fix(cfg): make sure we use correct relays

.github/workflows/release.yml

@@ -40,7 +40,6 @@ env:
   SCCACHE_CACHE_SIZE: "50G"
   BIN_NAMES: "iroh,iroh-relay,iroh-dns-server"
   RELEASE_VERSION: ${{ github.event.inputs.release_version }}
-  IROH_FORCE_STAGING_RELAYS: "1"
 
 jobs:
     create-release:

iroh-net/src/discovery/dns.rs

@@ -14,10 +14,14 @@ pub const N0_DNS_NODE_ORIGIN_PROD: &str = "dns.iroh.link";
 /// The n0 testing DNS node origin, for testing.
 pub const N0_DNS_NODE_ORIGIN_STAGING: &str = "staging-dns.iroh.link";
 /// Testing DNS node origin, must run server from [`crate::test_utils::DnsPkarrServer`].
-#[cfg(any(test, feature = "test-utils"))]
+#[cfg(all(test, feature = "test-utils"))]
 #[cfg_attr(iroh_docsrs, doc(cfg(any(test, feature = "test-utils"))))]
 pub const TEST_DNS_NODE_ORIGIN: &str = "dns.iroh.test";
 
+/// Environment variable to force the use of staging relays.
+#[cfg_attr(iroh_docsrs, doc(cfg(not(any(test, feature = "test-utils")))))]
+const ENV_FORCE_STAGING_RELAYS: &str = "IROH_FORCE_STAGING_RELAYS";
+
 const DNS_STAGGERING_MS: &[u64] = &[200, 300];
 
 /// DNS node discovery
@@ -69,14 +73,18 @@ impl DnsDiscovery {
     /// with [`DnsDiscovery::new`].  This would then use a hosted discovery service again,
     /// but for testing purposes.
     pub fn n0_dns() -> Self {
-        #[cfg(not(any(test, feature = "test-utils")))]
-        {
-            Self::new(N0_DNS_NODE_ORIGIN_PROD.to_string())
-        }
-        #[cfg(any(test, feature = "test-utils"))]
-        {
-            Self::new(TEST_DNS_NODE_ORIGIN.to_string())
+        let force_staging_relays = match std::env::var(ENV_FORCE_STAGING_RELAYS) {
+            Ok(value) => value == "1",
+            Err(_) => false,
+        };
+        #[cfg(not(all(test, feature = "test-utils")))]
+        match force_staging_relays {
+            true => Self::new(N0_DNS_NODE_ORIGIN_STAGING.to_string()),
+            false => Self::new(N0_DNS_NODE_ORIGIN_PROD.to_string()),
         }
+
+        #[cfg(all(test, feature = "test-utils"))]
+        Self::new(N0_DNS_NODE_ORIGIN_STAGING.to_string())
     }
 }
 

iroh-net/src/discovery/pkarr.rs

@@ -64,6 +64,10 @@ use crate::{
     AddrInfo, Endpoint, NodeId,
 };
 
+/// Environment variable to force the use of staging relays.
+#[cfg_attr(iroh_docsrs, doc(cfg(not(any(test, feature = "test-utils")))))]
+const ENV_FORCE_STAGING_RELAYS: &str = "IROH_FORCE_STAGING_RELAYS";
+
 #[cfg(feature = "discovery-pkarr-dht")]
 #[cfg_attr(iroh_docsrs, doc(cfg(feature = "discovery-pkarr-dht")))]
 pub mod dht;
@@ -177,15 +181,20 @@ impl PkarrPublisher {
     /// This uses the pkarr relay server operated by [number 0], at
     /// [`N0_DNS_PKARR_RELAY_PROD`].
     ///
-    /// When compiling for tests, i.e. when `cfg(test)` is true, or when the `test-utils`
-    /// crate feature is enabled the [`N0_DNS_PKARR_RELAY_STAGING`] server is used instead.
+    /// When running with the environment variable
+    /// `IROH_FORCE_STAGING_RELAYS` set to `1` the [`N0_DNS_PKARR_RELAY_STAGING`]
+    /// server is used instead.
     ///
     /// [number 0]: https://n0.computer
     pub fn n0_dns(secret_key: SecretKey) -> Self {
-        #[cfg(not(any(test, feature = "test-utils")))]
-        let pkarr_relay = N0_DNS_PKARR_RELAY_PROD;
-        #[cfg(any(test, feature = "test-utils"))]
-        let pkarr_relay = N0_DNS_PKARR_RELAY_STAGING;
+        let force_staging_relay = match std::env::var(ENV_FORCE_STAGING_RELAYS) {
+            Ok(value) => value == "1",
+            Err(_) => false,
+        };
+        let pkarr_relay = match force_staging_relay {
+            true => N0_DNS_PKARR_RELAY_STAGING,
+            false => N0_DNS_PKARR_RELAY_PROD,
+        };
 
