Skip to content

Commit

Permalink
Bump TSDK to v0.22.11 (#200)
Browse files Browse the repository at this point in the history 
* get tsdk v0.22.11 / csdk 0.35.2
  • Loading branch information
@scareything
scareything authored Oct 12, 2023
1 parent 9e2a3b2 commit b08f2ba
Show file tree
Hide file tree
Showing 4 changed files with 79 additions and 88 deletions.
9 changes: 5 additions & 4 deletions .github/workflows/CI.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ permissions:

jobs:
build-tsdk:
runs-on: macos-latest
runs-on: macos-13

strategy:
matrix:
Expand All @@ -28,7 +28,7 @@ jobs:

- uses: maxim-lobanov/setup-xcode@v1
with:
xcode-version: '14.2.0'
xcode-version: '14.3.1'

- uses: lukka/run-vcpkg@v10
with:
Expand All @@ -38,6 +38,7 @@ jobs:
env:
TOOLCHAIN: ${{ matrix.spec.toolchain && format('../../toolchains/{0}.cmake', matrix.spec.toolchain) || '' }}
run: |
(cd deps/ziti-tunnel-sdk-c && git fetch --tags)
cmake -DCMAKE_BUILD_TYPE=Release -DTLSUV_TLSLIB=mbedtls -DMBEDTLS_FATAL_WARNINGS:BOOL=OFF -DEXCLUDE_PROGRAMS=ON -DZITI_TUNNEL_BUILD_TESTS=OFF -DCMAKE_TOOLCHAIN_FILE="${TOOLCHAIN}" -S ./deps/ziti-tunnel-sdk-c -B ./deps/ziti-tunnel-sdk-c/${{ matrix.spec.name }}
cmake --build ./deps/ziti-tunnel-sdk-c/${{ matrix.spec.name }}
tar -cvzf ${{ matrix.spec.name }}.tgz -C ./deps/ziti-tunnel-sdk-c ${{ matrix.spec.name }}
Expand All @@ -49,7 +50,7 @@ jobs:
path: ${{ matrix.spec.name }}.tgz

build-cziti:
runs-on: macos-latest
runs-on: macos-13
needs: [ build-tsdk ]

steps:
Expand All @@ -60,7 +61,7 @@ jobs:

- uses: maxim-lobanov/setup-xcode@v1
with:
xcode-version: '14.2.0'
xcode-version: '14.3.1'

- name: Download Artifacts
uses: actions/download-artifact@v3
Expand Down
2 changes: 1 addition & 1 deletion deps/ziti-tunnel-sdk-c
Submodule ziti-tunnel-sdk-c updated 41 files
+49 −0 .github/actions/build/action.yml
+0 −1 .github/actions/openziti-tunnel-build-action/redhat-8/entrypoint.sh
+52 −0 .github/actions/openziti-tunnel-build-action/redhat-9/Dockerfile
+55 −0 .github/actions/openziti-tunnel-build-action/redhat-9/entrypoint.sh
+67 −0 .github/cpack-matrix.yml
+27 −84 .github/workflows/cmake.yml
+56 −80 .github/workflows/cpack.yml
+3 −2 .github/workflows/draft-release.yml
+138 −0 .github/workflows/promote-downstreams.yml
+15 −15 .github/workflows/publish-containers.yml
+5 −2 .github/workflows/release.yml
+4 −2 .gitignore
+21 −1 BUILD.md
+3 −3 CMakeLists.txt
+22 −4 CMakePresets.json
+52 −0 RELEASING.md
+5 −1 docker/Dockerfile.ziti-host
+31 −0 docker/README.md
+2 −2 docker/docker-compose.yml
+0 −9 docker/linux-cross-build.sh
+0 −7 docker/linux-native-build.sh
+3 −1 lib/ziti-tunnel-cbs/CMakeLists.txt
+9 −3 lib/ziti-tunnel-cbs/include/ziti/ziti_tunnel_cbs.h
+1 −1 lib/ziti-tunnel-cbs/ziti_hosting.c
+127 −45 lib/ziti-tunnel-cbs/ziti_tunnel_ctrl.c
+3 −1 lib/ziti-tunnel/CMakeLists.txt
+29 −29 package-repos.gpg
+1 −0 programs/ziti-edge-tunnel/include/model/dtos.h
+42 −1 programs/ziti-edge-tunnel/instance.c
+164 −16 programs/ziti-edge-tunnel/netif_driver/linux/resolvers.c
+4 −0 programs/ziti-edge-tunnel/netif_driver/linux/resolvers.h
+91 −58 programs/ziti-edge-tunnel/netif_driver/linux/tun.c
+2 −2 programs/ziti-edge-tunnel/package/CPackGenConfig.cmake
+24 −13 programs/ziti-edge-tunnel/package/deb/postinst.in
+9 −9 programs/ziti-edge-tunnel/package/deb/postrm.in
+1 −1 programs/ziti-edge-tunnel/package/deb/prerm.in
+118 −104 programs/ziti-edge-tunnel/ziti-edge-tunnel.c
+39 −0 scripts/install-ubuntu.bash
+1 −1 scripts/openwrt-build.sh
+146 −0 scripts/ziti-builder.sh
+1 −0 vcpkg.json
131 changes: 61 additions & 70 deletions lib/Ziti.swift
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,13 +50,6 @@ import CZitiPrivate
/// Arbitrary data user can attach to a Ziti instance. This dictionary is not used internally and is completely under the control of the user.
@objc public var userData:[String:Any] = [:]

