cleanup usages of kleverr

README.md

@@ -417,20 +417,24 @@ by adding account management and it is one of the easiest way to start.
  - [x] proxy proto support
  - [x] update nix modules with new config options
 
+### v0.6.0
+ - [x] nixos testing
+ - [x] error wrapping
+ - [ ] client stateless reset key (XDG cache/data dir by default, remove /tmp)
+ - [ ] token passed from cmd should override tokenfile from config
+ - [ ] client versioning support
+ - [ ] untrusted relay encryption
+
 ## Future
 
- - [ ] error wrapping
- - [ ] zip and name windows executable .exe
  - [ ] UDP support
+ - [ ] zip and name windows executable .exe
+ - [ ] notarize mac app
  - [ ] Gen config
  - [ ] http source
- - [ ] client stateless reset key
  - [ ] systemd dynamic user in nixos
- - [ ] client versioning support
  - [ ] UPnP and other methods for hole-punching
  - [ ] Docs section for building the project
  - [ ] Docs section for embedding into golang programs
  - [ ] mininet testing
- - [ ] nixos testing
- - [ ] notarize mac app
  - [ ] websocket tcp converter

certc/cert.go

@@ -11,12 +11,11 @@ import (
 	"crypto/x509"
 	"crypto/x509/pkix"
 	"encoding/pem"
+	"fmt"
 	"io"
 	"math/big"
 	"net"
 	"time"
-
-	"github.com/klev-dev/kleverr"
 )
 
 var SharedSubject = pkix.Name{
@@ -206,17 +205,22 @@ func (c *Cert) Encode(certOut io.Writer, keyOut io.Writer) error {
 		Type:  "CERTIFICATE",
 		Bytes: c.der,
 	}); err != nil {
-		return kleverr.Ret(err)
+		return fmt.Errorf("cert encode: %w", err)
 	}
 
 	keyData, err := x509.MarshalPKCS8PrivateKey(c.pk)
 	if err != nil {
-		return kleverr.Ret(err)
+		return fmt.Errorf("key marshal: %w", err)
 	}
-	return pem.Encode(keyOut, &pem.Block{
+
+	if err := pem.Encode(keyOut, &pem.Block{
 		Type:  "PRIVATE KEY",
 		Bytes: keyData,
-	})
+	}); err != nil {
+		return fmt.Errorf("key encode: %w", err)
+	}
+
+	return nil
 }
 
 func (c *Cert) EncodeToMemory() ([]byte, []byte, error) {
@@ -227,7 +231,7 @@ func (c *Cert) EncodeToMemory() ([]byte, []byte, error) {
 
 	keyData, err := x509.MarshalPKCS8PrivateKey(c.pk)
 	if err != nil {
-		return nil, nil, kleverr.Ret(err)
+		return nil, nil, fmt.Errorf("mem key marshal: %w", err)
 	}
 	keyPEM := pem.EncodeToMemory(&pem.Block{
 		Type:  "PRIVATE KEY",
@@ -239,23 +243,23 @@ func (c *Cert) EncodeToMemory() ([]byte, []byte, error) {
 func DecodeFromMemory(cert, key []byte) (*Cert, error) {
 	certDER, _ := pem.Decode(cert)
 	if certDER == nil {
-		return nil, kleverr.New("could not find cert pem block")
+		return nil, fmt.Errorf("cert: no pem block")
 	}
 	if certDER.Type != "CERTIFICATE" {
-		return nil, kleverr.Newf("pem is not certificate: %s", certDER.Type)
+		return nil, fmt.Errorf("cert type: %s", certDER.Type)
 	}
 
 	keyDER, _ := pem.Decode(key)
 	if keyDER == nil {
-		return nil, kleverr.New("could not find key pem block")
+		return nil, fmt.Errorf("cert key: no pem block")
 	}
 	if keyDER.Type != "PRIVATE KEY" {
-		return nil, kleverr.Newf("pem is not private key: %s", keyDER.Type)
+		return nil, fmt.Errorf("cert key type: %s", keyDER.Type)
 	}
 
