Mirror/rayhunter
1
0
Fork 0
mirror of https://github.com/EFForg/rayhunter.git synced 2026-05-06 11:59:08 -07:00
Code Issues Packages Projects Releases Wiki Activity
1,121 Commits 14 Branches 29 Tags
bf08066c584d45bc7b2bad3698334c60a8dc6eeb
Commit Graph

1121 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Brad Warren
bf08066c58 run cargo update tauri --precise 2.10.3 2026-04-16 12:59:04 -07:00
dependabot[bot]
d5f01847fc Bump the dependency-type group in /installer-gui with 18 updates 
Dependabot couldn't find the original pull request head commit, ecdd7baeae.
 2026-04-16 12:59:04 -07:00
Markus Unterwaditzer
ca30a146b2 Fix clippy for Rust 1.95 2026-04-16 12:31:08 -07:00
Markus Unterwaditzer
a1a29b5ec8 Upgrade rustls-webpki to fix CVE 
We have two versions of rustls-webpki in our deptree:

- One used in the ring backend, which we're upgrading here
- One used in the rustcrypto backend, which we can't upgrade and
  therefore have to ignore the CVE anyway.

The ring backend is the one we actually use in release builds.
rustcrypto is only used during development builds to make compilation
simpler.
 2026-04-16 10:13:53 -07:00
Markus Unterwaditzer
dc1d193b8e Move from ring to aws-lc-rs 
There is some recent progress on quantum computers being discussed on
HackerNews and lobste.rs, and as a result of that timelines for when PQ
crypto would become essentially mandatory are being adjusted. Example:
https://words.filippo.io/crqc-timeline/

We pretty much have only one place in this entire codebase where any
sort of crypto happens, which is HTTPS for notifications support.

It seems that ring has essentially no plans to support PQ crypto for our
purposes. rustls/rustls#2801 briansmith/ring#1685

There's not really a reason to stick with ring, other than that it is a
prod-ready backend. But so is aws-lc-rs, and it seems to be the way
forward if you want PQ crypto today. Maybe that will change again in a
few years.

**The local dev workflow stays the same**, `cargo
build-daemon-firmware-devel` still uses rustcrypto which doesn't require
CC and doesn't have PQ crypto at all. We have no contribution docs for
how to build anything else anyway.

**Implementation:**

This opens a can of worms in building rayhunter-daemon in CI: We're
currently building ring using GCC cross-compilation toolchain from
Debian, which will build ring against **glibc**. Then we take that
library and try to link it against MUSL libc. The reason this works is
because ring's libc usage is very minimal, and the required symbols end
up being just the same as what MUSL libc exposes. The same can't be said
for aws-lc:

```
error: linking with `rust-lld` failed: exit status: 1
    = note: rust-lld: error: undefined symbol: __nanosleep64
            >>> referenced by urandom.c
            >>>               urandom.c.o:(do_backoff) in archive
```

So we fix that and link everything we build against MUSL libc (something
we should've done from the start anyway). The problem is that Debian
doesn't ship a MUSL cross-compilation toolchain, and the toolchain
available on https://musl.cc should not be downloaded directly in CI.
Which leaves us with a docker container from messense... That docker
container seems to be extremely popular for cross compilation across
GitHub projects, at least. I couldn't get other options to run reliably
(cross), or they were a too extreme change for my taste (using zig cc)
 2026-04-16 10:12:24 -07:00
dependabot[bot]
11608427bb Bump the dependency-type group in /tools with 4 updates 
Bumps the dependency-type group in /tools with 4 updates: [asn1tools](https://github.com/eerimoq/asn1tools), [bitstruct](https://github.com/eerimoq/bitstruct), [pycrate](https://github.com/pycrate-org/pycrate) and [pyparsing](https://github.com/pyparsing/pyparsing).


