Currently the installer is recompiled everytime a file is missing, even
if the file has been missing before and after the last compilation.
That is because rerun-if-changed on a nonexistent filepath constantly
busts the cache.
v0.11.0 shipped a daemon binary that built fine but didn't actually serve
a working frontend. CI was green. Nothing in the pipeline asserted that
the built binary comes up and serves something.
Add daemon/tests/smoke.rs as an integration test that spawns the built
binary against a tempdir-backed config with debug_mode = true, picks an
ephemeral port, and asserts:
- GET /index.html is 2xx and the decompressed body contains "Rayhunter"
- GET /api/qmdl-manifest is 2xx
- the daemon exits cleanly on SIGINT
Captures the daemon's stderr into a buffer so startup/shutdown failures
print actionable context instead of just "did not start listening".
Runs as part of the regular cargo test invocation, no new CI job.
For the smoke test (and #826) to work, the daemon needs to come up on a
PC without /dev/diag, a screen, or wpa_supplicant. The DIAG read thread,
display driver, and key input were already gated on debug_mode. Gate the
two remaining device-dependent workers the same way:
- run_battery_notification_worker (polls battery sysfs paths)
- wifi_station::run_wifi_client (talks to wpa_supplicant)
doc/installing-from-source.md gains a "Running the daemon on your PC"
section. doc/porting.md drops its duplicate debug_mode line and links to
the new section.
Closes#826.
https://github.com/EFForg/rayhunter/pull/888 contained an entire set of
iptables rules to ensure that no traffic leaked.
We know that many of these devices are fairly insecure, that's how we
get rayhunter installed on most of them. But if an attacker already is
able to run commands on this device, they are most likely going to be
able to run iptables -F too. We should discuss real threatmodels before
adding stuff like this, because messing with iptables also just makes
accidental bricking more likely (see the moxee disk space fiasco)
PR #998 was supposed to filter dependabot PRs to security updates only.
But applies-to was on the wrong level of nesting.
Also renamed the group from "dependency-type" to "security", right now
we get PRs like "Bump the dependency-type group in /installer-gui with 7
updates#1010"
Search for applies-to on this page:
https://docs.github.com/en/code-security/reference/supply-chain-security/dependabot-options-reference
-- it's on the same level as patterns.
This PR was fully AI-generated, description hand-written though.
* Add support for WebDAV
* Fix get_unuploaded_entries_with_age to use start_time
* Use better pattern when matching join! result
Co-authored-by: Markus Unterwaditzer <markus-github@unterwaditzer.net>
* Refactor Webdav with better string ownership
* Unformat Cargo.toml
* Add timeout config
* Use a single url config instead of host and path
* QMDL store returns single unuploaded entry at a time
* Reset Cargo.lock
---------
Co-authored-by: Markus Unterwaditzer <markus-github@unterwaditzer.net>
