From 060b60a56d89b2649b41805db4f6ffbb57fbef58 Mon Sep 17 00:00:00 2001 From: Adam Date: Fri, 19 Sep 2025 12:06:17 +0200 Subject: [PATCH 1/8] Fix build and cargo dependencies (#580) --- src-tauri/Cargo.lock | 240 +++++++++++++++++++++------------------ src-tauri/Cargo.toml | 65 ++++++----- src-tauri/cli/Cargo.toml | 24 ++-- src-tauri/cli/build.rs | 24 ++-- 4 files changed, 193 insertions(+), 160 deletions(-) diff --git a/src-tauri/Cargo.lock b/src-tauri/Cargo.lock index ad7f4f36..d0e16f61 100644 --- a/src-tauri/Cargo.lock +++ b/src-tauri/Cargo.lock @@ -617,7 +617,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "fdd1d3c0c2f5833f22386f252fe8ed005c7f59fdcddeef025c01b4c3b9fd9ac3" dependencies = [ "once_cell", - "proc-macro-crate 3.3.0", + "proc-macro-crate 3.4.0", "proc-macro2", "quote", "syn 2.0.106", @@ -774,14 +774,14 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "374b7c592d9c00c1f4972ea58390ac6b18cbb6ab79011f3bdc90a0b82ca06b77" dependencies = [ "serde", - "toml 0.9.5", + "toml 0.9.7", ] [[package]] name = "cc" -version = "1.2.37" +version = "1.2.38" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "65193589c6404eb80b450d618eaf9a2cafaaafd57ecce47370519ef674a7bd44" +checksum = "80f41ae168f955c12fb8960b057d70d0ca153fb83182b57d86380443527be7e9" dependencies = [ "find-msvc-tools", "jobserver", @@ -1293,12 +1293,14 @@ dependencies = [ "defguard_wireguard_rs", "dirs-next", "prost", - "prost-build", "reqwest", "serde", "serde_json", "thiserror 2.0.16", "tokio", + "tonic", + "tonic-prost", + "tonic-prost-build", "tracing", "tracing-subscriber", ] @@ -1588,7 +1590,7 @@ dependencies = [ "cc", "memchr", "rustc_version", - "toml 0.9.5", + "toml 0.9.7", "vswhom", "winreg 0.55.0", ] @@ -1778,9 +1780,9 @@ dependencies = [ [[package]] name = "find-msvc-tools" -version = "0.1.1" +version = "0.1.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7fd99930f64d146689264c637b5af2f0233a933bef0d8570e2526bf9e083192d" +checksum = "1ced73b1dacfc750a6db6c0a0c3a3853c8b41997e2e2c563dc90804ae6867959" [[package]] name = "fixedbitset" @@ -2153,7 +2155,7 @@ dependencies = [ "js-sys", "libc", "r-efi", - "wasi 0.14.5+wasi-0.2.4", + "wasi 0.14.7+wasi-0.2.4", "wasm-bindgen", ] @@ -2238,7 +2240,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0bb0228f477c0900c880fd78c8759b95c7636dbd7842707f49e132378aa2acdc" dependencies = [ "heck 0.4.1", - "proc-macro-crate 2.0.0", + "proc-macro-crate 2.0.2", "proc-macro-error", "proc-macro2", "quote", @@ -2348,7 +2350,7 @@ dependencies = [ "futures-core", "futures-sink", "http", - "indexmap 2.11.1", + "indexmap 2.11.4", "slab", "tokio", "tokio-util", @@ -2391,6 +2393,12 @@ dependencies = [ "foldhash", ] +[[package]] +name = "hashbrown" +version = "0.16.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5419bdc4f6a9207fbeba6d11b604d481addf78ecd10c11ad51e76c2f6482748d" + [[package]] name = "hashlink" version = "0.10.0" @@ -2580,9 +2588,9 @@ dependencies = [ [[package]] name = "hyper-util" -version = "0.1.16" +version = "0.1.17" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8d9b05277c7e8da2c93a568989bb6207bef0112e8d17df7a6eda4a3cf143bc5e" +checksum = "3c6995591a8f1380fcb4ba966a252a4b29188d51d2b89e3a252f5305be65aea8" dependencies = [ "base64 0.22.1", "bytes", @@ -2778,13 +2786,14 @@ dependencies = [ [[package]] name = "indexmap" -version = "2.11.1" +version = "2.11.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "206a8042aec68fa4a62e8d3f7aa4ceb508177d9324faf261e1959e495b7a1921" +checksum = "4b0f83760fb341a774ed326568e19f5a863af4a952def8c39f9ab92fd95b88e5" dependencies = [ "equivalent", - "hashbrown 0.15.5", + "hashbrown 0.16.0", "serde", + "serde_core", ] [[package]] @@ -2920,9 +2929,9 @@ dependencies = [ [[package]] name = "js-sys" -version = "0.3.78" +version = "0.3.80" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0c0b063578492ceec17683ef2f8c5e89121fbd0b172cbc280635ab7567db2738" +checksum = "852f13bec5eba4ba9afbeb93fd7c13fe56147f055939ae21c43a29a0ecb2702e" dependencies = [ "once_cell", "wasm-bindgen", @@ -2969,7 +2978,7 @@ checksum = "02cb977175687f33fa4afa0c95c112b987ea1443e5a51c8f8ff27dc618270cc2" dependencies = [ "cssparser", "html5ever", - "indexmap 2.11.1", + "indexmap 2.11.4", "selectors", ] @@ -3351,11 +3360,11 @@ dependencies = [ [[package]] name = "netlink-packet-core" -version = "0.8.0" +version = "0.8.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "745d789fe0958caf7252f5e1e900ce5c09b6a5bf05c7bba02a9cc600866ce31e" +checksum = "3463cbb78394cb0141e2c926b93fc2197e473394b761986eca3b9da2c63ae0f4" dependencies = [ - "pastey", + "paste", ] [[package]] @@ -3540,7 +3549,7 @@ version = "0.7.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "77e878c846a8abae00dd069496dbe8751b16ac1c3d6bd2a7283a938e8228f90d" dependencies = [ - "proc-macro-crate 3.3.0", + "proc-macro-crate 3.4.0", "proc-macro2", "quote", "syn 2.0.106", @@ -3981,6 +3990,12 @@ dependencies = [ "windows-targets 0.52.6", ] +[[package]] +name = "paste" +version = "1.0.15" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "57c0d7b74b563b49d38dae00a0c37d4d6de9b432382b2892f0574ddcae73fd0a" + [[package]] name = "pastey" version = "0.1.1" @@ -4015,7 +4030,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b4c5cc86750666a3ed20bdaf5ca2a0344f9c67674cae0515bec2da16fbaa47db" dependencies = [ "fixedbitset 0.4.2", - "indexmap 2.11.1", + "indexmap 2.11.4", ] [[package]] @@ -4025,7 +4040,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3672b37090dbd86368a4145bc067582552b29c27377cad4e0a306c97f9bd7772" dependencies = [ "fixedbitset 0.5.7", - "indexmap 2.11.1", + "indexmap 2.11.4", ] [[package]] @@ -4234,12 +4249,12 @@ checksum = "7edddbd0b52d732b21ad9a5fab5c704c14cd949e5e9a1ec5929a24fded1b904c" [[package]] name = "plist" -version = "1.7.4" +version = "1.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3af6b589e163c5a788fab00ce0c0366f6efbb9959c2f9874b224936af7fce7e1" +checksum = "740ebea15c5d1428f910cd1a5f52cebf8d25006245ed8ade92702f4943d91e07" dependencies = [ "base64 0.22.1", - "indexmap 2.11.1", + "indexmap 2.11.4", "quick-xml 0.38.3", "serde", "time", @@ -4337,20 +4352,21 @@ dependencies = [ [[package]] name = "proc-macro-crate" -version = "2.0.0" +version = "2.0.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7e8366a6159044a37876a2b9817124296703c586a5c92e2c53751fa06d8d43e8" +checksum = "b00f26d3400549137f92511a46ac1cd8ce37cb5598a96d382381458b992a5d24" dependencies = [ - "toml_edit 0.20.7", + "toml_datetime 0.6.3", + "toml_edit 0.20.2", ] [[package]] name = "proc-macro-crate" -version = "3.3.0" +version = "3.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "edce586971a4dfaa28950c6f18ed55e0406c1ab88bbce2c6f6293a7aaba73d35" +checksum = "219cb19e96be00ab2e37d6e299658a0cfa83e52429179969b0f0121b4ac46983" dependencies = [ - "toml_edit 0.22.27", + "toml_edit 0.23.6", ] [[package]] @@ -5066,9 +5082,9 @@ dependencies = [ [[package]] name = "rustls-webpki" -version = "0.103.5" +version = "0.103.