yggdrasil-network/yggdrasil-go
1
0
Fork 0
mirror of https://github.com/yggdrasil-network/yggdrasil-go.git synced 2025-11-04 03:05:07 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions
2508 commits 9 branches 48 tags 25 MiB
Commit graph

2508 commits

This branch
This branch
All branches
Author SHA1 Message Date
Andy Oknen
170e369a53 Refactor Dockerfile to enhance Oh My Zsh installation and configuration for improved terminal experience 2025-07-30 07:40:05 +00:00
Andy Oknen
4acc41cc03 Update devcontainer configuration and Dockerfile to improve environment setup 2025-07-29 21:21:47 +00:00
Andy Oknen
a7185743cc Update .gitignore to include additional yggdrasil related files and runtime directories 2025-07-29 21:09:09 +00:00
Andy Oknen
13a6398001 Update CodeQL actions to version 3 in CI workflow 2025-07-29 21:05:44 +00:00
Andy Oknen
51a1a0a3d7 Refactor web UI server setup in main.go and update default host in config 2025-07-29 21:03:03 +00:00
Andy Oknen
345d5b9cbd Add minimal Web UI server 2025-07-29 20:14:41 +00:00
Andy Oknen
707e90b1b3 Add VS Code extension for managing TODOs in development container 2025-07-29 20:02:21 +00:00
Andy Oknen
d741657948 Refactor configuration struct comments and update default multicast interface settings 2025-07-29 18:50:47 +00:00
Andy Oknen
de40a2c1ad Add development environment setup with Docker and VS Code Dev Containers 2025-07-29 15:16:45 +00:00
Andy Oknen
133f87d3c7 Add .gitignore file to exclude yggdrasil related files 2025-07-29 15:16:36 +00:00
Neil Alexander
429403aea5
Update CI workers for packaging pipeline 2025-06-22 23:00:44 +01:00
Neil Alexander
ffc0dc92e0
Reduce minimum maxbackoff to 5 seconds 2025-06-22 16:37:34 +01:00
Neil Alexander
81543e9cc0
Remove Go 1.22 from CI 2025-06-21 20:09:12 +01:00
Neil Alexander
9e5c25d4af
Update to Go 1.23, update dependencies 2025-06-21 20:08:08 +01:00
Neil
390dba0471
Update readme 2025-06-02 22:02:02 +01:00
Sergey Alirzaev
47818a1a7c
apparmor: add yggdrasilctl policy (#1235)
Some checks failed
Yggdrasil / Lint (push) Has been cancelled
Details
Yggdrasil / Analyse (push) Has been cancelled
Details
Yggdrasil / Build & Test (Linux, Go 1.22) (push) Has been cancelled
Details
Yggdrasil / Build & Test (Linux, Go 1.23) (push) Has been cancelled
Details
Yggdrasil / Build & Test (Linux, Go 1.24) (push) Has been cancelled
Details
Yggdrasil / Build & Test (Windows, Go 1.22) (push) Has been cancelled
Details
Yggdrasil / Build & Test (Windows, Go 1.23) (push) Has been cancelled
Details
Yggdrasil / Build & Test (Windows, Go 1.24) (push) Has been cancelled
Details
Yggdrasil / Build & Test (macOS, Go 1.22) (push) Has been cancelled
Details
Yggdrasil / Build & Test (macOS, Go 1.23) (push) Has been cancelled
Details
Yggdrasil / Build & Test (macOS, Go 1.24) (push) Has been cancelled
Details
Yggdrasil / Build (Cross freebsd, Go 1.22) (push) Has been cancelled
Details
Yggdrasil / Build (Cross freebsd, Go 1.23) (push) Has been cancelled
Details
Yggdrasil / Build (Cross freebsd, Go 1.24) (push) Has been cancelled
Details
Yggdrasil / Build (Cross openbsd, Go 1.22) (push) Has been cancelled
Details
Yggdrasil / Build (Cross openbsd, Go 1.23) (push) Has been cancelled
Details
Yggdrasil / Build (Cross openbsd, Go 1.24) (push) Has been cancelled
Details
Yggdrasil / All tests passed (push) Has been cancelled
Details
2025-04-15 17:17:52 +01:00
Sergey Alirzaev
6377d7f071
contrib/openrc: remove SIGHUP logic (#1236) 
as it is long gone from the daemon code
and unexpectedly kills the daemon
 2025-04-15 17:15:09 +01:00
Neil Alexander
5b8dbc8b1e
Add summary helpers to mobile wrapper
Some checks failed
Yggdrasil / Lint (push) Has been cancelled
Details
Yggdrasil / Analyse (push) Has been cancelled
Details
Yggdrasil / Build & Test (Linux, Go 1.22) (push) Has been cancelled
Details
Yggdrasil / Build & Test (Linux, Go 1.23) (push) Has been cancelled
Details
Yggdrasil / Build & Test (Linux, Go 1.24) (push) Has been cancelled
Details
Yggdrasil / Build & Test (Windows, Go 1.22) (push) Has been cancelled
Details
Yggdrasil / Build & Test (Windows, Go 1.23) (push) Has been cancelled
Details
Yggdrasil / Build & Test (Windows, Go 1.24) (push) Has been cancelled
Details
Yggdrasil / Build & Test (macOS, Go 1.22) (push) Has been cancelled
Details