// This memory is held onto an used by C-SDK. If not using a private loop we need to make sure these three things
// stay in memory
private var tls: UnsafeMutablePointer<tls_context>?
private var ctrlPtr: UnsafeMutablePointer<Int8>?
private var zitiOpts: ziti_options?


/// Type used for escaping closure called follwing initialize of Ziti connectivity
///
/// - Parameters:
Expand Down Expand Up @@ -92,22 +85,22 @@ import CZitiPrivate
private var dumpPrinter:ZitiDumpPrinter?

/// Ziti constant indicating OK status from Ziti C SDK call
public static let ZITI_OK = 0
public static let ZITI_OK = Int(CZitiPrivate.ZITI_OK)

/// Ziti controller is unavailable
public static let ZITI_CONTROLLER_UNAVAILABLE = -15
public static let ZITI_CONTROLLER_UNAVAILABLE = Int(CZitiPrivate.ZITI_CONTROLLER_UNAVAILABLE)

/// Ziti context is disabled
public static let ZITI_DISABLED = -29
public static let ZITI_DISABLED = Int(CZitiPrivate.ZITI_DISABLED)

/// Ziti constant indication service is unavailable from Ziti C SDK call
public static let ZITI_SERVICE_UNAVAILABLE = 17
public static let ZITI_SERVICE_UNAVAILABLE = Int(CZitiPrivate.ZITI_SERVICE_UNAVAILABLE)

/// Ziti constant indicating an indentity is allowed to dial a particular service
public static let ZITI_CAN_DIAL = 1
public static let ZITI_CAN_DIAL = Int(CZitiPrivate.ZITI_CAN_DIAL)

/// Ziti constant indicating an indentity is allowed to bind a particular service
public static let ZITI_CAN_BIND = 2
public static let ZITI_CAN_BIND = Int(CZitiPrivate.ZITI_CAN_BIND)

/// Convenience function to convert Ziti error status to String
public class func zitiErrorString(status: Int32) -> String {
Expand Down Expand Up @@ -296,7 +289,7 @@ import CZitiPrivate

/// Enroll a Ziti identity using a JWT file
///
/// Enrollment consists of parsing the JWT to determins controller address, verifytng the given JWT was signed with the controller's public key,
/// Enrollment consists of parsing the JWT to determine controller address, verifying the given JWT was signed with the controller's public key,
/// downloading the CA chain from the controller (to be used as part of establishing trust in future interactions with the controller), generating a
/// private key (stored in the Keychain), creating a Certificate Signing Request (CSR), sending the CSR to the controller and receiving our signed
/// certificate. This certificate is stored in the Keychain and required for future interactions with the controller.
Expand Down Expand Up @@ -386,13 +379,6 @@ import CZitiPrivate
/// - See also:
/// - `runAsync(_:)`
@objc public func run(_ postureChecks:ZitiPostureChecks?, _ initCallback: @escaping InitCallback) {
guard let cztAPI = id.ztAPI.cString(using: .utf8) else {
let errStr = "unable to convert controller URL (ztAPI) to C string"
log.error(errStr)
initCallback(ZitiError(errStr))
return
}