Updates `asn1tools` from 0.166.0 to 0.167.0
- [Release notes](https://github.com/eerimoq/asn1tools/releases)
- [Commits](https://github.com/eerimoq/asn1tools/compare/0.166.0...0.167.0)

Updates `bitstruct` from 8.19.0 to 8.22.1
- [Commits](https://github.com/eerimoq/bitstruct/compare/8.19.0...8.22.1)

Updates `pycrate` from 0.7.8 to 0.7.11
- [Release notes](https://github.com/pycrate-org/pycrate/releases)
- [Commits](https://github.com/pycrate-org/pycrate/compare/0.7.8...0.7.11)

Updates `pyparsing` from 3.1.2 to 3.3.2
- [Release notes](https://github.com/pyparsing/pyparsing/releases)
- [Changelog](https://github.com/pyparsing/pyparsing/blob/master/CHANGES)
- [Commits](https://github.com/pyparsing/pyparsing/compare/pyparsing_3.1.2...3.3.2)

---
updated-dependencies:
- dependency-name: asn1tools
  dependency-version: 0.167.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependency-type
- dependency-name: bitstruct
  dependency-version: 8.22.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependency-type
- dependency-name: pycrate
  dependency-version: 0.7.11
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependency-type
- dependency-name: pyparsing
  dependency-version: 3.3.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependency-type
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-04-15 11:16:12 -07:00
Markus Unterwaditzer
1bab75830b Use grouped dependabot updates 
When there is a CVE in some JS package, it seems to coincide with an
avalanche of security releases of random other packages.

Dependabot can actually create bulk PRs, let's try those.
 2026-04-15 20:12:37 +02:00
Markus Unterwaditzer
853ad3763c apply suggestions from code review (github UI is broken) 2026-04-15 10:58:17 -07:00
Markus Unterwaditzer
059a5028d1 Update doc/porting.md 
Co-authored-by: Cooper Quintin <cooperq@users.noreply.github.com>
 2026-04-15 10:58:17 -07:00
Ember
c1270cc3e9 Suggested edits 2026-04-15 10:58:17 -07:00
Markus Unterwaditzer
e935904204 Add docs for porting to new devices 2026-04-15 10:58:17 -07:00
Cooper Quintin
87975181c1 Update CONTRIBUTING.md 
Co-authored-by: Markus Unterwaditzer <markus-tarpit+git@unterwaditzer.net>
 2026-04-15 10:57:34 -07:00
Cooper Quintin
c2d8d55296 limit PR to 400 LOC 2026-04-15 10:57:34 -07:00
Jack Lund
188bf812b4 Add notification timeout 
Adds a default timeout of 10 seconds for sending notifications so they
don't hang indefinitely. This can happen if the server connected to is
not responding or the case where there's a SIM card in the device, but
it's unactivated so that DNS works but the connection doesn't
 2026-04-13 18:17:42 +02:00
dependabot[bot]
ccd96de5cc Bump vite from 6.4.1 to 6.4.2 in /installer-gui 
Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 6.4.1 to 6.4.2.
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/v6.4.2/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v6.4.2/packages/vite)

---
updated-dependencies:
- dependency-name: vite
  dependency-version: 6.4.2
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-04-06 15:41:18 -07:00
dependabot[bot]
a3072a2632 Bump vite from 7.1.11 to 7.3.2 in /daemon/web 
Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 7.1.11 to 7.3.2.
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/v7.3.2/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v7.3.2/packages/vite)

---
updated-dependencies:
- dependency-name: vite
  dependency-version: 7.3.2
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-04-07 00:14:54 +02:00
Markus Unterwaditzer
0580a8af33 Revise moxee warning 
Ref #865

I think we should still make it clear the Orbic is a better device, but
there's not really any danger anymore.
 2026-03-30 15:12:12 -07:00
Markus Unterwaditzer
a80a985b40 Fix wrong docs on key input 
We explain in the docs what this key input mode actually does, but it is
named poorly.

