap_test.go",
239
+ "sha256": "2f9412f00adfc7ed3433316202469bf43bba52655677be6b46d16a47152bb531"
240
+ },
241
+ {
242
+ "path": "payload/mac/connectd/internal/gateway/funnel_contract_test.go",
243
+ "sha256": "946a757b5dc3bdade769d63f325bedc3014dbe2f18d55a99c5eb82354856b5d1"
244
+ },
213
245
  {
214
246
  "path": "payload/mac/connectd/internal/gateway/proxy.go",
215
- "sha256": "5da0f96ec8c364d90a7c07e4e968df6e9bd7bfeadf6cbe25d0bb743cdba3a91a"
247
+ "sha256": "ad7de08a59819fcbdd81f62d707738af128064cc24cea576674aee2f0960c267"
216
248
  },
217
249
  {
218
250
  "path": "payload/mac/connectd/internal/gateway/proxy_test.go",
219
- "sha256": "1eefdfc331e97033d124cd627dd6e456f6de71e3a28b8d05aa6ede9faa3ff663"
251
+ "sha256": "b02cd354dcd3292079f35ee86a1ce75e3ed8286550f064fdae7914e661464910"
220
252
  },
221
253
  {
222
254
  "path": "payload/mac/connectd/internal/runtime/config.go",
223
- "sha256": "da25233909881d82b4f5e019896f1d8456eb5ab8a67cbdb385652d4cca088c73"
255
+ "sha256": "4b2c325c1f693c747b37e9dae380be2c7801c674f41fe59403d48e33aec62332"
224
256
  },
225
257
  {
226
258
  "path": "payload/mac/connectd/internal/runtime/config_test.go",
227
- "sha256": "eab02d122677fbae7f6417eb232d20fc8f7945b1babf8c3d0e25ec746f71ba33"
259
+ "sha256": "f914d32112cd3151449d58d3f14cba4e88bd313428d7a1c1ce092d160b66babc"
228
260
  },
229
261
  {
230
262
  "path": "payload/mac/connectd/internal/status/status.go",
231
- "sha256": "b420d29797ab5cfff365077baf5043cf59c88c656c5a04fee071e61c748abaf4"
263
+ "sha256": "69d6950c942c7c20bb5994c90d325c3683f21981ed85f653c43dcba2b00c4528"
232
264
  },
233
265
  {
234
266
  "path": "payload/mac/connectd/internal/status/status_test.go",
235
- "sha256": "b4b166e5c0c17f5b6d9984f877b778c737e4bb5781058e52e1eb0d865e10c46e"
267
+ "sha256": "5d2c9601c5edf6afc0abc7d4737cc06fd4e3a53cb83c0fce4b51750c1e194366"
236
268
  },
237
269
  {
238
270
  "path": "payload/mac/guardian/companion-power-guardian.py",
@@ -252,7 +284,7 @@
252
284
  },
253
285
  {
254
286
  "path": "payload/mac/install/install-runtime.sh",
255
- "sha256": "87c1db89b281b78d0809b4360c54c5c57b8e4f25a473496373315236ffeb6117"
287
+ "sha256": "152eed164fd4edfd42874f20e8476d8e42415d5e93e090b716fef2ea7ed6424e"
256
288
  },
257
289
  {
258
290
  "path": "payload/mac/install/psk_dependency_check.py",
@@ -260,7 +292,7 @@
260
292
  },
261
293
  {
262
294
  "path": "payload/mac/install/render-launchd.py",
263
- "sha256": "2eaec2c7deaaf850d6bc499ca91e4e5bad3a8ef63957d5f35df42204b2c0ae11"
295
+ "sha256": "5c4c06b578e24726731650ff39d688248ba1bd412b9e21fc368b13d07e8ee0df"
264
296
  },
265
297
  {
266
298
  "path": "payload/mac/install/uninstall-runtime.sh",
@@ -275,9 +307,19 @@
275
307
  "sha256": "5ebcd63fc53114ace518807c2221e562e65237e57945a76c457f5931a5791cc1"
276
308
  }
277
309
  ],
310
+ "mintd": {
311
+ "darwin-arm64": {
312
+ "sha256": "08b815ae499550ffe2634315a7e8c2233a6a557f75d51476716da00c082e42d6",
313
+ "team_id": "965AVD34A3"
314
+ },
315
+ "darwin-x64": {
316
+ "sha256": "3acd15acb4474793aa9862f3f4a7957570621e3034803a9991fe8445426b7301",
317
+ "team_id": "965AVD34A3"
318
+ }
319
+ },
278
320
  "package": "pairling",
279
- "package_version": "0.2.5",
321
+ "package_version": "0.2.6",
280
322
  "schema_version": 1,
281
323
  "source_dirty": false,
282
- "source_revision": "2f094bd"
324
+ "source_revision": "7f2b4a22"
283
325
  }