// Get certificate
let zkc = ZitiKeychain(tag: id.id)
let (maybeCert, zErr) = zkc.getCertificate()
Expand All @@ -413,40 +399,7 @@ import CZitiPrivate
}
let privKeyPEM = zkc.getKeyPEM(privKey)

// setup TLS
let caLen = (id.ca == nil ? 0 : id.ca!.count + 1)
tls = default_tls_context(id.ca?.cString(using: .utf8), caLen)

var tlsKey:tlsuv_private_key_t?
var tlsStat = tls?.pointee.api.pointee.load_key(&tlsKey, privKeyPEM.cString(using: .utf8), privKeyPEM.count + 1)
guard tlsStat == 0 else {
let errStr = "unable to load TLS private key, error code: \(tlsStat ?? 0)"
log.error(errStr)
initCallback(ZitiError(errStr, errorCode: Int(tlsStat ?? 0)))
return
}

tlsStat = tls?.pointee.api.pointee.set_own_cert(tls?.pointee.ctx, certPEM.cString(using: .utf8), certPEM.count + 1)
guard tlsStat == 0 else {
let errStr = "unable to configure TLS certificate, error code: \(tlsStat ?? 0)"
log.error(errStr)
initCallback(ZitiError(errStr, errorCode: Int(tlsStat ?? 0)))
return
}

tlsStat = tls?.pointee.api.pointee.set_own_key(tls?.pointee.ctx, tlsKey)
guard tlsStat == 0 else {
let errStr = "unable to configure TLS private key, error code: \(tlsStat ?? 0)"
log.error(errStr)
initCallback(ZitiError(errStr, errorCode: Int(tlsStat ?? 0)))
return
}

// remove compiler warning on cztAPI memory living past the init call
ctrlPtr = UnsafeMutablePointer<Int8>.allocate(capacity: id.ztAPI.count + 1)
ctrlPtr!.initialize(from: cztAPI, count: id.ztAPI.count + 1)

// init NF
// init ziti
self.initCallback = initCallback
self.postureChecks = postureChecks

Expand All @@ -456,9 +409,45 @@ import CZitiPrivate
let refresh_interval = 30
#endif

zitiOpts = ziti_options(config: nil,
controller: ctrlPtr,
tls:tls,
// convert key and id info to char * types that ziti-sdk-c can use.
// also considered .withCString - https://stackoverflow.com/questions/31378120/convert-swift-string-into-cchar-pointer
let ctrlPtr = UnsafeMutablePointer<Int8>.allocate(capacity: id.ztAPI.count + 1)
ctrlPtr.initialize(from: id.ztAPI, count: id.ztAPI.count + 1)

let certPEMPtr = UnsafeMutablePointer<Int8>.allocate(capacity: certPEM.count + 1)
certPEMPtr.initialize(from: certPEM, count: certPEM.count + 1)

let privKeyPEMPtr = UnsafeMutablePointer<Int8>.allocate(capacity: privKeyPEM.count + 1)
privKeyPEMPtr.initialize(from: privKeyPEM, count: privKeyPEM.count + 1)

var caPEMPtr:UnsafeMutablePointer<Int8>? = nil // todo empty string
if (id.ca != nil) {
caPEMPtr = UnsafeMutablePointer<Int8>.allocate(capacity: id.ca!.count + 1)
caPEMPtr!.initialize(from: id.ca!, count: id.ca!.count + 1)
}

// set up the ziti_config with our cert, etc.
var zitiCfg = ziti_config(
controller_url: ctrlPtr,
id: ziti_id_cfg(cert: certPEMPtr, key: privKeyPEMPtr, ca: caPEMPtr),
cfg_source: nil) // todo what is cfg_source?

var zitiStatus = ziti_context_init(&self.ztx, &zitiCfg)
guard zitiStatus == Ziti.ZITI_OK else {
let errStr = String(cString: ziti_errorstr(zitiStatus))
log.error("unable to initialize Ziti context, \(zitiStatus): \(errStr)", function:"start()")
initCallback(ZitiError(errStr, errorCode: Int(zitiStatus)))
return
}

ctrlPtr.deallocate()
certPEMPtr.deallocate()
privKeyPEMPtr.deallocate()
if (caPEMPtr != nil) {
caPEMPtr!.deallocate()
}

