From 8f32b46b3052d6bcec28dc310803a74c9b749dc6 Mon Sep 17 00:00:00 2001 From: Armin Schrenk Date: Fri, 12 Jan 2024 11:56:15 +0100 Subject: [PATCH 01/15] set no jlink compression for build artifacts references 00fc2a98379348f1371a8a9ab2756fe7b16eb793 --- .github/workflows/appimage.yml | 2 ++ .github/workflows/mac-dmg.yml | 2 ++ .github/workflows/win-exe.yml | 2 ++ dist/linux/appimage/build.sh | 3 ++- dist/linux/debian/rules | 4 +++- dist/mac/dmg/build.sh | 2 +- dist/win/build.ps1 | 5 +++-- 7 files changed, 15 insertions(+), 5 deletions(-) diff --git a/.github/workflows/appimage.yml b/.github/workflows/appimage.yml index 80aa111cf..1c42fcb74 100644 --- a/.github/workflows/appimage.yml +++ b/.github/workflows/appimage.yml @@ -74,6 +74,7 @@ jobs: cp LICENSE.txt target cp target/cryptomator-*.jar target/mods - name: Run jlink + #Remark: no compression is applied for improved build compression later (here appimage) run: > ${JAVA_HOME}/bin/jlink --verbose @@ -84,6 +85,7 @@ jobs: --no-header-files --no-man-pages --strip-debug + --compress zip-0 - name: Prepare additional launcher run: envsubst '${SEMVER_STR} ${REVISION_NUM}' < dist/linux/launcher-gtk2.properties > launcher-gtk2.properties env: diff --git a/.github/workflows/mac-dmg.yml b/.github/workflows/mac-dmg.yml index f96ded641..f0cd01e44 100644 --- a/.github/workflows/mac-dmg.yml +++ b/.github/workflows/mac-dmg.yml @@ -85,6 +85,7 @@ jobs: cp LICENSE.txt target cp target/cryptomator-*.jar target/mods - name: Run jlink + #Remark: no compression is applied for improved build compression later (here dmg) run: > ${JAVA_HOME}/bin/jlink --verbose @@ -95,6 +96,7 @@ jobs: --no-header-files --no-man-pages --strip-debug + --compress zip-0 - name: Run jpackage run: > ${JAVA_HOME}/bin/jpackage diff --git a/.github/workflows/win-exe.yml b/.github/workflows/win-exe.yml index 79be3fd6e..5044d2d35 100644 --- a/.github/workflows/win-exe.yml +++ b/.github/workflows/win-exe.yml @@ -79,6 +79,7 @@ jobs: cp LICENSE.txt target cp target/cryptomator-*.jar target/mods - name: Run jlink + #Remark: no compression is applied for improved build compression later (here msi) run: > ${JAVA_HOME}/bin/jlink --verbose @@ -89,6 +90,7 @@ jobs: --no-header-files --no-man-pages --strip-debug + --compress zip-0 - name: Change win-console flag if debug is active if: ${{ inputs.isDebug }} run: echo "WIN_CONSOLE_FLAG=--win-console" >> $GITHUB_ENV diff --git a/dist/linux/appimage/build.sh b/dist/linux/appimage/build.sh index 9b056afa5..0126681f8 100755 --- a/dist/linux/appimage/build.sh +++ b/dist/linux/appimage/build.sh @@ -60,7 +60,8 @@ ${JAVA_HOME}/bin/jlink \ --strip-native-commands \ --no-header-files \ --no-man-pages \ - --strip-debug + --strip-debug \ + --compress zip-0 # create app dir envsubst '${SEMVER_STR} ${REVISION_NUM}' < ../launcher-gtk2.properties > launcher-gtk2.properties diff --git a/dist/linux/debian/rules b/dist/linux/debian/rules index 2de33e34b..e7d86ef44 100755 --- a/dist/linux/debian/rules +++ b/dist/linux/debian/rules @@ -24,6 +24,7 @@ override_dh_auto_clean: override_dh_auto_build: mkdir resources ln -s ../common/org.cryptomator.Cryptomator512.png resources/cryptomator.png +# Remark: no compression is applied for improved build compression later (here deb) $(JAVA_HOME)/bin/jlink \ --output runtime \ --module-path "${JMODS_PATH}" \ @@ -31,7 +32,8 @@ override_dh_auto_build: --strip-native-commands \ --no-header-files \ --no-man-pages \ - --strip-debug + --strip-debug \ + --compress zip-0 $(JAVA_HOME)/bin/jpackage \ --type app-image \ --runtime-image runtime \ diff --git a/dist/mac/dmg/build.sh b/dist/mac/dmg/build.sh index b2c8d55e3..d55889651 100755 --- a/dist/mac/dmg/build.sh +++ b/dist/mac/dmg/build.sh @@ -76,7 +76,7 @@ ${JAVA_HOME}/bin/jlink \ --no-header-files \ --no-man-pages \ --strip-debug \ - --compress=1 + --compress zip-0 # create app dir ${JAVA_HOME}/bin/jpackage \ diff --git a/dist/win/build.ps1 b/dist/win/build.ps1 index d05463e65..21e3c3506 100644 --- a/dist/win/build.ps1 +++ b/dist/win/build.ps1 @@ -69,7 +69,7 @@ Expand-Archive -Path $jfxJmodsZip -Force -DestinationPath ".\resources\" Remove-Item -Recurse -Force -Path ".\resources\javafx-jmods" Move-Item -Force -Path ".\resources\javafx-jmods-*" -Destination ".\resources\javafx-jmods" -ErrorAction Stop - +## create custom runtime & "$Env:JAVA_HOME\bin\jlink" ` --verbose ` --output runtime ` @@ -78,7 +78,8 @@ Move-Item -Force -Path ".\resources\javafx-jmods-*" -Destination ".\resources\ja --strip-native-commands ` --no-header-files ` --no-man-pages ` - --strip-debug + --strip-debug ` + --compress "zip-0" #do not compress to have improved msi compression $appPath = ".\$AppName" if ($clean -and (Test-Path -Path $appPath)) { From 538b4ecd0b86646370eecd4f8a6aea1610cc3b31 Mon Sep 17 00:00:00 2001 From: Sebastian Stenzel Date: Sun, 14 Jan 2024 13:59:23 +0100 Subject: [PATCH 02/15] added javadoc --- .../java/org/cryptomator/ui/keyloading/hub/HubConfig.java | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/main/java/org/cryptomator/ui/keyloading/hub/HubConfig.java b/src/main/java/org/cryptomator/ui/keyloading/hub/HubConfig.java index f8ec7b854..84cac8ed2 100644 --- a/src/main/java/org/cryptomator/ui/keyloading/hub/HubConfig.java +++ b/src/main/java/org/cryptomator/ui/keyloading/hub/HubConfig.java @@ -1,7 +1,6 @@ package org.cryptomator.ui.keyloading.hub; import com.fasterxml.jackson.annotation.JsonIgnoreProperties; -import org.jetbrains.annotations.NotNull; import org.jetbrains.annotations.Nullable; import java.net.URI; @@ -19,6 +18,12 @@ public class HubConfig { @Deprecated // use apiBaseUrl + "/devices/" public String devicesResourceUrl; + /** + * Get the URI pointing to the /api/ base resource. + * + * @return /api/ URI + * @apiNote URI is guaranteed to end on / + */ public URI getApiBaseUrl() { if (apiBaseUrl != null) { // make sure to end on "/": From 0ed73e8b412195cfc311e4de4f6b0b3175adb3c2 Mon Sep 17 00:00:00 2001 From: Sebastian Stenzel Date: Sun, 14 Jan 2024 14:02:35 +0100 Subject: [PATCH 03/15] use string templates for building /api/* URIs --- .../keyloading/hub/ReceiveKeyController.java | 30 ++++++++----------- 1 file changed, 12 insertions(+), 18 deletions(-) diff --git a/src/main/java/org/cryptomator/ui/keyloading/hub/ReceiveKeyController.java b/src/main/java/org/cryptomator/ui/keyloading/hub/ReceiveKeyController.java index e0f305fd2..e5edfe73d 100644 --- a/src/main/java/org/cryptomator/ui/keyloading/hub/ReceiveKeyController.java +++ b/src/main/java/org/cryptomator/ui/keyloading/hub/ReceiveKeyController.java @@ -46,6 +46,7 @@ public class ReceiveKeyController implements FxController { private final Stage window; private final HubConfig hubConfig; + private final String vaultId; private final String deviceId; private final String bearerToken; private final CompletableFuture result; @@ -53,14 +54,15 @@ public class ReceiveKeyController implements FxController { private final