pairling 0.2.5 → 0.2.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +11 -9
- package/bin/pairling.mjs +5 -2
- package/package.json +3 -3
- package/payload/mac/SOURCE_REVISION +1 -1
- package/payload/mac/VERSION +1 -1
- package/payload/mac/companiond/pairling_connectd_status.py +57 -7
- package/payload/mac/companiond/pairling_devices.py +35 -0
- package/payload/mac/companiond/pairling_pairing.py +67 -20
- package/payload/mac/companiond/pairlingd.py +269 -16
- package/payload/mac/companiond/push_dispatcher.py +31 -1
- package/payload/mac/connectd/cmd/pairling-connectd/identity_test.go +65 -0
- package/payload/mac/connectd/cmd/pairling-connectd/main.go +150 -1
- package/payload/mac/connectd/cmd/pairling-connectd/peer_identity_test.go +86 -0
- package/payload/mac/connectd/cmd/pairling-tailnet-mintd/main.go +121 -0
- package/payload/mac/connectd/cmd/pairling-tailnet-mintd/mintd.go +418 -0
- package/payload/mac/connectd/cmd/pairling-tailnet-mintd/mintd_test.go +894 -0
- package/payload/mac/connectd/internal/gateway/adversarial_verify_test.go +99 -0
- package/payload/mac/connectd/internal/gateway/funnel_bootstrap_test.go +265 -0
- package/payload/mac/connectd/internal/gateway/funnel_contract_test.go +56 -0
- package/payload/mac/connectd/internal/gateway/proxy.go +233 -19
- package/payload/mac/connectd/internal/gateway/proxy_test.go +71 -0
- package/payload/mac/connectd/internal/runtime/config.go +19 -0
- package/payload/mac/connectd/internal/runtime/config_test.go +25 -0
- package/payload/mac/connectd/internal/status/status.go +67 -1
- package/payload/mac/connectd/internal/status/status_test.go +138 -0
- package/payload/mac/install/install-runtime.sh +299 -20
- package/payload/mac/install/render-launchd.py +54 -10
- package/payload-manifest.json +62 -20
|
@@ -4,6 +4,7 @@
|
|
|
4
4
|
from __future__ import annotations
|
|
5
5
|
|
|
6
6
|
import argparse
|
|
7
|
+
import os
|
|
7
8
|
import plistlib
|
|
8
9
|
from pathlib import Path
|
|
9
10
|
|
|
@@ -11,6 +12,7 @@ PAIRLING_DAEMON_LABEL = "dev.pairling.companiond"
|
|
|
11
12
|
PAIRLING_GUARDIAN_LABEL = "dev.pairling.power-guardian"
|
|
12
13
|
PAIRLING_CONNECTD_LABEL = "dev.pairling.connectd"
|
|
13
14
|
PAIRLING_PTYBROKER_LABEL = "dev.pairling.ptybroker"
|
|
15
|
+
PAIRLING_MINTD_LABEL = "dev.pairling.mintd"
|
|
14
16
|
PAIRLING_RUNTIME_PORT = "7773"
|
|
15
17
|
|
|
16
18
|
|
|
@@ -20,21 +22,27 @@ def write_plist(path: Path, payload: dict) -> None:
|
|
|
20
22
|
plistlib.dump(payload, fh, sort_keys=False)
|
|
21
23
|
|
|
22
24
|
|
|
23
|
-
def daemon_plist(current: Path, logs: Path, python_bin: str) -> dict:
|
|
25
|
+
def daemon_plist(current: Path, logs: Path, python_bin: str, mint_enabled: bool = False) -> dict:
|
|
26
|
+
env = {
|
|
27
|
+
"PAIRLING_RUNTIME_PORT": PAIRLING_RUNTIME_PORT,
|
|
28
|
+
"COMPANION_DAEMON_PORT": PAIRLING_RUNTIME_PORT,
|
|
29
|
+
"PAIRLING_BIND_MODE": "all",
|
|
30
|
+
"PAIRLING_APP_SUPPORT_ROOT": str(current.parent.parent),
|
|
31
|
+
"PAIRLING_LOGS_ROOT": str(logs),
|
|
32
|
+
"PATH": "/opt/homebrew/bin:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin",
|
|
33
|
+
}
|
|
34
|
+
if mint_enabled:
