Merge remote-tracking branch 'origin/master' into 2499-rewrites-3

# Conflicts:
#	internal/home/dns.go

internal/home/controlupdate.go

@@ -123,7 +123,7 @@ func handleUpdate(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	err = Context.updater.Update()
+	err = Context.updater.Update(false)
 	if err != nil {
 		aghhttp.Error(r, w, http.StatusInternalServerError, "%s", err)
 

internal/home/dns.go

@@ -9,7 +9,9 @@ import (
 	"path/filepath"
 
 	"github.com/AdguardTeam/AdGuardHome/internal/aghalg"
+	"github.com/AdguardTeam/AdGuardHome/internal/aghhttp"
 	"github.com/AdguardTeam/AdGuardHome/internal/aghnet"
+	"github.com/AdguardTeam/AdGuardHome/internal/dhcpd"
 	"github.com/AdguardTeam/AdGuardHome/internal/dnsforward"
 	"github.com/AdguardTeam/AdGuardHome/internal/filtering"
 	"github.com/AdguardTeam/AdGuardHome/internal/filtering/rewrite"
@@ -40,17 +42,13 @@ func onConfigModified() {
 	}
 }
 
-// initDNSServer creates an instance of the dnsforward.Server
-// Please note that we must do it even if we don't start it
-// so that we had access to the query log and the stats
-func initDNSServer() (err error) {
+// initDNS updates all the fields of the [Context] needed to initialize the DNS
+// server and initializes it at last.  It also must not be called unless
+// [config] and [Context] are initialized.
+func initDNS() (err error) {
 	baseDir := Context.getDataDir()
 
-	var anonFunc aghnet.IPMutFunc
-	if config.DNS.AnonymizeClientIP {
-		anonFunc = querylog.AnonymizeIP
-	}
-	anonymizer := aghnet.NewIPMut(anonFunc)
+	anonymizer := config.anonymizer()
 
 	statsConf := stats.Config{
 		Filename:       filepath.Join(baseDir, "stats.db"),
@@ -88,20 +86,46 @@ func initDNSServer() (err error) {
 		return err
 	}
 
-	privateNets, err := initPrivateNets()
+	tlsConf := &tlsConfigSettings{}
+	Context.tls.WriteDiskConfig(tlsConf)
+
+	return initDNSServer(
+		Context.filters,
+		Context.stats,
+		Context.queryLog,
+		Context.dhcpServer,
+		anonymizer,
+		httpRegister,
+		tlsConf,
+	)
+}
+
+// initDNSServer initializes the [context.dnsServer].  To only use the internal
+// proxy, none of the arguments are required, but tlsConf still must not be nil,
+// in other cases all the arguments also must not be nil.  It also must not be
+// called unless [config] and [Context] are initialized.
+func initDNSServer(
+	filters *filtering.DNSFilter,
+	sts stats.Interface,
+	qlog querylog.QueryLog,
+	dhcpSrv dhcpd.Interface,
+	anonymizer *aghnet.IPMut,
+	httpReg aghhttp.RegisterFunc,
+	tlsConf *tlsConfigSettings,
+) (err error) {
+	privateNets, err := parseSubnetSet(config.DNS.PrivateNets)
 	if err != nil {
-		// Don't wrap the error, since it's informative enough as is.
-		return err
+		return fmt.Errorf("preparing set of private subnets: %w", err)
 	}
 
 	p := dnsforward.DNSCreateParams{
-		DNSFilter:   Context.filters,
-		Stats:       Context.stats,
-		QueryLog:    Context.queryLog,
+		DNSFilter:   filters,
+		Stats:       sts,
+		QueryLog:    qlog,
 		PrivateNets: privateNets,
 		Anonymizer:  anonymizer,
 		LocalDomain: config.DHCP.LocalDomainName,
-		DHCPServer:  Context.dhcpServer,
+		DHCPServer:  dhcpSrv,
 	}
 
 	Context.dnsServer, err = dnsforward.NewServer(p)
@@ -112,15 +136,15 @@ func initDNSServer() (err error) {
 	}
 
 	Context.clients.dnsServer = Context.dnsServer
-	var dnsConfig dnsforward.ServerConfig
-	dnsConfig, err = generateServerConfig()
+
+	dnsConf, err := generateServerConfig(tlsConf, httpReg)
 	if err != nil {
 		closeDNSServer()
 
 		return fmt.Errorf("generateServerConfig: %w", err)
 	}
 
-	err = Context.dnsServer.Prepare(&dnsConfig)
+	err = Context.dnsServer.Prepare(&dnsConf)
 	if err != nil {
 		closeDNSServer()
 
