Release v0.1.1

Security:
- Enable Content Security Policy (CSP)
- Disable devtools in production builds

Features:
- Auto-refresh disk list on volume mount/unmount
- CLI path discovery (PATH, env var, common locations)
- Config validation for RAM, vCPUs, log level
- Watcher thread shutdown mechanism

Improvements:
- Increase mount timeout from 2.5s to 10s
- Reduce tokio features for smaller binary
- Cross-platform build script (Node.js)

Fixes:
- Compiler warnings (unused imports/variables)
- Unused CSS selectors in MountStatus
- Disk list race condition on eject

Author: fenio

CHANGELOG.md

@@ -0,0 +1,37 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+## [0.1.1] - 2025-01-27
+
+### Security
+- Enabled Content Security Policy (CSP) to protect against script injection
+- Disabled devtools in production builds
+
+### Added
+- Auto-refresh disk list when volumes are mounted/unmounted
+- CLI path discovery (searches PATH, ANYLINUXFS_PATH env var, common locations)
+- Config validation for RAM, vCPUs, and log level settings
+- Watcher thread shutdown mechanism to prevent thread accumulation
+
+### Changed
+- Increased mount verification timeout from 2.5s to 10s
+- Reduced tokio dependency features (smaller binary)
+- Build script now cross-platform (Node.js instead of macOS-specific sed)
+
+### Fixed
+- Compiler warnings (unused imports and variables)
+- Unused CSS selectors in MountStatus component
+- Disk list race condition on eject (1.5s settle time)
+
+## [0.1.0] - 2025-01-24
+
+### Added
+- Initial release
+- Mount/unmount Linux filesystems (ext4, btrfs, XFS, etc.) on macOS
+- Support for encrypted drives (LUKS/BitLocker)
+- Real-time mount status monitoring
+- Log viewer with file watching
+- VM configuration (RAM, vCPUs, log level)
+- Admin mode for enhanced disk detection
+- Force cleanup for orphaned VM instances

package-lock.json

@@ -1,12 +1,12 @@
 {
   "name": "anylinuxfs-gui",
-  "version": "0.1.0",
+  "version": "0.1.1",
   "private": true,
   "type": "module",
   "scripts": {
     "dev": "vite dev",
     "build": "vite build && npm run fix-paths",
-    "fix-paths": "for f in build/*.html; do sed -i '' 's|href=\"/|href=\"./|g; s|src=\"/|src=\"./|g; s|import(\"/|import(\"./|g' \"$f\"; done",
+    "fix-paths": "node scripts/fix-paths.js",
     "preview": "vite preview",
     "tauri": "tauri",
     "tauri:dev": "tauri dev",

package.json

@@ -0,0 +1,23 @@
+#!/usr/bin/env node
+// Cross-platform script to fix absolute paths in HTML files for Tauri
+import { readFileSync, writeFileSync, readdirSync } from 'fs';
+import { join } from 'path';
+
+const buildDir = 'build';
+
+// Find all HTML files in build directory
+const htmlFiles = readdirSync(buildDir).filter(f => f.endsWith('.html'));
+
+for (const file of htmlFiles) {
+    const filePath = join(buildDir, file);
+    let content = readFileSync(filePath, 'utf-8');
+
+    // Replace absolute paths with relative paths
+    content = content
+        .replace(/href="\//g, 'href="./')
+        .replace(/src="\//g, 'src="./')
+        .replace(/import\("\//g, 'import("./');
+
+    writeFileSync(filePath, content);
+    console.log(`Fixed paths in ${file}`);
+}

scripts/fix-paths.js

@@ -1,6 +1,6 @@
 [package]
 name = "anylinuxfs-gui"
-version = "0.0.1"
+version = "0.1.1"
 edition = "2021"
 
 [lib]
@@ -15,7 +15,7 @@ tauri = { version = "2", features = [] }
 tauri-plugin-shell = "2"
 serde = { version = "1", features = ["derive"] }
 serde_json = "1"
-tokio = { version = "1", features = ["full"] }
+tokio = { version = "1", features = ["rt", "rt-multi-thread"] }
 notify = "6"
 toml = "0.8"
 dirs = "5"

src-tauri/Cargo.lock

@@ -1,20 +1,68 @@
 use std::process::{Command, Stdio};
-use std::io::{Write, Read};
+use std::io::Read;
 use std::fs;
 use std::os::unix::fs::PermissionsExt;
-use std::path::Path;
+use std::path::{Path, PathBuf};
 use std::time::{Duration, Instant};
+use std::sync::OnceLock;
+
+/// Common locations to search for anylinuxfs
+const SEARCH_PATHS: &[&str] = &[
+    "/opt/homebrew/bin/anylinuxfs",
+    "/usr/local/bin/anylinuxfs",
+    "/usr/bin/anylinuxfs",
+];
+
+/// Cached path to anylinuxfs binary
+static ANYLINUXFS_PATH: OnceLock<Option<PathBuf>> = OnceLock::new();
+
+/// Find anylinuxfs in PATH or common locations
+fn find_anylinuxfs() -> Option<PathBuf> {
+    // First check ANYLINUXFS_PATH environment variable
+    if let Ok(env_path) = std::env::var("ANYLINUXFS_PATH") {
+        let path = PathBuf::from(&env_path);
+        if path.exists() {
+            return Some(path);
+        }
+    }
 
