fix(build): switch to pkg based installer (#92)

ThomasK33 · web-flow · commit b88b08a4c3cd · 2025-03-07T01:56:56.000+01:00
Change-Id: Ie3ef4fe53faa0af947493e58b81c523c040400a5
Signed-off-by: Thomas Kosiewski &lt;tk@coder.com&gt;
diff --git a/.env b/.env
@@ -1,6 +1,9 @@
 # Build a release locally using: op run --env-file="./.env" -- make release
-APPLE_CERT="op://Apple/Apple DeveloperID PKCS12 base64/notesPlain"
-CERT_PASSWORD="op://Apple/DeveloperID p12 password/password"
+APPLE_CERT="op://Apple/Apple DeveloperID Application PKCS12 base64/notesPlain"
+CERT_PASSWORD="op://Apple/DeveloperID Application p12 password/password"
+
+APPLE_INSTALLER_CERT="op://Apple/Developer ID Installer PKCS12 base64/notesPlain"
+INSTALLER_CERT_PASSWORD="op://Apple/DeveloperID Installer Password/password"
 
 APPLE_ID="op://Apple/3apcadvvcojjbpxnd7m5fgh5wm/username"
 APPLE_ID_PASSWORD="op://Apple/3apcadvvcojjbpxnd7m5fgh5wm/password"
diff --git a/.ignore b/.ignore
@@ -1 +1,2 @@
 !.github
+!.ignore
diff --git a/Coder Desktop/Coder Desktop/NetworkExtension.swift b/Coder Desktop/Coder Desktop/NetworkExtension.swift
@@ -56,11 +56,11 @@ extension CoderVPNService {
         logger.debug("saving new tunnel")
         do {
             try await tm.saveToPreferences()
+            neState = .disabled
         } catch {
             logger.error("save tunnel failed: \(error)")
             neState = .failed(error.localizedDescription)
         }
-        neState = .disabled
     }
 
     func removeNetworkExtension() async throws(VPNServiceError) {
@@ -105,6 +105,7 @@ extension CoderVPNService {
         var tunnels: [NETunnelProviderManager] = []
         do {
             tunnels = try await NETunnelProviderManager.loadAllFromPreferences()
+            logger.debug("loaded \(tunnels.count) tunnel(s)")
         } catch {
             throw .internalError("couldn't load tunnels: \(error)")
         }
diff --git a/Coder Desktop/Coder Desktop/SystemExtension.swift b/Coder Desktop/Coder Desktop/SystemExtension.swift
@@ -29,6 +29,7 @@ protocol SystemExtensionAsyncRecorder: Sendable {
 extension CoderVPNService: SystemExtensionAsyncRecorder {
     func recordSystemExtensionState(_ state: SystemExtensionState) async {
         sysExtnState = state
+        logger.info("system extension state: \(state.description)")
         if state == .installed {
             // system extension was successfully installed, so we don't need the delegate any more
             systemExtnDelegate = nil
diff --git a/Coder Desktop/Coder Desktop/VPNService.swift b/Coder Desktop/Coder Desktop/VPNService.swift
@@ -30,9 +30,9 @@ enum VPNServiceError: Error, Equatable {
         case let .internalError(description):
             "Internal Error: \(description)"
         case let .systemExtensionError(state):
-            state.description
+            "SystemExtensionError: \(state.description)"
         case let .networkExtensionError(state):
-            state.description
+            "NetworkExtensionError: \(state.description)"
         }
     }
 
diff --git a/Coder Desktop/Coder Desktop/XPCInterface.swift b/Coder Desktop/Coder Desktop/XPCInterface.swift
@@ -14,7 +14,9 @@ import VPNLib
     }
 
     func connect() {
+        logger.debug("xpc connect called")
         guard xpc == nil else {
+            logger.debug("xpc already exists")
             return
         }
         let networkExtDict = Bundle.main.object(forInfoDictionaryKey: "NetworkExtension") as? [String: Any]
@@ -27,17 +29,21 @@ import VPNLib
         }
         xpc = proxy
 
