Awesome Privacy

Recent Commits

• Jamil (29 Apr 24)

  chore(website): Bump versions (#4821) - Bump versions to point to latest binaries - Stage versions for next release

• Reactor Scram (29 Apr 24)

  chore(linux GUI): enable update notifications (#4820) Closes #4815 <img width="402" alt="image" src="https://github.com/firezone/firezone/assets/13400041/ff8f3b7a-f7b1-4cae-a3e4-1d1311054b69"> You can copy-paste the URL, which is better than nothing. We could also put an update nag in the tray menu if we really wanted, it would be easy to catch the click from that.

• Reactor Scram (29 Apr 24)

  fix(windows-client): package name should be "Firezone" not "firezone-client-gui" (#4814) Closes #4813 After PR, the installer, UAC dialog, and notifications all say "Firezone" again <img width="494" alt="image" src="https://github.com/firezone/firezone/assets/13400041/69a4fe0b-78fa-4945-b17f-625e68ac09db">

• Reactor Scram (29 Apr 24)

  chore(gui-client): use new download links (#4754) ae67064121 works on the live site. However if you click the notification while the tunnel is coming up, there's a chance that the download will fail because Firezone isn't fully up yet. Oops. That will probably only affect us since we have github.com as a resource. If real customers are okay with their Firezone updates coming through normal Internet it'll probably be fine. --------- Signed-off-by: Reactor Scram <[email protected]> Co-authored-by: Jamil Bou Kheir <[email protected]>

• Jamil (29 Apr 24)

  docs: Update egress table to include www.firezone.dev (#4805) Add `www.firezone.dev` to egress table since the Gateways check there for updated binaries.

• Reactor Scram (29 Apr 24)

  chore(gui-client/linux): fix notifications (#4803) The clickable "Firezone 1.x is ready to download" notification still isn't there. Tauri doesn't seem to have cross-platform clickable notifications.

• dependabot[bot] (29 Apr 24)

  build(deps): Bump tracing-panic from 0.1.1 to 0.1.2 in /rust (#4811) Bumps [tracing-panic](https://github.com/LukeMathWalker/tracing-panic) from 0.1.1 to 0.1.2. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/LukeMathWalker/tracing-panic/blob/main/CHANGELOG.md">tracing-panic's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> <p>All notable changes to this project will be documented in this file.</p> <p>The format is based on <a href="https://keepachangelog.com/en/1.0.0/">Keep a Changelog</a>, and this project adheres to <a href="https://semver.org/spec/v2.0.0.html">Semantic Versioning</a>.</p> <h2>[Unreleased]</h2> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/LukeMathWalker/tracing-panic/commit/e27729b9d7fe38d5c67db75f096f79328c8977c9"><code>e27729b</code></a> chore: Release tracing-panic version 0.1.2</li> <li><a href="https://github.com/LukeMathWalker/tracing-panic/commit/dc8b3bc3b6c0e2ba49659a646a590183e716aeb1"><code>dc8b3bc</code></a> Update docs</li> <li><a href="https://github.com/LukeMathWalker/tracing-panic/commit/678ac5ca391c68bb3c517be675353ac3620ae71d"><code>678ac5c</code></a> Add backtrace to panic log entry, make it opt-out (<a href="https://redirect.github.com/LukeMathWalker/tracing-panic/issues/4">#4</a>)</li> <li>See full diff in <a href="https://github.com/LukeMathWalker/tracing-panic/compare/v0.1.1...v0.1.2">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

