In older versions of iOS, it's not possible to call `NETunnelProviderManager.loadAllFromPreferences()` from inside the network extension process. We were seeing `NETunnelProviderManager objects cannot be instantiated from NEProvider processes` errors in iOS 16. It's unclear exactly when the change happened to allow it, but as far as we can tell it was in iOS 17.
To Test:
1. On a real device running iOS 16, ensure that enrolling as a Managed Nebula host works correctly.
2. Start the site.
3. Update the host in the admin panel and wait at least 15 minutes for a `checkForUpdate` from the mobile client. You should get a `Host renewed` audit log for the host.
4. Verify that there's a log for "Reloading Nebula" in the mobile host, and that it has an up-to-date config.
These are a few more minor updated dependencies, mostly in go.mod. I also see that the pubspec now has an update to the flutter version, which should have happened previously along with the flutter upgrade, but it didn't for whatever reason.
This performs the recommended setting updates from xcode, though I needed to turn off `ENABLE_USER_SCRIPT_SANDBOXING` as it does not seem to be fully compatible with flutter.
I also dealt with a warning of: "Extension declares a conformance of imported type 'String' to imported protocol 'Error'; this will not behave correctly if the owners of 'Swift' introduce this conformance in the future", by creating and using some custom error types.
Lastly, I fixed our podfile to ensure that the `IPHONEOS_DEPLOYMENT_TARGET` is at least 12, which is our project setting.
Closes https://github.com/DefinedNet/mobile_nebula/issues/191
Nate would like us to be able to save an invalid site, as a way of saving partial progress and then fixing issues later on, so that's what this PR does, for both Android and iOS. To test, add a site, give it a name, and press save. You should be taken to a list of sites, including the newly created invalid site.
The main thing here is that it will support edge-to-edge when we target android 15, and it changes the default for deep links.
The update to mobile_scanner should improve ios simulator support, but I'm finding that the app still won't load in the simulator (even without mobile_scanner at all), so there's some other work to do there.
https://medium.com/flutter/whats-new-in-flutter-3-27-28341129570c
This should avoid the errors we've been seeing in Sentry of:
```
MissingPluginException(No implementation found for method listen on channel net.defined.nebula/null)
```
To test, start up the mobile app in an android phone or emulator, tap the plus button to add a new site, and verify that no error log is shown.
Note: we still get a similar error when tapping the "Good Site" or "Bad Site" in debug, but I believe that is because it's being created too quickly before the EventChannel has a chance to be set up. Adding a site manually does not trigger the error.
We had some old GitHub actions that were using old node versions. This updates them, removes some that have been archived/deprecated, and fixes caching of go dependencies.
This adds steps to our android debug smoke build to upload a debug apk on merges to main, retained for 60 days. This can be used to help test and troubleshoot builds in between Android releases.
This fixes a few issues:
1) When updates are made, we will no longer create duplicate VPN profiles, rather we will update existing ones.
2) We will correctly update an existing profile when the site is running and an update is received, rather than attempting to create a new profile, which failed due to permissions errors.
3) We will always reload nebula, even if we can't successfully save the VPN profile.
4) The default polling interval of 15 minutes is restored (previously set to 30 seconds during testing).
So far in manual testing I've confirmed that I do not lose the tunnel to my lighthouse even after the original 30 minute expiration of a certificate. This confirms that reloads are occurring correctly. Additionally, duplicate sites are not created when updates occur while the site is disconnected.
This adds a workflow into PRs to build the iOS and Android apps, just to verify that they aren't completely broken / unable to build. They're debug builds, so it won't completely mirror the release build, but that allows us to avoid getting signing keys in the workflow.
Addresses the errors seen in DefinedNet/mobile_nebula/actions/runs/11221064890/job/31190581077#step:13:1260
Locally I am able to perform most of a release build after removing these proguard rules which were previously added to avoid minification stripping out flutter code. That seems to no longer be required, though.
And target iphoneos 12, to avoid some warnings.
We only use the file picker to allow users to load in nebula certs/keys, we don't need access to pictures.
This updates kotlin, gson, AGP, and WorkManager to the latest versions.
It also updates the README to include the correct ndk version for our AGP, as specified here: developer.android.com/build/releases/gradle-plugin#compatibility