         let pkarr_relay: Url = pkarr_relay.parse().expect("url is valid");
         Self::new(secret_key, pkarr_relay)
@@ -321,9 +330,9 @@ impl PkarrResolver {
     ///
     /// [number 0]: https://n0.computer
     pub fn n0_dns() -> Self {
-        #[cfg(not(any(test, feature = "test-utils")))]
+        #[cfg(not(all(test, feature = "test-utils")))]
         let pkarr_relay = N0_DNS_PKARR_RELAY_PROD;
-        #[cfg(any(test, feature = "test-utils"))]
+        #[cfg(all(test, feature = "test-utils"))]
         let pkarr_relay = N0_DNS_PKARR_RELAY_STAGING;
 
         let pkarr_relay: Url = pkarr_relay.parse().expect("url is valid");

iroh-net/src/endpoint.rs

@@ -58,7 +58,6 @@ pub use iroh_base::node_addr::{AddrInfo, NodeAddr};
 const DISCOVERY_WAIT_PERIOD: Duration = Duration::from_millis(500);
 
 /// Environment variable to force the use of staging relays.
-#[cfg(not(any(test, feature = "test-utils")))]
 #[cfg_attr(iroh_docsrs, doc(cfg(not(any(test, feature = "test-utils")))))]
 const ENV_FORCE_STAGING_RELAYS: &str = "IROH_FORCE_STAGING_RELAYS";
 
@@ -80,7 +79,7 @@ pub struct Builder {
     /// List of known nodes. See [`Builder::known_nodes`].
     node_map: Option<Vec<NodeAddr>>,
     dns_resolver: Option<DnsResolver>,
-    #[cfg(any(test, feature = "test-utils"))]
+    #[cfg(all(test, feature = "test-utils"))]
     #[cfg_attr(iroh_docsrs, doc(cfg(any(test, feature = "test-utils"))))]
     insecure_skip_relay_cert_verify: bool,
     addr_v4: Option<SocketAddrV4>,
@@ -99,7 +98,7 @@ impl Default for Builder {
             proxy_url: None,
             node_map: None,
             dns_resolver: None,
-            #[cfg(any(test, feature = "test-utils"))]
+            #[cfg(all(test, feature = "test-utils"))]
             insecure_skip_relay_cert_verify: false,
             addr_v4: None,
             addr_v6: None,
@@ -135,7 +134,7 @@ impl Builder {
             discovery: self.discovery,
             proxy_url: self.proxy_url,
             dns_resolver,
-            #[cfg(any(test, feature = "test-utils"))]
+            #[cfg(all(test, feature = "test-utils"))]
             insecure_skip_relay_cert_verify: self.insecure_skip_relay_cert_verify,
         };
         Endpoint::bind(static_config, msock_opts, self.alpn_protocols).await
@@ -289,7 +288,7 @@ impl Builder {
     /// Skip verification of SSL certificates from relay servers
     ///
     /// May only be used in tests.
-    #[cfg(any(test, feature = "test-utils"))]
+    #[cfg(all(test, feature = "test-utils"))]
     #[cfg_attr(iroh_docsrs, doc(cfg(any(test, feature = "test-utils"))))]
     pub fn insecure_skip_relay_cert_verify(mut self, skip_verify: bool) -> Self {
         self.insecure_skip_relay_cert_verify = skip_verify;
@@ -1247,14 +1246,10 @@ fn proxy_url_from_env() -> Option<Url> {
 /// Otherwise, it will return `RelayMode::Default`.
 pub fn default_relay_mode() -> RelayMode {
     // Use staging in testing
-    #[cfg(not(any(test, feature = "test-utils")))]
     let force_staging_relays = match std::env::var(ENV_FORCE_STAGING_RELAYS) {
         Ok(value) => value == "1",
         Err(_) => false,
     };
-    #[cfg(any(test, feature = "test-utils"))]
-    let force_staging_relays = true;
-
     match force_staging_relays {
         true => RelayMode::Staging,
         false => RelayMode::Default,

iroh-net/src/lib.rs

@@ -146,6 +146,6 @@ pub use iroh_base::key;
 
 pub use iroh_base::key::NodeId;
 
