diff --git a/Dockerfile.release b/Dockerfile.release new file mode 100644 index 000000000..7d1fb8b1e --- /dev/null +++ b/Dockerfile.release @@ -0,0 +1,22 @@ +# vim: ft=dockerfile + +FROM debian:buster as stage + +ARG PACKAGE_BASEURL=https://download.zerotier.com/debian/buster/pool/main/z/zerotier-one/ +ARG ARCH=amd64 +ARG VERSION + +RUN apt-get update -qq && apt-get install curl -y +RUN curl -sSL -o zerotier-one.deb "${PACKAGE_BASEURL}/zerotier-one_${VERSION}_${ARCH}.deb" + +FROM debian:buster + +COPY --from=stage zerotier-one.deb . + +RUN dpkg -i zerotier-one.deb && rm -f zerotier-one.deb +RUN echo "${VERSION}" >/etc/zerotier-version + +COPY entrypoint.sh.release /entrypoint.sh +RUN chmod 755 /entrypoint.sh + +CMD /entrypoint.sh diff --git a/entrypoint.sh.release b/entrypoint.sh.release new file mode 100644 index 000000000..8b7bd5e29 --- /dev/null +++ b/entrypoint.sh.release @@ -0,0 +1,30 @@ +#!/bin/sh + +grepzt() { + (find /proc -name exe | xargs -I{} readlink {}) 2>/dev/null | grep -q zerotier-one + return $? +} + +echo "starting zerotier" +setsid /usr/sbin/zerotier-one & + +while ! grepzt +do + echo "zerotier hasn't started, waiting a second" + sleep 1 +done + +echo "joining networks" + +for i in "$@" +do + echo "joining $i" + + while ! zerotier-cli join "$i" + do + echo "joining $i failed; trying again in 1s" + sleep 1 + done +done + +sleep infinity diff --git a/ext/bin/tap-windows-ndis6/x64.old/zttap300.inf b/ext/bin/tap-windows-ndis6/x64.old/zttap300.inf index 453797b38..dbc492b5f 100644 --- a/ext/bin/tap-windows-ndis6/x64.old/zttap300.inf +++ b/ext/bin/tap-windows-ndis6/x64.old/zttap300.inf @@ -34,7 +34,7 @@ DriverVer=08/13/2015,6.2.9200.20557 [Strings] DeviceDescription = "ZeroTier One Virtual Port" -Provider = "ZeroTier Networks LLC" ; We're ZeroTier, Inc. now but kernel mode certs are $300+ so fuqdat. +Provider = "ZeroTier Networks LLC" ; To build for x86, take NTamd64 off this and off the named section manually, build, then put it back! [Manufacturer] @@ -70,7 +70,7 @@ AddService = zttap300, 2, zttap300.service [zttap300.reg] HKR, Ndi, Service, 0, "zttap300" -HKR, Ndi\Interfaces, UpperRange, 0, "ndis5" ; yes, 'ndis5' is correct... yup, Windows. +HKR, Ndi\Interfaces, UpperRange, 0, "ndis5" ; 'ndis5' is correct HKR, Ndi\Interfaces, LowerRange, 0, "ethernet" HKR, , Manufacturer, 0, "%Provider%" HKR, , ProductName, 0, "%DeviceDescription%" diff --git a/ext/bin/tap-windows-ndis6/x64/zttap300.inf b/ext/bin/tap-windows-ndis6/x64/zttap300.inf index e05038dae..944492ca6 100644 --- a/ext/bin/tap-windows-ndis6/x64/zttap300.inf +++ b/ext/bin/tap-windows-ndis6/x64/zttap300.inf @@ -70,7 +70,7 @@ AddService = zttap300, 2, zttap300.service [zttap300.reg] HKR, Ndi, Service, 0, "zttap300" -HKR, Ndi\Interfaces, UpperRange, 0, "ndis5" ; yes, 'ndis5' is correct... yup, Windows. +HKR, Ndi\Interfaces, UpperRange, 0, "ndis5" ; 'ndis5' is correct HKR, Ndi\Interfaces, LowerRange, 0, "ethernet" HKR, , Manufacturer, 0, "%Provider%" HKR, , ProductName, 0, "%DeviceDescription%" diff --git a/ext/bin/tap-windows-ndis6/x86.old/zttap300.inf b/ext/bin/tap-windows-ndis6/x86.old/zttap300.inf index 453797b38..dbc492b5f 100644 --- a/ext/bin/tap-windows-ndis6/x86.old/zttap300.inf +++ b/ext/bin/tap-windows-ndis6/x86.old/zttap300.inf @@ -34,7 +34,7 @@ DriverVer=08/13/2015,6.2.9200.20557 [Strings] DeviceDescription = "ZeroTier One Virtual