feat: add DangerousDisableDownloadSignatureValidation UserDefault to skip tunnel binary codesign check

Author: ethanndickson

Coder-Desktop/Coder-Desktop/State.swift

@@ -10,6 +10,8 @@ class AppState: ObservableObject {
     private let logger = Logger(subsystem: Bundle.main.bundleIdentifier!, category: "AppState")
     let appId = Bundle.main.bundleIdentifier!
 
+    let dangerousDisableDownloadSignatureValidation: Bool
+
     // Stored in UserDefaults
     @Published private(set) var hasSession: Bool {
         didSet {
@@ -87,6 +89,7 @@ class AppState: ObservableObject {
         if useLiteralHeaders, let headers = try? JSONEncoder().encode(literalHeaders) {
             proto.providerConfiguration?["literalHeaders"] = headers
         }
+        proto.providerConfiguration?["dangerousDisableDownloadSignatureValidation"] = dangerousDisableDownloadSignatureValidation
         proto.serverAddress = baseAccessURL!.absoluteString
         return proto
     }
@@ -106,6 +109,9 @@ class AppState: ObservableObject {
     {
         self.persistent = persistent
         self.onChange = onChange
+        dangerousDisableDownloadSignatureValidation = persistent
+            ? UserDefaults.standard.bool(forKey: Keys.dangerousDisableDownloadSignatureValidation)
+            : false
         keychain = Keychain(service: Bundle.main.bundleIdentifier!)
         _hasSession = Published(initialValue: persistent ? UserDefaults.standard.bool(forKey: Keys.hasSession) : false)
         _baseAccessURL = Published(
@@ -219,6 +225,7 @@ class AppState: ObservableObject {
         static let stopVPNOnQuit = "StopVPNOnQuit"
         static let startVPNOnLaunch = "StartVPNOnLaunch"
 
+        static let dangerousDisableDownloadSignatureValidation = "DangerousDisableDownloadSignatureValidation"
         static let skipHiddenIconAlert = "SkipHiddenIconAlert"
     }
 }

Coder-Desktop/Coder-DesktopHelper/HelperXPCListeners.swift

@@ -80,6 +80,7 @@ extension HelperNEXPCServer: HelperNEXPCInterface {
         token: String,
         tun: FileHandle,
         headers: Data?,
+        dangerousDisableSignatureValidation: Bool,
         reply: @escaping (Error?) -> Void
     ) {
         logger.info("startDaemon called")
@@ -92,7 +93,8 @@ extension HelperNEXPCServer: HelperNEXPCInterface {
                         apiToken: token,
                         serverUrl: accessURL,
                         tunFd: tun.fileDescriptor,
-                        literalHeaders: headers.flatMap { try? JSONDecoder().decode([HTTPHeader].self, from: $0) } ?? []
+                        literalHeaders: headers.flatMap { try? JSONDecoder().decode([HTTPHeader].self, from: $0) } ?? [],
+                        dangerousDisableSignatureValidation: dangerousDisableSignatureValidation
                     )
                 )
                 try await manager.startVPN()

Coder-Desktop/Coder-DesktopHelper/Manager.swift

@@ -74,12 +74,17 @@ actor Manager {
         } catch {
             throw .download(error)
         }
-        pushProgress(stage: .validating)
+
         do {
-            try Validator.validateSignature(binaryPath: dest)
+            if cfg.dangerousDisableSignatureValidation {
+                logger.warning("Skipping code signature validation of downloaded binary (disabled by configuration)")
+            } else {
+                pushProgress(stage: .validating)
+                try Validator.validateSignature(binaryPath: dest)
+            }
             try await Validator.validateVersion(binaryPath: dest, serverVersion: buildInfo.version)
         } catch {
-            // Cleanup unvalid binary
+            // Cleanup invalid binary
             try? FileManager.default.removeItem(at: dest)
             throw .validation(error)
         }
@@ -270,6 +275,7 @@ struct ManagerConfig {
     let serverUrl: URL
     let tunFd: Int32
     let literalHeaders: [HTTPHeader]
+    let dangerousDisableSignatureValidation: Bool
 }
 
 enum ManagerError: Error {

Coder-Desktop/VPN/NEHelperXPCClient.swift

@@ -35,7 +35,7 @@ final class HelperXPCClient: @unchecked Sendable {
         return connection
     }
 
-    func startDaemon(accessURL: URL, token: String, tun: FileHandle, headers: Data?) async throws {
+    func startDaemon(accessURL: URL, token: String, tun: FileHandle, headers: Data?, dangerousDisableSignatureValidation: Bool) async throws {
         let conn = connect()
         return try await withCheckedThrowingContinuation { continuation in
             guard let proxy = conn.remoteObjectProxyWithErrorHandler({ err in
@@ -46,7 +46,7 @@ final class HelperXPCClient: @unchecked Sendable {
                 continuation.resume(throwing: XPCError.wrongProxyType)
                 return
             }
-            proxy.startDaemon(accessURL: accessURL, token: token, tun: tun, headers: headers) { err in
+            proxy.startDaemon(accessURL: accessURL, token: token, tun: tun, headers: headers, dangerousDisableSignatureValidation: dangerousDisableSignatureValidation) { err in
                 if let error = err {
                     self.logger.error("Failed to start daemon: \(error.localizedDescription, privacy: .public)")
                     continuation.resume(throwing: error)

Coder-Desktop/VPN/PacketTunnelProvider.swift

@@ -59,6 +59,7 @@ class PacketTunnelProvider: NEPacketTunnelProvider, @unchecked Sendable {
             throw makeNSError(suffix: "PTP", desc: "Missing Token")
         }
         let headers = proto.providerConfiguration?["literalHeaders"] as? Data
+        let dangerousDisableSigValidation = proto.providerConfiguration?["dangerousDisableDownloadSignatureValidation"] as? Bool ?? false
         logger.debug("retrieved token & access URL")
         guard let tunFd = tunnelFileDescriptor else {
             logger.error("startTunnel called with nil tunnelFileDescriptor")
@@ -68,7 +69,8 @@ class PacketTunnelProvider: NEPacketTunnelProvider, @unchecked Sendable {
             accessURL: .init(string: baseAccessURL)!,
             token: token,
             tun: FileHandle(fileDescriptor: tunFd),
-            headers: headers
+            headers: headers,
+            dangerousDisableSignatureValidation: dangerousDisableSigValidation
         )
     }
 

Coder-Desktop/VPNLib/XPC.swift

@@ -26,7 +26,7 @@ public let helperNEMachServiceName = "4399GN35BJ.com.coder.Coder-Desktop.HelperN
 @preconcurrency
 @objc public protocol HelperNEXPCInterface {
     // headers is a JSON `[HTTPHeader]`
-    func startDaemon(accessURL: URL, token: String, tun: FileHandle, headers: Data?, reply: @escaping (Error?) -> Void)
+    func startDaemon(accessURL: URL, token: String, tun: FileHandle, headers: Data?, dangerousDisableSignatureValidation: Bool, reply: @escaping (Error?) -> Void)
     func stopDaemon(reply: @escaping (Error?) -> Void)
 }