• dependabot[bot] (29 Apr 24)

  build(deps): Bump tauri from 1.6.1 to 1.6.2 in /rust (#4809) Bumps [tauri](https://github.com/tauri-apps/tauri) from 1.6.1 to 1.6.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/tauri-apps/tauri/releases">tauri's releases</a>.</em></p> <blockquote> <h2>tauri v1.6.2</h2> <p>Updating crates.io index</p> <!-- raw HTML omitted --> <pre><code>Fetching advisory database from `https://github.com/RustSec/advisory-db.git` Loaded 621 security advisories (from /home/runner/.cargo/advisory-db) Updating crates.io index Scanning Cargo.lock for vulnerabilities (577 crate dependencies) Crate: atty Version: 0.2.14 Warning: unsound Title: Potential unaligned read Date: 2021-07-04 ID: RUSTSEC-2021-0145 URL: https://rustsec.org/advisories/RUSTSEC-2021-0145 Dependency tree: atty 0.2.14 └── clap 3.2.25 └── tauri 1.6.2 ├── tauri 1.6.2 ├── restart 0.1.0 └── app-updater 0.1.0 <p>warning: 1 allowed warning found </code></pre></p> <!-- raw HTML omitted --> <h2>[1.6.2]</h2> <h3>Bug Fixes</h3> <ul> <li><a href="https://www.github.com/tauri-apps/tauri/commit/e3b6d38d26d27b292f98d6c0e8603a15265a5b43"><code>e3b6d38d2</code></a>(<a href="https://redirect.github.com/tauri-apps/tauri/pull/9166">#9166</a>) Fix <code>basename(path, 'ext')</code> JS API when removing all occurances of <code>ext</code> where it should only remove the last one.</li> <li><a href="https://www.github.com/tauri-apps/tauri/commit/705da977a9c941a4b2d90219b34925498f507ab2"><code>705da977a</code></a>(<a href="https://redirect.github.com/tauri-apps/tauri/pull/9529">#9529</a>) Do not use JS optional chaining to prevent script errors on older webviews such as macOS 10.14.</li> </ul> <!-- raw HTML omitted --> <pre><code>Updating crates.io index Packaging tauri v1.6.2 (/home/runner/work/tauri/tauri/core/tauri) Updating crates.io index Verifying tauri v1.6.2 (/home/runner/work/tauri/tauri/core/tauri) Downloading crates ... Downloaded alloc-stdlib v0.2.2 Downloaded cairo-sys-rs v0.15.1 Downloaded atk-sys v0.15.1 Downloaded cairo-rs v0.15.12 &lt;/tr&gt;&lt;/table&gt; </code></pre> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/tauri-apps/tauri/commit/caddd5bdd877e587e6d1a2787cba96d435549ad3"><code>caddd5b</code></a> Apply Version Updates From Current Changes (v1) (<a href="https://redirect.github.com/tauri-apps/tauri/issues/9544">#9544</a>)</li> <li><a href="https://github.com/tauri-apps/tauri/commit/72c2636527cba3ea85024a5cb51bb23c526af7a1"><code>72c2636</code></a> chore(ci): fix MSRV downgrade (<a href="https://redirect.github.com/tauri-apps/tauri/issues/9543">#9543</a>)</li> <li><a href="https://github.com/tauri-apps/tauri/commit/83e024c670474a134262c1372bc1c6b5c449061a"><code>83e024c</code></a> chore(ci): downgrade home crate (<a href="https://redirect.github.com/tauri-apps/tauri/issues/9542">#9542</a>)</li> <li><a href="https://github.com/tauri-apps/tauri/commit/07c9e352df69e4925ca9995f139337518f396c4e"><code>07c9e35</code></a> fix(ci): downgrade cc crate for MSRV compatibility (<a href="https://redirect.github.com/tauri-apps/tauri/issues/9541">#9541</a>)</li> <li><a href="https://github.com/tauri-apps/tauri/commit/d00178d60ceb93bfebe18398b4984708c6bc7bb4"><code>d00178d</code></a> ci: Fix package downgrades in covector workflow (<a href="https://redirect.github.com/tauri-apps/tauri/issues/9538">#9538</a>)</li> <li><a href="https://github.com/tauri-apps/tauri/commit/705da977a9c941a4b2d90219b34925498f507ab2"><code>705da97</code></a> fix: optional chaining is not supported on older webviews (<a href="https://redirect.github.com/tauri-apps/tauri/issues/9529">#9529</a>)</li> <li><a href="https://github.com/tauri-apps/tauri/commit/1675e41f05c77d517890f59fddcf536744e6a0ad"><code>1675e41</code></a> fix(bundler): don't convert product name to snake case when cross compiling (...</li> <li><a href="https://github.com/tauri-apps/tauri/commit/f9638b6315668ced871f242224f001f474262f85"><code>f9638b6</code></a> fix(cli): append extension to app binary manually on rename (<a href="https://redirect.github.com/tauri-apps/tauri/issues/9491">#9491</a>)</li> <li><a href="https://github.com/tauri-apps/tauri/commit/aeddc40b9e461bc118382ae62431d39e29f25915"><code>aeddc40</code></a> fix(cli/info): fix crash when checking node version (<a href="https://redirect.github.com/tauri-apps/tauri/issues/9411">#9411</a>)</li> <li><a href="https://github.com/tauri-apps/tauri/commit/fe6f81fa88f467cf3a8a1fdc41c99ccaa090f0e2"><code>fe6f81f</code></a> chore: fix clippy false positive (<a href="https://redirect.github.com/tauri-apps/tauri/issues/9329">#9329</a>)</li> <li>Additional commits viewable in <a href="https://github.com/tauri-apps/tauri/compare/tauri-v1.6.1...tauri-v1.6.2">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