Port" -Provider = "ZeroTier Networks LLC" ; We're ZeroTier, Inc. now but kernel mode certs are $300+ so fuqdat. +Provider = "ZeroTier Networks LLC" ; To build for x86, take NTamd64 off this and off the named section manually, build, then put it back! [Manufacturer] @@ -70,7 +70,7 @@ AddService = zttap300, 2, zttap300.service [zttap300.reg] HKR, Ndi, Service, 0, "zttap300" -HKR, Ndi\Interfaces, UpperRange, 0, "ndis5" ; yes, 'ndis5' is correct... yup, Windows. +HKR, Ndi\Interfaces, UpperRange, 0, "ndis5" ; 'ndis5' is correct HKR, Ndi\Interfaces, LowerRange, 0, "ethernet" HKR, , Manufacturer, 0, "%Provider%" HKR, , ProductName, 0, "%DeviceDescription%" diff --git a/ext/bin/tap-windows-ndis6/x86/zttap300.inf b/ext/bin/tap-windows-ndis6/x86/zttap300.inf index a562e9d64..76ba896e3 100644 --- a/ext/bin/tap-windows-ndis6/x86/zttap300.inf +++ b/ext/bin/tap-windows-ndis6/x86/zttap300.inf @@ -67,7 +67,7 @@ AddService = zttap300, 2, zttap300.service [zttap300.reg] HKR, Ndi, Service, 0, "zttap300" -HKR, Ndi\Interfaces, UpperRange, 0, "ndis5" ; yes, 'ndis5' is correct... yup, Windows. +HKR, Ndi\Interfaces, UpperRange, 0, "ndis5" ; 'ndis5' is correct HKR, Ndi\Interfaces, LowerRange, 0, "ethernet" HKR, , Manufacturer, 0, "%Provider%" HKR, , ProductName, 0, "%DeviceDescription%" diff --git a/make-linux.mk b/make-linux.mk index 78055cb25..a33894aec 100644 --- a/make-linux.mk +++ b/make-linux.mk @@ -45,10 +45,6 @@ endif # Trying to use dynamically linked libhttp-parser causes tons of compatibility problems. ONE_OBJS+=ext/http-parser/http_parser.o -# Build with address sanitization library for advanced debugging (clang) -ifeq ($(ZT_SANITIZE),1) - DEFS+=-fsanitize=address -DASAN_OPTIONS=symbolize=1 -endif ifeq ($(ZT_DEBUG_TRACE),1) DEFS+=-DZT_DEBUG_TRACE endif @@ -62,7 +58,7 @@ endif # Build with address sanitization library for advanced debugging (clang) ifeq ($(ZT_SANITIZE),1) - SANFLAGS+=-fsanitize=address -DASAN_OPTIONS=symbolize=1 + override DEFS+=-fsanitize=address -DASAN_OPTIONS=symbolize=1 endif ifeq ($(ZT_DEBUG),1) override CFLAGS+=-Wall -Wno-deprecated -g -O -pthread $(INCLUDES) $(DEFS) @@ -408,7 +404,7 @@ uninstall: FORCE # These are just for convenience for building Linux packages debian: FORCE - debuild --no-lintian -I -i -us -uc -nc -b + debuild --no-lintian -I -i -us -uc -nc -b debian-clean: FORCE rm -rf debian/files debian/zerotier-one*.debhelper debian/zerotier-one.substvars debian/*.log debian/zerotier-one debian/.debhelper debian/debhelper-build-stamp diff --git a/one.cpp b/one.cpp index 8d64847e9..062781745 100644 --- a/one.cpp +++ b/one.cpp @@ -287,7 +287,7 @@ static int cli(int argc,char **argv) } #endif if (!authToken.length()) { - fprintf(stderr,"%s: missing authentication token and authtoken.secret not found (or readable) in %s" ZT_EOL_S,argv[0],homeDir.c_str()); + fprintf(stderr,"%s: authtoken.secret not found or readable in %s (try again as root)" ZT_EOL_S,argv[0],homeDir.c_str()); return 2; } } @@ -1070,7 +1070,7 @@ static int cli(int argc,char **argv) } else if (command == "dump") { std::stringstream dump; dump << "platform: "; -#ifdef __APPLE__ +#ifdef __APPLE__ dump << "macOS" << ZT_EOL_S; #elif defined(_WIN32) dump << "Windows" << ZT_EOL_S; @@ -1188,7 +1188,7 @@ static int cli(int argc,char **argv) UInt8 path[PATH_MAX]; if (FSFindFolder(kUserDomain, kDesktopFolderType, kDontCreateFolder, &fsref) == noErr && FSRefMakePath(&fsref, path, sizeof(path)) == noErr) { - + } else if (getenv("SUDO_USER")) { sprintf((char*)path, "/Users/%s/Desktop/", getenv("SUDO_USER")); } else { @@ -1204,12 +1204,12 @@ static int cli(int argc,char **argv) fprintf(stderr, "Error creating file.