ref #952.
 2026-03-30 15:11:45 -07:00
Markus Unterwaditzer
228596ef30 Bump tower to 0.5.3 
There are no important changes in the new tower version. The only reason
i'm bumping it is because it exposes our mis-configuration of tokio: We
depend on API surface enabled by `io-std`, but don't enable that
feature. Tower 0.5.2 pulls in that feature though, and our code works
anyway. Tower 0.5.3 no longer requires this feature and our code stops
compiling.
 2026-03-30 15:10:59 -07:00
Markus Unterwaditzer
a7409b281b Move config form to modal 
It's pretty annoying to have to scroll past all the old recordings to
be able to set the config. Since logs we already have figured out how to
create modals, so let's reuse that code.
 2026-03-30 15:10:12 -07:00
dependabot[bot]
6a57bdebc4 Bump picomatch from 2.3.1 to 2.3.2 in /installer-gui 
Bumps [picomatch](https://github.com/micromatch/picomatch) from 2.3.1 to 2.3.2.
- [Release notes](https://github.com/micromatch/picomatch/releases)
- [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md)
- [Commits](https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2)

---
updated-dependencies:
- dependency-name: picomatch
  dependency-version: 2.3.2
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-26 14:14:11 +01:00
dependabot[bot]
7cb405c465 Bump picomatch from 2.3.1 to 2.3.2 in /daemon/web 
Bumps [picomatch](https://github.com/micromatch/picomatch) from 2.3.1 to 2.3.2.
- [Release notes](https://github.com/micromatch/picomatch/releases)
- [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md)
- [Commits](https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2)

---
updated-dependencies:
- dependency-name: picomatch
  dependency-version: 2.3.2
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-26 14:14:09 +01:00
Ember
bada3846dc Get rid of the 'verify' which is flakey 2026-03-26 11:44:23 +01:00
Ember
f0849340cf Improve Moxee/orbic Wingtech/tmobile installers for network stability 2026-03-26 11:44:23 +01:00
Terence
512cf784a7 provide additional info to help users set up for frontend dev environment (#917) 2026-03-25 20:09:24 +01:00
dependabot[bot]
100960bbe1 Bump flatted from 3.3.3 to 3.4.2 in /installer-gui 
Bumps [flatted](https://github.com/WebReflection/flatted) from 3.3.3 to 3.4.2.
- [Commits](https://github.com/WebReflection/flatted/compare/v3.3.3...v3.4.2)

---
updated-dependencies:
- dependency-name: flatted
  dependency-version: 3.4.2
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-22 14:03:42 +01:00
dependabot[bot]
9d275e1793 Bump flatted from 3.3.3 to 3.4.2 in /daemon/web 
Bumps [flatted](https://github.com/WebReflection/flatted) from 3.3.3 to 3.4.2.
- [Commits](https://github.com/WebReflection/flatted/compare/v3.3.3...v3.4.2)

---
updated-dependencies:
- dependency-name: flatted
  dependency-version: 3.4.2
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-22 13:08:45 +01:00
dependabot[bot]
fd190c4b75 Bump quinn-proto from 0.11.12 to 0.11.14 
Bumps [quinn-proto](https://github.com/quinn-rs/quinn) from 0.11.12 to 0.11.14.
- [Release notes](https://github.com/quinn-rs/quinn/releases)
- [Commits](https://github.com/quinn-rs/quinn/compare/quinn-proto-0.11.12...quinn-proto-0.11.14)

---
updated-dependencies:
- dependency-name: quinn-proto
  dependency-version: 0.11.14
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-16 15:55:12 +01:00
dependabot[bot]
ff838c41fa Bump devalue from 5.6.3 to 5.6.4 in /daemon/web 
Bumps [devalue](https://github.com/sveltejs/devalue) from 5.6.3 to 5.6.4.
- [Release notes](https://github.com/sveltejs/devalue/releases)
- [Changelog](https://github.com/sveltejs/devalue/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sveltejs/devalue/compare/v5.6.3...v5.6.4)

