therealaleph
658e72fe0d
v1.2.4 and v1.2.5 both cut clean tags but CI failed downstream for different self-hosted reasons: - v1.2.4 failed on parallel apt-lock race (fixed) - v1.2.5 failed with "TOML parse error at line 5 column 9" because rust-cache v2's default cache-bin=true prunes $CARGO_HOME/bin of any binary not installed via `cargo install`. `rustup` itself is installed by rustup-init, not cargo install, so it got flagged as "unknown" and deleted on cache save. Next job hits the cargo symlink that points at a missing rustup, which resolves somehow to a very old cargo that can't parse our Cargo.toml. Fix: - Set `cache-bin: "false"` on every Swatinem/rust-cache@v2 call. We still cache target/ + registry (the big win), just not bin/. Binaries are stable across runs on our self-hosted box anyway. - Reinstalled rustup inside each per-runner CARGO_HOME on the server to recover from the broken state. Also in this release: - PR #83: new `mhrv-rs scan-sni` subcommand. Pulls Google's published IP ranges, does PTR lookups via dns.google on each IP, filters to Google-related hostnames, then TLS-probes each discovered SNI against the configured google_ip to see which ones bypass DPI. Useful for rebuilding a working SNI pool on a new ISP. Adds the `url` crate dep. Same user-facing code as v1.2.4/v1.2.5 (PRs #78, #79, README Android note) plus PR #83 and the CI fixes on top.
3.4 KiB
• سختکردن range-parallel: اعتبارسنجی هدر Content-Range قبل از دوختن پاسخهای ۲۰۶. پاسخهای نامعتبر دیگه به صورت ۲۰۰ OK جعلی ترکیب نمیشن — probe نامعتبر به GET تکی برمیگرده، چانکهای نامعتبر به پاسخ probe برمیگرده (PR #78)
• رد configهایی که HTTP و SOCKS5 رو روی یک پورت تنظیم کردهاند قبل از bind failure زمان اجرا. هم در load config و هم در فرم UI چک میشه (PR #79)
• یادداشت README درباره محدودیت user-CA اندروید 7+ — اپهایی مثل Telegram / WhatsApp / Instagram به CA ما اعتماد نمیکنن، برای اونها از PROXY_ONLY یا upstream_socks5 استفاده کنید (issues #74 #81)
• رفع زیرساخت CI (دور دوم): rust-cache v2 به صورت پیشفرض $CARGO_HOME/bin رو در پایان هر job pruneمیکرد و باینری rustup رو (که توسط rustup-init نصب شده، نه cargo install) پاک میکرد. این باعث میشد jobهای بعدی روی symlinkهای شکسته به TOML parse error برخورد کنن. حالا cache-bin: "false" تنظیم کردیم و cargo-ndk هم به /usr/local/bin/ منتقل شده
• اسکن SNI خودکار: دستور جدید mhrv-rs scan-sni که از رنج IPهای Google با PTR lookup روی dns.google شروع میکنه، روی هر IP SNIهای Google-related رو کشف میکنه، و هر کدوم رو با TLS handshake علیه google_ip تست میکنه تا ببینه DPI رو رد میکنن یا نه (PR #83)
• Range-parallel hardening: validate Content-Range before stitching 206 responses. Invalid responses no longer combine into a fake 200 OK — invalid probe falls back to a normal single GET, invalid later chunks fall back to the probe response (PR #78)
• Reject configs that set HTTP and SOCKS5 to the same port before the runtime bind failure. Enforced both at config-load time and in the UI form (PR #79)
• README note on the Android 7+ user-CA trust limit — apps like Telegram / WhatsApp / Instagram don't trust user-installed CAs, use PROXY_ONLY or upstream_socks5 for those (issues #74 #81)
• CI infrastructure fix (round 1): apt-get steps on Linux build jobs gated to GitHub-hosted runners only. On the new self-hosted runners, multiple parallel matrix jobs were racing on /var/lib/apt/lists/lock and failing all at once. Packages now pre-installed at runner setup time
• CI infrastructure fix (round 2): rust-cache v2's default bin-pruning was wiping the rustup binary at end of each job (since rustup wasn't installed via cargo install, rust-cache considered it an "unknown" bin). Next job then hit TOML parse errors from broken cargo symlinks. Set cache-bin: "false" and moved cargo-ndk to /usr/local/bin/ out of rust-cache's reach
• New mhrv-rs scan-sni subcommand: pulls Google's IP ranges, does PTR lookups via dns.google on each IP to discover Google-related hostnames, then TLS-probes each discovered SNI against the configured google_ip to see if it bypasses DPI. Useful for rebuilding a working SNI pool on a new ISP (PR #83)