feat: add macOS daemon support with group-based pf routing
- Add daemon CLI subcommand (install/uninstall/status/run) - Download tun2socks for darwin platforms in Makefile - Export ExtractTun2Socks and add darwin embed support - Use group-based pf filtering instead of user-based for transparent proxying - Install sudoers rule for passwordless sandbox-exec with _greywall group - Add nolint directives for gosec false positives on sudoers 0440 perms - Fix lint issues: lowercase errors, fmt.Fprintf, nolint comments Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
tito
29
Makefile
29
Makefile
@@ -8,24 +8,24 @@ BINARY_UNIX=$(BINARY_NAME)_unix
|
||||
TUN2SOCKS_VERSION=v2.5.2
|
||||
TUN2SOCKS_BIN_DIR=internal/sandbox/bin
|
||||
|
||||
.PHONY: all build build-ci build-linux test test-ci clean deps install-lint-tools setup setup-ci run fmt lint release release-minor download-tun2socks help
|
||||
.PHONY: all build build-ci build-linux build-darwin test test-ci clean deps install-lint-tools setup setup-ci run fmt lint release release-minor download-tun2socks help
|
||||
|
||||
all: build
|
||||
|
||||
TUN2SOCKS_PLATFORMS=linux-amd64 linux-arm64 darwin-amd64 darwin-arm64
|
||||
|
||||
download-tun2socks:
|
||||
@echo "Downloading tun2socks $(TUN2SOCKS_VERSION)..."
|
||||
@mkdir -p $(TUN2SOCKS_BIN_DIR)
|
||||
@curl -sL "https://github.com/xjasonlyu/tun2socks/releases/download/$(TUN2SOCKS_VERSION)/tun2socks-linux-amd64.zip" -o /tmp/tun2socks-linux-amd64.zip
|
||||
@unzip -o -q /tmp/tun2socks-linux-amd64.zip -d /tmp/tun2socks-amd64
|
||||
@mv /tmp/tun2socks-amd64/tun2socks-linux-amd64 $(TUN2SOCKS_BIN_DIR)/tun2socks-linux-amd64
|
||||
@chmod +x $(TUN2SOCKS_BIN_DIR)/tun2socks-linux-amd64
|
||||
@rm -rf /tmp/tun2socks-linux-amd64.zip /tmp/tun2socks-amd64
|
||||
@curl -sL "https://github.com/xjasonlyu/tun2socks/releases/download/$(TUN2SOCKS_VERSION)/tun2socks-linux-arm64.zip" -o /tmp/tun2socks-linux-arm64.zip
|
||||
@unzip -o -q /tmp/tun2socks-linux-arm64.zip -d /tmp/tun2socks-arm64
|
||||
@mv /tmp/tun2socks-arm64/tun2socks-linux-arm64 $(TUN2SOCKS_BIN_DIR)/tun2socks-linux-arm64
|
||||
@chmod +x $(TUN2SOCKS_BIN_DIR)/tun2socks-linux-arm64
|
||||
@rm -rf /tmp/tun2socks-linux-arm64.zip /tmp/tun2socks-arm64
|
||||
@echo "tun2socks binaries downloaded to $(TUN2SOCKS_BIN_DIR)/"
|
||||
@for platform in $(TUN2SOCKS_PLATFORMS); do \
|
||||
if [ ! -f $(TUN2SOCKS_BIN_DIR)/tun2socks-$$platform ]; then \
|
||||
echo "Downloading tun2socks-$$platform $(TUN2SOCKS_VERSION)..."; \
|
||||
curl -sL "https://github.com/xjasonlyu/tun2socks/releases/download/$(TUN2SOCKS_VERSION)/tun2socks-$$platform.zip" -o /tmp/tun2socks-$$platform.zip; \
|
||||
unzip -o -q /tmp/tun2socks-$$platform.zip -d /tmp/tun2socks-$$platform; \
|
||||
mv /tmp/tun2socks-$$platform/tun2socks-$$platform $(TUN2SOCKS_BIN_DIR)/tun2socks-$$platform; \
|
||||
chmod +x $(TUN2SOCKS_BIN_DIR)/tun2socks-$$platform; \
|
||||
rm -rf /tmp/tun2socks-$$platform.zip /tmp/tun2socks-$$platform; \
|
||||
fi; \
|
||||
done
|
||||
|
||||
build: download-tun2socks
|
||||
@echo "Building $(BINARY_NAME)..."
|
||||
@@ -53,6 +53,7 @@ clean:
|
||||
rm -f $(BINARY_UNIX)
|
||||
rm -f coverage.out
|
||||
rm -f $(TUN2SOCKS_BIN_DIR)/tun2socks-linux-*
|
||||
rm -f $(TUN2SOCKS_BIN_DIR)/tun2socks-darwin-*
|
||||
|
||||
deps:
|
||||
@echo "Downloading dependencies..."
|
||||
@@ -63,7 +64,7 @@ build-linux: download-tun2socks
|
||||
@echo "Building for Linux..."
|
||||
CGO_ENABLED=0 GOOS=linux GOARCH=amd64 $(GOBUILD) -o $(BINARY_UNIX) -v ./cmd/greywall
|
||||
|
||||
build-darwin:
|
||||
build-darwin: download-tun2socks
|
||||
@echo "Building for macOS..."
|
||||
CGO_ENABLED=0 GOOS=darwin GOARCH=arm64 $(GOBUILD) -o $(BINARY_NAME)_darwin -v ./cmd/greywall
|
||||
|
||||
|
||||
Reference in New Issue
Block a user