forked from Ylianst/MeshAgent
-
Notifications
You must be signed in to change notification settings - Fork 0
Update MeshAgent from Fork #33
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Open
ivan-flamingo
wants to merge
36
commits into
flamingo-stack:master
Choose a base branch
from
Ylianst:master
base: master
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
+1,843
−918
Open
Changes from all commits
Commits
Show all changes
36 commits
Select commit
Hold shift + click to select a range
925ce38
Removed trying to load Windows system DLLs from user folders (#329)
panreyes 609a2ce
Fix (UAC/Lock screen) (#320)
LightZirconite ac59c22
update duktape commit date/hash
si458 2277c1b
update win-wmi with fixes from meshcentral
si458 6860fd7
Fixed typo (net stort instead of net start) (#330)
panreyes 8bbc945
Upgrade CodeQL actions to v2 and v4
si458 9bda665
Downgrade CodeQL action version to v2
si458 c1bb5cc
Enable JavaScript and C++ for CodeQL analysis
si458 4f9692c
Added option to limit the width of the desktop notification bar and a…
panreyes 3e6203d
Code safely fix
Ylianst 4a34966
Feat/agent validate webcert (#259)
HuFlungDu 62b206e
Force alignment of allocated memory to prevent segmentation faults on…
gutschke c0faef2
Fixed compiler warnings
Ylianst 9cb8ba1
Security note
Ylianst 8dece7d
Linux compile fix
Ylianst ca0ebf2
Update README with supported agent keys table
si458 1d3662e
add mutliple monitor support to x11 for linux (#340)
si458 795b7d4
Corrected kvm_server_SetResolution definition and call. Fixes UAC del…
panreyes 973b720
Run Duktape GC after system proxy detection (#346)
stachi a040c51
fix: prevent double-free of controlChannelRequest on connection timeo…
bdasnevesKP 19e7135
macOS Tahoe: helper joins console user audit session for screen captu…
Austin519 f9ace66
fix db.Delete and add extra arguments to dbTool.js
si458 b33a61d
update WindowsTargetPlatformVersion and commit.h
si458 a20c31f
macOS Tahoe: split KVM helper into a user LaunchAgent (replaces #344 …
Austin519 6565c5e
fix macos kvmagent reconnect
si458 f3e031a
Fix UninstallString issues with paths with spaces (#352)
panreyes f2302c1
update modules #332
si458 7b55490
update agent-installer
si458 cb62daa
add xrandr and universal mac build to makefile instructions
si458 a116e9c
add Linux build workflow
si458 bbb477f
Refactor Linux build workflow for ARM architecture
si458 09d970c
use sudo for linux build
si458 40b0799
Update Windows build workflow for GitHub Actions
si458 b67fcda
Rename windows-build to windows-build.yml
si458 331b708
use any 10.0 platform instead of fixed, also continue on fail build
si458 542d57b
replace afxres with winresrc and use windows-2022 to run on workflows
si458 File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,49 @@ | ||
| name: Linux Build | ||
| run-name: Build Linux versions of MeshAgent | ||
| on: [push] | ||
| jobs: | ||
| linux-build-x86: | ||
| runs-on: ubuntu-24.04 | ||
| steps: | ||
| - name: Check out repository code | ||
| uses: actions/checkout@v7.0.0 | ||
| - name: Install Packages | ||
| run: | | ||
| sudo dpkg --add-architecture i386 && | ||
| sudo apt clean all && sudo apt update && | ||
| sudo apt-get install -y libx11-dev libxtst-dev libxext-dev libjpeg62-dev build-essential && | ||
| sudo apt-get install -y linux-libc-dev:i386 libc6-dev-i386 libjpeg62-dev:i386 && | ||
| sudo apt-get install -y libc6-armel-cross libc6-dev-armel-cross binutils-arm-linux-gnueabi libncurses5-dev gcc-arm-linux-gnueabihf && | ||
| sudo apt-get install -y libxrandr-dev | ||
| - name: Build 32 Bit Linux | ||
| run: make -j4 linux ARCHID=5 && make clean | ||
| - name: Build 64 Bit Linux | ||
| run: make -j4 linux ARCHID=6 && make clean | ||
| - name: Build 32 Bit NOKVM Linux | ||
| run: make -j4 linux ARCHID=19 && make clean | ||
| - name: Build 64 Bit NOKVM Linux | ||
| run: make -j4 linux ARCHID=20 && make clean | ||
| - name: Build 64 Bit Alpine Linux | ||
| run: make -j4 linux ARCHID=33 && make clean | ||
| - name: Upload Artifacts | ||
| uses: actions/upload-artifact@v7.0.1 | ||
| with: | ||
| name: meshagent-binaries-x86 | ||
| path: ${{ github.workspace }}/meshagent_* | ||
|
|
||
| linux-build-arm: | ||
| runs-on: ubuntu-24.04-arm | ||
| steps: | ||
| - name: Check out repository code | ||
| uses: actions/checkout@v7.0.0 | ||
| - name: Install Packages | ||
| run: | | ||
| sudo apt clean all && sudo apt update && | ||
| sudo apt-get install -y libx11-dev libxtst-dev libxext-dev libjpeg-dev libxrandr-dev build-essential | ||
| - name: Build ARM64 Linux | ||
| run: make -j4 linux ARCHID=26 && make clean | ||
| - name: Upload Artifacts | ||
| uses: actions/upload-artifact@v7.0.1 | ||
| with: | ||
| name: meshagent-binaries-arm | ||
| path: ${{ github.workspace }}/meshagent_* |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,27 @@ | ||
| name: Windows Build | ||
|
|
||
| run-name: Build Windows versions of MeshAgent | ||
|
|
||
| on: | ||
| push: | ||
| pull_request: | ||
|
|
||
| jobs: | ||
| windows-build: | ||