• Jamil (29 Apr 24)

  revert(android): revert to unpublished version (#4807)

• Thomas Eizinger (29 Apr 24)

  fix(snownet): don't nominate discarded candidates (#4806) When candidates are being invalidated in str0m, they internally set a `discarded` flag. This flag was not considered when a candidate that was previously discarded was added again. This can happen when a client roams back to their old network, i.e. going from Ethernet to WiFi and back. In that case, str0m would still form new pairs using the old discarded candidate which would also eventually get nominated as part of a pair. This would lead to a panic in snownet when we try to find the nominated local candidate as we filter by non-discarded candidates there. Related: https://github.com/algesten/str0m/pull/508. Resolves: #4736. Co-authored-by: Jamil <[email protected]>

• Reactor Scram (26 Apr 24)

  chore(gui-client/linux): fix DNS (#4802) Make the GUI use systemd-resolved to retrieve the system's resolvers. This allows the IPC service to set up sentinels for those resolvers and control the system's DNS. Closes #3812

• Reactor Scram (26 Apr 24)

  refactor(linux-client): package systemd unit for IPC service (#4752) This aligns some of the internal names with #4531, but it shouldn't break the externally-visible things like package names or permalinks. --------- Signed-off-by: Reactor Scram <[email protected]>

• Jamil (26 Apr 24)

  perf: increase UDP send rate for performance test (#4793) Now that we've worked out the flakiness from the iperf tests, we should increase the UDP send rate so we have some benchmark of how many packets we can actually handle before dropping.

• Gabi (26 Apr 24)

  chore(connlib): make peer pure by taking utc time from parameters (#4773) This came up while working on #2030 and thinking about testing `Peer`. Not entirely convinced of taking both `Instant` and `DateTime<Utc>` but unless we convert the expiration to an instant, which would bring a bunch of new problems, I don't see another way to do this.

• Reactor Scram (26 Apr 24)

  chore(gui-client): enable keyring for Linux (#4799) ```[tasklist] - [ ] Maybe change that "dev.firezone.client/token" name to something friendlier ```  But it does work, survives reboots as expected, etc. I can't test it easily in CI, I just disabled the keyring test for now. It works manually, and the keyring-rs crate seems pretty stable, and our use of it hasn't changed in a couple months at least.