|
|
35
|
+
# Architecture B is on only when the separate-uid mint broker is
|
|
36
|
+
# installed. Persisting the flag here keeps it across daemon restarts
|
|
37
|
+
# and reboots, instead of relying on an ephemeral launchctl setenv.
|
|
38
|
+
env["PAIRLING_MINT_ENABLED"] = "1"
|
|
24
39
|
return {
|
|
25
40
|
"Label": PAIRLING_DAEMON_LABEL,
|
|
26
41
|
"ProgramArguments": [
|
|
27
42
|
python_bin,
|
|
28
43
|
str(current / "companiond" / "pairlingd.py"),
|
|
29
44
|
],
|
|
30
|
-
"EnvironmentVariables":
|
|
31
|
-
"PAIRLING_RUNTIME_PORT": PAIRLING_RUNTIME_PORT,
|
|
32
|
-
"COMPANION_DAEMON_PORT": PAIRLING_RUNTIME_PORT,
|
|
33
|
-
"PAIRLING_BIND_MODE": "all",
|
|
34
|
-
"PAIRLING_APP_SUPPORT_ROOT": str(current.parent.parent),
|
|
35
|
-
"PAIRLING_LOGS_ROOT": str(logs),
|
|
36
|
-
"PATH": "/opt/homebrew/bin:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin",
|
|
37
|
-
},
|
|
45
|
+
"EnvironmentVariables": env,
|
|
38
46
|
"RunAtLoad": True,
|
|
39
47
|
"KeepAlive": True,
|
|
40
48
|
"ThrottleInterval": 10,
|
|
@@ -96,6 +104,39 @@ def connectd_plist(current: Path, logs: Path) -> dict:
|
|
|
96
104
|
}
|
|
97
105
|
|
|
98
106
|
|
|
107
|
+
def mintd_plist(current: Path, logs: Path) -> dict:
|
|
108
|
+
system_root = Path("/Library/Application Support/Pairling")
|
|
109
|
+
system_logs = Path("/Library/Logs/Pairling")
|
|
110
|
+
return {
|
|
111
|
+
"Label": PAIRLING_MINTD_LABEL,
|
|
112
|
+
"UserName": "_pairling_mint",
|
|
113
|
+
"GroupName": "staff",
|
|
114
|
+
"ProgramArguments": [
|
|
115
|
+
str(system_root / "mint" / "pairling-tailnet-mintd"),
|
|
116
|
+
"--secret-path",
|
|
117
|
+
str(system_root / "mint" / "client_secret.json"),
|
|
118
|
+
"--socket-path",
|
|
119
|
+
str(system_root / "run" / "mintd" / "mintd.sock"),
|
|
120
|
+
"--state-path",
|
|
121
|
+
str(system_root / "mint" / "state.json"),
|
|
122
|
+
"--audit-path",
|
|
123
|
+
str(system_root / "mint" / "audit.jsonl"),
|
|
124
|
+
"--alert-path",
|
|
125
|
+
str(system_root / "run" / "mintd" / "alerts.jsonl"),
|
|
126
|
+
"--authorized-uid",
|
|
127
|
+
str(os.getuid()),
|
|
128
|
+
],
|
|
129
|
+
"EnvironmentVariables": {
|
|
130
|
+
"PATH": "/Applications/Tailscale.app/Contents/MacOS:/opt/homebrew/bin:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin",
|
|
131
|
+
},
|
|
132
|
+
"RunAtLoad": True,
|
|
133
|
+
"KeepAlive": True,
|
|
134
|
+
"ThrottleInterval": 10,
|
|
135
|
+
"StandardOutPath": str(system_logs / "mintd.log"),
|
|
136
|
+
"StandardErrorPath": str(system_logs / "mintd.err"),
|
|
137
|
+
}
|
|
138
|
+
|
|
139
|
+
|
|
99
140
|
def ptybroker_plist(current: Path, logs: Path, python_bin: str) -> dict:
|
|
100
141
|
app_support = current.parent.parent
|
|
101
142
|
return {
|
|
@@ -125,16 +166,19 @@ def main() -> int:
|
|
|
125
166
|
parser.add_argument("--daemon-python", default="/usr/local/bin/python3")
|
|
126
167
|
parser.add_argument("--guardian-python", default="/usr/bin/python3")
|
|
127
168
|
parser.add_argument("--mirror-python", default="/usr/local/bin/python3", help=argparse.SUPPRESS)