Yggdrasil / Build & Test (macOS, Go 1.23) (push) Has been cancelled
Details
Yggdrasil / Build & Test (macOS, Go 1.24) (push) Has been cancelled
Details
Yggdrasil / Build (Cross freebsd, Go 1.22) (push) Has been cancelled
Details
Yggdrasil / Build (Cross freebsd, Go 1.23) (push) Has been cancelled
Details
Yggdrasil / Build (Cross freebsd, Go 1.24) (push) Has been cancelled
Details
Yggdrasil / Build (Cross openbsd, Go 1.22) (push) Has been cancelled
Details
Yggdrasil / Build (Cross openbsd, Go 1.23) (push) Has been cancelled
Details
Yggdrasil / Build (Cross openbsd, Go 1.24) (push) Has been cancelled
Details
Yggdrasil / All tests passed (push) Has been cancelled
Details
2025-03-31 10:18:57 +01:00
patrini32
73705ff09d
Typo fix (#1232)
Some checks failed
Yggdrasil / Analyse (push) Has been cancelled
Details
Yggdrasil / Lint (push) Has been cancelled
Details
Yggdrasil / Build & Test (Linux, Go 1.22) (push) Has been cancelled
Details
Yggdrasil / Build & Test (Linux, Go 1.23) (push) Has been cancelled
Details
Yggdrasil / Build & Test (Linux, Go 1.24) (push) Has been cancelled
Details
Yggdrasil / Build & Test (Windows, Go 1.22) (push) Has been cancelled
Details
Yggdrasil / Build & Test (Windows, Go 1.23) (push) Has been cancelled
Details
Yggdrasil / Build & Test (Windows, Go 1.24) (push) Has been cancelled
Details
Yggdrasil / Build & Test (macOS, Go 1.22) (push) Has been cancelled
Details
Yggdrasil / Build & Test (macOS, Go 1.23) (push) Has been cancelled
Details
Yggdrasil / Build & Test (macOS, Go 1.24) (push) Has been cancelled
Details
Yggdrasil / Build (Cross freebsd, Go 1.22) (push) Has been cancelled
Details
Yggdrasil / Build (Cross freebsd, Go 1.23) (push) Has been cancelled
Details
Yggdrasil / Build (Cross freebsd, Go 1.24) (push) Has been cancelled
Details
Yggdrasil / Build (Cross openbsd, Go 1.22) (push) Has been cancelled
Details
Yggdrasil / Build (Cross openbsd, Go 1.23) (push) Has been cancelled
Details
Yggdrasil / Build (Cross openbsd, Go 1.24) (push) Has been cancelled
Details
Yggdrasil / All tests passed (push) Has been cancelled
Details
2025-02-20 09:45:49 +00:00
Neil Alexander
3b18909f70
Update dependencies
Some checks failed
Yggdrasil / Lint (push) Has been cancelled
Details
Yggdrasil / Analyse (push) Has been cancelled
Details
Yggdrasil / Build & Test (Linux, Go 1.22) (push) Has been cancelled
Details
Yggdrasil / Build & Test (Linux, Go 1.23) (push) Has been cancelled
Details
Yggdrasil / Build & Test (Linux, Go 1.24) (push) Has been cancelled
Details
Yggdrasil / Build & Test (Windows, Go 1.22) (push) Has been cancelled
Details
Yggdrasil / Build & Test (Windows, Go 1.23) (push) Has been cancelled
Details
Yggdrasil / Build & Test (Windows, Go 1.24) (push) Has been cancelled
Details
Yggdrasil / Build & Test (macOS, Go 1.22) (push) Has been cancelled
Details
Yggdrasil / Build & Test (macOS, Go 1.23) (push) Has been cancelled
Details
Yggdrasil / Build & Test (macOS, Go 1.24) (push) Has been cancelled
Details
Yggdrasil / Build (Cross freebsd, Go 1.22) (push) Has been cancelled
Details
Yggdrasil / Build (Cross freebsd, Go 1.23) (push) Has been cancelled
Details
Yggdrasil / Build (Cross freebsd, Go 1.24) (push) Has been cancelled
Details
Yggdrasil / Build (Cross openbsd, Go 1.22) (push) Has been cancelled
Details
Yggdrasil / Build (Cross openbsd, Go 1.23) (push) Has been cancelled
Details
Yggdrasil / Build (Cross openbsd, Go 1.24) (push) Has been cancelled
Details
Yggdrasil / All tests passed (push) Has been cancelled
Details
2025-02-18 12:57:58 +00:00
Neil Alexander
58b727d1f0
Add Go 1.24 to CI 2025-02-18 12:52:21 +00:00
Klemens Nanni
782c0250d7
Use pledge(2) on OpenBSD (#1215) 
Straight forward thanks to all privileged operations being done early
enough during startup.
 2024-12-22 11:04:26 +00:00
Neil Alexander
213f72b840
Yggdrasil 0.5.12 2024-12-18 22:34:30 +00:00
Neil Alexander
1fbcf3b3c2
Rename latency_ms to latency in getPeers response since it isn't even milliseconds anymore 2024-12-18 22:21:23 +00:00
Peter Gervai
22bc9c44e2
genkeys print the number of generated keys (#1217) 
It is good to know how many resources have we carelessly wasted. :-)
 2024-12-18 19:56:46 +00:00
Neil
9c73bacab9
Update to Go 1.22, quic-go/quic-go@v0.48.2 (#1218) 
Our dependencies are now moving beyond Go 1.21 so need to update.