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b5a37813727b78798e53c2bec3f5e8fe12a6d6f8389bf9ca7802add4c9905ad8" +checksum = "8572f3c2cb9934231157b45499fc41e1f58c589fdfb81a844ba873265e80f8eb" dependencies = [ "ring", "rustls-pki-types", @@ -5240,9 +5256,9 @@ dependencies = [ [[package]] name = "serde" -version = "1.0.223" +version = "1.0.225" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a505d71960adde88e293da5cb5eda57093379f64e61cf77bf0e6a63af07a7bac" +checksum = "fd6c24dee235d0da097043389623fb913daddf92c76e9f5a1db88607a0bcbd1d" dependencies = [ "serde_core", "serde_derive", @@ -5262,18 +5278,18 @@ dependencies = [ [[package]] name = "serde_core" -version = "1.0.223" +version = "1.0.225" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "20f57cbd357666aa7b3ac84a90b4ea328f1d4ddb6772b430caa5d9e1309bb9e9" +checksum = "659356f9a0cb1e529b24c01e43ad2bdf520ec4ceaf83047b83ddcc2251f96383" dependencies = [ "serde_derive", ] [[package]] name = "serde_derive" -version = "1.0.223" +version = "1.0.225" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3d428d07faf17e306e699ec1e91996e5a165ba5d6bce5b5155173e91a8a01a56" +checksum = "0ea936adf78b1f766949a4977b91d2f5595825bd6ec079aa9543ad2685fc4516" dependencies = [ "proc-macro2", "quote", @@ -5326,11 +5342,11 @@ dependencies = [ [[package]] name = "serde_spanned" -version = "1.0.0" +version = "1.0.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "40734c41988f7306bb04f0ecf60ec0f3f1caa34290e4e8ea471dcd3346483b83" +checksum = "5417783452c2be558477e104686f7de5dae53dba813c28435e0e70f82d9b04ee" dependencies = [ - "serde", + "serde_core", ] [[package]] @@ -5355,7 +5371,7 @@ dependencies = [ "chrono", "hex", "indexmap 1.9.3", - "indexmap 2.11.1", + "indexmap 2.11.4", "schemars 0.9.0", "schemars 1.0.4", "serde", @@ -5613,7 +5629,7 @@ dependencies = [ "futures-util", "hashbrown 0.15.5", "hashlink", - "indexmap 2.11.1", + "indexmap 2.11.4", "log", "memchr", "once_cell", @@ -5970,7 +5986,7 @@ dependencies = [ "cfg-expr", "heck 0.5.0", "pkg-config", - "toml 0.8.23", + "toml 0.8.2", "version-compare", ] @@ -6108,7 +6124,7 @@ dependencies = [ "serde_json", "tauri-utils", "tauri-winres", - "toml 0.9.5", + "toml 0.9.7", "walkdir", ] @@ -6166,7 +6182,7 @@ dependencies = [ "serde", "serde_json", "tauri-utils", - "toml 0.9.5", + "toml 0.9.7", "walkdir", ] @@ -6242,7 +6258,7 @@ dependencies = [ "tauri-plugin", "tauri-utils", "thiserror 2.0.16", - "toml 0.9.5", + "toml 0.9.7", "url", ] @@ -6465,7 +6481,7 @@ dependencies = [ "serde_with", "swift-rs", "thiserror 2.0.16", - "toml 0.9.5", + "toml 0.9.7", "url", "urlpattern", "uuid", @@ -6479,7 +6495,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "fd21509dd1fa9bd355dc29894a6ff10635880732396aa38c0066c1e6c1ab8074" dependencies = [ "embed-resource", - "toml 0.9.5", + "toml 0.9.7", ] [[package]] @@ -6583,11 +6599,12 @@ dependencies = [ [[package]] name = "time" -version = "0.3.43" +version = "0.3.44" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "83bde6f1ec10e72d583d91623c939f623002284ef622b87de38cfd546cbf2031" +checksum = "91e7d9e3bb61134e77bde20dd4825b97c010155709965fedf0f49bb138e52a9d" dependencies = [ "deranged", + "itoa", "libc", "num-conv", "num_threads", @@ -6691,9 +6708,9 @@ dependencies = [ [[package]] name = "tokio-rustls" -version = "0.26.2" +version = "0.26.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8e727b36a1a0e8b74c376ac2211e40c2c8af09fb4013c60d910495810f008e9b" +checksum = "05f63835928ca123f1bef57abbcd23bb2ba0ac9ae1235f1e65bda0d06e7786bd" dependencies = [ "rustls", "tokio", @@ -6725,26 +6742,26 @@ dependencies = [ [[package]] name = "toml" -version = "0.8.23" +version = "0.8.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dc1beb996b9d83529a9e75c17a1686767d148d70663143c7854d8b4a09ced362" +checksum = "185d8ab0dfbb35cf1399a6344d8484209c088f75f8f68230da55d48d95d43e3d" dependencies = [ "serde", "serde_spanned 0.6.9", - "toml_datetime 0.6.11", - "toml_edit 0.22.27", + "toml_datetime 0.6.3", + "toml_edit 0.20.2", ] [[package]] name = "toml" -version = "0.9.5" +version = "0.9.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "75129e1dc5000bfbaa9fee9d1b21f974f9fbad9daec557a521ee6e080825f6e8" +checksum = "00e5e5d9bf2475ac9d4f0d9edab68cc573dc2fd644b0dba36b0c30a92dd9eaa0" dependencies = [ - "indexmap 2.11.1", - "serde", - "serde_spanned 1.0.0", - "toml_datetime 0.7.0", + "indexmap 2.11.4", + "serde_core", + "serde_spanned 1.0.2", + "toml_datetime 0.7.2", "toml_parser", "toml_writer", "winnow 0.7.13", @@ -6752,20 +6769,20 @@ dependencies = [ [[package]] name = "toml_datetime" -version = "0.6.11" +version = "0.6.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "22cddaf88f4fbc13c51aebbf5f8eceb5c7c5a9da2ac40a13519eb5b0a0e8f11c" +checksum = "7cda73e2f1397b1262d6dfdcef8aafae14d1de7748d66822d3bfeeb6d03e5e4b" dependencies = [ "serde", ] [[package]] name = "toml_datetime" -version = "0.7.0" +version = "0.7.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bade1c3e902f58d73d3f294cd7f20391c1cb2fbcb643b73566bc773971df91e3" +checksum = "32f1085dec27c2b6632b04c80b3bb1b4300d6495d1e129693bdda7d91e72eec1" dependencies = [ - "serde", + "serde_core", ] [[package]] @@ -6774,49 +6791,50 @@ version = "0.19.15" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1b5bb770da30e5cbfde35a2d7b9b8a2c4b8ef89548a7a6aeab5c9a576e3e7421" dependencies = [ - "indexmap 2.11.1", - "toml_datetime 0.6.11", + "indexmap 2.11.4", + "toml_datetime 0.6.3", "winnow 0.5.40", ] [[package]] name = "toml_edit" -version = "0.20.7" +version = "0.20.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "70f427fce4d84c72b5b732388bf4a9f4531b53f74e2887e3ecb2481f68f66d81" +checksum = "396e4d48bbb2b7554c944bde63101b5ae446cff6ec4a24227428f15eb72ef338" dependencies = [ - "indexmap 2.11.1", - "toml_datetime 0.6.11", + "indexmap 2.11.4", + "serde", + "serde_spanned 0.6.9", + "toml_datetime 0.6.3", "winnow 0.5.40", ] [[package]] name = "toml_edit" -version = "0.22.27" +version = "0.23.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "41fe8c660ae4257887cf66394862d21dbca4a6ddd26f04a3560410406a2f819a" +checksum = "f3effe7c0e86fdff4f69cdd2ccc1b96f933e24811c5441d44904e8683e27184b" dependencies = [ - "indexmap 2.11.1", - "serde", - "serde_spanned 0.6.9", - "toml_datetime 0.6.11", + "indexmap 2.11.4", + "toml_datetime 0.7.2", + "toml_parser", "winnow 0.7.13", ] [[package]] name = "toml_parser" -version = "1.0.2" +version = "1.0.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b551886f449aa90d4fe2bdaa9f4a2577ad2dde302c61ecf262d80b116db95c10" +checksum = "4cf893c33be71572e0e9aa6dd15e6677937abd686b066eac3f8cd3531688a627" dependencies = [ "winnow 0.7.13", ] [[package]] name = "toml_writer" -version = "1.0.2" +version = "1.0.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fcc842091f2def52017664b53082ecbbeb5c7731092bad69d2c63050401dfd64" +checksum = "d163a63c116ce562a22cda521fcc4d79152e7aba014456fb5eb442f6d6a10109" [[package]] name = "tonic" @@ -6897,7 +6915,7 @@ checksum = "d039ad9159c98b70ecfd540b2573b97f7f52c3e8d9f8ad57a24b916a536975f9" dependencies = [ "futures-core", "futures-util", - "indexmap 2.11.1", + "indexmap 2.11.4", "pin-project-lite", "slab", "sync_wrapper", @@ -7362,18 +7380,18 @@ checksum = "ccf3ec651a847eb01de73ccad15eb7d99f80485de043efb2f370cd654f4ea44b" [[package]] name = "wasi" -version = "0.14.5+wasi-0.2.4" +version = "0.14.7+wasi-0.2.