• Brian Manifold (26 Apr 24)

  chore(devops): Add client monitor VM (#4794) Why: * The client-monitor VM can serve multiple purposes, but for now it will act as a soak test for the latest client to allow longer term testing of the client before pushing out a new release. Fixes #4506

• Reactor Scram (26 Apr 24)

  chore(gui-client): proof of concept for process splitting (#4788) Closes #4270 Refs #3713 Refs #3782 It sort-of works, but many features are missing and it needs a refactor. ```[tasklist] - [ ] Break `imp_linux.rs` into modules - [ ] Get rid of `try_send` and panics where possible ``` --------- Signed-off-by: Reactor Scram <[email protected]>

• Jamil (26 Apr 24)

  refactor: Remove multiqueue flag for tun on Linux (#4798) We aren't using this.

• dependabot[bot] (26 Apr 24)

  build(deps): Bump serde_json from 1.0.115 to 1.0.116 in /rust (#4731) Bumps [serde_json](https://github.com/serde-rs/json) from 1.0.115 to 1.0.116. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/serde-rs/json/releases">serde_json's releases</a>.</em></p> <blockquote> <h2>v1.0.116</h2> <ul> <li>Make module structure comprehensible to static analysis (<a href="https://redirect.github.com/serde-rs/json/issues/1124">#1124</a>, thanks <a href="https://github.com/mleonhard"><code>@​mleonhard</code></a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/serde-rs/json/commit/a3f62bb10ea870dafe3b49a77dc6c1713ca4b7e4"><code>a3f62bb</code></a> Release 1.0.116</li> <li><a href="https://github.com/serde-rs/json/commit/12c8ee0ce6eaca3a809e83d9df768b67322a7f2a"><code>12c8ee0</code></a> Hide &quot;non-exhaustive patterns&quot; errors when crate fails to compile</li> <li><a href="https://github.com/serde-rs/json/commit/051ce970fe3fab097c618b237aa7ec4a628f85d4"><code>051ce97</code></a> Merge pull request 1124 from mleonhard/master</li> <li><a href="https://github.com/serde-rs/json/commit/25dc75050aee18ff42342bdb64c1e97542d17267"><code>25dc750</code></a> Replace <code>features_check</code> mod with a call to <code>std::compile_error!</code>. Fixes htt...</li> <li><a href="https://github.com/serde-rs/json/commit/2e15e3d7d53a68f78ff559709c57e4fa70584bb7"><code>2e15e3d</code></a> Revert &quot;Temporarily disable miri on doctests&quot;</li> <li><a href="https://github.com/serde-rs/json/commit/0baba2877595e31d57adafd5db2f94074f4a4c2e"><code>0baba28</code></a> Resolve legacy_numeric_constants clippy lints</li> <li>See full diff in <a href="https://github.com/serde-rs/json/compare/v1.0.115...v1.0.116">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Gabi <[email protected]>

• dependabot[bot] (26 Apr 24)

  build(deps): Bump async-trait from 0.1.79 to 0.1.80 in /rust (#4732) Bumps [async-trait](https://github.com/dtolnay/async-trait) from 0.1.79 to 0.1.80. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/dtolnay/async-trait/releases">async-trait's releases</a>.</em></p> <blockquote> <h2>0.1.80</h2> <ul> <li>Fix unreachable code warning for async functions that return <code>!</code> (<a href="https://redirect.github.com/dtolnay/async-trait/issues/265">#265</a>, thanks <a href="https://github.com/de-vri-es"><code>@​de-vri-es</code></a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/dtolnay/async-trait/commit/d528b5a816c891c3b5ab90dc4bcc5cc8d384e177"><code>d528b5a</code></a> Release 0.1.80</li> <li><a href="https://github.com/dtolnay/async-trait/commit/10b5c9951af4cc787905ca26f95509e059931067"><code>10b5c99</code></a> Drop support for compilers older than 1.47</li> <li><a href="https://github.com/dtolnay/async-trait/commit/83a542268d907f503793e64b5764c30b301a06d1"><code>83a5422</code></a> Drop support for compilers older than 1.45</li> <li><a href="https://github.com/dtolnay/async-trait/commit/22d017e9415fccf237372a3c5003c5cb44bcef6e"><code>22d017e</code></a> Build script no longer looks at $DOCS_RS</li> <li><a href="https://github.com/dtolnay/async-trait/commit/b64d041c6543f5ce48ff356cc5aaf712224b70e4"><code>b64d041</code></a> Move never_type test under issue266</li> <li><a href="https://github.com/dtolnay/async-trait/commit/b683da826e34ce1d7d3ac55c6de1d247a21757c8"><code>b683da8</code></a> Merge pull request <a href="https://redirect.github.com/dtolnay/async-trait/issues/265">#265</a> from de-vri-es/fix-unreachable-code-warning</li> <li><a href="https://github.com/dtolnay/async-trait/commit/c8d958dfde2c36a5c483c9255729d30361cbd0bf"><code>c8d958d</code></a> Fix unreachable code warning for functions that return <code>!</code></li> <li><a href="https://github.com/dtolnay/async-trait/commit/4f0b72eb8455834b1b52bdadb411aaf40bdf1b81"><code>4f0b72e</code></a> Explicitly install a Rust toolchain for cargo-outdated job</li> <li>See full diff in <a href="https://github.com/dtolnay/async-trait/compare/0.1.79...0.1.80">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Gabi <[email protected]>