Co-authored-by: Neil Alexander <neilalexander@users.noreply.github.com>
 2024-12-13 23:33:26 +00:00
Neil Alexander
04be129878
Update to Arceliar/ironwood@743fe2f 2024-12-13 23:12:36 +00:00
Neil Alexander
657f7e0db3
Fix empty user/group detection on chuser 
This should fix #1216.
 2024-12-13 16:55:25 +00:00
Neil
7adf5f18b7
Yggdrasil 0.5.11 (#1214) 
Changelog updates.

Co-authored-by: Neil Alexander <neilalexander@users.noreply.github.com>
 2024-12-12 19:26:54 +00:00
Neil Alexander
69451fe969
Specify TLS 1.2-TLS 1.3 supported range for client connections 
Should fix #1208.
 2024-12-12 19:07:55 +00:00
Klemens Nanni
2d587740c1
genkeys, yggdrasilctl: Use pledge(2) on OpenBSD (#1193) 
Restrict system operations of CLI tools with
https://man.openbsd.org/pledge.2.

https://pkg.go.dev/suah.dev/protect abstracts the OS specific code, i.e.
is a NOOP on non-OpenBSD systems.

This PR is to gauge upstream interest in this direction; my OpenBSD port
of yggdrasil already pledges the daemon,
resulting in minimal runtime privileges, but there are still a few rough
edges:

https://github.com/jasperla/openbsd-wip/blob/master/net/yggdrasil/patches/patch-cmd_yggdrasil_main_go#L80

---------

Co-authored-by: Neil <git@neilalexander.dev>
 2024-12-12 18:48:24 +00:00
Neil Alexander
b2b0396d48
Update dependencies 2024-12-12 18:42:53 +00:00
Klemens Nanni
83ec58afc7
Use unveil(2) on OpenBSD (#1194) 
After #1175 removed ioctl(2) fallback code shelling out to ifconfig(8),
there is no code left (compiled on OpenBSD) that would fork(2) or
execve(2).

Drop the ability to run any executable file to double down on this, thus
reducing the attack surface of this this experimental, internet facing
daemon running as root.

pledge(2) is doable, but needs more polish.
unveil(2), however, is as simple as it gets.

On other systems, this code is a NOOP, but can still help to implement
similar safety belts.
 2024-12-12 18:37:02 +00:00
Neil Alexander
b436052b2d
Update to Arceliar/ironwood@9deb08d 2024-12-10 19:02:13 +00:00
Neil
3ed4a92288
Yggdrasil 0.5.10 (#1207) 
Changelog updates.