|
|
169
|
+
parser.add_argument("--mint-enabled", action="store_true",
|
|
170
|
+
help="set PAIRLING_MINT_ENABLED=1 in the companiond env (Architecture B)")
|
|
128
171
|
args = parser.parse_args()
|
|
129
172
|
|
|
130
173
|
current = Path(args.current_root)
|
|
131
174
|
logs = Path(args.logs_root)
|
|
132
175
|
out = Path(args.output_dir)
|
|
133
176
|
|
|
134
|
-
write_plist(out / f"{PAIRLING_DAEMON_LABEL}.plist", daemon_plist(current, logs, args.daemon_python))
|
|
177
|
+
write_plist(out / f"{PAIRLING_DAEMON_LABEL}.plist", daemon_plist(current, logs, args.daemon_python, args.mint_enabled))
|
|
135
178
|
write_plist(out / f"{PAIRLING_PTYBROKER_LABEL}.plist", ptybroker_plist(current, logs, args.daemon_python))
|
|
136
179
|
write_plist(out / f"{PAIRLING_GUARDIAN_LABEL}.plist", guardian_plist(current, logs, args.guardian_python))
|
|
137
180
|
write_plist(out / f"{PAIRLING_CONNECTD_LABEL}.plist", connectd_plist(current, logs))
|
|
181
|
+
write_plist(out / f"{PAIRLING_MINTD_LABEL}.plist", mintd_plist(current, logs))
|
|
138
182
|
return 0
|
|
139
183
|
|
|
140
184
|
|
package/payload-manifest.json
CHANGED
|
@@ -1,11 +1,11 @@
|
|
|
1
1
|
{
|
|
2
2
|
"connectd": {
|
|
3
3
|
"darwin-arm64": {
|
|
4
|
-
"sha256": "
|
|
4
|
+
"sha256": "9941dbf0462cd6140c24d3c37f3351aa6dbe093183740fd042ddaa6f44cb1c65",
|
|
5
5
|
"team_id": "965AVD34A3"
|
|
6
6
|
},
|
|
7
7
|
"darwin-x64": {
|
|
8
|
-
"sha256": "
|
|
8
|
+
"sha256": "66f6f18d836e43389d6efd70b0bd59200daaf668220907a6f1bfde17983ae7fe",
|
|
9
9
|
"team_id": "965AVD34A3"
|
|
10
10
|
}
|
|
11
11
|
},
|
|
@@ -20,11 +20,11 @@
|
|
|
20
20
|
},
|
|
21
21
|
{
|
|
22
22
|
"path": "payload/mac/SOURCE_REVISION",
|
|
23
|
-
"sha256": "
|
|
23
|
+
"sha256": "15d265ea54cc0e8147c8f5e60a9f83297966a1f7c059888a09d97d3e5b7a6d0c"
|
|
24
24
|
},
|
|
25
25
|
{
|
|
26
26
|
"path": "payload/mac/VERSION",
|
|
27
|
-
"sha256": "
|
|
27
|
+
"sha256": "5b57e3b8c153d1d33b0c0f1ee29d3de1bf93232ed95aa78b80fe885e99faa915"
|
|
28
28
|
},
|
|
29
29
|
{
|
|
30
30
|
"path": "payload/mac/companiond/app_attest_lan.py",
|
|
@@ -72,15 +72,15 @@
|
|
|
72
72
|
},
|
|
73
73
|
{
|
|
74
74
|
"path": "payload/mac/companiond/pairling_connectd_status.py",
|
|
75
|
-
"sha256": "
|
|
75
|
+
"sha256": "243b0319b31919bbaca3742fc288097e05bef800432d0409d9a1f70df682386f"
|
|
76
76
|
},
|
|
77
77
|
{
|
|
78
78
|
"path": "payload/mac/companiond/pairling_devices.py",
|
|
79
|
-
"sha256": "
|
|
79
|
+
"sha256": "79ffd7aeb999c70a10b76f6b6ea1e9f4f63fff0446ecb76863a4d46403e7601b"
|
|
80
80
|
},
|
|
81
81
|
{
|
|
82
82
|
"path": "payload/mac/companiond/pairling_pairing.py",
|
|
83
|
-
"sha256": "
|
|
83
|
+
"sha256": "6d6aab5cfa12daff6b83f25c6844253432dfec3f20bec30a072875a19dba23cb"
|
|
84
84
|
},
|
|
85
85
|
{
|
|
86
86
|
"path": "payload/mac/companiond/pairling_psk.py",
|
|
@@ -96,7 +96,7 @@
|
|
|
96
96
|
},
|
|
97
97
|
{
|
|
98
98
|
"path": "payload/mac/companiond/pairlingd.py",
|
|
99
|
-
"sha256": "
|
|
99
|
+