Lazy legacyRegisterDeviceScene; private final Lazy unauthorizedScene; private final Lazy accountInitializationScene; - private final URI vaultBaseUri; private final Lazy invalidLicenseScene; private final HttpClient httpClient; + private final StringTemplate.Processor API_BASE = this::resolveRelativeToApiBase; @Inject public ReceiveKeyController(@KeyLoading Vault vault, ExecutorService executor, @KeyLoading Stage window, HubConfig hubConfig, @Named("deviceId") String deviceId, @Named("bearerToken") AtomicReference tokenRef, CompletableFuture result, @FxmlScene(FxmlFile.HUB_REGISTER_DEVICE) Lazy registerDeviceScene, @FxmlScene(FxmlFile.HUB_LEGACY_REGISTER_DEVICE) Lazy legacyRegisterDeviceScene, @FxmlScene(FxmlFile.HUB_UNAUTHORIZED_DEVICE) Lazy unauthorizedScene, @FxmlScene(FxmlFile.HUB_REQUIRE_ACCOUNT_INIT) Lazy accountInitializationScene, @FxmlScene(FxmlFile.HUB_INVALID_LICENSE) Lazy invalidLicenseScene) { this.window = window; this.hubConfig = hubConfig; + this.vaultId = vault.getId(); this.deviceId = deviceId; this.bearerToken = Objects.requireNonNull(tokenRef.get()); this.result = result; @@ -68,7 +70,6 @@ public class ReceiveKeyController implements FxController { this.legacyRegisterDeviceScene = legacyRegisterDeviceScene; this.unauthorizedScene = unauthorizedScene; this.accountInitializationScene = accountInitializationScene; - this.vaultBaseUri = getVaultBaseUri(vault); this.invalidLicenseScene = invalidLicenseScene; this.window.addEventHandler(WindowEvent.WINDOW_HIDING, this::windowClosed); this.httpClient = HttpClient.newBuilder().version(HttpClient.Version.HTTP_1_1).executor(executor).build(); @@ -83,8 +84,8 @@ public class ReceiveKeyController implements FxController { * STEP 1 (Request): GET vault key for this user */ private void requestVaultMasterkey() { - var accessTokenUri = appendPath(vaultBaseUri, "/access-token"); - var request = HttpRequest.newBuilder(accessTokenUri) // + var vaultKeyUri = API_BASE."vaults/\{vaultId}/access-token"; + var request = HttpRequest.newBuilder(vaultKeyUri) // .header("Authorization", "Bearer " + bearerToken) // .GET() // .timeout(REQ_TIMEOUT) // @@ -115,8 +116,8 @@ public class ReceiveKeyController implements FxController { * STEP 2 (Request): GET user key for this device */ private void requestUserKey(String encryptedVaultKey) { - var deviceTokenUri = URI.create(hubConfig.getApiBaseUrl() + "/devices/" + deviceId); - var request = HttpRequest.newBuilder(deviceTokenUri) // + var deviceUri = API_BASE."devices/\{deviceId}"; + var request = HttpRequest.newBuilder(deviceUri) // .header("Authorization", "Bearer " + bearerToken) // .GET() // .timeout(REQ_TIMEOUT) // @@ -167,7 +168,7 @@ public class ReceiveKeyController implements FxController { */ @Deprecated private void requestLegacyAccessToken() { - var legacyAccessTokenUri = appendPath(vaultBaseUri, "/keys/" + deviceId); + var legacyAccessTokenUri = API_BASE."vaults/\{vaultId}/keys/\{deviceId}"; var request = HttpRequest.newBuilder(legacyAccessTokenUri) // .header("Authorization", "Bearer " + bearerToken) // .GET() // @@ -249,17 +250,10 @@ public class ReceiveKeyController implements FxController { } } - private static URI getVaultBaseUri(Vault vault) { - try { - var url = vault.getVaultConfigCache().get().getKeyId(); - assert url.getScheme().startsWith(SCHEME_PREFIX); - var correctedScheme = url.getScheme().substring(SCHEME_PREFIX.length()); - return new URI(correctedScheme, url.getSchemeSpecificPart(), url.getFragment()); - } catch (IOException e) { - throw new UncheckedIOException(e); - } catch (URISyntaxException e) { - throw new IllegalStateException("URI constructed from params known to be valid", e); - } + private URI resolveRelativeToApiBase(StringTemplate template) { + var path = template.interpolate(); + var relPath = path.startsWith("/") ? path.substring(1) : path; + return hubConfig.getApiBaseUrl().resolve(relPath); } @JsonIgnoreProperties(ignoreUnknown = true) From 6d974c7fcf0cad7d705d35cbef0ba7a7151026a4 Mon Sep 17 00:00:00 2001 From: Sebastian Stenzel Date: Sun, 14 Jan 2024 14:58:58 +0100 Subject: [PATCH 04/15] fix incorrect vaultId --- .../ui/keyloading/hub/ReceiveKeyController.java | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/main/java/org/cryptomator/ui/keyloading/hub/ReceiveKeyController.java b/src/main/java/org/cryptomator/ui/keyloading/hub/ReceiveKeyController.java index e5edfe73d..bdd3fa906 100644 --- a/src/main/java/org/cryptomator/ui/keyloading/hub/ReceiveKeyController.java +++ b/src/main/java/org/cryptomator/ui/keyloading/hub/ReceiveKeyController.java @@ -62,7 +62,7 @@ public class ReceiveKeyController implements FxController { public ReceiveKeyController(@KeyLoading Vault vault, ExecutorService executor, @KeyLoading Stage window, HubConfig hubConfig, @Named("deviceId") String deviceId, @Named("bearerToken") AtomicReference tokenRef, CompletableFuture result, @FxmlScene(FxmlFile.HUB_REGISTER_DEVICE) Lazy registerDeviceScene, @FxmlScene(FxmlFile.HUB_LEGACY_REGISTER_DEVICE) Lazy legacyRegisterDeviceScene, @FxmlScene(FxmlFile.HUB_UNAUTHORIZED_DEVICE) Lazy unauthorizedScene, @FxmlScene(FxmlFile.HUB_REQUIRE_ACCOUNT_INIT) Lazy accountInitializationScene, @FxmlScene(FxmlFile.HUB_INVALID_LICENSE) Lazy invalidLicenseScene) { this.window = window; this.hubConfig = hubConfig; - this.vaultId = vault.getId(); + this.vaultId = extractVaultId(vault.getVaultConfigCache().getUnchecked().getKeyId()); // TODO: access vault config's JTI directly (requires changes in cryptofs) this.deviceId = deviceId; this.bearerToken = Objects.requireNonNull(tokenRef.get()); this.result = result; @@ -256,6 +256,12 @@ public class ReceiveKeyController implements FxController { return hubConfig.getApiBaseUrl().resolve(relPath); } + private static String extractVaultId(URI vaultKeyUri) { + assert vaultKeyUri.getScheme().startsWith(SCHEME_PREFIX); + var path = vaultKeyUri.getPath(); + return path.substring(path.lastIndexOf('/') + 1); + } + @JsonIgnoreProperties(ignoreUnknown = true) private record DeviceDto(@JsonProperty(value = "userPrivateKey", required = true) String userPrivateKey) {} } From 748f895b987993cc247a318254062a59cbf80200 Mon Sep 17 00:00:00 2001 From: Sebastian Stenzel Date: Sun, 14 Jan 2024 15:01:51 +0100 Subject: [PATCH 05/15] change unlock request order --- .../keyloading/hub/ReceiveKeyController.java | 34 +++++++++++-------- 1 file changed, 19 insertions(+), 15 deletions(-) diff --git a/src/main/java/org/cryptomator/ui/keyloading/hub/ReceiveKeyController.java b/src/main/java/org/cryptomator/ui/keyloading/hub/ReceiveKeyController.java index bdd3fa906..7171b8f2f 100644 --- a/src/main/java/org/cryptomator/ui/keyloading/hub/ReceiveKeyController.java +++ b/src/main/java/org/cryptomator/ui/keyloading/hub/ReceiveKeyController.java @@ -3,6 +3,7 @@ package org.cryptomator.ui.keyloading.hub; import com.fasterxml.jackson.annotation.JsonIgnoreProperties; import