-#[cfg(any(test, feature = "test-utils"))]
+#[cfg(all(test, feature = "test-utils"))]
 #[cfg_attr(iroh_docsrs, doc(cfg(any(test, feature = "test-utils"))))]
 pub mod test_utils;

iroh-net/src/magicsock.rs

@@ -128,7 +128,7 @@ pub(crate) struct Options {
     /// Skip verification of SSL certificates from relay servers
     ///
     /// May only be used in tests.
-    #[cfg(any(test, feature = "test-utils"))]
+    #[cfg(all(test, feature = "test-utils"))]
     #[cfg_attr(iroh_docsrs, doc(cfg(any(test, feature = "test-utils"))))]
     pub(crate) insecure_skip_relay_cert_verify: bool,
 }
@@ -144,7 +144,7 @@ impl Default for Options {
             discovery: None,
             proxy_url: None,
             dns_resolver: crate::dns::default_resolver().clone(),
-            #[cfg(any(test, feature = "test-utils"))]
+            #[cfg(all(test, feature = "test-utils"))]
             insecure_skip_relay_cert_verify: false,
         }
     }
@@ -243,7 +243,7 @@ pub(crate) struct MagicSock {
     /// Skip verification of SSL certificates from relay servers
     ///
     /// May only be used in tests.
-    #[cfg(any(test, feature = "test-utils"))]
+    #[cfg(all(test, feature = "test-utils"))]
     #[cfg_attr(iroh_docsrs, doc(cfg(any(test, feature = "test-utils"))))]
     insecure_skip_relay_cert_verify: bool,
 }
@@ -1397,7 +1397,7 @@ impl Handle {
             discovery,
             dns_resolver,
             proxy_url,
-            #[cfg(any(test, feature = "test-utils"))]
+            #[cfg(all(test, feature = "test-utils"))]
             insecure_skip_relay_cert_verify,
         } = opts;
 
@@ -1453,7 +1453,7 @@ impl Handle {
             pending_call_me_maybes: Default::default(),
             direct_addr_update_state: DirectAddrUpdateState::new(),
             dns_resolver,
-            #[cfg(any(test, feature = "test-utils"))]
+            #[cfg(all(test, feature = "test-utils"))]
             insecure_skip_relay_cert_verify,
         });
 

iroh-net/src/magicsock/relay_actor.rs

@@ -487,7 +487,7 @@ impl RelayActor {
             .can_ack_pings(true)
             .is_preferred(my_relay.as_ref() == Some(&url1));
 
-        #[cfg(any(test, feature = "test-utils"))]
+        #[cfg(all(test, feature = "test-utils"))]
         let builder = builder.insecure_skip_cert_verify(self.msock.insecure_skip_relay_cert_verify);
 
         let (dc, dc_receiver) = builder.build(

iroh-net/src/relay/client.rs

@@ -218,7 +218,7 @@ pub struct ClientBuilder {
     /// Relay protocol
     protocol: Protocol,
     /// Allow self-signed certificates from relay servers
-    #[cfg(any(test, feature = "test-utils"))]
+    #[cfg(all(test, feature = "test-utils"))]
     #[cfg_attr(iroh_docsrs, doc(cfg(any(test, feature = "test-utils"))))]
     insecure_skip_cert_verify: bool,
     /// HTTP Proxy
@@ -236,7 +236,7 @@ impl ClientBuilder {
             server_public_key: None,
             url: url.into(),
             protocol: Protocol::Relay,
-            #[cfg(any(test, feature = "test-utils"))]
+            #[cfg(all(test, feature = "test-utils"))]
             insecure_skip_cert_verify: false,
             proxy_url: None,
         }
@@ -291,7 +291,7 @@ impl ClientBuilder {
     /// Skip the verification of the relay server's SSL certificates.
     ///
     /// May only be used in tests.
-    #[cfg(any(test, feature = "test-utils"))]
+    #[cfg(all(test, feature = "test-utils"))]
     #[cfg_attr(iroh_docsrs, doc(cfg(any(test, feature = "test-utils"))))]
     pub fn insecure_skip_cert_verify(mut self, skip: bool) -> Self {
         self.insecure_skip_cert_verify = skip;
@@ -317,7 +317,7 @@ impl ClientBuilder {
         .expect("protocols supported by ring")
         .with_root_certificates(roots)
         .with_no_client_auth();
-        #[cfg(any(test, feature = "test-utils"))]
+        #[cfg(all(test, feature = "test-utils"))]
         if self.insecure_skip_cert_verify {
             warn!("Insecure config: SSL certificates from relay servers will be trusted without verification");
             config
@@ -1050,12 +1050,12 @@ async fn resolve_host(
 }
 