 	keyValue, err := x509.ParsePKCS8PrivateKey(keyDER.Bytes)
 	if err != nil {
-		return nil, kleverr.Newf("cannot parse pk: %w", err)
+		return nil, fmt.Errorf("cert parse key: %w", err)
 	}
 
 	return &Cert{der: certDER.Bytes, pk: keyValue}, nil

certc/cert_test.go

@@ -5,11 +5,11 @@ import (
 	"context"
 	"crypto/tls"
 	"crypto/x509"
+	"fmt"
 	"io"
 	"net"
 	"testing"
 
-	"github.com/klev-dev/kleverr"
 	"github.com/quic-go/quic-go"
 	"github.com/stretchr/testify/require"
 	"golang.org/x/sync/errgroup"
@@ -228,29 +228,29 @@ func testConnectivityTLS(t *testing.T, serverConf *tls.Config, clientConf *tls.C
 	g.Go(func() error {
 		c, err := l.Accept(ctx)
 		if err != nil {
-			return kleverr.Ret(err)
+			return fmt.Errorf("server accept conn: %w", err)
 		}
 
 		peerCerts := c.ConnectionState().TLS.PeerCertificates
 		if len(peerCerts) != 1 {
-			return kleverr.Newf("expected 1 client certificate, but found: %d", len(peerCerts))
+			return fmt.Errorf("expected 1 client certificate, but found: %d", len(peerCerts))
 		}
 		if !bytes.Equal(peerCerts[0].Raw, clientConf.Certificates[0].Leaf.Raw) {
-			return kleverr.Newf("expected matching certs")
+			return fmt.Errorf("expected matching certs")
 		}
 
 		s, err := c.AcceptStream(ctx)
 		if err != nil {
-			return kleverr.Ret(err)
+			return fmt.Errorf("server accept stream: %w", err)
 		}
 		defer s.Close()
 
 		buf := make([]byte, 1)
 		if _, err := io.ReadFull(s, buf); err != nil {
-			return kleverr.Ret(err)
+			return fmt.Errorf("server read: %w", err)
 		}
 		if _, err := s.Write(buf); err != nil {
-			return kleverr.Ret(err)
+			return fmt.Errorf("server write: %w", err)
 		}
 		return nil
 	})
@@ -262,18 +262,18 @@ func testConnectivityTLS(t *testing.T, serverConf *tls.Config, clientConf *tls.C
 	g.Go(func() error {
 		s, err := c.OpenStreamSync(context.Background())
 		if err != nil {
-			return kleverr.Ret(err)
+			return fmt.Errorf("client stream: %w", err)
 		}
 		defer s.Close()
 
 		buf := make([]byte, 1)
 		buf[0] = 33
 		if _, err := s.Write(buf); err != nil {
-			return kleverr.Ret(err)
+			return fmt.Errorf("client write: %w", err)
 		}
 		buf[0] = 0
 		if _, err := io.ReadFull(s, buf); err != nil {
-			return kleverr.Ret(err)
+			return fmt.Errorf("client read: %w", err)
 		}
 		return nil
 	})

client.go

@@ -22,7 +22,6 @@ import (
 	"github.com/connet-dev/connet/pbs"
 	"github.com/connet-dev/connet/quicc"
 	"github.com/connet-dev/connet/statusc"
-	"github.com/klev-dev/kleverr"
 	"github.com/quic-go/quic-go"
 	"golang.org/x/sync/errgroup"
 )
@@ -43,29 +42,30 @@ func NewClient(opts ...ClientOption) (*Client, error) {
 	}
 	for _, opt := range opts {
 		if err := opt(cfg); err != nil {
-			return nil, kleverr.Ret(err)
+			return nil, err
 		}
 	}
 
