1
0
forked from GRIN/grim

Build 66: disable clearnet update-check; drop sidecar build steps

Security (audit H-2): the legacy update check is OFF by default. It hit
code.gri.mw (GRIM's gitea) directly over CLEARNET via the old HttpClient —
leaking "this user runs Goblin" metadata on every wallet-list view, which
defeats the nothing-clearnet mixnet model, and it pointed at the wrong
project's releases anyway. Opt-in only until reworked to run over the
mixnet against Goblin's own releases.

Build: with the Nym SDK linked in-process there's no sidecar binary to
embed or bundle. linux/build_release.sh drops the GOBLIN_NYM_UNIX_BIN
embed (AppImage is one self-contained binary); scripts/android.sh stops
bundling nym-socks5-client into jniLibs (the cdylib links nym-sdk
directly); scripts/nym-android.sh deleted.
This commit is contained in:
2ro
2026-06-14 04:07:24 -04:00
parent 63d5ca2b5f
commit 2578a35cf7
4 changed files with 13 additions and 65 deletions
+4 -17
View File
@@ -5,12 +5,8 @@
# Usage: linux/build_release.sh [platform]
# platform: 'x86_64' (default) or 'arm'
#
# The nym-socks5-client sidecar is EMBEDDED into the goblin binary (build.rs +
# src/nym/sidecar.rs, via GOBLIN_NYM_UNIX_BIN), so the AppImage ships as one
# self-contained file with no loose sidecar beside AppRun — matching the
# single-file Windows build. Point GOBLIN_NYM_UNIX_BIN at a glibc-2.17 sidecar
# (the portable one staged under the project root at nym-dist/) so the embedded
# copy is as portable as the host binary.
# Goblin links the Nym SDK IN-PROCESS (src/nym/), so the AppImage is one
# self-contained binary with no sidecar to embed or ship beside it.
set -euo pipefail
@@ -25,15 +21,6 @@ esac
BASEDIR=$(cd "$(dirname "$0")" && pwd)
cd "${BASEDIR}/.."
# Portable, glibc-2.17 sidecar to embed (override with GOBLIN_NYM_UNIX_BIN).
: "${GOBLIN_NYM_UNIX_BIN:=$(cd .. && pwd)/nym-dist/nym-socks5-client}"
if [[ ! -x "${GOBLIN_NYM_UNIX_BIN}" ]]; then
echo "error: sidecar to embed not found/executable: ${GOBLIN_NYM_UNIX_BIN}" >&2
echo " set GOBLIN_NYM_UNIX_BIN to a built nym-socks5-client" >&2
exit 1
fi
export GOBLIN_NYM_UNIX_BIN
rustup target add "${arch}"
command -v cargo-zigbuild >/dev/null || cargo install cargo-zigbuild
@@ -44,8 +31,8 @@ export CFLAGS_x86_64_unknown_linux_gnu="-DCROARING_COMPILER_SUPPORTS_AVX512=0"
export CXXFLAGS_x86_64_unknown_linux_gnu="-DCROARING_COMPILER_SUPPORTS_AVX512=0"
cargo zigbuild --release --target "${arch}.2.17"
# Assemble the AppDir: AppRun IS the goblin binary (sidecar baked in), plus the
# icon + desktop entry. No loose sidecar file.
# Assemble the AppDir: AppRun IS the goblin binary (Nym SDK linked in), plus the
# icon + desktop entry. Nothing else.
appdir="linux/Goblin.AppDir"
cp "target/${arch}/release/goblin" "${appdir}/AppRun"
chmod +x "${appdir}/AppRun"
+2 -15
View File
@@ -49,21 +49,8 @@ function build_lib() {
sed -i -e 's/"cdylib","rlib"]/"rlib"]/g' Cargo.toml
rm -f Cargo.toml-e
# Bundle the Nym SOCKS5 sidecar beside libgrim.so. Named lib*.so so Android
# ships it in the APK's jniLibs and extracts it to the native-library dir —
# the only exec-allowed location for a child process (manifest needs
# extractNativeLibs=true). Built from the Nym workspace; see scripts/nym-android.sh.
[[ $1 == "v7" ]] && nym_target=armv7-linux-androideabi
[[ $1 == "v8" ]] && nym_target=aarch64-linux-android
[[ $1 == "x86" ]] && nym_target=x86_64-linux-android
nym_bin="${NYM_DIR:-../nym/target}/${nym_target}/release/nym-socks5-client"
if [ -f "${nym_bin}" ]; then
cp "${nym_bin}" "android/app/src/main/jniLibs/${arch}/libnym_socks5_client.so"
echo "bundled Nym sidecar: jniLibs/${arch}/libnym_socks5_client.so"
else
echo "WARN: Nym sidecar missing at ${nym_bin} — APK will have NO mixnet sidecar"
success=0
fi
# The Nym mixnet is linked INTO libgrim.so (nym-sdk is a regular dependency),
# so there is no separate sidecar binary to cross-build or bundle into jniLibs.
}
### Build application
-31
View File
@@ -1,31 +0,0 @@
#!/bin/bash
# Cross-compile the bundled Nym SOCKS5 sidecar (nym-socks5-client) for Android.
# scripts/android.sh copies the result into the APK's jniLibs as
# libnym_socks5_client.so so Goblin can launch the mixnet client on-device.
#
# Usage: NYM_SRC=../nym scripts/nym-android.sh [v7|v8|x86|all]
# NYM_SRC path to the Nym workspace checkout (default: ../nym)
# Requires: ANDROID_NDK_HOME, rustup android targets, cargo-ndk.
#
# Note: the sidecar is patched to use preconfigured webpki roots on Android
# (common/http-api-client/src/registry.rs) — the default rustls platform
# verifier needs the app's JNI context, which a standalone process lacks.
set -e
NYM_SRC="${NYM_SRC:-../nym}"
WHICH="${1:-all}"
build() {
local abi="$1"
echo ">> building nym-socks5-client for ${abi}"
( cd "${NYM_SRC}" && cargo ndk -t "${abi}" build --release -p nym-socks5-client )
}
case "${WHICH}" in
v7) build armeabi-v7a ;;
v8) build arm64-v8a ;;
x86) build x86_64 ;;
all) build arm64-v8a; build x86_64; build armeabi-v7a ;;
*) echo "usage: $0 [v7|v8|x86|all]"; exit 1 ;;
esac
echo "done — sidecars in ${NYM_SRC}/target/<triple>/release/nym-socks5-client"
+7 -2
View File
@@ -198,7 +198,12 @@ impl Default for AppConfig {
use_socks_proxy: None,
http_proxy_url: None,
socks_proxy_url: None,
check_updates: Some(true),
// Off by default: the legacy update check hits code.gri.mw (GRIM's
// gitea) directly over CLEARNET via the old HttpClient — it leaks
// "this user runs Goblin" metadata (defeating the nothing-clearnet
// mixnet model) and points at the wrong project's releases. Opt-in
// only until reworked to run over the mixnet against Goblin releases.
check_updates: Some(false),
app_update: None,
}
}
@@ -537,7 +542,7 @@ impl AppConfig {
/// Check updates on startup.
pub fn check_updates() -> bool {
let r_config = Settings::app_config_to_read();
r_config.check_updates.unwrap_or(true)
r_config.check_updates.unwrap_or(false)
}
/// Disable or enable updates checking.