com.fasterxml.jackson.annotation.JsonProperty; import com.fasterxml.jackson.databind.ObjectMapper; +import com.google.common.base.Preconditions; import com.nimbusds.jose.JWEObject; import dagger.Lazy; import org.cryptomator.common.vaults.Vault; @@ -77,13 +78,13 @@ public class ReceiveKeyController implements FxController { @FXML public void initialize() { - requestVaultMasterkey(); + requestDeviceData(); } /** - * STEP 1 (Request): GET vault key for this user + * STEP 2 (Request): GET vault key for this user */ - private void requestVaultMasterkey() { + private void requestVaultMasterkey(String encryptedUserKey) { var vaultKeyUri = API_BASE."vaults/\{vaultId}/access-token"; var request = HttpRequest.newBuilder(vaultKeyUri) // .header("Authorization", "Bearer " + bearerToken) // @@ -91,19 +92,19 @@ public class ReceiveKeyController implements FxController { .timeout(REQ_TIMEOUT) // .build(); httpClient.sendAsync(request, HttpResponse.BodyHandlers.ofString(StandardCharsets.US_ASCII)) // - .thenAcceptAsync(this::receivedVaultMasterkey, Platform::runLater) // + .thenAcceptAsync(response -> receivedVaultMasterkey(encryptedUserKey, response), Platform::runLater) // .exceptionally(this::retrievalFailed); } /** - * STEP 1 (Response): GET vault key for this user + * STEP 2 (Response): GET vault key for this user * * @param response Response */ - private void receivedVaultMasterkey(HttpResponse response) { + private void receivedVaultMasterkey(String encryptedUserKey, HttpResponse response) { LOG.debug("GET {} -> Status Code {}", response.request().uri(), response.statusCode()); switch (response.statusCode()) { - case 200 -> requestUserKey(response.body()); + case 200 -> receivedBothEncryptedKeys(response.body(), encryptedUserKey); case 402 -> licenseExceeded(); case 403, 410 -> accessNotGranted(); // or vault has been archived, effectively disallowing access - TODO: add specific dialog? case 449 -> accountInitializationRequired(); @@ -113,9 +114,9 @@ public class ReceiveKeyController implements FxController { } /** - * STEP 2 (Request): GET user key for this device + * STEP 1 (Request): GET user key for this device */ - private void requestUserKey(String encryptedVaultKey) { + private void requestDeviceData() { var deviceUri = API_BASE."devices/\{deviceId}"; var request = HttpRequest.newBuilder(deviceUri) // .header("Authorization", "Bearer " + bearerToken) // @@ -123,22 +124,22 @@ public class ReceiveKeyController implements FxController { .timeout(REQ_TIMEOUT) // .build(); httpClient.sendAsync(request, HttpResponse.BodyHandlers.ofString(StandardCharsets.UTF_8)) // - .thenAcceptAsync(response -> receivedUserKey(encryptedVaultKey, response), Platform::runLater) // + .thenAcceptAsync(this::receivedDeviceData, Platform::runLater) // .exceptionally(this::retrievalFailed); } /** - * STEP 2 (Response): GET user key for this device + * STEP 1 (Response): GET user key for this device * * @param response Response */ - private void receivedUserKey(String encryptedVaultKey, HttpResponse response) { + private void receivedDeviceData(HttpResponse response) { LOG.debug("GET {} -> Status Code {}", response.request().uri(), response.statusCode()); try { switch (response.statusCode()) { case 200 -> { var device = JSON.reader().readValue(response.body(), DeviceDto.class); - receivedBothEncryptedKeys(encryptedVaultKey, device.userPrivateKey); + requestVaultMasterkey(device.userPrivateKey); } case 404 -> needsDeviceRegistration(); // TODO: using the setup code, we can theoretically immediately unlock default -> throw new IllegalStateException("Unexpected response " + response.statusCode()); @@ -152,14 +153,14 @@ public class ReceiveKeyController implements FxController { window.setScene(registerDeviceScene.get()); } - private void receivedBothEncryptedKeys(String encryptedVaultKey, String encryptedUserKey) throws IOException { + private void receivedBothEncryptedKeys(String encryptedVaultKey, String encryptedUserKey) { try { var vaultKeyJwe = JWEObject.parse(encryptedVaultKey); var userKeyJwe = JWEObject.parse(encryptedUserKey); result.complete(ReceivedKey.vaultKeyAndUserKey(vaultKeyJwe, userKeyJwe)); window.close(); } catch (ParseException e) { - throw new IOException("Failed to parse JWE", e); + retrievalFailed(e); } } @@ -264,4 +265,7 @@ public class ReceiveKeyController implements FxController { @JsonIgnoreProperties(ignoreUnknown = true) private record DeviceDto(@JsonProperty(value = "userPrivateKey", required = true) String userPrivateKey) {} + + @JsonIgnoreProperties(ignoreUnknown = true) + private record ConfigDto(@JsonProperty(value = "apiLevel") int apiLevel) {} } From b59ce75ecd1b20cdc8dec5e7aed160fa7a70e2e3 Mon Sep 17 00:00:00 2001 From: Sebastian Stenzel Date: Sun, 14 Jan 2024 15:02:41 +0100 Subject: [PATCH 06/15] add step 0: check API level --- .../keyloading/hub/ReceiveKeyController.java | 37 ++++++++++++++++++- 1 file changed, 35 insertions(+), 2 deletions(-) diff --git a/src/main/java/org/cryptomator/ui/keyloading/hub/ReceiveKeyController.java b/src/main/java/org/cryptomator/ui/keyloading/hub/ReceiveKeyController.java index 7171b8f2f..0604036f9 100644 --- a/src/main/java/org/cryptomator/ui/keyloading/hub/ReceiveKeyController.java +++ b/src/main/java/org/cryptomator/ui/keyloading/hub/ReceiveKeyController.java @@ -78,7 +78,41 @@ public class ReceiveKeyController implements FxController { @FXML public void initialize() { - requestDeviceData(); + requestApiConfig(); // FIXME: only called once - need to restart after returning from register device + } + + /** + * STEP 0 (Request): GET /api/config + */ + private void requestApiConfig() { + var configUri = API_BASE."config"; + var request = HttpRequest.newBuilder(configUri) // + .GET() // + .timeout(REQ_TIMEOUT) // + .build(); + httpClient.sendAsync(request, HttpResponse.BodyHandlers.ofString(StandardCharsets.US_ASCII)) // + .thenAcceptAsync(this::receivedApiConfig, Platform::runLater) // + .exceptionally(this::retrievalFailed); + } + + /** + * STEP 0 (Response): GET /api/config + * + * @param response Response + */ + private void receivedApiConfig(HttpResponse response) { + LOG.debug("GET {} -> Status Code {}", response.request().uri(), response.statusCode()); + Preconditions.checkState(response.statusCode() == 200, "Unexpected response " + response.statusCode()); + try { + var config = JSON.reader().readValue(response.body(), ConfigDto.class); + if (config.apiLevel >= 1) { + requestDeviceData(); + } else { + requestLegacyAccessToken(); + } + } catch (IOException e) { + throw new UncheckedIOException(e); + } } /** @@ -108,7 +142,6 @@ public class ReceiveKeyController implements FxController { case 402 -> licenseExceeded(); case 403, 410 -> accessNotGranted(); // or vault has been archived, effectively disallowing access - TODO: add specific dialog? case 449 -> accountInitializationRequired(); - case 404 -> requestLegacyAccessToken(); default -> throw new