 	if cfg.controlAddr == nil {
 		if err := ClientControlAddress("127.0.0.1:19190")(cfg); err != nil {
-			return nil, kleverr.Ret(err)
+			return nil, fmt.Errorf("default control address: %w", err)
 		}
 	}
 
 	if cfg.directAddr == nil {
 		if err := ClientDirectAddress(":19192")(cfg); err != nil {
-			return nil, kleverr.Ret(err)
+			return nil, fmt.Errorf("default direct address: %w", err)
 		}
 	}
 
 	if len(cfg.destinations) == 0 && len(cfg.sources) == 0 {
-		return nil, kleverr.New("missing at least on destination or source")
+		// TODO fix this
+		return nil, fmt.Errorf("missing destination or source")
 	}
 
 	rootCert, err := certc.NewRoot()
 	if err != nil {
-		return nil, kleverr.Ret(err)
+		return nil, fmt.Errorf("create root cert: %w", err)
 	}
 	cfg.logger.Debug("generated root cert")
 
@@ -83,7 +83,7 @@ func (c *Client) Run(ctx context.Context) error {
 	c.logger.Debug("start udp listener")
 	udpConn, err := net.ListenUDP("udp", c.directAddr)
 	if err != nil {
-		return kleverr.Ret(err)
+		return fmt.Errorf("listen direct address: %w", err)
 	}
 	defer udpConn.Close()
 
@@ -93,22 +93,22 @@ func (c *Client) Run(ctx context.Context) error {
 
 	ds, err := client.NewDirectServer(transport, c.logger)
 	if err != nil {
-		return kleverr.Ret(err)
+		return fmt.Errorf("create direct server: %w", err)
 	}
 
 	c.dsts = map[model.Forward]*client.Destination{}
 	for fwd, cfg := range c.destinations {
 		c.dsts[fwd], err = client.NewDestination(cfg, ds, c.rootCert, c.logger)
 		if err != nil {
-			return kleverr.Ret(err)
+			return fmt.Errorf("create destination %s: %w", fwd, err)
 		}
 	}
 
 	c.srcs = map[model.Forward]*client.Source{}
 	for fwd, cfg := range c.sources {
 		c.srcs[fwd], err = client.NewSource(cfg, ds, c.rootCert, c.logger)
 		if err != nil {
-			return kleverr.Ret(err)
+			return fmt.Errorf("client source %s: %w", fwd, err)
 		}
 	}
 
@@ -155,8 +155,6 @@ func (c *Client) run(ctx context.Context, transport *quic.Transport) error {
 	}
 }
 
-var retConnect = kleverr.Ret2[quic.Connection, []byte]
-
 func (c *Client) connect(ctx context.Context, transport *quic.Transport, retoken []byte) (quic.Connection, []byte, error) {
 	c.logger.Debug("dialing target", "addr", c.controlAddr)
 	// TODO dial timeout if server is not accessible?
@@ -166,35 +164,35 @@ func (c *Client) connect(ctx context.Context, transport *quic.Transport, retoken
 		NextProtos: []string{"connet"},
 	}, quicc.StdConfig)
 	if err != nil {
-		return retConnect(err)
+		return nil, nil, fmt.Errorf("dial server: %w", err)
 	}
 
 	c.logger.Debug("authenticating", "addr", c.controlAddr)
 
 	authStream, err := conn.OpenStreamSync(ctx)
 	if err != nil {
-		return retConnect(err)
+		return nil, nil, fmt.Errorf("open authentication stream: %w", err)
 	}
 	defer authStream.Close()
 
 	if err := pb.Write(authStream, &pbs.Authenticate{
 		Token:          c.token,
 		ReconnectToken: retoken,
 	}); err != nil {
-		return retConnect(err)
+		return nil, nil, fmt.Errorf("write authentication: %w", err)
 	}
 