-const ANYLINUXFS_PATH: &str = "/opt/homebrew/bin/anylinuxfs";
+    // Search in PATH using `which`
+    if let Ok(output) = Command::new("which").arg("anylinuxfs").output() {
+        if output.status.success() {
+            let path_str = String::from_utf8_lossy(&output.stdout).trim().to_string();
+            if !path_str.is_empty() {
+                let path = PathBuf::from(&path_str);
+                if path.exists() {
+                    return Some(path);
+                }
+            }
+        }
+    }
+
+    // Fall back to common locations
+    for search_path in SEARCH_PATHS {
+        let path = Path::new(search_path);
+        if path.exists() {
+            return Some(path.to_path_buf());
+        }
+    }
+
+    None
+}
+
+/// Get the cached path to anylinuxfs, finding it if needed
+fn get_anylinuxfs_path() -> Option<&'static PathBuf> {
+    ANYLINUXFS_PATH.get_or_init(find_anylinuxfs).as_ref()
+}
 
 /// Check if the anylinuxfs CLI is available
 pub fn is_available() -> bool {
-    Path::new(ANYLINUXFS_PATH).exists()
+    get_anylinuxfs_path().is_some()
 }
 
 /// Get the path to the anylinuxfs CLI
-pub fn get_path() -> &'static str {
-    ANYLINUXFS_PATH
+pub fn get_path() -> Option<&'static Path> {
+    get_anylinuxfs_path().map(|p| p.as_path())
 }
 
 /// Execute an anylinuxfs command with optional sudo elevation
@@ -27,7 +75,10 @@ pub fn execute_command(args: &[&str], needs_sudo: bool, passphrase: Option<&str>
 }
 
 fn execute_direct(args: &[&str], passphrase: Option<&str>) -> Result<String, String> {
-    let mut cmd = Command::new(ANYLINUXFS_PATH);
+    let cli_path = get_anylinuxfs_path()
+        .ok_or_else(|| "anylinuxfs CLI not found in PATH or standard locations".to_string())?;
+
+    let mut cmd = Command::new(cli_path);
     cmd.args(args);
     cmd.stdin(Stdio::null());
 
@@ -47,12 +98,16 @@ fn execute_direct(args: &[&str], passphrase: Option<&str>) -> Result<String, Str
 }
 
 fn execute_with_sudo(args: &[&str], passphrase: Option<&str>) -> Result<String, String> {
+    let cli_path = get_anylinuxfs_path()
+        .ok_or_else(|| "anylinuxfs CLI not found in PATH or standard locations".to_string())?;
+
     // Create a temporary askpass script that uses osascript
     // This way the password never passes through our code
     let askpass_script = create_askpass_script()?;
 
     // Build the command arguments for sudo with SUDO_ASKPASS
-    let mut sudo_args = vec!["-A", "--", ANYLINUXFS_PATH];
+    let cli_path_str = cli_path.to_string_lossy();
+    let mut sudo_args: Vec<&str> = vec!["-A", "--", &cli_path_str];
     sudo_args.extend(args.iter().copied());
 
     let mut cmd = Command::new("sudo");

src-tauri/Cargo.toml

@@ -79,8 +79,32 @@ pub fn get_config() -> Result<AppConfig, String> {
     })
 }
 
+// Valid configuration values (must match frontend options)
+const VALID_RAM_OPTIONS: &[u32] = &[512, 1024, 2048, 4096, 8192, 16384];
+const VALID_VCPU_OPTIONS: &[u32] = &[1, 2, 4, 8, 16];
+const VALID_LOG_LEVELS: &[&str] = &["off", "error", "warn", "info", "debug", "trace"];
+
 #[tauri::command]
 pub async fn update_config(ram_mb: Option<u32>, vcpus: Option<u32>, log_level: Option<String>) -> Result<(), String> {
+    // Validate inputs before running commands
+    if let Some(ram) = ram_mb {
+        if !VALID_RAM_OPTIONS.contains(&ram) {
+            return Err(format!("Invalid RAM value: {}MB. Valid options: {:?}", ram, VALID_RAM_OPTIONS));
+        }
+    }
+
+    if let Some(cpus) = vcpus {
+        if !VALID_VCPU_OPTIONS.contains(&cpus) {
+            return Err(format!("Invalid vCPU value: {}. Valid options: {:?}", cpus, VALID_VCPU_OPTIONS));
+        }
+    }
+
+    if let Some(ref level) = log_level {
+        if !VALID_LOG_LEVELS.contains(&level.as_str()) {
+            return Err(format!("Invalid log level: '{}'. Valid options: {:?}", level, VALID_LOG_LEVELS));
+        }
+    }
+
     // Run in blocking task to avoid freezing UI
     tokio::task::spawn_blocking(move || {
         // Use the CLI to update config values

src-tauri/src/cli.rs

@@ -324,7 +324,7 @@ fn parse_disk_list_output(output: &str) -> Result<DiskListResult, String> {
     })
 }
 
-fn parse_partition_line(line: &str, disk_device: &str, partition_num: u32) -> Option<Partition> {
+fn parse_partition_line(line: &str, _disk_device: &str, _partition_num: u32) -> Option<Partition> {
     // Format: "Microsoft Basic Data NO NAME                 47.2 GB    disk6s1"
     // Or:     "ext4 linuxrootfs             7.5 GB     disk6s5"
     // The identifier is always at the end, size is before it
@@ -415,7 +415,8 @@ pub async fn mount_disk(device: String, passphrase: Option<String>) -> Result<St
         let result = execute_command(&["mount", &device], true, pass_ref);
 
         // Give a moment for mount to complete, then verify with retries
-        for _ in 0..5 {
+        // 20 retries × 500ms = 10 seconds total timeout
+        for _ in 0..20 {
             thread::sleep(Duration::from_millis(500));
             if check_nfs_mount_exists() {
                 return Ok(result.unwrap_or_else(|_| "Mounted successfully".to_string()));