@@ -138,27 +162,30 @@ func initDNSServer() (err error) {
 	return nil
 }
 
-func initPrivateNets() (privateNets netutil.SubnetSet, err error) {
-	switch len(config.DNS.PrivateNets) {
+// parseSubnetSet parses a slice of subnets.  If the slice is empty, it returns
+// a subnet set that matches all locally served networks, see
+// [netutil.IsLocallyServed].
+func parseSubnetSet(nets []string) (s netutil.SubnetSet, err error) {
+	switch len(nets) {
 	case 0:
-		// Use an optimized locally-served matcher.
-		privateNets = netutil.SubnetSetFunc(netutil.IsLocallyServed)
+		// Use an optimized function-based matcher.
+		return netutil.SubnetSetFunc(netutil.IsLocallyServed), nil
 	case 1:
-		privateNets, err = netutil.ParseSubnet(config.DNS.PrivateNets[0])
+		s, err = netutil.ParseSubnet(nets[0])
 		if err != nil {
-			return nil, fmt.Errorf("preparing the set of private subnets: %w", err)
+			return nil, err
 		}
+
+		return s, nil
 	default:
 		var nets []*net.IPNet
 		nets, err = netutil.ParseSubnets(config.DNS.PrivateNets...)
 		if err != nil {
-			return nil, fmt.Errorf("preparing the set of private subnets: %w", err)
+			return nil, err
 		}
 
-		privateNets = netutil.SliceSubnetSet(nets)
+		return netutil.SliceSubnetSet(nets), nil
 	}
-
-	return privateNets, nil
 }
 
 func isRunning() bool {
@@ -208,7 +235,10 @@ func ipsToUDPAddrs(ips []netip.Addr, port int) (udpAddrs []*net.UDPAddr) {
 	return udpAddrs
 }
 
-func generateServerConfig() (newConf dnsforward.ServerConfig, err error) {
+func generateServerConfig(
+	tlsConf *tlsConfigSettings,
+	httpReg aghhttp.RegisterFunc,
+) (newConf dnsforward.ServerConfig, err error) {
 	dnsConf := config.DNS
 	hosts := aghalg.CoalesceSlice(dnsConf.BindHosts, []netip.Addr{netutil.IPv4Localhost()})
 	newConf = dnsforward.ServerConfig{
@@ -216,12 +246,10 @@ func generateServerConfig() (newConf dnsforward.ServerConfig, err error) {
 		TCPListenAddrs:  ipsToTCPAddrs(hosts, dnsConf.Port),
 		FilteringConfig: dnsConf.FilteringConfig,
 		ConfigModified:  onConfigModified,
-		HTTPRegister:    httpRegister,
+		HTTPRegister:    httpReg,
 		OnDNSRequest:    onDNSRequest,
 	}
 
-	tlsConf := tlsConfigSettings{}
-	Context.tls.WriteDiskConfig(&tlsConf)
 	if tlsConf.Enabled {
 		newConf.TLSConfig = tlsConf.TLSConfig
 		newConf.TLSConfig.ServerName = tlsConf.ServerName
@@ -239,7 +267,7 @@ func generateServerConfig() (newConf dnsforward.ServerConfig, err error) {
 		}
 
 		if tlsConf.PortDNSCrypt != 0 {
-			newConf.DNSCryptConfig, err = newDNSCrypt(hosts, tlsConf)
+			newConf.DNSCryptConfig, err = newDNSCrypt(hosts, *tlsConf)
 			if err != nil {
 				// Don't wrap the error, because it's already
 				// wrapped by newDNSCrypt.
@@ -428,7 +456,11 @@ func startDNSServer() error {
 
 func reconfigureDNSServer() (err error) {
 	var newConf dnsforward.ServerConfig
-	newConf, err = generateServerConfig()
+
+	tlsConf := &tlsConfigSettings{}
+	Context.tls.WriteDiskConfig(tlsConf)
+
+	newConf, err = generateServerConfig(tlsConf, httpRegister)
 	if err != nil {
 		return fmt.Errorf("generating forwarding dns server config: %w", err)
 	}

internal/home/home.go

@@ -455,6 +455,10 @@ func run(opts options, clientBuildFS fs.FS) {
 	err = setupConfig(opts)
 	fatalOnError(err)
 
+	// TODO(e.burkov):  This could be made earlier, probably as the option's
+	// effect.
+	cmdlineUpdate(opts)
+
 	if !Context.firstRun {
 		// Save the updated config
 		err = config.write()
@@ -522,7 +526,7 @@ func run(opts options, clientBuildFS fs.FS) {
 	fatalOnError(err)
 
 	if !Context.firstRun {
-		err = initDNSServer()
+		err = initDNS()
 		fatalOnError(err)
 
 		Context.tls.start()
@@ -543,20 +547,24 @@ func run(opts options, clientBuildFS fs.FS) {
 		}
 	}
 
-	// TODO(a.garipov): This could be made much earlier and could be done on
-	// the first run as well, but to achieve this we need to bypass requests
-	// over dnsforward resolver.
-	cmdlineUpdate(opts)
-
 	Context.web.Start()
 