var zitiOpts = ziti_options(config: nil,
disabled: id.startDisabled ?? false,
config_types: ziti_all_configs,
api_page_size: 25,
Expand All @@ -473,25 +462,27 @@ import CZitiPrivate
events: ZitiContextEvent.rawValue | ZitiRouterEvent.rawValue | ZitiServiceEvent.rawValue | ZitiMfaAuthEvent.rawValue | ZitiAPIEvent.rawValue,
event_cb: Ziti.onEvent)

zitiStatus = ziti_context_set_options(self.ztx, &zitiOpts)
guard zitiStatus == Ziti.ZITI_OK else {
let errStr = String(cString: ziti_errorstr(zitiStatus))
log.error("unable to set Ziti context options, \(zitiStatus): \(errStr)", function:"start()")
initCallback(ZitiError(errStr, errorCode: Int(zitiStatus)))
return
}

// ziti_instance required if being managed by ZitiTunnel
var zi:UnsafeMutablePointer<ziti_instance_s>?
if let zt = self.zitiTunnel {
zi = zt.createZitiInstance(id.id, &(zitiOpts!))
zt.setZitiInstance(id.id, self.ztx!)
}

let initStatus = ziti_init_opts(&(zitiOpts!), loop)
guard initStatus == Ziti.ZITI_OK else {
let errStr = String(cString: ziti_errorstr(initStatus))
log.error("unable to initialize Ziti, \(initStatus): \(errStr)", function:"start()")
initCallback(ZitiError(errStr, errorCode: Int(initStatus)))
zitiStatus = ziti_context_run(self.ztx, loop)
guard zitiStatus == Ziti.ZITI_OK else {
let errStr = String(cString: ziti_errorstr(zitiStatus))
log.error("unable to run Ziti context, \(zitiStatus): \(errStr)", function:"start()")
initCallback(ZitiError(errStr, errorCode: Int(zitiStatus)))
return
}

// only set the ZitiTunnel ziti_instance if ziti_init_ops was successful
if let zi = zi, let zt = self.zitiTunnel {
zt.setZitiInstance(id.id, zi)
}

// Save off reference to current thread and run the loop
if privateLoop {
Thread.current.name = "ziti_uv_loop_private"
Expand Down
25 changes: 12 additions & 13 deletions lib/ZitiTunnel.swift
View file
Original file line number Diff line number Diff line change
Expand Up @@ -165,19 +165,18 @@ public class ZitiTunnel : NSObject, ZitiUnretained {
opsZiti.perform(op)
}

func createZitiInstance(_ identifier:String, _ zitiOpts:UnsafeMutablePointer<ziti_options>) -> UnsafeMutablePointer<ziti_instance_s>? {
func setZitiInstance(_ identifier:String, _ zitiCtx:ziti_context) {
var zi:UnsafeMutablePointer<ziti_instance_s>?
zi = new_ziti_instance_ex(identifier.cString(using: .utf8))

if let ziEvents = zi?.pointee.opts.events { zitiOpts.pointee.events = ziEvents }
if let eventCb = zi?.pointee.opts.event_cb { zitiOpts.pointee.event_cb = eventCb }
if let configTypes = zi?.pointee.opts.config_types { zitiOpts.pointee.config_types = configTypes }
if let appCtx = zi?.pointee.opts.app_ctx { zitiOpts.pointee.app_ctx = appCtx }

return zi
}

func setZitiInstance(_ identifier:String, _ zi:UnsafeMutablePointer<ziti_instance_s>) {
zi = new_ziti_instance(identifier.cString(using: .utf8))
// use the context and options that the caller provided
zi?.pointee.ztx = zitiCtx
// add in required options for receiving tsdk events
let rc = set_tnlr_options(zi)
guard rc == Ziti.ZITI_OK else {
log.wtf("unable to set tunneler options on Ziti instance for identifier \(identifier)")
return
}

set_ziti_instance(identifier.cString(using: .utf8), zi)

guard let ziti = ZitiTunnel.zitiDict[identifier] else {
Expand Down Expand Up @@ -215,7 +214,7 @@ public class ZitiTunnel : NSObject, ZitiUnretained {
}
}

// Start up the run loop in it's own thread. All callbacks to the tunnel provider are called from the run loop
// Start up the run loop in its own thread. All callbacks to the tunnel provider are called from the run loop
DispatchQueue.global().async {
self.uvDG.enter()
_ = Ziti.executeRunloop(loopPtr: self.loopPtr)
Expand Down

0 comments on commit b08f2ba

Please sign in to comment.