chore: run coder connect networking from launchdaemon

Author: ethanndickson

Coder-Desktop/Coder-Desktop/HelperService.swift

@@ -12,10 +12,8 @@ extension CoderVPNService{
 func setupHelper()async{
 refreshHelperState()
 switch helperState {
-case.uninstalled,.failed:
-awaitinstallHelper()
-case.installed:
-uninstallHelper()
+case.uninstalled,.failed,.installed:
+awaituninstallHelper()
 awaitinstallHelper()
 case.requiresApproval,.installing:
 break
@@ -63,10 +61,10 @@ extension CoderVPNService{
  helperState =.failed(.unknown(lastUnknownError?.localizedDescription ??"Unknown"))
 }
 
-privatefunc uninstallHelper(){
+privatefunc uninstallHelper()async{
 letdaemon=SMAppService.daemon(plistName: plistName)
 do{
-try daemon.unregister()
+tryawaitdaemon.unregister()
 }catchlet error as NSError{
  helperState =.failed(.init(error: error))
 }catch{

Coder-Desktop/Coder-Desktop/VPN/VPNService.swift

@@ -57,7 +57,7 @@ enum VPNServiceError: Error, Equatable{
 @MainActor
 finalclassCoderVPNService:NSObject,VPNService{
 varlogger=Logger(subsystem:Bundle.main.bundleIdentifier!, category:"vpn")
- lazy varxpc:VPNXPCInterface=.init(vpn:self)
+ lazy varxpc:AppXPCListener=.init(vpn:self)
 
 @PublishedvartunnelState:VPNServiceState=.disabled {
  didSet {
@@ -158,10 +158,10 @@ final class CoderVPNService: NSObject, VPNService{
 }
 }
 
-func onExtensionPeerUpdate(_ data:Data){
+func onExtensionPeerUpdate(_ diff:Data){
  logger.info("network extension peer update")
 do{
-letmsg=tryVpn_PeerUpdate(serializedBytes:data)
+letmsg=tryVpn_PeerUpdate(serializedBytes:diff)
 debugPrint(msg)
 applyPeerUpdate(with: msg)
 }catch{
@@ -219,16 +219,18 @@ extension CoderVPNService{
 break
  // Non-connecting -> Connecting: Establish XPC
 case(_,.connecting):
- xpc.connect()
- xpc.ping()
+ // Detached to run ASAP
+ // TODO: Switch to `Task.immediate` once stable
+Task.detached{try?awaitself.xpc.ping()}
  tunnelState =.connecting
  // Non-connected -> Connected:
  // - Retrieve Peers
  // - Run `onStart` closure
 case(_,.connected):
 onStart?()
- xpc.connect()
- xpc.getPeerState()
+ // Detached to run ASAP
+ // TODO: Switch to `Task.immediate` once stable
+Task.detached{try?awaitself.xpc.getPeerState()}
  tunnelState =.connected
  // Any -> Reasserting
 case(_,.reasserting):

Coder-Desktop/Coder-Desktop/Views/LoginForm.swift

@@ -192,13 +192,13 @@ struct LoginForm: View{
 @discardableResult
 func validateURL(_ url:String)throws(LoginError)->URL{
 guardlet url =URL(string: url)else{
-throwLoginError.invalidURL
+throw.invalidURL
 }
 guard url.scheme =="https"else{
-throwLoginError.httpsRequired
+throw.httpsRequired
 }
 guard url.host !=nilelse{
-throwLoginError.noHost
+throw.noHost
 }
 return url
 }

Coder-Desktop/Coder-Desktop/XPCInterface.swift

@@ -3,112 +3,98 @@ import NetworkExtension
 import os
 import VPNLib
 
-@objcfinalclassVPNXPCInterface:NSObject,VPNXPCClientCallbackProtocol,@uncheckedSendable{
+@objcfinalclassAppXPCListener:NSObject,AppXPCInterface,@uncheckedSendable{
 privatevarsvc:CoderVPNService
-privateletlogger=Logger(subsystem:Bundle.main.bundleIdentifier!, category:"VPNXPCInterface")
-privatevarxpc:VPNXPCProtocol?
+privateletlogger=Logger(subsystem:Bundle.main.bundleIdentifier!, category:"AppXPCListener")
+privatevarconnection:NSXPCConnection?
 
 init(vpn:CoderVPNService){
  svc = vpn
  super.init()
 }
 
-func connect(){
- logger.debug("VPN xpc connect called")
-guard xpc ==nilelse{
- logger.debug("VPN xpc already exists")
-return
+func connect()->NSXPCConnection{
+iflet connection {
+return connection
 }
-letnetworkExtDict=Bundle.main.object(forInfoDictionaryKey:"NetworkExtension")as?[String:Any]
-letmachServiceName=networkExtDict?["NEMachServiceName"]as?String
-letxpcConn=NSXPCConnection(machServiceName: machServiceName!)
- xpcConn.remoteObjectInterface =NSXPCInterface(with:VPNXPCProtocol.self)
- xpcConn.exportedInterface =NSXPCInterface(with:VPNXPCClientCallbackProtocol.self)
-guardlet proxy = xpcConn.remoteObjectProxy as?VPNXPCProtocolelse{
-fatalError("invalid xpc cast")
-}
- xpc = proxy
-
- logger.debug("connecting to machServiceName: \(machServiceName!)")
 