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a4494f6290a82f5fe584817a676a34b9d6763e8d9d18204009fb31dceca98fd4" +checksum = "883478de20367e224c0090af9cf5f9fa85bed63a95c1abf3afc5c083ebc06e8c" dependencies = [ "wasip2", ] [[package]] name = "wasip2" -version = "1.0.0+wasi-0.2.4" +version = "1.0.1+wasi-0.2.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "03fa2761397e5bd52002cd7e73110c71af2109aca4e521a9f40473fe685b0a24" +checksum = "0562428422c63773dad2c345a1882263bbf4d65cf3f42e90921f787ef5ad58e7" dependencies = [ "wit-bindgen", ] @@ -7386,9 +7404,9 @@ checksum = "b8dad83b4f25e74f184f64c43b150b91efe7647395b42289f38e50566d82855b" [[package]] name = "wasm-bindgen" -version = "0.2.101" +version = "0.2.103" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7e14915cadd45b529bb8d1f343c4ed0ac1de926144b746e2710f9cd05df6603b" +checksum = "ab10a69fbd0a177f5f649ad4d8d3305499c42bab9aef2f7ff592d0ec8f833819" dependencies = [ "cfg-if", "once_cell", @@ -7399,9 +7417,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-backend" -version = "0.2.101" +version = "0.2.103" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e28d1ba982ca7923fd01448d5c30c6864d0a14109560296a162f80f305fb93bb" +checksum = "0bb702423545a6007bbc368fde243ba47ca275e549c8a28617f56f6ba53b1d1c" dependencies = [ "bumpalo", "log", @@ -7413,9 +7431,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-futures" -version = "0.4.51" +version = "0.4.53" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0ca85039a9b469b38336411d6d6ced91f3fc87109a2a27b0c197663f5144dffe" +checksum = "a0b221ff421256839509adbb55998214a70d829d3a28c69b4a6672e9d2a42f67" dependencies = [ "cfg-if", "js-sys", @@ -7426,9 +7444,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-macro" -version = "0.2.101" +version = "0.2.103" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7c3d463ae3eff775b0c45df9da45d68837702ac35af998361e2c84e7c5ec1b0d" +checksum = "fc65f4f411d91494355917b605e1480033152658d71f722a90647f56a70c88a0" dependencies = [ "quote", "wasm-bindgen-macro-support", @@ -7436,9 +7454,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-macro-support" -version = "0.2.101" +version = "0.2.103" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7bb4ce89b08211f923caf51d527662b75bdc9c9c7aab40f86dcb9fb85ac552aa" +checksum = "ffc003a991398a8ee604a401e194b6b3a39677b3173d6e74495eb51b82e99a32" dependencies = [ "proc-macro2", "quote", @@ -7449,9 +7467,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-shared" -version = "0.2.101" +version = "0.2.103" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f143854a3b13752c6950862c906306adb27c7e839f7414cec8fea35beab624c1" +checksum = "293c37f4efa430ca14db3721dfbe48d8c33308096bd44d80ebaa775ab71ba1cf" dependencies = [ "unicode-ident", ] @@ -7544,9 +7562,9 @@ dependencies = [ [[package]] name = "web-sys" -version = "0.3.78" +version = "0.3.80" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "77e4b637749ff0d92b8fad63aa1f7cff3cbe125fd49c175cd6345e7272638b12" +checksum = "fbe734895e869dc429d78c4b433f8d17d95f8d05317440b4fad5ab2d33e596dc" dependencies = [ "js-sys", "wasm-bindgen", @@ -8251,9 +8269,9 @@ dependencies = [ [[package]] name = "wit-bindgen" -version = "0.45.1" +version = "0.46.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5c573471f125075647d03df72e026074b7203790d41351cd6edc96f46bcccd36" +checksum = "f17a85883d4e6d00e8a97c586de764dabcc06133f7f1d55dce5cdc070ad7fe59" [[package]] name = "wl-clipboard-rs" @@ -8448,7 +8466,7 @@ version = "5.11.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "57e797a9c847ed3ccc5b6254e8bcce056494b375b511b3d6edcec0aeb4defaca" dependencies = [ - "proc-macro-crate 3.3.0", + "proc-macro-crate 3.4.0", "proc-macro2", "quote", "syn 2.0.106", @@ -8599,7 +8617,7 @@ version = "5.7.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6643fd0b26a46d226bd90d3f07c1b5321fe9bb7f04673cb37ac6d6883885b68e" dependencies = [ - "proc-macro-crate 3.3.0", + "proc-macro-crate 3.4.0", "proc-macro2", "quote", "syn 2.0.106", diff --git a/src-tauri/Cargo.toml b/src-tauri/Cargo.toml index c9b985ed..26075217 100644 --- a/src-tauri/Cargo.toml +++ b/src-tauri/Cargo.toml @@ -3,7 +3,27 @@ members = ["cli", "common"] default-members = [".", "cli"] [workspace.dependencies] -defguard_wireguard_rs = "0.7.5" +clap = { version = "4.5", features = ["cargo", "derive", "env"] } +defguard_wireguard_rs = "0.7.6" +dirs-next = "2.0" +prost = "0.14" +reqwest = { version = "0.12", features = ["cookies", "json"] } +serde = { version = "1.0", features = ["derive"] } +serde_json = "1.0" +thiserror = "2.0" +tokio = { version = "1", features = ["macros", "rt-multi-thread", "signal"] } +tonic = { version = "0.14", default-features = false, features = [ + "codegen", + "gzip", + "router", + "tls-native-roots", + "tls-ring", + "transport", +] } +tonic-prost = "0.14" +tonic-prost-build = "0.14" +tracing = "0.1" +tracing-subscriber = { version = "0.3", features = ["env-filter", "json"] } [workspace.package] authors = ["Defguard"] @@ -27,26 +47,27 @@ version.workspace = true [build-dependencies] tauri-build = { version = "2", features = [] } -tonic-prost-build = { version = "0.14" } +tonic-prost-build.workspace = true vergen-git2 = { version = "1.0", features = ["build"] } [dependencies] anyhow = "1.0" base64 = "0.22" -clap = { version = "4.5", features = ["cargo", "derive", "env"] } +clap.workspace = true chrono = { version = "0.4", features = ["serde"] } common = { path = "common" } dark-light = "2.0" defguard_wireguard_rs = { workspace = true, features = ["check_dependencies"] } -dirs-next = "2.0" +dirs-next.workspace = true log = { version = "0.4", features = ["serde"] } -prost = "0.14" +prost.workspace = true regex = "1.11" -reqwest = { version = "0.12", features = ["cookies", "json"] } +reqwest.workspace = true # 0.21.2 causes config parsing errors rust-ini = "=0.21.1" -serde = { version = "1.0", features = ["derive"] } -serde_json = "1.0" +semver = "1.0" +serde.workspace = true +serde_json.workspace = true serde_with = "3.11" sqlx = { version = "0.8", features = [ "chrono", @@ -70,39 +91,31 @@ tauri-plugin-fs = "2" tauri-plugin-http = { version = "2", features = ["unsafe-headers"] } tauri-plugin-log = "2" tauri-plugin-notification = "2" +tauri-plugin-opener = "2.5.0" +tauri-plugin-os = "2.3.1" tauri-plugin-single-instance = { version = "2", features = ["deep-link"] } tauri-plugin-window-state = "2" -thiserror = "2.0" +thiserror.workspace = true time = { version = "0.3", features = ["formatting", "macros"] } -tokio = { version = "1", features = ["macros", "rt-multi-thread", "signal"] } +tokio.workspace = true tokio-util = "0.7" -tonic = { version = "0.14", default-features = false, features = [ - "codegen", - "gzip", - "router", - "tls-native-roots", - "tls-ring", - "transport", -] } -tonic-prost = "0.14" -tracing = "0.1" +tonic.workspace = true +tonic-prost.workspace = true +tracing.workspace = true tracing-appender = "0.2" -tracing-subscriber = { version = "0.3", features = ["env-filter", "json"] } +tracing-subscriber.workspace = true webbrowser = "1.0" x25519-dalek = { version = "2", features = [ "getrandom", "serde", "static_secrets", ] } -tauri-plugin-opener = "2.5.0" -tauri-plugin-os = "2.3.1" -semver = "1.0.26" [target.'cfg(unix)'.dependencies] -tokio-stream = "0.1" -tower = "0.5" hyper-util = "0.1" nix = { version = "0.30.1", features = ["user", "fs"] } +tokio-stream = "0.1" +tower = "0.5" [target.'cfg(windows)'.dependencies] winapi = { version = "0.3", features = ["winsvc", "winerror"] } diff --git a/src-tauri/cli/Cargo.toml b/src-tauri/cli/Cargo.toml index b8c6c080..f38c6cf9 100644 --- a/src-tauri/cli/Cargo.toml +++ b/src-tauri/cli/Cargo.toml @@ -8,21 +8,23 @@ rust-version.workspace = true version.workspace = true [build-dependencies] -prost-build = "0.14" +tonic-prost-build.workspace = true [dependencies] -clap = { version = "4.5", features = ["cargo", "derive", "env"] } +clap.workspace = true common = { path = "../common" } defguard_wireguard_rs = { workspace = true, features = ["check_dependencies"] } -dirs-next = "2.0" -prost = "0.14" -reqwest = { version = "0.12", features = ["cookies", "json"] } -serde = { version = "1.0", features = ["derive"] } -serde_json = "1.0" -thiserror = "2.0" -tokio = { version = "1", features = ["macros", "rt-multi-thread", "signal"] } -tracing = "0.1" -tracing-subscriber = { version = "0.3", features = ["env-filter", "json"] } +dirs-next.workspace = true +prost.workspace = true +reqwest.workspace = true +serde.workspace = true +serde_json.workspace = true +thiserror.workspace = true +tokio.workspace = true +tonic.workspace = true +tonic-prost.workspace = true +tracing.workspace = true +tracing-subscriber.workspace = true # Dummy feature to let tauri build the release. [features] diff --git a/src-tauri/cli/build.rs b/src-tauri/cli/build.rs index 9e330399..fb4ca05e 100644 --- a/src-tauri/cli/build.rs +++ b/src-tauri/cli/build.rs @@ -1,16 +1,16 @@ fn main() -> Result<(), Box> { - let mut config = prost_build::Config::new(); - // Enable a protoc experimental feature. - config.protoc_arg("--experimental_allow_proto3_optional"); - // Serialize empty DNS as None. - config.type_attribute(".DeviceConfig", "#[serde_as]"); - config.field_attribute( - ".DeviceConfig.dns", - "#[serde_as(deserialize_as = \"NoneAsEmptyString\")]", - ); - // Make all messages serde-serializable. - config.type_attribute(".", "#[derive(serde::Deserialize,serde::Serialize)]"); - config.compile_protos(&["../proto/core/proxy.proto"], &["../proto/core"])?; + tonic_prost_build::configure() + // Enable a protoc experimental feature. + .protoc_arg("--experimental_allow_proto3_optional") + // Serialize empty DNS as None. + .type_attribute(".DeviceConfig", "#[serde_as]") + .field_attribute( + ".DeviceConfig.dns", + "#[serde_as(deserialize_as = \"NoneAsEmptyString\")]", + ) + // Make all messages serde-serializable. + .type_attribute(".", "#[derive(serde::Deserialize,serde::Serialize)]") + .compile_protos(&["../proto/core/proxy.proto"], &["../proto/core"])?; Ok(()) } From cf49ab2086bf8e11f179e8be9bcfb20bde7fe45b Mon Sep 17 00:00:00 2001 From: Jacek Chmielewski Date: Fri, 19 Sep 2025 13:24:45 +0200 Subject: [PATCH 2/8] Fixes pentest issue DG25-28 from 2025-09-02 (#578) * ensure data directories have appropriate permissions * also set permissions for log directory * set permissions for other files/directories * automatically determine if path is a directory * nix flake update --- flake.lock | 12 ++++++------ src-tauri/src/app_config.rs | 4 ++++ src-tauri/src/bin/defguard-client.rs | 25 ++++++++++++++----------- src-tauri/src/database/mod.rs | 8 +++++--- src-tauri/src/lib.rs | 18 ++++++++++++++++++ 5 files changed, 47 insertions(+), 20 deletions(-) diff --git a/flake.lock b/flake.lock index 31754b0a..b10558f0 100644 --- a/flake.lock +++ b/flake.lock @@ -20,11 +20,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1756159630, - "narHash": "sha256-ohMvsjtSVdT/bruXf5ClBh8ZYXRmD4krmjKrXhEvwMg=", + "lastModified": 1758213207, + "narHash": "sha256-rqoqF0LEi+6ZT59tr+hTQlxVwrzQsET01U4uUdmqRtM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "84c256e42600cb0fdf25763b48d28df2f25a0c8b", + "rev": "f4b140d5b253f5e2a1ff4e5506edbf8267724bde", "type": "github" }, "original": { @@ -60,11 +60,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1756262090, - "narHash": "sha256-PQHSup4d0cVXxJ7mlHrrxBx1WVrmudKiNQgnNl5xRas=", + "lastModified": 1758249250, + "narHash": "sha256-bg228atm49IZ8koNOlT3bsrFKE9sFjq6vn6Tx8eVgpc=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "df7ea78aded79f195a92fc5423de96af2b8a85d1", + "rev": "e26a009e7edab102bd569dc041459deb6c0009f4", "type": "github" }, "original": { diff --git a/src-tauri/src/app_config.rs b/src-tauri/src/app_config.rs index d949d67f..1d46f1dc 100644 --- a/src-tauri/src/app_config.rs +++ b/src-tauri/src/app_config.rs @@ -9,6 +9,8 @@ use struct_patch::Patch; use strum::{Display, EnumString}; use tauri::{AppHandle, Manager}; +use crate::set_perms; + static APP_CONFIG_FILE_NAME: &str = "config.json"; fn get_config_file_path(app: &AppHandle) -> PathBuf { @@ -19,7 +21,9 @@ fn get_config_file_path(app: &AppHandle) -> PathBuf { if !config_file_path.exists() { create_dir_all(&config_file_path).expect("Failed to create missing app data dir"); } + set_perms(&config_file_path); config_file_path.push(APP_CONFIG_FILE_NAME); + set_perms(&config_file_path); config_file_path } diff --git a/src-tauri/src/bin/defguard-client.rs b/src-tauri/src/bin/defguard-client.rs index 3f0699db..a30eb8e0 100644 --- a/src-tauri/src/bin/defguard-client.rs +++ b/src-tauri/src/bin/defguard-client.rs @@ -17,7 +17,7 @@ use defguard_client::{ DB_POOL, }, periodic::run_periodic_tasks, - service, + service, set_perms, tray::{configure_tray_icon, setup_tray, show_main_window}, utils::load_log_targets, VERSION, @@ -277,19 +277,22 @@ fn main() { app.run(|app_handle, event| match event { // Startup tasks RunEvent::Ready => { + let data_dir = app_handle + .path() + .app_data_dir() + .unwrap_or_else(|_| "UNDEFINED DATA DIRECTORY".into()); + let log_dir = app_handle + .path() + .app_log_dir() + .unwrap_or_else(|_| "UNDEFINED LOG DIRECTORY".into()); + + // Ensure directories have appropriate permissions (dg25-28). + set_perms(&data_dir); + set_perms(&log_dir); info!( - "Application data (database file) will be stored in: {} and application logs in: {}. \ + "Application data (database file) will be stored in: {data_dir:?} and application logs in: {log_dir:?