 /// Used to allow self signed certificates in tests
-#[cfg(any(test, feature = "test-utils"))]
+#[cfg(all(test, feature = "test-utils"))]
 #[cfg_attr(iroh_docsrs, doc(cfg(any(test, feature = "test-utils"))))]
 #[derive(Debug)]
 struct NoCertVerifier;
 
-#[cfg(any(test, feature = "test-utils"))]
+#[cfg(all(test, feature = "test-utils"))]
 impl rustls::client::danger::ServerCertVerifier for NoCertVerifier {
     fn verify_server_cert(
         &self,

iroh/src/node/builder.rs

@@ -120,7 +120,7 @@ where
     dns_resolver: Option<DnsResolver>,
     node_discovery: DiscoveryConfig,
     docs_storage: DocsStorage,
-    #[cfg(any(test, feature = "test-utils"))]
+    #[cfg(all(test, feature = "test-utils"))]
     insecure_skip_relay_cert_verify: bool,
     /// Callback to register when a gc loop is done
     #[debug("callback")]
@@ -231,9 +231,9 @@ fn mk_external_rpc() -> IrohServerEndpoint {
 impl Default for Builder<iroh_blobs::store::mem::Store> {
     fn default() -> Self {
         // Use staging in testing
-        #[cfg(not(any(test, feature = "test-utils")))]
+        #[cfg(not(all(test, feature = "test-utils")))]
         let relay_mode = RelayMode::Default;
-        #[cfg(any(test, feature = "test-utils"))]
+        #[cfg(all(test, feature = "test-utils"))]
         let relay_mode = RelayMode::Staging;
 
         Self {
@@ -250,7 +250,7 @@ impl Default for Builder<iroh_blobs::store::mem::Store> {
             gc_policy: GcPolicy::Disabled,
             docs_storage: DocsStorage::Disabled,
             node_discovery: Default::default(),
-            #[cfg(any(test, feature = "test-utils"))]
+            #[cfg(all(test, feature = "test-utils"))]
             insecure_skip_relay_cert_verify: false,
             gc_done_callback: None,
             blob_events: Default::default(),
@@ -267,9 +267,9 @@ impl<D: Map> Builder<D> {
         storage: StorageConfig,
     ) -> Self {
         // Use staging in testing
-        #[cfg(not(any(test, feature = "test-utils")))]
+        #[cfg(not(all(test, feature = "test-utils")))]
         let relay_mode = RelayMode::Default;
-        #[cfg(any(test, feature = "test-utils"))]
+        #[cfg(all(test, feature = "test-utils"))]
         let relay_mode = RelayMode::Staging;
 
         Self {
@@ -286,7 +286,7 @@ impl<D: Map> Builder<D> {
             gc_policy: GcPolicy::Disabled,
             docs_storage,
             node_discovery: Default::default(),
-            #[cfg(any(test, feature = "test-utils"))]
+            #[cfg(all(test, feature = "test-utils"))]
             insecure_skip_relay_cert_verify: false,
             gc_done_callback: None,
             blob_events: Default::default(),
@@ -346,7 +346,7 @@ where
             gc_policy: self.gc_policy,
             docs_storage,
             node_discovery: self.node_discovery,
-            #[cfg(any(test, feature = "test-utils"))]
+            #[cfg(all(test, feature = "test-utils"))]
             insecure_skip_relay_cert_verify: false,
             gc_done_callback: self.gc_done_callback,
             blob_events: self.blob_events,
@@ -508,14 +508,14 @@ where
     /// Skip verification of SSL certificates from relay servers
     ///
     /// May only be used in tests.
-    #[cfg(any(test, feature = "test-utils"))]
+    #[cfg(all(test, feature = "test-utils"))]
     pub fn insecure_skip_relay_cert_verify(mut self, skip_verify: bool) -> Self {
         self.insecure_skip_relay_cert_verify = skip_verify;
         self
     }
 
     /// Register a callback for when GC is done.
-    #[cfg(any(test, feature = "test-utils"))]
+    #[cfg(all(test, feature = "test-utils"))]
     pub fn register_gc_done_cb(mut self, cb: Box<dyn Fn() + Send>) -> Self {
         self.gc_done_callback.replace(cb);
         self
@@ -617,7 +617,7 @@ where
                 None => endpoint,
             };
 
-            #[cfg(any(test, feature = "test-utils"))]
+            #[cfg(all(test, feature = "test-utils"))]
             {
                 endpoint =
                     endpoint.insecure_skip_relay_cert_verify(self.insecure_skip_relay_cert_verify);