tryawait tm.saveToPreferences()

neState=.disabled

// This typically fails when the user declines the permission dialog

logger.error("save tunnel failed:\(error)")

neState=.failed(error.localizedDescription)

neState=.failed("Failed to save tunnel:\(error.localizedDescription). Try logging in and out again.")

// systemExtnDelegate holds a reference to the SystemExtensionDelegate so that it doesn't get

// garbage collected while the OSSystemExtensionRequest is in flight, since the OS framework

// only stores a weak reference to the delegate.

super.init()

systemExtnDelegate=SystemExtensionDelegate(asyncDelegate:self)

func start()async{

fileURLWithPath:"Contents/Library/SystemExtensions",

relativeTo:Bundle.main.bundleURL

extensionURLs=tryFileManager.default.contentsOfDirectory(at: extensionsDirectoryURL,

includingPropertiesForKeys:nil,

options:.skipsHiddenFiles)

"\(extensionsDirectoryURL.absoluteString):\(error.localizedDescription)")

// here we're just going to assume that there is only ever going to be one SystemExtension

// packaged up in the application bundle. If we ever need to ship multiple versions or have

// multiple extensions, we'll need to revisit this assumption.

guardlet extensionURL= extensionURLs.firstelse{

guardlet extensionBundle=Bundle(url: extensionURL)else{

fatalError("Failed to create a bundle with URL\(extensionURL.absoluteString)")

return extensionBundle

func recordSystemExtensionState(_ state:SystemExtensionState)async

fileURLWithPath:"Contents/Library/SystemExtensions",

relativeTo:Bundle.main.bundleURL

extensionURLs=tryFileManager.default.contentsOfDirectory(at: extensionsDirectoryURL,

includingPropertiesForKeys:nil,

options:.skipsHiddenFiles)

"\(extensionsDirectoryURL.absoluteString):\(error.localizedDescription)")

// here we're just going to assume that there is only ever going to be one SystemExtension

// packaged up in the application bundle. If we ever need to ship multiple versions or have

// multiple extensions, we'll need to revisit this assumption.

guardlet extensionURL= extensionURLs.firstelse{

guardlet extensionBundle=Bundle(url: extensionURL)else{

fatalError("Failed to create a bundle with URL\(extensionURL.absoluteString)")

return extensionBundle

func installSystemExtension(){

logger.info("activating SystemExtension")

guardlet bundleID= extensionBundle.bundleIdentifierelse{

forExtensionWithIdentifier: bundleID,

queue:.main

letdelegate=SystemExtensionDelegate(asyncDelegate:self)

systemExtnDelegate= delegate

request.delegate= delegate

request.delegate= systemExtnDelegate

OSSystemExtensionManager.shared.submitRequest(request)

logger.info("submitted SystemExtension request with bundleID:\(bundleID)")

privatevarlogger=Logger(subsystem:Bundle.main.bundleIdentifier!, category:"vpn-installer")

// The `didFinishWithResult` function is called for both activation,

// deactivation, and replacement requests. The API provides no way to

// differentiate them. https://developer.apple.com/forums/thread/684021

privatevarstate:SystemExtensionDelegateState=.installing

init(asyncDelegate:AsyncDelegate){

self.asyncDelegate= asyncDelegate

logger.info("SystemExtension activated")

Task{[asyncDelegate]in

await asyncDelegate.recordSystemExtensionState(SystemExtensionState.installed)

switch state{

case.installing:

logger.info("SystemExtension installed")

Task{[asyncDelegate]in

await asyncDelegate.recordSystemExtensionState(SystemExtensionState.installed)

case.deleting:

logger.info("SystemExtension deleted")

Task{[asyncDelegate]in

await asyncDelegate.recordSystemExtensionState(SystemExtensionState.uninstalled)

forExtensionWithIdentifier: extensionBundle.bundleIdentifier!,

queue:.main

request.delegate=self

state=.installing

OSSystemExtensionManager.shared.submitRequest(request)

case.replacing:

logger.info("SystemExtension replaced")

// The installed extension now has the same version strings as this

// bundle, so sending the deactivationRequest will work.

forExtensionWithIdentifier: extensionBundle.bundleIdentifier!,

queue:.main

request.delegate=self

state=.deleting

OSSystemExtensionManager.shared.submitRequest(request)

func request(

_ request:OSSystemExtensionRequest,

_:OSSystemExtensionRequest,

actionForReplacingExtension existing:OSSystemExtensionProperties,

withExtension extension:OSSystemExtensionProperties

// swiftlint:disable:next line_length

logger.info("Replacing\(request.identifier) v\(existing.bundleShortVersion) with v\(`extension`.bundleShortVersion)")

// This is counterintuitive, but this function is only called if the

// versions are the same in a dev environment.

// In a release build, this only gets called when the version string is

// different. We don't want to manually reinstall the extension in a dev

// environment, because the bug doesn't happen.

if existing.bundleVersion== `extension`.bundleVersion{

return.replace

// To work around the bug described in

// https://github.com/coder/coder-desktop-macos/issues/121,

// we're going to manually reinstall after the replacement is done.

// If we returned `.cancel` here the deactivation request will fail as

// it looks for an extension with the *current* version string.

// There's no way to modify the deactivate request to use a different

// version string (i.e. `existing.bundleVersion`).

state=.replacing

return.replace

case installing

case replacing

case deleting

}.buttonStyle(.plain)

// This shows when

// 1. The user is logged in

// 2. The network extension is installed

// 3. The VPN is unconfigured

// It's accompanied by a message in the VPNState view

// that the user needs to reconfigure.

if state.hasSession, vpn.state==.failed(.networkExtensionError(.unconfigured)){

state.reconfigure()

} label:{

}.buttonStyle(.plain)

if vpn.state==.failed(.systemExtensionError(.needsUserApproval)){

.font(.body)

.foregroundColor(.secondary)

case(.failed(.networkExtensionError(.unconfigured)), _):

.font(.body)

.foregroundStyle(.secondary)

case(.disabled, _):

.font(.body)

.padding(.horizontal,Theme.Size.trayInset)

.padding(.vertical,Theme.Size.trayPadding)

.frame(maxWidth:.infinity)