}. \ Logs of the background Defguard service responsible for managing VPN connections at the \ network level will be stored in: {}.", - // display the path to the app data directory, convert option to option<&str> - app_handle - .path() - .app_data_dir() - .unwrap_or_else(|_| "UNDEFINED DATA DIRECTORY".into()).display(), - app_handle - .path() - .app_log_dir() - .unwrap_or_else(|_| "UNDEFINED LOG DIRECTORY".into()).display(), service::config::DEFAULT_LOG_DIR ); tauri::async_runtime::block_on(startup(app_handle)); diff --git a/src-tauri/src/database/mod.rs b/src-tauri/src/database/mod.rs index e2a03b6a..847233ae 100644 --- a/src-tauri/src/database/mod.rs +++ b/src-tauri/src/database/mod.rs @@ -1,5 +1,3 @@ -pub mod models; - use std::{ env, fs::{create_dir_all, File}, @@ -9,10 +7,12 @@ use std::{ use sqlx::sqlite::{SqliteAutoVacuum, SqliteConnectOptions, SqliteJournalMode, SqlitePool}; -use crate::{app_data_dir, error::Error}; +use crate::{app_data_dir, error::Error, set_perms}; const DB_NAME: &str = "defguard.db"; +pub mod models; + pub(crate) type DbPool = SqlitePool; pub static DB_POOL: LazyLock = LazyLock::new(|| { @@ -59,6 +59,7 @@ fn prepare_db_url() -> Result { app_dir.to_string_lossy() ); } + set_perms(&app_dir); let db_path = app_dir.join(DB_NAME); if db_path.exists() { debug!( @@ -77,6 +78,7 @@ fn prepare_db_url() -> Result { db_path.to_string_lossy() ); } + set_perms(&db_path); debug!( "Application's database file is located at: {}", db_path.to_string_lossy() diff --git a/src-tauri/src/lib.rs b/src-tauri/src/lib.rs index e57ddd2c..696873f0 100644 --- a/src-tauri/src/lib.rs +++ b/src-tauri/src/lib.rs @@ -1,6 +1,11 @@ // FIXME: actually refactor errors instead #![allow(clippy::result_large_err)] use std::{fmt, path::PathBuf}; +#[cfg(not(windows))] +use std::{ + fs::{set_permissions, Permissions}, + os::unix::fs::PermissionsExt, +}; use chrono::NaiveDateTime; use semver::Version; @@ -77,6 +82,19 @@ pub fn app_data_dir() -> Option { dirs_next::data_dir().map(|dir| dir.join(BUNDLE_IDENTIFIER)) } +/// Ensures path has appropriate permissions set (dg25-28): +/// - 700 for directories +/// - 600 for files +pub fn set_perms(path: &PathBuf) { + #[cfg(not(windows))] + { + let perms = if path.is_dir() { 0o700 } else { 0o600 }; + if let Err(err) = set_permissions(path, Permissions::from_mode(perms)) { + warn!("Failed to set permissions on path {path:?}: {err}"); + } + } +} + /// Location type used in commands to check if we using tunnel or location #[derive(Clone, Copy, Debug, Deserialize, PartialEq, Serialize)] pub enum ConnectionType { From 80b6d1e1ebc673b8e6ffbe07dd5ce62e47464e12 Mon Sep 17 00:00:00 2001 From: Jacek Chmielewski Date: Fri, 19 Sep 2025 14:06:40 +0200 Subject: [PATCH 3/8] bump defguard-wireguard-rs dependency to 0.7.7 (#582) --- src-tauri/Cargo.lock | 4 ++-- src-tauri/Cargo.toml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src-tauri/Cargo.lock b/src-tauri/Cargo.lock index d0e16f61..01143913 100644 --- a/src-tauri/Cargo.lock +++ b/src-tauri/Cargo.lock @@ -1307,9 +1307,9 @@ dependencies = [ [[package]] name = "defguard_wireguard_rs" -version = "0.7.6" +version = "0.7.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "093cede63322e14eede3916a6a5de2518788f438a6cdfc71d262c72d0ae865d0" +checksum = "480e5be07e155d3fd4ff894a6348bc8eb9a3ddfacb681fc457445ec04135c0c6" dependencies = [ "base64 0.22.1", "libc", diff --git a/src-tauri/Cargo.toml b/src-tauri/Cargo.toml index 26075217..b89cafd5 100644 --- a/src-tauri/Cargo.toml +++ b/src-tauri/Cargo.toml @@ -4,7 +4,7 @@ default-members = [".", "cli"] [workspace.dependencies] clap = { version = "4.5", features = ["cargo", "derive", "env"] } -defguard_wireguard_rs = "0.7.6" +defguard_wireguard_rs = "0.7.7" dirs-next = "2.0" prost = "0.14" reqwest = { version = "0.12", features = ["cookies", "json"] } From 45c95e3f3dcca28c6b8653fc82e135c16f536709 Mon Sep 17 00:00:00 2001 From: Jacek Chmielewski Date: Fri, 26 Sep 2025 10:32:59 +0200 Subject: [PATCH 4/8] Create SBOM files (#593) * implement CI sbom * run sbom on self-hosted workers * use shogo82148/actions-upload-release-asset upload action --- .github/workflows/release.yaml | 6 +++++ .github/workflows/sbom.yml | 44 ++++++++++++++++++++++++++++++++++ 2 files changed, 50 insertions(+) create mode 100644 .github/workflows/sbom.yml diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index b04338aa..a9073548 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -52,6 +52,12 @@ jobs: draft: true generate_release_notes: true + create-sbom: + needs: [create-release] + uses: ./.github/workflows/sbom.yml + with: + upload_url: ${{ needs.create-release.outputs.upload_url }} + build-linux: needs: - create-release diff --git a/.github/workflows/sbom.yml b/.github/workflows/sbom.yml new file mode 100644 index 00000000..3806208e --- /dev/null +++ b/.github/workflows/sbom.yml @@ -0,0 +1,44 @@ +name: Create SBOM files + +on: + workflow_call: + inputs: + upload_url: + description: "Release assets upload URL" + required: true + type: string + +jobs: + create-sbom: + runs-on: self-hosted + + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + submodules: recursive + + # Store the version, stripping any v-prefix + - name: Write release version + run: | + VERSION=${GITHUB_REF_NAME#v} + echo Version: $VERSION + echo "VERSION=$VERSION" >> $GITHUB_ENV + + - name: Create SBOM with Trivy + uses: aquasecurity/trivy-action@0.33.1 + with: + scan-type: 'fs' + format: 'spdx-json' + output: "defguard-client-${{ env.VERSION }}.sbom.json" + scan-ref: '.' + severity: "CRITICAL,HIGH,MEDIUM" + + - name: Upload SBOM + uses: shogo82148/actions-upload-release-asset@v1 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + upload_url: ${{ inputs.upload_url }} + asset_path: "defguard-*.sbom.json" + asset_content_type: application/octet-stream From 12f83e9b91d7af1210c62eb85642cf5d23630119 Mon Sep 17 00:00:00 2001 From: Jacek Chmielewski Date: Fri, 26 Sep 2025 14:17:57 +0200 Subject: [PATCH 5/8] CI: scan code with trivy (#594) * CI: scan code with trivy * cargo update * add trivyignore * include low severity vulns in sbom --- .github/workflows/sbom.yml | 3 +- .github/workflows/test.yml | 9 +++ .trivyignore | 2 + src-tauri/Cargo.lock | 134 ++++++++++++++++++------------------- 4 files changed, 77 insertions(+), 71 deletions(-) create mode 100644 .trivyignore diff --git a/.github/workflows/sbom.yml b/.github/workflows/sbom.yml index 3806208e..c470ea02 100644 --- a/.github/workflows/sbom.yml +++ b/.github/workflows/sbom.yml @@ -32,7 +32,8 @@ jobs: format: 'spdx-json' output: "defguard-client-${{ env.VERSION }}.sbom.json" scan-ref: '.' - severity: "CRITICAL,HIGH,MEDIUM" + severity: "CRITICAL,HIGH,MEDIUM,LOW" + scanners: "vuln" - name: Upload SBOM uses: shogo82148/actions-upload-release-asset@v1 diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 7a837db4..8cfbcf69 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -39,6 +39,15 @@ jobs: uses: actions/checkout@v5 with: submodules: recursive + - name: Scan code with Trivy + uses: aquasecurity/trivy-action@0.33.1 + with: + scan-type: 'fs' + scan-ref: '.' + exit-code: "1" + ignore-unfixed: true + severity: "CRITICAL,HIGH,MEDIUM" + scanners: "vuln" - name: Cache uses: Swatinem/rust-cache@v2 - name: Install required packages diff --git a/.trivyignore b/.trivyignore new file mode 100644 index 00000000..26c4b951 --- /dev/null +++ b/.trivyignore @@ -0,0 +1,2 @@ +# glib - transitive dependency +GHSA-wrw7-89jp-8q8g exp:2025-11-05 diff --git a/src-tauri/Cargo.lock b/src-tauri/Cargo.lock index e1062819..dd6fcaff 100644 --- a/src-tauri/Cargo.lock +++ b/src-tauri/Cargo.lock @@ -4,9 +4,9 @@ version = 3 [[package]] name = "addr2line" -version = "0.24.2" +version = "0.25.