- Notifications
You must be signed in to change notification settings - Fork5
chore: run coder connect networking from launchdaemon#203
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
Uh oh!
There was an error while loading.Please reload this page.
Conversation
ethanndickson commentedJul 23, 2025 • edited
Loading Uh oh!
There was an error while loading.Please reload this page.
edited
Uh oh!
There was an error while loading.Please reload this page.
This stack of pull requests is managed byGraphite. Learn more aboutstacking. |
49d5c99 to72071e5Compare72071e5 toc7dbde8Comparec7dbde8 toef8832aCompare1737580 to16c716dCompareef8832a toe32d7deCompare| guardlet proxy= conn.remoteObjectProxyWithErrorHandler({ errin | ||
| self.logger.error("failed to connect to HelperXPC\(err.localizedDescription, privacy:.public)") | ||
| continuation.resume(throwing: err) | ||
| })as?HelperAppXPCInterfaceelse{ | ||
| self.logger.error("failed to get proxy for HelperXPC") | ||
| continuation.resume(throwing:XPCError.wrongProxyType) | ||
| return | ||
| } | ||
| proxy.ping{ | ||
| self.logger.info("Connected to Helper over XPC") | ||
| continuation.resume() | ||
| } |
ethanndicksonJul 30, 2025 • edited
Loading Uh oh!
There was an error while loading.Please reload this page.
edited
Uh oh!
There was an error while loading.Please reload this page.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Important to note that I've refactored all the XPC connections to use this pattern. With this, you're guaranteed that either the the XPC reply will be run (proxy.ping { reply } in this case) or the[...]WithErrorHandler callback.
| // /var/root/Downloads | ||
| privateletdest=FileManager.default.urls(for:.downloadsDirectory, in:.userDomainMask) |
ethanndicksonJul 30, 2025 • edited
Loading Uh oh!
There was an error while loading.Please reload this page.
edited
Uh oh!
There was an error while loading.Please reload this page.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Temporary. I've put it in/var/root/Library/Application\ Support/com.coder.Coder-Desktop/ as part of the PR that downloads the slim binary.
deansheather left a comment
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
The XPC code seems a lot nicer but the type names and directions of the XPC types are hard to understand
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
eebf562 to291e5a1Compareb0c196f tob81afc9Compare7b9491c to6a93facCompareb81afc9 toe96075eCompareThere was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
The class is calledHelperXPCClient, but you can't have multiple Swift files with the same name. So, I've prependedNE, since this is theHelperXPCClient that runs within the network extension.
6eeb8aa toc8ecda2Comparea4b58e5 tobd905aeComparec8ecda2 to21a8db1Comparebd905ae to33931d6Compare21a8db1 tof4ebbbfCompare33931d6 to0999089Comparef4ebbbf to04dd34bCompare0999089 to1453e77Compare04dd34b to1e9fe08Compare1453e77 tod09250bCompare1e9fe08 tob535a7dCompareThere was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Pull Request Overview
This PR reworks the XPC architecture to move VPN networking functionality from the network extension to a privileged helper daemon. The helper now manages the VPN tunnel and communicates with both the GUI app and network extension via separate XPC interfaces, implementing a more secure and maintainable design.
Key changes:
- Moved VPN networking code from network extension to privileged helper daemon
- Established bidirectional XPC communication between helper, app, and network extension
- Updated project configuration to support the new architecture
Reviewed Changes
Copilot reviewed 18 out of 20 changed files in this pull request and generated 7 comments.
Show a summary per file
| File | Description |
|---|---|
| project.yml | Updated build configuration to support helper dependencies and framework loading |
| XPC.swift | Defined new XPC interfaces for helper-app and helper-network extension communication |
| Download.swift | Renamed SignatureValidator class to Validator |
| main.swift | Simplified network extension entry point, removed XPC listener setup |
| PacketTunnelProvider.swift | Refactored to delegate VPN operations to helper via XPC |
| NEHelperXPCClient.swift | New XPC client for network extension to communicate with helper |
| Manager.swift | Moved to helper, updated to work without direct PacketTunnelProvider dependency |
| HelperXPCListeners.swift | New XPC server implementations for helper to handle app and network extension connections |
| AppHelperXPCClient.swift | New XPC client for GUI app to communicate with helper |
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
d09250b tod286679Compareb535a7d to493701dCompareethanndickson commentedAug 6, 2025 • edited
Loading Uh oh!
There was an error while loading.Please reload this page.
edited
Uh oh!
There was an error while loading.Please reload this page.
Merge activity
|
d286679 tod9c0210Compare8533b31 intomainUh oh!
There was an error while loading.Please reload this page.
With the changes made in#203, it now takes a moment longer to receive the first progress update, when we either start the download (if not already downloaded), or validate the dylib. To address this, the progress indicator will immediately start making progress towards 25%. This prevents it from appearing stuck in what is an expected situation.https://github.com/user-attachments/assets/da57270d-a50b-49ab-9e53-ae02368c71dc
Uh oh!
There was an error while loading.Please reload this page.
Continues to address#201.
This PR reworks all XPC connections, such that the networking code runs within the privileged helper, instead of the network extension.
The XPC interfaces are described in
XPC.swift, and roughly follow this sequence diagram:(One difference is that we don't posix spawn the tunnel in this PR)
Of note is that the network extension starts and stops the daemon running within the privileged helper.
This is to support starting and stopping the VPN from the toggle in System Settings, and to ensure the "Connecting" and "Disconnecting" phase of the system VPN is indicative of the time the VPN is actually setting itself up and tearing itself down.
To accomplish this, the privileged helper listens on two different service names. One is connected to by the app, the other the network extension. (Once an XPC listener is connected to, communication is bidirectional)