"sha256": "ee2a9115531a15f9cc3aff0680be3bb7ab7b42c7cf001eac05b33cbf36755842"
|
|
100
100
|
},
|
|
101
101
|
{
|
|
102
102
|
"path": "payload/mac/companiond/providers/__init__.py",
|
|
@@ -136,7 +136,7 @@
|
|
|
136
136
|
},
|
|
137
137
|
{
|
|
138
138
|
"path": "payload/mac/companiond/push_dispatcher.py",
|
|
139
|
-
"sha256": "
|
|
139
|
+
"sha256": "93aadbb99321cd6f17461254edbffbc11ba99086ba48b20b26ffbebdcd2c6381"
|
|
140
140
|
},
|
|
141
141
|
{
|
|
142
142
|
"path": "payload/mac/companiond/push_event_catalog.py",
|
|
@@ -194,14 +194,34 @@
|
|
|
194
194
|
"path": "payload/mac/connectd/cmd/pairling-connectd/authkey_test.go",
|
|
195
195
|
"sha256": "844ca4d83d952339fb394c1b3ccbe9c0717f8fe500a9b7282eede9291bfc284b"
|
|
196
196
|
},
|
|
197
|
+
{
|
|
198
|
+
"path": "payload/mac/connectd/cmd/pairling-connectd/identity_test.go",
|
|
199
|
+
"sha256": "5ef8ad69a4571019d8092973c94da4c1b317e11d84dd411ce6064e7024a133d5"
|
|
200
|
+
},
|
|
197
201
|
{
|
|
198
202
|
"path": "payload/mac/connectd/cmd/pairling-connectd/main.go",
|
|
199
|
-
"sha256": "
|
|
203
|
+
"sha256": "4582664c189db3c13fef81328172d69fa0bcd6b064396c0a811a154da98f7f21"
|
|
204
|
+
},
|
|
205
|
+
{
|
|
206
|
+
"path": "payload/mac/connectd/cmd/pairling-connectd/peer_identity_test.go",
|
|
207
|
+
"sha256": "044c1260387b990de073d4f09fa516c3ce15ded7c255b5e1ac3d57f3f5810c27"
|
|
200
208
|
},
|
|
201
209
|
{
|
|
202
210
|
"path": "payload/mac/connectd/cmd/pairling-connectd/upstream_health_test.go",
|
|
203
211
|
"sha256": "dc5b6d3a8d11f38bcc198287bdbc95f058d35792ca6cf34bc49ca0bed22bfacf"
|
|
204
212
|
},
|
|
213
|
+
{
|
|
214
|
+
"path": "payload/mac/connectd/cmd/pairling-tailnet-mintd/main.go",
|
|
215
|
+
"sha256": "64fd4527c97397fce10793001af8d59ac3154c75c7ed9e1b532f8f2e4bf88bd4"
|
|
216
|
+
},
|
|
217
|
+
{
|
|
218
|
+
"path": "payload/mac/connectd/cmd/pairling-tailnet-mintd/mintd.go",
|
|
219
|
+
"sha256": "ca49b8ab8216eeec770ad6e9e8111aca819a9a88b050d7eefbdf69c0fad20376"
|
|
220
|
+
},
|
|
221
|
+
{
|
|
222
|
+
"path": "payload/mac/connectd/cmd/pairling-tailnet-mintd/mintd_test.go",
|
|
223
|
+
"sha256": "14a9af6b9575ba89314ce05f2fe465844fea3bb40b3eba5e0d33d059608bfb1f"
|
|
224
|
+
},
|
|
205
225
|
{
|
|
206
226
|
"path": "payload/mac/connectd/go.mod",
|
|
207
227
|
"sha256": "c96748d396598b0952b4c0d43f7f85ca3a56f4019761088267421b22518d5905"
|
|
@@ -210,29 +230,41 @@
|
|
|
210
230
|
"path": "payload/mac/connectd/go.sum",
|
|
211
231
|
"sha256": "af76807df4c698a707e5e6f9e8b3d091cf8be7a4b7f5ecee98361be2eee51ade"
|
|
212
232
|
},
|
|
233
|
+
{
|
|
234
|
+
"path": "payload/mac/connectd/internal/gateway/adversarial_verify_test.go",
|
|
235
|
+
"sha256": "5065aac2f8e682557fe1d12854d5436b0320ab4c10f9f682f0a6ecd1f2d12fab"
|
|
236
|
+
},
|
|
237
|
+
{
|
|
238
|
+
"path": "payload/mac/connectd/internal/gateway/funnel_bootstrap_test.go",
|
|
239
|
+
"sha256": "2f9412f00adfc7ed3433316202469bf43bba52655677be6b46d16a47152bb531"
|
|
240
|
+
},
|
|
241
|
+
{
|
|
242
|
+
"path": "payload/mac/connectd/internal/gateway/funnel_contract_test.go",