• Jamil (26 Apr 24)

  docs: Clarify rollback procedure for systemd-installed gateways (#4797) * We'll be bumping the versions going forward, so instructions need a bit of clarification. * Added rollback instructions for systemd Gateway upgrades that have gone awry. --------- Signed-off-by: Jamil <[email protected]> Co-authored-by: Brian Manifold <[email protected]>

• Brian Manifold (26 Apr 24)

  fix(portal): Update site deletion modal message (#4795) Why: * Deleting a Site from the show page would prompt the user with a message about Gateway Groups.

• Jamil (26 Apr 24)

  fix(gateway): Fix conditional used to check for upgrades (#4796) See https://firezonehq.slack.com/archives/C06L41XN05T/p1714071689814809

• Andrew Dryga (25 Apr 24)

  fix(portal): Fix traffic filtering to send port-less rules (#4778)

• Reactor Scram (25 Apr 24)

  refactor(linux-client): remove FIREZONE_ID from example systemd file (#4714) For tests it doesn't hurt, but this will be used as a template for the systemd service we ship to production, and that can't have the ID there. So I'm also cleaning up a few other problems I noticed: - I wanted to split the service files as part of #4531, so that the GUI Client and headless Client can have separate sandbox rules. e.g, the headless Client won't be allowed to create Unix domain sockets - I'm punting more things to systemd, which allows us to tighten down the sandbox further, e.g. creating `/var/lib/dev.firezone.client` and `/run/dev.firezone.client` for us - Closes #4461 --------- Signed-off-by: Reactor Scram <[email protected]>

• Reactor Scram (25 Apr 24)

  fix(headless-client): clean up and exit gracefully when `on_disconnect` called (#4785) Calling `std::process::exit` won't let the DNS deactivation code runs. For some control methods (systemd-resolved) this doesn't matter. For etc-resolvconf and Windows, we are responsible for cleaning up DNS. ```[tasklist] - [x] Replicate the issue - [x] Fix it - [x] Remove the fault injection code ``` Closes #4784

• Jamil (25 Apr 24)

  chore(website): Update intro video (#4786)

• Jamil (25 Apr 24)

  chore(gateway): Handle edge cases where gateway binary couldn't be downloaded (#4783) Increases robustness of the systemd gateway upgrade mechanism.

• Reactor Scram (24 Apr 24)

  fix(windows-client): allow sign out while connlib is raising the tunnel (#4766) Closes #4763 Previously it would get stuck signing in and say that the situation was impossible, it was actually possible. I tested this manually by forcing the tunnel to error out in the place where wintun fails for #4765 --------- Co-authored-by: Jamil <[email protected]>

• Andrew Dryga (24 Apr 24)

  feat(portal): Allow creating resources from Resources page (#4775) Closes #4625