 	// wait indefinitely for other go-routines to complete their job
 	select {}
 }
 
+func (c *configuration) anonymizer() (ipmut *aghnet.IPMut) {
+	var anonFunc aghnet.IPMutFunc
+	if c.DNS.AnonymizeClientIP {
+		anonFunc = querylog.AnonymizeIP
+	}
+
+	return aghnet.NewIPMut(anonFunc)
+}
+
 // startMods initializes and starts the DNS server after installation.
-func startMods() error {
-	err := initDNSServer()
+func startMods() (err error) {
+	err = initDNS()
 	if err != nil {
 		return err
 	}
@@ -927,8 +935,8 @@ func getHTTPProxy(_ *http.Request) (*url.URL, error) {
 
 // jsonError is a generic JSON error response.
 //
-// TODO(a.garipov): Merge together with the implementations in .../dhcpd and
-// other packages after refactoring the web handler registering.
+// TODO(a.garipov): Merge together with the implementations in [dhcpd] and other
+// packages after refactoring the web handler registering.
 type jsonError struct {
 	// Message is the error message, an opaque string.
 	Message string `json:"message"`
@@ -940,30 +948,40 @@ func cmdlineUpdate(opts options) {
 		return
 	}
 
-	log.Info("starting update")
+	// Initialize the DNS server to use the internal resolver which the updater
+	// needs to be able to resolve the update source hostname.
+	//
+	// TODO(e.burkov):  We could probably initialize the internal resolver
+	// separately.
+	err := initDNSServer(nil, nil, nil, nil, nil, nil, &tlsConfigSettings{})
+	fatalOnError(err)
 
-	if Context.firstRun {
-		log.Info("update not allowed on first run")
+	log.Info("cmdline update: performing update")
 
-		os.Exit(0)
-	}
-
-	_, err := Context.updater.VersionInfo(true)
+	updater := Context.updater
+	info, err := updater.VersionInfo(true)
 	if err != nil {
-		vcu := Context.updater.VersionCheckURL()
+		vcu := updater.VersionCheckURL()
 		log.Error("getting version info from %s: %s", vcu, err)
 
-		os.Exit(0)
+		os.Exit(1)
 	}
 
-	if Context.updater.NewVersion() == "" {
+	if info.NewVersion == version.Version() {
 		log.Info("no updates available")
 
 		os.Exit(0)
 	}
 
-	err = Context.updater.Update()
+	err = updater.Update(Context.firstRun)
 	fatalOnError(err)
 
+	err = restartService()
+	if err != nil {
+		log.Debug("restarting service: %s", err)
+		log.Info("AdGuard Home was not installed as a service. " +
+			"Please restart running instances of AdGuardHome manually.")
+	}
+
 	os.Exit(0)
 }

internal/home/options.go

@@ -229,7 +229,7 @@ var cmdLineOpts = []cmdLineOpt{{
 	updateNoValue:   func(o options) (options, error) { o.performUpdate = true; return o, nil },
 	effect:          nil,
 	serialize:       func(o options) (val string, ok bool) { return "", o.performUpdate },
-	description:     "Update application and exit.",
+	description:     "Update the current binary and restart the service in case it's installed.",
 	longName:        "update",
 	shortName:       "",
 }, {

internal/home/service.go

@@ -159,6 +159,38 @@ func sendSigReload() {
 	log.Debug("service: sent signal to pid %d", pid)
 }
 
+// restartService restarts the service.  It returns error if the service is not
+// running.
+func restartService() (err error) {
+	// Call chooseSystem explicitly to introduce OpenBSD support for service
+	// package.  It's a noop for other GOOS values.
+	chooseSystem()
+
+	pwd, err := os.Getwd()
+	if err != nil {
+		return fmt.Errorf("getting current directory: %w", err)
+	}
+
+	svcConfig := &service.Config{
+		Name:             serviceName,
+		DisplayName:      serviceDisplayName,
+		Description:      serviceDescription,
+		WorkingDirectory: pwd,
+	}
+	configureService(svcConfig)
+
+	var s service.Service
+	if s, err = service.New(&program{}, svcConfig); err != nil {
+		return fmt.Errorf("initializing service: %w", err)
+	}
+
+	if err = svcAction(s, "restart"); err != nil {
+		return fmt.Errorf("restarting service: %w", err)
+	}
+
+	return nil
+}
+
 // handleServiceControlAction one of the possible control actions:
 //
 //   - install:  Installs a service/daemon.

internal/home/service_linux.go

@@ -7,6 +7,8 @@ import (
 	"github.com/kardianos/service"
 )
 
+// chooseSystem checks the current system detected and substitutes it with local
+// implementation if needed.
 func chooseSystem() {
 	sys := service.ChosenSystem()
 	// By default, package service uses the SysV system if it cannot detect

internal/home/service_openbsd.go

@@ -30,6 +30,8 @@ import (
 // sysVersion is the version of local service.System interface implementation.
 const sysVersion = "openbsd-runcom"
 
+// chooseSystem checks the current system detected and substitutes it with local
+// implementation if needed.
 func chooseSystem() {
 	service.ChooseSystem(openbsdSystem{})
 }