 	resp := &pbs.AuthenticateResp{}
 	if err := pb.Read(authStream, resp); err != nil {
-		return retConnect(err)
+		return nil, nil, fmt.Errorf("authentication read failed: %w", err)
 	}
 	if resp.Error != nil {
-		return retConnect(resp.Error)
+		return nil, nil, fmt.Errorf("authentication failed: %w", resp.Error)
 	}
 
 	localAddrs, err := netc.LocalAddrs()
 	if err != nil {
-		return retConnect(err)
+		return nil, nil, fmt.Errorf("local addrs: %w", err)
 	}
 	localAddrPorts := make([]netip.AddrPort, len(localAddrs))
 	for i, addr := range localAddrs {
@@ -348,12 +346,12 @@ func ClientControlCAs(certFile string) ClientOption {
 	return func(cfg *clientConfig) error {
 		casData, err := os.ReadFile(certFile)
 		if err != nil {
-			return kleverr.Newf("cannot read certs file: %w", err)
+			return fmt.Errorf("read server CAs: %w", err)
 		}
 
 		cas := x509.NewCertPool()
 		if !cas.AppendCertsFromPEM(casData) {
-			return kleverr.Newf("no certificates found in %s", certFile)
+			return fmt.Errorf("missing server CA certificate in %s", certFile)
 		}
 
 		cfg.controlCAs = cas
@@ -374,7 +372,7 @@ func ClientDirectAddress(address string) ClientOption {
 	return func(cfg *clientConfig) error {
 		addr, err := net.ResolveUDPAddr("udp", address)
 		if err != nil {
-			return kleverr.Newf("direct address cannot be resolved: %w", err)
+			return fmt.Errorf("resolve direct address: %w", err)
 		}
 
 		cfg.directAddr = addr
@@ -387,7 +385,7 @@ func ClientStatusAddress(address string) ClientOption {
 	return func(cfg *clientConfig) error {
 		addr, err := net.ResolveTCPAddr("tcp", address)
 		if err != nil {
-			return kleverr.Newf("status address cannot be resolved: %w", err)
+			return fmt.Errorf("resolve status address: %w", err)
 		}
 
 		cfg.statusAddr = addr

client/destination.go

@@ -2,6 +2,7 @@ package client
 
 import (
 	"context"
+	"fmt"
 	"log/slog"
 	"net"
 	"net/netip"
@@ -11,7 +12,6 @@ import (
 	"github.com/connet-dev/connet/netc"
 	"github.com/connet-dev/connet/pb"
 	"github.com/connet-dev/connet/pbc"
-	"github.com/klev-dev/kleverr"
 	"github.com/quic-go/quic-go"
 	"golang.org/x/sync/errgroup"
 )
@@ -172,7 +172,7 @@ func (d *Destination) runDestinationErr(ctx context.Context, stream quic.Stream)
 	default:
 		err := pb.NewError(pb.Error_RequestUnknown, "unknown request: %v", req)
 		if err := pb.Write(stream, &pbc.Response{Error: err}); err != nil {
-			return kleverr.Newf("cannot write error response: %w", err)
+			return fmt.Errorf("destination write err response: %w", err)
 		}
 		return err
 	}
@@ -185,7 +185,7 @@ func (d *Destination) runConnect(ctx context.Context, stream quic.Stream) error
 	if err != nil {
 		err := pb.NewError(pb.Error_DestinationDialFailed, "%s could not be dialed: %v", d.cfg.Forward, err)
 		if err := pb.Write(stream, &pbc.Response{Error: err}); err != nil {
-			return kleverr.Newf("could not write error response: %w", err)
+			return fmt.Errorf("connect write err response: %w", err)
 		}
 		return err
 	}
@@ -196,7 +196,7 @@ func (d *Destination) runConnect(ctx context.Context, stream quic.Stream) error
 			ProxyProto: d.cfg.Proxy.PB(),
 		},
 	}); err != nil {
-		return kleverr.Newf("could not write response: %w", err)
+		return fmt.Errorf("connect write response: %w", err)
 	}
 
 	d.logger.Debug("joining conns")