| runs-on: ${{ matrix.platform == 'ARM64' && 'windows-11-arm' || 'windows-2022' }} | ||
| strategy: | ||
| fail-fast: false | ||
| matrix: | ||
| platform: [x64, x86, ARM64] | ||
| steps: | ||
| - uses: actions/checkout@v7 | ||
| - name: Setup Visual Studio | ||
| uses: microsoft/setup-msbuild@v3 | ||
| - name: Build ${{ matrix.platform }} | ||
| run: msbuild MeshAgent-2022.sln /p:Configuration=Release /p:Platform=${{ matrix.platform }} | ||
| - name: Upload ${{ matrix.platform }} artifacts | ||
| uses: actions/upload-artifact@v7 | ||
| with: | ||
| name: meshagent-windows-${{ matrix.platform }} | ||
| path: Release/*.exe | ||
|
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,48 @@ | ||
| <?xml version="1.0" encoding="UTF-8"?> | ||
| <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> | ||
| <plist version="1.0"> | ||
| <dict> | ||
| <key>Label</key> | ||
| <string>com.meshagent.kvm</string> | ||
|
|
||
| <!-- | ||
| Launchd loads this LaunchAgent into gui/<console-uid> (and | ||
| LoginWindow), so the kvm process runs natively in the user's | ||
| GUI audit session. com.apple.replayd is reachable from this | ||
| session, which is what makes ScreenCaptureKit / ReplayKit | ||
| screen-capture work on macOS Tahoe without the | ||
| audit_session_join workaround the daemon-spawn path needs. | ||
| --> | ||
| <key>LimitLoadToSessionType</key> | ||
| <array> | ||
| <string>Aqua</string> | ||
| <string>LoginWindow</string> | ||
| </array> | ||
|
|
||
| <key>ProgramArguments</key> | ||
| <array> | ||
| <string>/usr/local/mesh_services/meshagent/meshagent/meshagent</string> | ||
| <string>-kvmagent</string> | ||
| </array> | ||
|
|
||
| <!-- | ||
| Always restart unless we exited cleanly. ThrottleInterval keeps | ||
| us from hammering on a persistent failure (e.g., replayd genuinely | ||
| unreachable). | ||
| --> | ||
| <key>RunAtLoad</key> | ||
| <true/> | ||
| <key>KeepAlive</key> | ||
| <dict> | ||
| <key>SuccessfulExit</key> | ||
| <false/> | ||
| </dict> | ||
| <key>ThrottleInterval</key> | ||
| <integer>30</integer> | ||
|
|
||
| <key>StandardOutPath</key> | ||
| <string>/tmp/meshagent-kvm.stdout.log</string> | ||
| <key>StandardErrorPath</key> | ||
| <string>/tmp/meshagent-kvm.stderr.log</string> | ||
| </dict> | ||
| </plist> |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🧩 Analysis chain
🏁 Script executed:
Repository: flamingo-stack/meshagent
Length of output: 213
🏁 Script executed:
Repository: flamingo-stack/meshagent
Length of output: 3846
🌐 Web query:
GitHub documentation github/codeql-action init analyze v2 deprecation v3 supported runners pin to SHA💡 Result:
As of June 2, 2026, the GitHub CodeQL Action is currently in its v4 release cycle, which is the recommended version for all users [1]. Deprecation Status of Older Versions: - CodeQL Action v2: This version was officially retired and deprecated in early 2025 following the deprecation of GitHub Enterprise Server (GHES) 3.11 [2]. - CodeQL Action v3: This version is scheduled for official deprecation in December 2026, coinciding with the deprecation of GHES 3.19 [3][4]. Users are advised to migrate to v4 before this date to ensure continued access to new features and security updates [3][4]. Migration to v4: To upgrade your workflows, replace all references to
v3withv4in your workflow files (e.g.,init@v3toinit@v4,analyze@v3toanalyze@v4) [4]. Note that on older GHES versions, you may need to ensure your administrator has enabled GitHub Connect to download the necessary action versions [4]. Best Practices for Pinning: While using version tags likev4is common for flexibility, it is not cryptographically immutable, as tags can be moved or deleted [5][6]. For maximum security, GitHub and security experts strongly recommend pinning GitHub Actions to a full-length commit SHA [5][7]. This prevents unauthorized code changes from being automatically pulled into your pipeline if an action repository is compromised [8][6]. Recommended Pinning Strategy: To maintain both security and maintainability, use the following pattern in your workflow files [6]: - uses: github/codeql-action/init@ # v4 By including the tag version in a comment, you maintain readability and compatibility with automated update tools like Dependabot, while the SHA ensures immutability [6]. You can audit your current workflow files for unpinned actions using grep or specialized security tooling [6].Citations:
Pin CodeQL GitHub Actions to commit SHAs (v2 is deprecated).
The workflow uses
github/codeql-action/init@v2(line 29) andgithub/codeql-action/analyze@v2(line 52); CodeQL action v2 is deprecated/retired, so the scan may fail or stop receiving fixes. Also,actions/checkout@v4(line 16) is tag-based and not pinned—pin theseuses:entries to full commit SHAs for immutability.Also applies to: 29-29, 52-52
🧰 Tools
🪛 zizmor (1.25.2)
[error] 16-16: unpinned action reference (unpinned-uses): action is not pinned to a hash (required by blanket policy)
(unpinned-uses)
🤖 Prompt for AI Agents