+        logger.debug("connecting to machServiceName: \(machServiceName!)")
+
         xpcConn.exportedObject = self
         xpcConn.invalidationHandler = { [logger] in
             Task { @MainActor in
                 logger.error("XPC connection invalidated.")
                 self.xpc = nil
+                self.connect()
             }
         }
         xpcConn.interruptionHandler = { [logger] in
             Task { @MainActor in
                 logger.error("XPC connection interrupted.")
                 self.xpc = nil
+                self.connect()
             }
         }
         xpcConn.resume()
diff --git a/Coder Desktop/VPN/Info.plist b/Coder Desktop/VPN/Info.plist
@@ -2,8 +2,10 @@
 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
 <plist version="1.0">
 <dict>
-	<key>NSSystemExtensionUsageDescription</key>
-	<string></string>
+  <key>NSSystemExtensionUsageDescription</key>
+  <string>Extends the networking capabilities of macOS to connect this Mac to your workspaces.</string>
+  <key>CFBundleDisplayName</key>
+	<string>Coder Desktop Network Extension</string>
 	<key>NetworkExtension</key>
 	<dict>
 		<key>NEMachServiceName</key>
diff --git a/Coder Desktop/VPN/main.swift b/Coder Desktop/VPN/main.swift
@@ -32,6 +32,10 @@ final class XPCListenerDelegate: NSObject, NSXPCListenerDelegate, @unchecked Sen
             logger.info("active connection dead")
             self?.setActiveConnection(nil)
         }
+        newConnection.interruptionHandler = { [weak self] in
+            logger.debug("connection interrupted")
+            self?.setActiveConnection(nil)
+        }
         logger.info("new active connection")
         setActiveConnection(newConnection)
 
@@ -47,13 +51,15 @@ else {
     fatalError("Missing NEMachServiceName in Info.plist")
 }
 
-let globalXPCListenerDelegate = XPCListenerDelegate()
-let xpcListener = NSXPCListener(machServiceName: serviceName)
-xpcListener.delegate = globalXPCListenerDelegate
-xpcListener.resume()
+logger.debug("listening on machServiceName: \(serviceName)")
 
 autoreleasepool {
     NEProvider.startSystemExtensionMode()
 }
 
+let globalXPCListenerDelegate = XPCListenerDelegate()
+let xpcListener = NSXPCListener(machServiceName: serviceName)
+xpcListener.delegate = globalXPCListenerDelegate
+xpcListener.resume()
+
 dispatchMain()
diff --git a/Makefile b/Makefile
@@ -56,6 +56,10 @@ $(KEYCHAIN_FILE):
 	echo "$$APPLE_CERT" | base64 -d > $$tempfile; \
 	security import $$tempfile -P '$(CERT_PASSWORD)' -A -t cert -f pkcs12 -k "$(APP_SIGNING_KEYCHAIN)"; \
 	rm $$tempfile
+	@tempfile=$$(mktemp); \
+	echo "$$APPLE_INSTALLER_CERT" | base64 -d > $$tempfile; \
+	security import $$tempfile -P '$(INSTALLER_CERT_PASSWORD)' -A -t cert -f pkcs12 -k "$(APP_SIGNING_KEYCHAIN)"; \
+	rm $$tempfile
 	security list-keychains -d user -s $$(security list-keychains -d user | tr -d '\"') "$(APP_SIGNING_KEYCHAIN)"
 
 .PHONY: release
@@ -67,6 +71,7 @@ release: $(KEYCHAIN_FILE) ## Create a release build of Coder Desktop
 	./scripts/build.sh \
 		--app-prof-path "$$APP_PROF_PATH" \
 		--ext-prof-path "$$EXT_PROF_PATH" \
+		--version $(MARKETING_VERSION) \
 		--keychain "$(APP_SIGNING_KEYCHAIN)"; \
 	rm "$$APP_PROF_PATH" "$$EXT_PROF_PATH"
 
diff --git a/flake.nix b/flake.nix
@@ -25,30 +25,6 @@
           };
 