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dfbe277e56a376000877090da837660b4427aad530e3028d44e0bffe4f89a1c1" +checksum = "1b5d307320b3181d6d7954e663bd7c774a838b8220fe0593c86d9fb09f498b4b" dependencies = [ "gimli", ] @@ -296,7 +296,7 @@ dependencies = [ "polling", "rustix 1.1.2", "slab", - "windows-sys 0.61.0", + "windows-sys 0.61.1", ] [[package]] @@ -365,7 +365,7 @@ dependencies = [ "rustix 1.1.2", "signal-hook-registry", "slab", - "windows-sys 0.61.0", + "windows-sys 0.61.1", ] [[package]] @@ -502,9 +502,9 @@ dependencies = [ [[package]] name = "backtrace" -version = "0.3.75" +version = "0.3.76" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6806a6321ec58106fea15becdad98371e28d92ccbc7c8f1b3b6dd724fe8f1002" +checksum = "bb531853791a215d7c62a30daf0dde835f381ab5de4589cfe7c649d2cbe92bd6" dependencies = [ "addr2line", "cfg-if", @@ -512,7 +512,7 @@ dependencies = [ "miniz_oxide", "object", "rustc-demangle", - "windows-targets 0.52.6", + "windows-link 0.2.0", ] [[package]] @@ -779,9 +779,9 @@ dependencies = [ [[package]] name = "cc" -version = "1.2.38" +version = "1.2.39" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "80f41ae168f955c12fb8960b057d70d0ca153fb83182b57d86380443527be7e9" +checksum = "e1354349954c6fc9cb0deab020f27f783cf0b604e8bb754dc4658ecf0d29c35f" dependencies = [ "find-msvc-tools", "jobserver", @@ -1466,7 +1466,7 @@ dependencies = [ "libc", "option-ext", "redox_users 0.5.2", - "windows-sys 0.61.0", + "windows-sys 0.61.1", ] [[package]] @@ -1706,7 +1706,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "39cab71617ae0d63f51a36d69f866391735b51691dbda63cf6f96d042b63efeb" dependencies = [ "libc", - "windows-sys 0.61.0", + "windows-sys 0.61.1", ] [[package]] @@ -2196,9 +2196,9 @@ dependencies = [ [[package]] name = "gimli" -version = "0.31.1" +version = "0.32.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "07e28edb80900c19c28f1072f2e8aeca7fa06b23cd4169cefe1af5aa3260783f" +checksum = "e629b9b98ef3dd8afe6ca2bd0f89306cec16d43d907889945bc5d6687f2f13c7" [[package]] name = "gio" @@ -2428,12 +2428,6 @@ dependencies = [ "foldhash", ] -[[package]] -name = "hashbrown" -version = "0.16.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5419bdc4f6a9207fbeba6d11b604d481addf78ecd10c11ad51e76c2f6482748d" - [[package]] name = "hashlink" version = "0.10.0" @@ -2659,7 +2653,7 @@ dependencies = [ "js-sys", "log", "wasm-bindgen", - "windows-core 0.62.0", + "windows-core 0.62.1", ] [[package]] @@ -2826,7 +2820,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "4b0f83760fb341a774ed326568e19f5a863af4a952def8c39f9ab92fd95b88e5" dependencies = [ "equivalent", - "hashbrown 0.16.0", + "hashbrown 0.15.5", "serde", "serde_core", ] @@ -2964,9 +2958,9 @@ dependencies = [ [[package]] name = "js-sys" -version = "0.3.80" +version = "0.3.81" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "852f13bec5eba4ba9afbeb93fd7c13fe56147f055939ae21c43a29a0ecb2702e" +checksum = "ec48937a97411dcb524a265206ccd4c90bb711fca92b2792c407f268825b9305" dependencies = [ "once_cell", "wasm-bindgen", @@ -3263,9 +3257,9 @@ dependencies = [ [[package]] name = "memchr" -version = "2.7.5" +version = "2.7.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "32a282da65faaf38286cf3be983213fcf1d2e2a58700e808f83f4ea9a4804bc0" +checksum = "f52b00d39961fc5b2736ea853c9cc86238e165017a493d1d5c8eac6bdc4cc273" [[package]] name = "memoffset" @@ -3838,9 +3832,9 @@ dependencies = [ [[package]] name = "object" -version = "0.36.7" +version = "0.37.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "62948e14d923ea95ea2c7c86c71013138b66525b86bdc08d2dcc262bdb497b87" +checksum = "ff76201f031d8863c38aa7f905eca4f53abbfa15f609db4277d44cd8938f33fe" dependencies = [ "memchr", ] @@ -4332,7 +4326,7 @@ dependencies = [ "hermit-abi", "pin-project-lite", "rustix 1.1.2", - "windows-sys 0.61.0", + "windows-sys 0.61.1", ] [[package]] @@ -4831,9 +4825,9 @@ dependencies = [ [[package]] name = "regex" -version = "1.11.2" +version = "1.11.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "23d7fd106d8c02486a8d64e778353d1cffe08ce79ac2e82f540c86d0facf6912" +checksum = "8b5288124840bee7b386bc413c487869b360b2b4ec421ea56425128692f2a82c" dependencies = [ "aho-corasick", "memchr", @@ -4843,9 +4837,9 @@ dependencies = [ [[package]] name = "regex-automata" -version = "0.4.10" +version = "0.4.11" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6b9458fa0bfeeac22b5ca447c63aaf45f28439a709ccd244698632f9aa6394d6" +checksum = "833eb9ce86d40ef33cb1306d8accf7bc8ec2bfea4355cbdebb3df68b40925cad" dependencies = [ "aho-corasick", "memchr", @@ -5075,7 +5069,7 @@ dependencies = [ "errno", "libc", "linux-raw-sys 0.11.0", - "windows-sys 0.61.0", + "windows-sys 0.61.1", ] [[package]] @@ -5153,7 +5147,7 @@ version = "0.1.28" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "891d81b926048e76efe18581bf793546b4c0eaf8448d72be8de2bbee5fd166e1" dependencies = [ - "windows-sys 0.61.0", + "windows-sys 0.61.1", ] [[package]] @@ -5291,9 +5285,9 @@ dependencies = [ [[package]] name = "serde" -version = "1.0.226" +version = "1.0.227" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0dca6411025b24b60bfa7ec1fe1f8e710ac09782dca409ee8237ba74b51295fd" +checksum = "80ece43fc6fbed4eb5392ab50c07334d3e577cbf40997ee896fe7af40bba4245" dependencies = [ "serde_core", "serde_derive", @@ -5313,18 +5307,18 @@ dependencies = [ [[package]] name = "serde_core" -version = "1.0.226" +version = "1.0.227" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ba2ba63999edb9dac981fb34b3e5c0d111a69b0924e253ed29d83f7c99e966a4" +checksum = "7a576275b607a2c86ea29e410193df32bc680303c82f31e275bbfcafe8b33be5" dependencies = [ "serde_derive", ] [[package]] name = "serde_derive" -version = "1.0.226" +version = "1.0.227" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8db53ae22f34573731bafa1db20f04027b2d25e02d8205921b569171699cdb33" +checksum = "51e694923b8824cf0e9b382adf0f60d4e05f348f357b38833a3fa5ed7c2ede04" dependencies = [ "proc-macro2", "quote", @@ -6555,7 +6549,7 @@ dependencies = [ "getrandom 0.3.3", "once_cell", "rustix 1.1.2", - "windows-sys 0.61.0", + "windows-sys 0.61.1", ] [[package]] @@ -7439,9 +7433,9 @@ checksum = "b8dad83b4f25e74f184f64c43b150b91efe7647395b42289f38e50566d82855b" [[package]] name = "wasm-bindgen" -version = "0.2.103" +version = "0.2.104" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ab10a69fbd0a177f5f649ad4d8d3305499c42bab9aef2f7ff592d0ec8f833819" +checksum = "c1da10c01ae9f1ae40cbfac0bac3b1e724b320abfcf52229f80b547c0d250e2d" dependencies = [ "cfg-if", "once_cell", @@ -7452,9 +7446,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-backend" -version = "0.2.103" +version = "0.2.104" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0bb702423545a6007bbc368fde243ba47ca275e549c8a28617f56f6ba53b1d1c" +checksum = "671c9a5a66f49d8a47345ab942e2cb93c7d1d0339065d4f8139c486121b43b19" dependencies = [ "bumpalo", "log", @@ -7466,9 +7460,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-futures" -version = "0.4.53" +version = "0.4.54" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a0b221ff421256839509adbb55998214a70d829d3a28c69b4a6672e9d2a42f67" +checksum = "7e038d41e478cc73bae0ff9b36c60cff1c98b8f38f8d7e8061e79ee63608ac5c" dependencies = [ "cfg-if", "js-sys", @@ -7479,9 +7473,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-macro" -version = "0.2.103" +version = "0.2.104" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fc65f4f411d91494355917b605e1480033152658d71f722a90647f56a70c88a0" +checksum = "7ca60477e4c59f5f2986c50191cd972e3a50d8a95603bc9434501cf156a9a119" dependencies = [ "quote", "wasm-bindgen-macro-support", @@ -7489,9 +7483,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-macro-support" -version = "0.2.103" +version = "0.2.104" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ffc003a991398a8ee604a401e194b6b3a39677b3173d6e74495eb51b82e99a32" +checksum = "9f07d2f20d4da7b26400c9f4a0511e6e0345b040694e8a75bd41d578fa4421d7" dependencies = [ "proc-macro2", "quote", @@ -7502,9 +7496,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-shared" -version = "0.2.103" +version = "0.2.104" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "293c37f4efa430ca14db3721dfbe48d8c33308096bd44d80ebaa775ab71ba1cf" +checksum = "bad67dc8b2a1a6e5448428adec4c3e84c43e561d8c9ee8a9e5aabeb193ec41d1" dependencies = [ "unicode-ident", ] @@ -7597,9 +7591,9 @@ dependencies = [ [[package]] name = "web-sys" -version = "0.3.80" +version = "0.3.81" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fbe734895e869dc429d78c4b433f8d17d95f8d05317440b4fad5ab2d33e596dc" +checksum = "9367c417a924a74cae129e6a2ae3b47fabb1f8995595ab474029da749a8be120" dependencies = [ "js-sys", "wasm-bindgen", @@ -7764,7 +7758,7 @@ version = "0.1.11" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c2a7b1c03c876122aa43f3020e6c3c3ee5c05081c9a00739faf7503aeba10d22" dependencies = [ - "windows-sys 0.61.0", + "windows-sys 0.61.1", ] [[package]] @@ -7825,9 +7819,9 @@ dependencies = [ [[package]] name = "windows-core" -version = "0.62.0" +version = "0.62.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "57fe7168f7de578d2d8a05b07fd61870d2e73b4020e9f49aa00da8471723497c" +checksum = "6844ee5416b285084d3d3fffd743b925a6c9385455f64f6d4fa3031c4c2749a9" dependencies = [ "windows-implement", "windows-interface", @@ -7849,9 +7843,9 @@ dependencies = [ [[package]] name = "windows-implement" -version = "0.60.0" +version = "0.60.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a47fddd13af08290e67f4acabf4b459f647552718f683a7b415d290ac744a836" +checksum = "edb307e42a74fb6de9bf3a02d9712678b22399c87e6fa869d6dfcd8c1b7754e0" dependencies = [ "proc-macro2", "quote", @@ -7860,9 +7854,9 @@ dependencies = [ [[package]] name = "windows-interface" -version = "0.59.1" +version = "0.59.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bd9211b69f8dcdfa817bfd14bf1c97c9188afa36f4750130fcdf3f400eca9fa8" +checksum = "c0abd1ddbc6964ac14db11c7213d6532ef34bd9aa042c2e5935f59d7908b46a5" dependencies = [ "proc-macro2", "quote", @@ -7991,14 +7985,14 @@ version = "0.60.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f2f500e4d28234f72040990ec9d39e3a6b950f9f22d3dba18416c35882612bcb" dependencies = [ - "windows-targets 0.53.3", + "windows-targets 0.53.4", ] [[package]] name = "windows-sys" -version = "0.61.0" +version = "0.61.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e201184e40b2ede64bc2ea34968b28e33622acdbbf37104f0e4a33f7abe657aa" +checksum = "6f109e41dd4a3c848907eb83d5a42ea98b3769495597450cf6d153507b166f0f" dependencies = [ "windows-link 0.2.0", ] @@ -8051,11 +8045,11 @@ dependencies = [ [[package]] name = "windows-targets" -version = "0.53.3" +version = "0.53.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d5fe6031c4041849d7c496a8ded650796e7b6ecc19df1a431c1a363342e5dc91" +checksum = "2d42b7b7f66d2a06854650af09cfdf8713e427a439c97ad65a6375318033ac4b" dependencies = [ - "windows-link 0.1.3", + "windows-link 0.2.0", "windows_aarch64_gnullvm 0.53.0", "windows_aarch64_msvc 0.53.0", "windows_i686_gnu 0.53.0", @@ -8077,9 +8071,9 @@ dependencies = [ [[package]] name = "windows-version" -version = "0.1.5" +version = "0.1.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "69e061eb0a22b4a1d778ad70f7575ec7845490abb35b08fa320df7895882cacb" +checksum = "700dad7c058606087f6fdc1f88da5841e06da40334413c6cd4367b25ef26d24e" dependencies = [ "windows-link 0.2.0", ] From 661b833f0c38c847831b4717f40128f4018abee9 Mon Sep 17 00:00:00 2001 From: Adam Date: Fri, 26 Sep 2025 17:20:23 +0200 Subject: [PATCH 6/8] Fix RPM package (#595) --- resources-linux/postinst | 4 ++-- resources-linux/postrm | 6 +++--- resources-linux/prerm | 2 +- src-tauri/Cargo.lock | 8 +++++++- .../components/LocationsList/modals/MFAModal/MFAModal.tsx | 1 - 5 files changed, 13 insertions(+), 8 deletions(-) diff --git a/resources-linux/postinst b/resources-linux/postinst index 580264af..64779ffd 100644 --- a/resources-linux/postinst +++ b/resources-linux/postinst @@ -5,10 +5,10 @@ GROUP_NAME="defguard" SERVICE_NAME="defguard-service" case "$1" in - configure) + 1|configure) # Create the group if it doesn't exist if ! getent group "$GROUP_NAME" >/dev/null; then - addgroup --system "$GROUP_NAME" + groupadd --system "$GROUP_NAME" echo "Created group $GROUP_NAME" fi diff --git a/resources-linux/postrm b/resources-linux/postrm index 645f3f87..924e6eb0 100644 --- a/resources-linux/postrm +++ b/resources-linux/postrm @@ -5,7 +5,7 @@ GROUP_NAME="defguard" SERVICE_NAME="defguard-service" case "$1" in - remove) + 0|1|remove) # Service file still exists, just disable it if [ -d /run/systemd/system ]; then systemctl disable "$SERVICE_NAME" || true @@ -13,10 +13,10 @@ case "$1" in fi ;; - purge) + 0|purge) # Complete removal - clean up group too if getent group "$GROUP_NAME" >/dev/null; then - delgroup "$GROUP_NAME" || true + groupdel "$GROUP_NAME" || true fi ;; esac diff --git a/resources-linux/prerm b/resources-linux/prerm index 3c602373..40dbc1e3 100644 --- a/resources-linux/prerm +++ b/resources-linux/prerm @@ -4,7 +4,7 @@ set -e SERVICE_NAME="defguard-service" case "$1" in - remove|upgrade|deconfigure) + 0|1|remove|upgrade|deconfigure) if [ -d /run/systemd/system ]; then # Stop the service before removal/upgrade systemctl stop "$SERVICE_NAME" || true diff --git a/src-tauri/Cargo.lock b/src-tauri/Cargo.lock index dd6fcaff..778c9e01 100644 --- a/src-tauri/Cargo.lock +++ b/src-tauri/Cargo.lock @@ -2428,6 +2428,12 @@ dependencies = [ "foldhash", ] +[[package]] +name = "hashbrown" +version = "0.16.