[pull] master from Hagb:master #4
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![pull[bot]](https://avatars.githubusercontent.com/in/12910?s=60&v=4){kind=small}
- split common part of dockerfiles to shell scripts in build-scripts folder - add support for non-amd64 GUI by replacing the electron binary with the native one
Not only fake-hwaddr.so, there will be more things to be compiled. - The image name of building stage is hagb/docker-easyconnect:build now - Every independent building result will be in /root/name/, which will be an empty folder if turned off by user.
Prepare for noVNC, which uses websocket.
#47 (comment) Use the following programs to provide cross-platform noVNC service with little size growth: - busybox httpd: http service for static resources (busybox is not very high-performance, but has already been installed) - websockify in C: tiny websockify service - tinyproxy with websocket support: provide http reverse proxy, used to provide http and websockify in the same port As an alternation, easy-novnc will be compiled from source code if chosen.
Electron from EasyConnect is observed to have a segfault in the latest Debian bookworm.
Since non-amd64 deb packages of EasyConnect are proved to exist (#25 (comment)), the deb package should not be assume to be amd64 and architecture specific code should be rewritten: - Add EC_HOST build argument to tell Dockerfile the architecture of EasyConnect package - Whether to install cross toolchain and qemu-user and which package should be install, is determined by EC_HOST and the local architecture now, more specifically by build-scripts/get-echost-names.sh (no longer hard-code amd64 cross toolchain) - fake-hwaddr.so should follow the architecture of the EC deb, so fake-hwaddr/Makefile uses CC envirnoment variable instead of hard-coded x86_64-linux-gnu-gcc as c compiler now - qemu_args is removed now. It was used to pass LD_PRELOAD to foreign binaries under qemu-user, but now we pass LD_PRELOAD to the qemu wrapper and wrapper will pass the LD_PRELOAD to the simulated binaries
When logining, ECAgent starts to communicate with CSClient via a fifo file. In 7.6.3, ECAgent can't starts CSClient and svpnservice by itself, so our script start these two programs once ECAgent begins to complain the communication failure. In poor-performance environment (such as slow device and docker with some limits set by user), ECAgent may reach its timeout before CSClient is ready, and then login will fail. To avoid such an error, this commit suspends the ECAgent process before starts CSClient and svpnservice, and continues ECAgent after the fifo file is created by CSClient.
To add support for arm64 and mips64 version of EasyConnect in #25 (comment)
Avoid being stuck when killing subprocess (#25 (comment))
Otherwise may cause problem about linking
tun0 and utun7 is interface (接口) but not device (设备)
fixed: action build fail
Fix port examples of env FORWARD config
On docker, `/proc/self/loginuid` is -1 by default, while on podman it is 0 (root), which makes aTrust services refuse to start, because after they use `getlogin_r`, which is affected by `/proc/self/loginuid`, to get the username successfully, they give up trying any other way (such as `loginctl`) to get the non-root user used to start the http server (port 54631), even if the username they got is root. This commit adds a LD_PRELOAD hook named fake-getlogin, which hooks `getlogin` and `getlogin_r` to provide the non-root username directly. This commit also: - reduces errors when running postinst script of aTrust; - uses LD_LIBRARY_PATH to make aTrust use its versions of libraries, especially those very old and no longer getatable from debian packages.
ATrust runs `sysctl -w net.ipv4.conf.utun7.route_localnet=1` before calling `iptables` to reject DNS. If the former command failed (usually because of leak of permission in container), aTrust will keep trying to rerun it but not reject DNS. This commit adds a sysctl wrapper, which will determine whether the value of `net.ipv4.conf.utun7.route_localnet` has been 1, and return 0 directly if yes. The value of `net.ipv4.conf.utun7.route_localnet` can be set without any extra permission given to the container, by `--sysctl net.ipv4.conf.default.route_localnet` as an argument of `docker/podman run`. Fix #286.
* 优化保活逻辑 部分无法使用ping的环境使用wget一个url来替代 * Update docker-root/usr/local/bin/start.sh 更优的写法 Co-authored-by: Hagb (Junyu Guo 郭俊余) <[email protected]> --------- Co-authored-by: Hagb (Junyu Guo 郭俊余) <[email protected]>
Use `timeout` command instead of `-T` argument of busybox wget to limit the time used to ping url. `CONFIG_FEATURE_WGET_TIMEOUT` (`-T`) is not enabled in Debian package `busybox`<1.36.1-5 [^1]. As a result, `-T` of `busybox wget` with our current busybox package (1:1.35.0-4+b3) causes segmentation fault. [^1]: https://salsa.debian.org/installer-team/busybox/-/commit/fd85f31f98a5316289f2de108e377d22345e0869
* Create atrust-2.3.10.65-amd64.txt update atrust-2.3.10.65 deb urls * Create atrust-2.3.10.65-arm64.txt update atrust-2.3.10.65 deb urls * Create atrust-2.3.10.65-mips64le.txt update atrust-2.3.10.65 deb urls
此提交修改README.md,添加了一条到基于本项目的分支项目 aTrustLogin 的链接,**以期帮助那些有自动化登录需求的人**。 不将此项目直接合并到主线,主要是基于以下考虑: - aTrustLogin 的 Docker 镜像添加了大量重量型依赖组件,导致镜像体积直接膨胀一倍有余 - aTrustLogin 并不强依赖 Docker 和本项目,它也能直接在各种平台直接使用。
Update README.md to introduce aTrustLogin
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot]
Can you help keep this open source service alive? 💖 Please sponsor : )