---
updated-dependencies:
- dependency-name: devalue
  dependency-version: 5.6.4
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-12 11:25:27 -07:00
dependabot[bot]
a031e8ccfc Bump devalue from 5.6.3 to 5.6.4 in /installer-gui 
Bumps [devalue](https://github.com/sveltejs/devalue) from 5.6.3 to 5.6.4.
- [Release notes](https://github.com/sveltejs/devalue/releases)
- [Changelog](https://github.com/sveltejs/devalue/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sveltejs/devalue/compare/v5.6.3...v5.6.4)

---
updated-dependencies:
- dependency-name: devalue
  dependency-version: 5.6.4
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-12 11:13:04 -07:00
Brad Warren
a6f5faa80e wrap report in $derived 2026-03-04 15:44:35 -08:00
dependabot[bot]
43f1dfce64 Bump svelte from 5.39.10 to 5.53.6 in /daemon/web 
Bumps [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte) from 5.39.10 to 5.53.6.
- [Release notes](https://github.com/sveltejs/svelte/releases)
- [Changelog](https://github.com/sveltejs/svelte/blob/main/packages/svelte/CHANGELOG.md)
- [Commits](https://github.com/sveltejs/svelte/commits/svelte@5.53.6/packages/svelte)

---
updated-dependencies:
- dependency-name: svelte
  dependency-version: 5.53.6
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-04 15:44:35 -08:00
dependabot[bot]
54adaf913d Bump @sveltejs/kit from 2.49.5 to 2.53.0 in /daemon/web 
Bumps [@sveltejs/kit](https://github.com/sveltejs/kit/tree/HEAD/packages/kit) from 2.49.5 to 2.53.0.
- [Release notes](https://github.com/sveltejs/kit/releases)
- [Changelog](https://github.com/sveltejs/kit/blob/main/packages/kit/CHANGELOG.md)
- [Commits](https://github.com/sveltejs/kit/commits/@sveltejs/kit@2.53.0/packages/kit)

---
updated-dependencies:
- dependency-name: "@sveltejs/kit"
  dependency-version: 2.53.0
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-03 15:29:21 -08:00
dependabot[bot]
ab418ecc84 Bump devalue from 5.6.2 to 5.6.3 in /daemon/web 
Bumps [devalue](https://github.com/sveltejs/devalue) from 5.6.2 to 5.6.3.
- [Release notes](https://github.com/sveltejs/devalue/releases)
- [Changelog](https://github.com/sveltejs/devalue/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sveltejs/devalue/compare/v5.6.2...v5.6.3)

---
updated-dependencies:
- dependency-name: devalue
  dependency-version: 5.6.3
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-03 15:25:20 -08:00
dependabot[bot]
2fd028dc78 Bump rollup from 4.52.4 to 4.59.0 in /daemon/web 
Bumps [rollup](https://github.com/rollup/rollup) from 4.52.4 to 4.59.0.
- [Release notes](https://github.com/rollup/rollup/releases)
- [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rollup/rollup/compare/v4.52.4...v4.59.0)

---
updated-dependencies:
- dependency-name: rollup
  dependency-version: 4.59.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-03 15:21:42 -08:00
dependabot[bot]
d413840c08 Bump minimatch in /daemon/web 
Bumps  and [minimatch](https://github.com/isaacs/minimatch). These dependencies needed to be updated together.

Updates `minimatch` from 3.1.2 to 3.1.5
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](https://github.com/isaacs/minimatch/compare/v3.1.2...v3.1.5)

Updates `minimatch` from 9.0.5 to 9.0.9
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](https://github.com/isaacs/minimatch/compare/v3.1.2...v3.1.5)

---
updated-dependencies:
- dependency-name: minimatch
  dependency-version: 3.1.5
  dependency-type: indirect
- dependency-name: minimatch
  dependency-version: 9.0.9
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-03 15:20:51 -08:00
Markus Unterwaditzer
2f1b583e00 orbic-network: Disable connection pooling 
Every once in a while, I get the error posted in #901:

    Caused by:
        0: Failed to send login request
        1: error sending request
        2: client error (SendRequest)
        3: connection closed before message completed

(either this or "failed to start telnet" -- in either case there's a
request happening before it, and it's always "connection closed before
message completed")

Disabling connection pooling seems to reduce the amount of flakiness.

