therealaleph
af44abbcd3
v1.2.4 tagged cleanly but its CI failed — parallel Linux matrix jobs
on the self-hosted runners all raced on `/var/lib/apt/lists/lock` and
failed the `sudo apt-get install` step within ~20s. v1.2.4's release
job therefore skipped and no assets were published.
Fix:
- Pre-installed every apt dependency the workflow needs on both
self-hosted runners (eframe system libs, gcc-aarch64-linux-gnu,
gcc-arm-linux-gnueabihf).
- Seeded per-runner cargo linker configs at
/home/ghrunner/cargo-{01,02}/config.toml so the "echo
[target.xxx] linker = ..." workflow step is also unnecessary.
- Gated the "Install Linux eframe system deps" and the two cross-
compile-toolchain steps on `runner.environment == 'github-hosted'`
so only hosted runners call apt-get; self-hosted runners skip the
whole thing and use pre-installed tooling.
Re-tagging as v1.2.5 since v1.2.4 is an abandoned tag (git tag exists
but no GitHub Release was cut for it).
Same code changes as what v1.2.4 was meant to ship: PR #78 range-
parallel validation, PR #79 port-collision rejection, README note
on Android 7+ user-CA trust.
2.2 KiB
• سختکردن range-parallel: اعتبارسنجی هدر Content-Range قبل از دوختن پاسخهای ۲۰۶. پاسخهای نامعتبر دیگه به صورت ۲۰۰ OK جعلی ترکیب نمیشن — probe نامعتبر به GET تکی برمیگرده، چانکهای نامعتبر به پاسخ probe برمیگرده (PR #78)
• رد configهایی که HTTP و SOCKS5 رو روی یک پورت تنظیم کردهاند قبل از bind failure زمان اجرا. هم در load config و هم در فرم UI چک میشه (PR #79)
• یادداشت README درباره محدودیت user-CA اندروید 7+ — اپهایی مثل Telegram / WhatsApp / Instagram به CA ما اعتماد نمیکنن، برای اونها از PROXY_ONLY یا upstream_socks5 استفاده کنید (issues #74 #81)
• رفع زیرساخت CI: مراحل apt-get در buildهای Linux فقط روی runnerهای GitHub-hosted اجرا میشن. روی runnerهای self-hosted جدید، چندین job موازی روی /var/lib/apt/lists/lock رقابت میکردن و همه fail میشدن. بستهها اکنون در setup runner پیشنصب هستند
• Range-parallel hardening: validate Content-Range before stitching 206 responses. Invalid responses no longer combine into a fake 200 OK — invalid probe falls back to a normal single GET, invalid later chunks fall back to the probe response (PR #78)
• Reject configs that set HTTP and SOCKS5 to the same port before the runtime bind failure. Enforced both at config-load time and in the UI form (PR #79)
• README note on the Android 7+ user-CA trust limit — apps like Telegram / WhatsApp / Instagram don't trust user-installed CAs, use PROXY_ONLY or upstream_socks5 for those (issues #74 #81)
• CI infrastructure fix: apt-get steps on Linux build jobs gated to GitHub-hosted runners only. On the new self-hosted runners, multiple parallel matrix jobs were racing on /var/lib/apt/lists/lock and failing all at once. Packages now pre-installed at runner setup time