62 lines
1.9 KiB
Bash
Raw Normal View History

#!/bin/bash
export PATH=/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin
VERSION 1.1.0: Win/Mac UI improvements, improved NAT-t, CIRCUIT_TEST, and more! ZeroTier 1.1.0 introduces a number of fixes and improvements in several areas. We incremented the secondary version to indicate the significance of this release. Version numbering has been a bit ad-hoc in the past. In future versions we will adopt the following scheme: odd-numbered revision numbers like 1.1.1 will indicate development versions, while even numbered ones like 1.1.2 will indicate tagged releases. The public git repo branching has also been revised: master will always be the latest tagged release, dev will be usually-working development, and edge will host maybe-broken "bleeding edge" development. Pull requests on GitHub should generally be made against dev, not master or edge. Other branches that may appear from time to time may be feature or experimental branches. Only master is confirmed good, with dev usually being okay but not guaranteed to be such. (To the extent that any software is ever guaranteed to be anything.) Change summary: User-facing changes and improvements: - Windows now has a new .NET-based native UI, which replaces the old WebControl wrapper around the React UI. This just didn't work well on older Windows systems, and we did not want to bundle 40+ megabytes of web browser with our app just for its very simple UI. - The web UI (still used for Mac and usable in Linux as well) is updated with improved look and simplifications. - Both UIs no longer have the "Peers" tab, since several users reported that non- technical users found this confusing and even alarming (does this mean people can access my system?). This information is visibile with "listpeers" from the command line (zerotier-cli). New features: - Virtual networks that use our RFC4193-based IPv6 numbering scheme now emulate IPv6 NDP for queries that target these addresses within the same network. This allows for faster multicast-free connection init and improved security since the address is now hard-wired to the device ID (which is a crypto token). This does not affect IPv6 NDP for other IPv6 addresses or link-local, which will continue to work normally. This also opens the potential for a reduced footprint multicast-free build for embedded applications. - This version includes beta support for a feature called CIRCUIT_TEST. Network controllers for networks you have joined can now send a special message called CIRCUIT_TEST which allows for ZeroTier-layer link testing and remote diagnosis of link issues. Any operator of a network controller can do this; more documentation will be forthcoming. The only information that may be gathered in this way is IP addressing info and very basic system info (OS, 32/64 bit, ZeroTier version). No personal information, hard drive data, location, or other private info is available. This can only be ordered by a controller of a network you have joined and is secured using cryptographic signatures. - This version includes an alpha version of clustering a.k.a. multi-homing! This powerful feature allows for a single ZeroTier device to be run from multiple endpoints, with connecting peers being handed off to endpoints that are closer via GeoIP lookup and/or are more lightly loaded. Currently this is only suitable for use in our soon-to-be-upgraded root server infrastructure (details will be blogged soon), but in the future it will be capable of hosting multi-homed devices on user networks. This will allow things like (for example) a geo- clustered Cassandra server that appears behind a single IP on a virtual LAN. This feature must be enabled with the ZT_ENABLE_CLUSTER=1 build option. Bug fixes and other improvements (including performance!): - A faster version of the Poly1305 cryptographic MAC function was substituted for sometimes greatly improved performance. - C++ STL std::map was replaced throughout the entire core with a hand-rolled Hashtable implementation for improved performance and in some cases a reduced memory footprint. Some maps are still used in peripheral code that is not performance critical or where ordered keys are needed. - The zerotier-cli and zerotier-idtool symbolic links are now created in /usr/local/bin on OSX to comply with El Capitan file security restrictions. - The OSX tap device driver has been updated. This update may fix issues that some users have reported with bridging on OSX. This new tap device driver drops 32-bit support, but if you have a 32-bit system you can manually install the old driver from ext/bin/tap-mac. - Mac users could experience a problem with the UI if they installed ZeroTier, then uninstalled it, then installed again. This is now fixed. - UPnP port mappings should work better on some routers, and a different local port is now used for UPnP mapped traffic vs. NAT-t'd traffic to get around a bug in several popular mid-tier routers where using UPnP mapping alongside traditional NAT traversal made a port unreachable. - Debian package now builds with the right arch label on armv7l systems (Pi 2) - The old "root topology" has been replaced with a similar but better thought out concept called a World. The World defines the root servers and possibly in the future other things, and can be updated in-band from trusted peers allowing for software-upgrade-free network upgrades to keep up with growing demand. See node/World.hpp for details. - A fix was made to "self-awareness," which keeps track of your external IP info and adapts to changes, to eliminate a problem that could cause "link thrashing" behind some symmetric NATs. - Escalating UDP TTLs was re-introduced to better transit some port-restricted cone NATs such as Linux IP MASQ (used for Docker). - An otherwise harmless crash-on-exit bug in the network controller was fixed. - All new direct links are now confirmed in both directions. This adds a very small amount of initial HELLO/OK traffic but fixes some edge cases where an incomplete or unidirectional path might be used. - [SECURITY] Better rate limiting was put in place for VERB_PUSH_DIRECT_PATHS to prevent potential abuse for amplification attacks. - [SECURITY] Build flags were tweaked on OSX to ensure that all code including dependency libraries are built with full stack canary protection and ASLR support. Visit https://www.zerotier.com/blog or follow @ZeroTier on Twitter for updates and announcements!