\n"); return 1; } - write(fd, dump.str().c_str(), dump.str().size()); + write(fd, dump.str().c_str(), dump.str().size()); close(fd); #elif defined(_WIN32) ULONG buffLen = 16384; PIP_ADAPTER_ADDRESSES addresses; - + ULONG ret = 0; do { addresses = (PIP_ADAPTER_ADDRESSES)malloc(buffLen); @@ -1223,7 +1223,7 @@ static int cli(int argc,char **argv) break; } } while (ret == ERROR_BUFFER_OVERFLOW); - + int i = 0; if (ret == NO_ERROR) { PIP_ADAPTER_ADDRESSES curAddr = addresses; @@ -1311,9 +1311,9 @@ static int cli(int argc,char **argv) char buf[1024]; char stringBuffer[128]; int success = 0; - + int sock = socket(AF_INET, SOCK_DGRAM, IPPROTO_IP); - + ifc.ifc_len = sizeof(buf); ifc.ifc_buf = buf; ioctl(sock, SIOCGIFCONF, &ifc); @@ -1333,7 +1333,7 @@ static int cli(int argc,char **argv) if (ioctl(sock, SIOCGIFHWADDR, &ifr) == 0) { unsigned char mac_addr[6]; memcpy(mac_addr, ifr.ifr_hwaddr.sa_data, 6); - char macStr[16]; + char macStr[18]; sprintf(macStr, "%02x:%02x:%02x:%02x:%02x:%02x", mac_addr[0], mac_addr[1], @@ -1376,7 +1376,7 @@ static int cli(int argc,char **argv) fprintf(stderr, "Error creating file.\n"); return 1; } - write(fd, dump.str().c_str(), dump.str().size()); + write(fd, dump.str().c_str(), dump.str().size()); close(fd); #else fprintf(stderr, "%s", dump.str().c_str()); diff --git a/service/OneService.cpp b/service/OneService.cpp index bb72277e3..6f75dbdff 100644 --- a/service/OneService.cpp +++ b/service/OneService.cpp @@ -242,7 +242,7 @@ static void _networkToJson(nlohmann::json &nj,const ZT_VirtualNetworkConfig *nc, m["domain"] = nc->dns.domain; m["servers"] = nlohmann::json::array(); for(int j=0;jdns.server_addr[j]); if (a.isV4() || a.isV6()) { char buf[256]; @@ -250,7 +250,7 @@ static void _networkToJson(nlohmann::json &nj,const ZT_VirtualNetworkConfig *nc, } } nj["dns"] = m; - + } static void _peerToJson(nlohmann::json &pj,const ZT_Peer *peer) @@ -274,10 +274,12 @@ static void _peerToJson(nlohmann::json &pj,const ZT_Peer *peer) pj["latency"] = peer->latency; pj["role"] = prole; pj["isBonded"] = peer->isBonded; - pj["bondingPolicy"] = peer->bondingPolicy; - pj["isHealthy"] = peer->isHealthy; - pj["numAliveLinks"] = peer->numAliveLinks; - pj["numTotalLinks"] = peer->numTotalLinks; + if (peer->isBonded) { + pj["bondingPolicy"] = peer->bondingPolicy; + pj["isHealthy"] = peer->isHealthy; + pj["numAliveLinks"] = peer->numAliveLinks; + pj["numTotalLinks"] = peer->numTotalLinks; + } nlohmann::json pa = nlohmann::json::array(); for(unsigned int i=0;ipathCount;++i) { @@ -676,6 +678,9 @@ public: readLocalSettings(); applyLocalConfig(); + // Save original port number to show it if bind error + const int _configuredPort = _primaryPort; + // Make sure we can use the primary port, and hunt for one if configured to do so const int portTrials = (_primaryPort == 0) ? 256 : 1; // if port is 0, pick random for(int k=0;kc_str(),ifname,p->length())) return false; } - return _node->bondController()->allowedToBind(std::string(ifname)); + if (!_node->bondController()->allowedToBind(std::string(ifname))) { + return false; + } } { // Check global blacklists