- xpcConn.exportedObject =self
- xpcConn.invalidationHandler ={[logger]in
-Task{@MainActorin
- logger.error("VPN XPC connection invalidated.")
-self.xpc =nil
-self.connect()
-}
-}
- xpcConn.interruptionHandler ={[logger]in
-Task{@MainActorin
- logger.error("VPN XPC connection interrupted.")
-self.xpc =nil
-self.connect()
-}
+letconnection=NSXPCConnection(
+ machServiceName: helperAppMachServiceName,
+ options:.privileged
+)
+ connection.remoteObjectInterface =NSXPCInterface(with:HelperAppXPCInterface.self)
+ connection.exportedInterface =NSXPCInterface(with:AppXPCInterface.self)
+ connection.exportedObject =self
+ connection.invalidationHandler ={
+self.logger.error("XPC connection invalidated")
+self.connection =nil
+ _ =self.connect()
 }
- xpcConn.resume()
-}
-
-func ping(){
- xpc?.ping{
-Task{@MainActorin
-self.logger.info("Connected to NE over XPC")
-}
+ connection.interruptionHandler ={
+self.logger.error("XPC connection interrupted")
+self.connection =nil
+ _ =self.connect()
 }
+ logger.info("connecting to \(helperAppMachServiceName)")
+ connection.resume()
+self.connection = connection
+return connection
 }
 
-funcgetPeerState(){
-xpc?.getPeerState{ data in
-Task{@MainActorin
-self.svc.onExtensionPeerState(data)
-}
+funconPeerUpdate(_ diff:Data, reply:@escaping()->Void){
+letreply=CompletionWrapper(reply)
+Task{@MainActorin
+ svc.onExtensionPeerUpdate(diff)
+reply()
 }
 }
 
-func onPeerUpdate(_ data:Data){
+func onProgress(stage:ProgressStage, downloadProgress:DownloadProgress?, reply:@escaping()->Void){
+letreply=CompletionWrapper(reply)
 Task{@MainActorin
- svc.onExtensionPeerUpdate(data)
+ svc.onProgress(stage: stage, downloadProgress: downloadProgress)
+reply()
 }
 }
+}
 
-func onProgress(stage:ProgressStage, downloadProgress:DownloadProgress?){
-Task{@MainActorin
- svc.onProgress(stage: stage, downloadProgress: downloadProgress)
+// These methods are called to request updatess from the Helper.
+extensionAppXPCListener{
+func ping()asyncthrows{
+letconn=connect()
+returntryawaitwithCheckedThrowingContinuation{ continuation in
+guardlet proxy = conn.remoteObjectProxyWithErrorHandler({ err in
+self.logger.error("failed to connect to HelperXPC \(err.localizedDescription, privacy:.public)")
+ continuation.resume(throwing: err)
+})as?HelperAppXPCInterfaceelse{
+self.logger.error("failed to get proxy for HelperXPC")
+ continuation.resume(throwing:XPCError.wrongProxyType)
+return
+}
+ proxy.ping{
+self.logger.info("Connected to Helper over XPC")
+ continuation.resume()
+}
 }
 }
 
- // The NE has verified the dylib and knows better than Gatekeeper
-func removeQuarantine(path:String, reply:@escaping(Bool)->Void){
-letreply=CallbackWrapper(reply)
-Task{@MainActorin
-letprompt="""
- Coder Desktop wants to execute code downloaded from \
-\(svc.serverAddress ??"the Coder deployment"). The code has been \
- verified to be signed by Coder.
-"""
-letsource="""
- do shell script "xattr -d com.apple.quarantine \(path)"\
- with prompt "\(prompt)"\
- with administrator privileges
-"""
-letsuccess=awaitwithCheckedContinuation{ continuation in
-guardlet script =NSAppleScript(source: source)else{
- continuation.resume(returning:false)
-return
-}
- // Run on a background thread
-Task.detached{
-varerror:NSDictionary?
- script.executeAndReturnError(&error)
-iflet error {
-self.logger.error("AppleScript error: \(error)")
- continuation.resume(returning:false)
-}else{
- continuation.resume(returning:true)
-}
+func getPeerState()asyncthrows{
+letconn=connect()
+returntryawaitwithCheckedThrowingContinuation{ continuation in
+guardlet proxy = conn.remoteObjectProxyWithErrorHandler({ err in
+self.logger.error("failed to connect to HelperXPC \(err.localizedDescription, privacy:.public)")
+ continuation.resume(throwing: err)
+})as?HelperAppXPCInterfaceelse{
+self.logger.error("failed to get proxy for HelperXPC")
+ continuation.resume(throwing:XPCError.wrongProxyType)
+return
+}
+ proxy.getPeerState{ data in
+Task{@MainActorin
+self.svc.onExtensionPeerState(data)
 }
+ continuation.resume()
 }
-reply(success)
 }
 }
 }