2015-11-17 11:19:58 -08:00
OSX_RELEASE=`sw_vers -productVersion | cut -d . -f 1,2`
launchctl unload /Library/LaunchDaemons/com.zerotier.one.plist >>/dev/null 2>&1
sleep 0.5
cd "/Library/Application Support/ZeroTier/One"
VERSION 1.1.0: Win/Mac UI improvements, improved NAT-t, CIRCUIT_TEST, and more! ZeroTier 1.1.0 introduces a number of fixes and improvements in several areas. We incremented the secondary version to indicate the significance of this release. Version numbering has been a bit ad-hoc in the past. In future versions we will adopt the following scheme: odd-numbered revision numbers like 1.1.1 will indicate development versions, while even numbered ones like 1.1.2 will indicate tagged releases. The public git repo branching has also been revised: master will always be the latest tagged release, dev will be usually-working development, and edge will host maybe-broken "bleeding edge" development. Pull requests on GitHub should generally be made against dev, not master or edge. Other branches that may appear from time to time may be feature or experimental branches. Only master is confirmed good, with dev usually being okay but not guaranteed to be such. (To the extent that any software is ever guaranteed to be anything.) Change summary: User-facing changes and improvements: - Windows now has a new .NET-based native UI, which replaces the old WebControl wrapper around the React UI. This just didn't work well on older Windows systems, and we did not want to bundle 40+ megabytes of web browser with our app just for its very simple UI. - The web UI (still used for Mac and usable in Linux as well) is updated with improved look and simplifications. - Both UIs no longer have the "Peers" tab, since several users reported that non- technical users found this confusing and even alarming (does this mean people can access my system?). This information is visibile with "listpeers" from the command line (zerotier-cli). New features: - Virtual networks that use our RFC4193-based IPv6 numbering scheme now emulate IPv6 NDP for queries that target these addresses within the same network. This allows for faster multicast-free connection init and improved security since the address is now hard-wired to the device ID (which is a crypto token). This does not affect IPv6 NDP for other IPv6 addresses or link-local, which will continue to work normally. This also opens the potential for a reduced footprint multicast-free build for embedded applications. - This version includes beta support for a feature called CIRCUIT_TEST. Network controllers for networks you have joined can now send a special message called CIRCUIT_TEST which allows for ZeroTier-layer link testing and remote diagnosis of link issues. Any operator of a network controller can do this; more documentation will be forthcoming. The only information that may be gathered in this way is IP addressing info and very basic system info (OS, 32/64 bit, ZeroTier version). No personal information, hard drive data, location, or other private info is available. This can only be ordered by a controller of a network you have joined and is secured using cryptographic signatures. - This version includes an alpha version of clustering a.k.a. multi-homing! This powerful feature allows for a single ZeroTier device to be run from multiple endpoints, with connecting peers being handed off to endpoints that are closer via GeoIP lookup and/or are more lightly loaded. Currently this is only suitable for use in our soon-to-be-upgraded root server infrastructure (details will be blogged soon), but in the future it will be capable of hosting multi-homed devices on user networks. This will allow things like (for example) a geo- clustered Cassandra server that appears behind a single IP on a virtual LAN. This feature must be enabled with the ZT_ENABLE_CLUSTER=1 build option. Bug fixes and other improvements (including performance!): - A faster version of the Poly1305 cryptographic MAC function was substituted for sometimes greatly improved performance. - C++ STL std::map was replaced throughout the entire core with a hand-rolled Hashtable implementation for improved