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5419bdc4f6a9207fbeba6d11b604d481addf78ecd10c11ad51e76c2f6482748d" + [[package]] name = "hashlink" version = "0.10.0" @@ -2820,7 +2826,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "4b0f83760fb341a774ed326568e19f5a863af4a952def8c39f9ab92fd95b88e5" dependencies = [ "equivalent", - "hashbrown 0.15.5", + "hashbrown 0.16.0", "serde", "serde_core", ] diff --git a/src/pages/client/pages/ClientInstancePage/components/LocationsList/modals/MFAModal/MFAModal.tsx b/src/pages/client/pages/ClientInstancePage/components/LocationsList/modals/MFAModal/MFAModal.tsx index 032e03b0..2307f534 100644 --- a/src/pages/client/pages/ClientInstancePage/components/LocationsList/modals/MFAModal/MFAModal.tsx +++ b/src/pages/client/pages/ClientInstancePage/components/LocationsList/modals/MFAModal/MFAModal.tsx @@ -571,7 +571,6 @@ const MFACodeForm = ({ description, token, proxyUrl, resetState }: MFACodeForm) if (response.ok) { closeModal(); const data = (await response.json()) as MFAFinishResponse; - error(`ARSE ${location.connection_type}`); await connect({ locationId: location?.id, connectionType: location.connection_type, From 6ae00fe59f67529b6c14a08e120bf728ba0d4917 Mon Sep 17 00:00:00 2001 From: Jacek Chmielewski Date: Mon, 29 Sep 2025 15:47:33 +0200 Subject: [PATCH 7/8] Periodic sbom regeneration (#599) * regenerate sboms and advisories periodically * remove branch push trigger --- .github/workflows/sbom-regenerate.yml | 35 ++++++++++++++++++++++++ .github/workflows/sbom.yml | 39 +++++++++++++++++++-------- 2 files changed, 63 insertions(+), 11 deletions(-) create mode 100644 .github/workflows/sbom-regenerate.yml diff --git a/.github/workflows/sbom-regenerate.yml b/.github/workflows/sbom-regenerate.yml new file mode 100644 index 00000000..d3c7522c --- /dev/null +++ b/.github/workflows/sbom-regenerate.yml @@ -0,0 +1,35 @@ +name: Periodic SBOM Regeneration + +on: + schedule: + - cron: '30 2 * * *' # 2:30 AM UTC + +jobs: + list-releases: + name: List releases + runs-on: ubuntu-latest + outputs: + releases: ${{ steps.get-releases.outputs.releases }} + steps: + - name: Get list of releases + id: get-releases + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + RELEASES_JSON=$(gh api repos/${{ github.repository }}/releases \ + --jq '[.[] | select(.draft == false) | {tagName: .tag_name, uploadUrl: .upload_url}][:1]') + echo "releases=$RELEASES_JSON" >> $GITHUB_OUTPUT + regenerate-for-release: + name: Regenerate SBOM for release + needs: list-releases + # Don't run if no releases were found. + if: needs.list-releases.outputs.releases != '[]' + strategy: + fail-fast: false + matrix: + release: ${{ fromJson(needs.list-releases.outputs.releases) }} + uses: ./.github/workflows/sbom.yml + with: + upload_url: ${{ matrix.release.uploadUrl }} + tag: ${{ matrix.release.tagName }} + secrets: inherit diff --git a/.github/workflows/sbom.yml b/.github/workflows/sbom.yml index c470ea02..e7f357ec 100644 --- a/.github/workflows/sbom.yml +++ b/.github/workflows/sbom.yml @@ -7,39 +7,56 @@ on: description: "Release assets upload URL" required: true type: string + tag: + description: "The git tag to generate SBOM for - used in scheduled runs" + required: false + type: string jobs: create-sbom: - runs-on: self-hosted + runs-on: [self-hosted, Linux, X64] steps: + - name: Determine release tag and version + id: vars + # Uses inputs.tag for scheduled runs, otherwise github.ref_name. + run: | + TAG_NAME=${{ inputs.tag || github.ref_name }} + VERSION=${TAG_NAME#v} + echo "TAG_NAME=$TAG_NAME" >> $GITHUB_OUTPUT + echo "VERSION=$VERSION" >> $GITHUB_OUTPUT + - name: Checkout uses: actions/checkout@v4 with: submodules: recursive - # Store the version, stripping any v-prefix - - name: Write release version - run: | - VERSION=${GITHUB_REF_NAME#v} - echo Version: $VERSION - echo "VERSION=$VERSION" >> $GITHUB_ENV - - name: Create SBOM with Trivy uses: aquasecurity/trivy-action@0.33.1 with: scan-type: 'fs' format: 'spdx-json' - output: "defguard-client-${{ env.VERSION }}.sbom.json" + output: "defguard-client-${{ steps.vars.outputs.VERSION }}.sbom.json" + scan-ref: '.' + severity: "CRITICAL,HIGH,MEDIUM,LOW" + scanners: "vuln" + + - name: Create security advisory file with Trivy + uses: aquasecurity/trivy-action@0.33.1 + with: + scan-type: 'fs' + format: 'json' + output: "defguard-client-${{ steps.vars.outputs.VERSION }}.advisories.json" scan-ref: '.' severity: "CRITICAL,HIGH,MEDIUM,LOW" scanners: "vuln" - - name: Upload SBOM + - name: Upload SBOMs and advisories uses: shogo82148/actions-upload-release-asset@v1 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: upload_url: ${{ inputs.upload_url }} - asset_path: "defguard-*.sbom.json" + asset_path: "defguard-*.json" asset_content_type: application/octet-stream + overwrite: true From 218135d0ba05b13f5f5c4a0a936b6f411a480803 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maciej=20W=C3=B3jcik?= Date: Fri, 3 Oct 2025 08:01:28 +0200 Subject: [PATCH 8/8] bump version to 1.5.2 --- nix/package.nix | 2 +- package.json | 4 ++-- src-tauri/Cargo.lock | 6 +++--- src-tauri/Cargo.toml | 2 +- src-tauri/tauri.conf.json | 4 ++-- 5 files changed, 9 insertions(+), 9 deletions(-) diff --git a/nix/package.nix b/nix/package.nix index cad9c48b..0ec4456a 100644 --- a/nix/package.nix +++ b/nix/package.nix @@ -6,7 +6,7 @@ makeDesktopItem, }: let pname = "defguard-client"; - version = "1.5.1"; # TODO: Get this from Cargo.toml or git + version = "1.5.2"; # TODO: Get this from Cargo.toml or git desktopItem = makeDesktopItem { name = pname; diff --git a/package.json b/package.json index ee8a6109..f3cd54b6 100644 --- a/package.json +++ b/package.json @@ -1,7 +1,7 @@ { "name": "defguard-client", "private": false, - "version": "1.5.1", + "version": "1.5.2", "type": "module", "scripts": { "dev": "npm-run-all --parallel vite typesafe-i18n", @@ -132,4 +132,4 @@ "volta": { "node": "20.5.1" } -} +} \ No newline at end of file diff --git a/src-tauri/Cargo.lock b/src-tauri/Cargo.lock index dd6fcaff..f9647ce4 100644 --- a/src-tauri/Cargo.lock +++ b/src-tauri/Cargo.lock @@ -909,7 +909,7 @@ dependencies = [ [[package]] name = "common" -version = "1.5.1" +version = "1.5.2" dependencies = [ "nix", ] @@ -1263,7 +1263,7 @@ checksum = "be1e0bca6c3637f992fc1cc7cbc52a78c1ef6db076dbf1059c4323d6a2048376" [[package]] name = "defguard-client" -version = "1.5.1" +version = "1.5.2" dependencies = [ "anyhow", "base64 0.22.1", @@ -1321,7 +1321,7 @@ dependencies = [ [[package]] name = "defguard-dg" -version = "1.5.1" +version = "1.5.2" dependencies = [ "clap", "common", diff --git a/src-tauri/Cargo.toml b/src-tauri/Cargo.toml index e7ec0f43..466a0b5d 100644 --- a/src-tauri/Cargo.toml +++ b/src-tauri/Cargo.toml @@ -31,7 +31,7 @@ edition = "2021" homepage = "https://github.com/DefGuard/client" license-file = "../LICENSE.md" rust-version = "1.80" -version = "1.5.1" +version = "1.5.2" [package] name = "defguard-client" diff --git a/src-tauri/tauri.conf.json b/src-tauri/tauri.conf.json index a9a3ed85..8c9b8904 100644 --- a/src-tauri/tauri.conf.json +++ b/src-tauri/tauri.conf.json @@ -72,7 +72,7 @@ "productName": "defguard-client", "mainBinaryName": "defguard-client", "identifier": "net.defguard", - "version": "1.5.1", + "version": "1.5.2", "app": { "security": { "capabilities": [ @@ -107,4 +107,4 @@ } } } -} +} \ No newline at end of file