|
|
243
|
+
"sha256": "946a757b5dc3bdade769d63f325bedc3014dbe2f18d55a99c5eb82354856b5d1"
|
|
244
|
+
},
|
|
213
245
|
{
|
|
214
246
|
"path": "payload/mac/connectd/internal/gateway/proxy.go",
|
|
215
|
-
"sha256": "
|
|
247
|
+
"sha256": "ad7de08a59819fcbdd81f62d707738af128064cc24cea576674aee2f0960c267"
|
|
216
248
|
},
|
|
217
249
|
{
|
|
218
250
|
"path": "payload/mac/connectd/internal/gateway/proxy_test.go",
|
|
219
|
-
"sha256": "
|
|
251
|
+
"sha256": "b02cd354dcd3292079f35ee86a1ce75e3ed8286550f064fdae7914e661464910"
|
|
220
252
|
},
|
|
221
253
|
{
|
|
222
254
|
"path": "payload/mac/connectd/internal/runtime/config.go",
|
|
223
|
-
"sha256": "
|
|
255
|
+
"sha256": "4b2c325c1f693c747b37e9dae380be2c7801c674f41fe59403d48e33aec62332"
|
|
224
256
|
},
|
|
225
257
|
{
|
|
226
258
|
"path": "payload/mac/connectd/internal/runtime/config_test.go",
|
|
227
|
-
"sha256": "
|
|
259
|
+
"sha256": "f914d32112cd3151449d58d3f14cba4e88bd313428d7a1c1ce092d160b66babc"
|
|
228
260
|
},
|
|
229
261
|
{
|
|
230
262
|
"path": "payload/mac/connectd/internal/status/status.go",
|
|
231
|
-
"sha256": "
|
|
263
|
+
"sha256": "69d6950c942c7c20bb5994c90d325c3683f21981ed85f653c43dcba2b00c4528"
|
|
232
264
|
},
|
|
233
265
|
{
|
|
234
266
|
"path": "payload/mac/connectd/internal/status/status_test.go",
|
|
235
|
-
"sha256": "
|
|
267
|
+
"sha256": "5d2c9601c5edf6afc0abc7d4737cc06fd4e3a53cb83c0fce4b51750c1e194366"
|
|
236
268
|
},
|
|
237
269
|
{
|
|
238
270
|
"path": "payload/mac/guardian/companion-power-guardian.py",
|
|
@@ -252,7 +284,7 @@
|
|
|
252
284
|
},
|
|
253
285
|
{
|
|
254
286
|
"path": "payload/mac/install/install-runtime.sh",
|
|
255
|
-
"sha256": "
|
|
287
|
+
"sha256": "152eed164fd4edfd42874f20e8476d8e42415d5e93e090b716fef2ea7ed6424e"
|
|
256
288
|
},
|
|
257
289
|
{
|
|
258
290
|
"path": "payload/mac/install/psk_dependency_check.py",
|
|
@@ -260,7 +292,7 @@
|
|
|
260
292
|
},
|
|
261
293
|
{
|
|
262
294
|
"path": "payload/mac/install/render-launchd.py",
|
|
263
|
-
"sha256": "
|
|
295
|
+
"sha256": "5c4c06b578e24726731650ff39d688248ba1bd412b9e21fc368b13d07e8ee0df"
|
|
264
296
|
},
|
|
265
297
|
{
|
|
266
298
|
"path": "payload/mac/install/uninstall-runtime.sh",
|
|
@@ -275,9 +307,19 @@
|
|
|
275
307
|
"sha256": "5ebcd63fc53114ace518807c2221e562e65237e57945a76c457f5931a5791cc1"
|
|
276
308
|
}
|
|
277
309
|
],
|
|
310
|
+
"mintd": {
|
|
311
|
+
"darwin-arm64": {
|
|
312
|
+
"sha256": "326d1d42a0b40bdb60687f7b7d190c12c520106e47542054b1b807d397e41fe9",
|
|
313
|
+
"team_id": "965AVD34A3"
|
|
314
|
+
},
|
|
315
|
+
"darwin-x64": {
|
|
316
|
+
"sha256": "477cf4d9b88f1e8303e5545eb3c03460e0c75b284f9d628641cb80e2be14af38",
|
|
317
|
+
"team_id": "965AVD34A3"
|
|
318
|
+
}
|
|
319
|
+
},
|
|
278
320
|
"package": "pairling",
|
|
279
|
-
"package_version": "0.2.
|
|
321
|
+
"package_version": "0.2.7",
|
|
280
322
|
"schema_version": 1,
|
|
281
323
|
"source_dirty": false,
|
|
282
|
-
"source_revision": "
|
|
324
|
+
"source_revision": "102b7cf"
|
|
283
325
|
}
|