performance and in some cases a reduced memory footprint. Some maps are still used in peripheral code that is not performance critical or where ordered keys are needed. - The zerotier-cli and zerotier-idtool symbolic links are now created in /usr/local/bin on OSX to comply with El Capitan file security restrictions. - The OSX tap device driver has been updated. This update may fix issues that some users have reported with bridging on OSX. This new tap device driver drops 32-bit support, but if you have a 32-bit system you can manually install the old driver from ext/bin/tap-mac. - Mac users could experience a problem with the UI if they installed ZeroTier, then uninstalled it, then installed again. This is now fixed. - UPnP port mappings should work better on some routers, and a different local port is now used for UPnP mapped traffic vs. NAT-t'd traffic to get around a bug in several popular mid-tier routers where using UPnP mapping alongside traditional NAT traversal made a port unreachable. - Debian package now builds with the right arch label on armv7l systems (Pi 2) - The old "root topology" has been replaced with a similar but better thought out concept called a World. The World defines the root servers and possibly in the future other things, and can be updated in-band from trusted peers allowing for software-upgrade-free network upgrades to keep up with growing demand. See node/World.hpp for details. - A fix was made to "self-awareness," which keeps track of your external IP info and adapts to changes, to eliminate a problem that could cause "link thrashing" behind some symmetric NATs. - Escalating UDP TTLs was re-introduced to better transit some port-restricted cone NATs such as Linux IP MASQ (used for Docker). - An otherwise harmless crash-on-exit bug in the network controller was fixed. - All new direct links are now confirmed in both directions. This adds a very small amount of initial HELLO/OK traffic but fixes some edge cases where an incomplete or unidirectional path might be used. - [SECURITY] Better rate limiting was put in place for VERB_PUSH_DIRECT_PATHS to prevent potential abuse for amplification attacks. - [SECURITY] Build flags were tweaked on OSX to ensure that all code including dependency libraries are built with full stack canary protection and ASLR support. Visit https://www.zerotier.com/blog or follow @ZeroTier on Twitter for updates and announcements!
2015-11-17 11:19:58 -08:00
if [ "$OSX_RELEASE" = "10.7" ]; then
# OSX 10.7 cannot use the new tap driver since the new way of kext signing
# is not backward compatible. Pull the old one for 10.7 users and replace.
# We use https to fetch and check hash as an extra added measure.
rm -f tap.kext.10_7.tar.gz
curl -s https://download.zerotier.com/tap.kext.10_7.tar.gz >tap.kext.10_7.tar.gz
if [ -s tap.kext.10_7.tar.gz -a "`shasum -a 256 tap.kext.10_7.tar.gz | cut -d ' ' -f 1`" = "e133d4832cef571621d3618f417381b44f51a76ed625089fb4e545e65d3ef2a9" ]; then
rm -rf tap.kext
tar -xzf tap.kext.10_7.tar.gz
fi
rm -f tap.kext.10_7.tar.gz
fi
2016-12-23 14:38:36 -08:00
rm -rf node.log node.log.old root-topology shutdownIfUnreadable autoupdate.log updates.d ui peers.save
chown -R 0 tap.kext
chgrp -R 0 tap.kext
if [ ! -f authtoken.secret ]; then
head -c 1024 /dev/urandom | md5 | head -c 24 >authtoken.secret
chown 0 authtoken.secret
chgrp 0 authtoken.secret
chmod 0600 authtoken.secret
fi
rm -f zerotier-cli zerotier-idtool
ln -sf zerotier-one zerotier-cli
ln -sf zerotier-one zerotier-idtool
mkdir -p /usr/local/bin
cd /usr/local/bin
rm -f zerotier-cli zerotier-idtool
ln -sf "/Library/Application Support/ZeroTier/One/zerotier-one" zerotier-cli
ln -sf "/Library/Application Support/ZeroTier/One/zerotier-one" zerotier-idtool
cd "/Library/Application Support/ZeroTier/One"
kextload -r . tap.kext >>/dev/null 2>&1 &
disown %1
launchctl load /Library/LaunchDaemons/com.zerotier.one.plist >>/dev/null 2>&1
sleep 1
if [ -f /tmp/zt1-gui-restart.tmp ]; then
for u in `cat /tmp/zt1-gui-restart.tmp`; do
su $u -c '/Applications/ZeroTier\ One.app/Contents/MacOS/ZeroTier\ One &' >>/dev/null 2>&1 &
done
fi
rm -f /tmp/zt1-gui-restart.tmp
exit 0