Co-authored-by: Neil Alexander <neilalexander@users.noreply.github.com>
 2024-11-24 12:56:24 +00:00
Neil Alexander
bdb2d399c5
Update dependencies 2024-11-23 14:55:14 +00:00
Neil Alexander
7790a19e4c
New detail in getMulticastInterfaces admin endpoint 2024-11-23 14:49:48 +00:00
Neil Alexander
d3b4de46ea
Improvements to how link shutdowns are handled 2024-11-23 13:43:34 +00:00
Neil Alexander
2454970e4d
Tweaks to configuration 2024-11-22 09:47:33 +00:00
Neil Alexander
b98f98318f
Tweaks to link handling 2024-11-22 09:44:30 +00:00
Neil Alexander
ff9e90c5aa
Update link cost calculation and next-hop selection (update to Arceliar/ironwood@75a6e82) 2024-11-22 09:31:38 +00:00
Neil
9398cae230
Expose download/upload rate per peer (#1206) 2024-11-19 08:42:27 +00:00
Klemens Nanni
c22a746a1d
Rewrite chuser() for simplicity and correctness (#1203) 
- Use unambiguous variable names (w/o package name conflict).
- Fail on invalid input such as the empty string or `:`.
- Do not change group without user, i.e. fail on `:group`.
- Parse input using mnemonic APIs.
- Do not juggle between integer types.
- Unset supplementary groups.
- Use set[ug]id(2) to follow the idiom of OpenBSD base programs.
  (cannot use setres[ug]id(2) as macOS does not have them.)

Includes/Supersedes #1202.
Fixes #927.

I only tested on OpenBSD (so far), but other systems should just work.
 2024-11-17 21:37:07 +00:00
Neil Alexander
67ec5a92b3
Fix some lint issues 2024-11-17 21:29:26 +00:00
Neil Alexander
42873be09b
Reusable peer lookup/dial logic 2024-11-17 21:14:54 +00:00
Klemens Nanni
75d2080e53
Set groups when dropping privileges to not leak supplementary group access (#1202) 
Changing the real and effective user/group IDs and the saved
set-user/group-ID is not enough to get rid of intial access permissions.

The list of groups must be cleared also, otherwise a process changing
from, e.g. `root:root` to `nobody:nobody` retains rights to access
`:wheel` files (assuming `root` is a member of the `wheel` group).

For example:
```
# id
uid=0(root) gid=0(wheel) groups=0(wheel), 2(kmem), 3(sys), 4(tty), 5(operator), 20(staff), 31(guest)
# ./yggdrasil -autoconf -logto /dev/null -user nobody &
[1] 4337
# ps -o command,user,group,supgrp -U nobody
COMMAND          USER     GROUP    SUPGRP
./yggdrasil -aut nobody   nobody   wheel,kmem,sys,tty,operator,staff,guest
```

Fix that so the process runs as mere
```
COMMAND          USER     GROUP    SUPGRP
./yggdrasil -aut nobody   nobody   nobody
```

Fixes #927.
 2024-11-11 19:28:28 +00:00
Klemens Nanni
834680045a
Create admin socket synchronously before privdrop (#1201) 
Creating UNIX sockets the listen() goroutine that races against the main
one dropping to an unprivileged user may cause startup failure when
privdrop happens before privileged filesystem access.

Setup or fail in New() and only do listen(2) in listen() to avoid this.

```
# yggdrasil -autoconf -user nobody
2024/11/03 21:15:27 Build name: yggdrasil-go
2024/11/03 21:15:27 Build version: 0.5.9
...
2024/11/03 21:15:27 Admin socket failed to listen: listen unix /var/run/yggdrasil.sock: bind: permission denied
```

Rerun, now the order is flipped:
```
# yggdrasil -autoconf -user nobody
2024/11/03 21:15:34 Build name: yggdrasil-go
2024/11/03 21:15:34 Build version: 0.5.9
[...]
2024/11/03 21:15:34 UNIX admin socket listening on /var/run/yggdrasil.sock
[...]
```

Fixes #927.
 2024-11-11 19:27:02 +00:00
Neil Alexander
eef613993f
Raise link error when SNI supplied on unsupported link type 
Closes #1196
 2024-10-27 21:06:56 +00:00
Neil Alexander
ff0ef7ff56
Update comments in default configuration file 2024-10-27 20:59:05 +00:00
Neil Alexander
ef110b0181
Update Debian package metadata 2024-10-27 20:38:15 +00:00