Here is what I used to test this fix:

    while echo | cargo run -p installer util orbic-shell --admin-password 96df5476 ; do true; done

Usually it would stop <100 iterations, now it can do 800+ iterations.
 2026-03-03 10:59:42 -08:00
dependabot[bot]
adeeb75166 Bump minimatch in /installer-gui 
Bumps  and [minimatch](https://github.com/isaacs/minimatch). These dependencies needed to be updated together.

Updates `minimatch` from 3.1.2 to 3.1.5
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](https://github.com/isaacs/minimatch/compare/v3.1.2...v3.1.5)

Updates `minimatch` from 9.0.5 to 9.0.9
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](https://github.com/isaacs/minimatch/compare/v3.1.2...v3.1.5)

---
updated-dependencies:
- dependency-name: minimatch
  dependency-version: 3.1.5
  dependency-type: indirect
- dependency-name: minimatch
  dependency-version: 9.0.9
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-02 12:07:03 -08:00
dependabot[bot]
4ca23f37c3 Bump rollup from 4.52.5 to 4.59.0 in /installer-gui 
Bumps [rollup](https://github.com/rollup/rollup) from 4.52.5 to 4.59.0.
- [Release notes](https://github.com/rollup/rollup/releases)
- [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rollup/rollup/compare/v4.52.5...v4.59.0)

---
updated-dependencies:
- dependency-name: rollup
  dependency-version: 4.59.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-02 12:06:24 -08:00
dependabot[bot]
15b80ecdd5 Bump svelte from 5.53.0 to 5.53.6 in /installer-gui 
Bumps [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte) from 5.53.0 to 5.53.6.
- [Release notes](https://github.com/sveltejs/svelte/releases)
- [Changelog](https://github.com/sveltejs/svelte/blob/main/packages/svelte/CHANGELOG.md)
- [Commits](https://github.com/sveltejs/svelte/commits/svelte@5.53.6/packages/svelte)

---
updated-dependencies:
- dependency-name: svelte
  dependency-version: 5.53.6
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-02 12:03:39 -08:00
Lawrence Kwan
c5de9b045a fix: fix typo in connection error message 
Change 'do loss' to 'due to loss' in the connection error message.

Fixes #864
 2026-02-26 14:19:09 -08:00
oopsbagel
37283deddb CONTRIBUTING: add genai policy with links 2026-02-24 14:45:28 -08:00
oopsbagel
49d7bbca34 pr templates: add checkboxes for our genai policy 
This commit introduces checkboxes where users can certify that either
they did not use generative AI to create their pull request, or that
they did but they understand the code and wrote all comments and
descriptions themselves, per our recently publicised open source policy.
 2026-02-24 14:45:28 -08:00
Will Greenberg
a4c32f49ae also bump installer-guis version v0.10.2 2026-02-24 14:25:45 -08:00
Will Greenberg
ec30a9557c bump to v10.2 2026-02-24 14:19:08 -08:00
Markus Unterwaditzer
a7d38730f5 fix botched rebase 2026-02-24 13:42:31 -08:00
Markus Unterwaditzer
d9facdf6cb add one missing single quote 2026-02-24 13:42:31 -08:00
Markus Unterwaditzer
90f49f73c8 slightly better escaping for user input 2026-02-24 13:42:31 -08:00
Markus Unterwaditzer
8aa45f4b53 better errorhandling 2026-02-24 13:42:31 -08:00
Markus Unterwaditzer
d8da6118da Update installer/src/lib.rs 
Co-authored-by: Will Greenberg <willg@eff.org>
 2026-02-24 13:42:31 -08:00