           formatter = pkgs.nixfmt-rfc-style;
-
-          create-dmg = pkgs.buildNpmPackage rec {
-            pname = "create-dmg";
-            version = "7.0.0";
-
-            src = pkgs.fetchFromGitHub {
-              owner = "sindresorhus";
-              repo = pname;
-              rev = "v${version}";
-              hash = "sha256-+GxKfhVDmtgEh9NOAzGexgfj1qAb0raC8AmrrnJ2vNA=";
-            };
-
-            npmDepsHash = "sha256-48r9v0sTlHbyH4RjynClfC/QsFAlgMTtXCbleuMSM80=";
-
-            # create-dmg author does not want to include a lockfile in their releases,
-            # thus we need to vendor it in ourselves.
-            postPatch = ''
-              cp ${./nix/create-dmg/package-lock.json} package-lock.json
-            '';
-
-            # Plain JS, so nothing to build
-            dontNpmBuild = true;
-            dontNpmPrune = true;
-          };
         in
         {
           inherit formatter;
@@ -60,7 +36,6 @@
                 actionlint
                 clang
                 coreutils
-                create-dmg
                 gh
                 git
                 gnumake
diff --git a/nix/create-dmg/package-lock.json b/nix/create-dmg/package-lock.json
diff --git a/pkgbuild/scripts/postinstall b/pkgbuild/scripts/postinstall
diff --git a/pkgbuild/scripts/preinstall b/pkgbuild/scripts/preinstall
diff --git a/scripts/build.sh b/scripts/build.sh
diff --git a/scripts/update-cask.sh b/scripts/update-cask.sh

Original file line number	Diff line number	Diff line change
`@@ -56,11 +56,11 @@ extension CoderVPNService {`
`56`	`56`	`logger.debug("saving new tunnel")`
`57`	`57`	`do {`
`58`	`58`	`try await tm.saveToPreferences()`
	`59`	`+ neState = .disabled`
`59`	`60`	`} catch {`
`60`	`61`	`logger.error("save tunnel failed: \(error)")`
`61`	`62`	`neState = .failed(error.localizedDescription)`
`62`	`63`	`}`
`63`		`- neState = .disabled`
`64`	`64`	`}`
`65`	`65`
`66`	`66`	`func removeNetworkExtension() async throws(VPNServiceError) {`
`@@ -105,6 +105,7 @@ extension CoderVPNService {`
`105`	`105`	`var tunnels: [NETunnelProviderManager] = []`
`106`	`106`	`do {`
`107`	`107`	`tunnels = try await NETunnelProviderManager.loadAllFromPreferences()`
	`108`	`+ logger.debug("loaded \(tunnels.count) tunnel(s)")`
`108`	`109`	`} catch {`
`109`	`110`	`throw .internalError("couldn't load tunnels: \(error)")`
`110`	`111`	`}`
Original file line number	Diff line number	Diff line change
`@@ -30,9 +30,9 @@ enum VPNServiceError: Error, Equatable {`
`30`	`30`	`case let .internalError(description):`
`31`	`31`	`"Internal Error: \(description)"`
`32`	`32`	`case let .systemExtensionError(state):`
`33`		`- state.description`
	`33`	`+ "SystemExtensionError: \(state.description)"`
`34`	`34`	`case let .networkExtensionError(state):`
`35`		`- state.description`
	`35`	`+ "NetworkExtensionError: \(state.description)"`
`36`	`36`	`}`
`37`	`37`	`}`
`38`	`38`
Original file line number	Diff line number	Diff line change
`@@ -14,7 +14,9 @@ import VPNLib`
`14`	`14`	`}`
`15`	`15`
`16`	`16`	`func connect() {`
	`17`	`+ logger.debug("xpc connect called")`
`17`	`18`	`guard xpc == nil else {`
	`19`	`+ logger.debug("xpc already exists")`
`18`	`20`	`return`
`19`	`21`	`}`
`20`	`22`	`let networkExtDict = Bundle.main.object(forInfoDictionaryKey: "NetworkExtension") as? [String: Any]`
`@@ -27,17 +29,21 @@ import VPNLib`
`27`	`29`	`}`
`28`	`30`	`xpc = proxy`
`29`	`31`
	`32`	`+ logger.debug("connecting to machServiceName: \(machServiceName!)")`
	`33`	`+`
`30`	`34`	`xpcConn.exportedObject = self`
`31`	`35`	`xpcConn.invalidationHandler = { [logger] in`
`32`	`36`	`Task { @MainActor in`
`33`	`37`	`logger.error("XPC connection invalidated.")`
`34`	`38`	`self.xpc = nil`
	`39`	`+ self.connect()`
`35`	`40`	`}`
`36`	`41`	`}`
`37`	`42`	`xpcConn.interruptionHandler = { [logger] in`
`38`	`43`	`Task { @MainActor in`
`39`	`44`	`logger.error("XPC connection interrupted.")`
`40`	`45`	`self.xpc = nil`
	`46`	`+ self.connect()`
`41`	`47`	`}`
`42`	`48`	`}`
`43`	`49`	`xpcConn.resume()`