IllegalStateException("Unexpected response " + response.statusCode()); } } From e0d3a3d9c70bc19a0281b8bf0f122afb3a909d83 Mon Sep 17 00:00:00 2001 From: JaniruTEC <52893617+JaniruTEC@users.noreply.github.com> Date: Mon, 15 Jan 2024 16:12:27 +0100 Subject: [PATCH 07/15] Externalized dependency-check --- .github/workflows/dependency-check.yml | 55 ++++---------------------- 1 file changed, 8 insertions(+), 47 deletions(-) diff --git a/.github/workflows/dependency-check.yml b/.github/workflows/dependency-check.yml index 590688b7d..3d0ad7cfa 100644 --- a/.github/workflows/dependency-check.yml +++ b/.github/workflows/dependency-check.yml @@ -7,50 +7,11 @@ on: jobs: check-dependencies: - name: Check dependencies - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - with: - show-progress: false - - name: Setup Java - uses: actions/setup-java@v4 - with: - distribution: 'temurin' - java-version: 21 - cache: 'maven' - - name: Cache NVD DB - uses: actions/cache@v3 - with: - path: ~/.m2/repository/org/owasp/dependency-check-data/ - key: dependency-check-${{ github.run_id }} - restore-keys: | - dependency-check - env: - SEGMENT_DOWNLOAD_TIMEOUT_MINS: 5 - - name: Run org.owasp:dependency-check plugin - id: dependency-check - continue-on-error: true - run: mvn -B validate -Pdependency-check - env: - NVD_API_KEY: ${{ secrets.NVD_API_KEY }} - - name: Upload report on failure - if: steps.dependency-check.outcome == 'failure' - uses: actions/upload-artifact@v3 - with: - name: dependency-check-report - path: target/dependency-check-report.html - if-no-files-found: error - - name: Slack Notification on regular check - if: github.event_name == 'schedule' && steps.dependency-check.outcome == 'failure' - uses: rtCamp/action-slack-notify@v2 - env: - SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_URL }} - SLACK_USERNAME: 'Cryptobot' - SLACK_ICON: false - SLACK_ICON_EMOJI: ':bot:' - SLACK_CHANNEL: 'cryptomator-desktop' - SLACK_TITLE: "Vulnerabilities in ${{ github.event.repository.name }} detected." - SLACK_MESSAGE: "Download the for more details." - SLACK_FOOTER: false - MSG_MINIMAL: true + uses: skymatic/workflows/.github/workflows/run-dependency-check.yml@main + with: + runner-os: 'ubuntu-latest' + java-distribution: 'temurin' + java-version: 21 + secrets: + nvd-api-key: ${{ secrets.NVD_API_KEY }} + slack-webhook-url: ${{ secrets.SLACK_WEBHOOK_URL }} From 8bf0acf35fae4d1cb8b08df108b5e36f10fdc93b Mon Sep 17 00:00:00 2001 From: Armin Schrenk Date: Mon, 15 Jan 2024 16:35:34 +0100 Subject: [PATCH 08/15] build release artifacts with javafx 21.0.1 references 7d281e2878b5aa9f7dd8af3b07d36b59f6592510 --- .github/workflows/appimage.yml | 8 ++++---- .github/workflows/debian.yml | 8 ++++---- .github/workflows/mac-dmg.yml | 8 ++++---- .github/workflows/win-exe.yml | 4 ++-- dist/linux/appimage/build.sh | 8 ++++---- dist/mac/dmg/build.sh | 2 +- dist/win/build.ps1 | 4 ++-- 7 files changed, 21 insertions(+), 21 deletions(-) diff --git a/.github/workflows/appimage.yml b/.github/workflows/appimage.yml index 1c42fcb74..b20052b9d 100644 --- a/.github/workflows/appimage.yml +++ b/.github/workflows/appimage.yml @@ -29,12 +29,12 @@ jobs: include: - os: ubuntu-latest appimage-suffix: x86_64 - openjfx-url: 'https://download2.gluonhq.com/openjfx/20.0.2/openjfx-20.0.2_linux-x64_bin-jmods.zip' - openjfx-sha: 'f522ac2ae4bdd61f0219b7b8d2058ff72a22f36a44378453bcfdcd82f8f5e08c' + openjfx-url: 'https://download2.gluonhq.com/openjfx/21.0.1/openjfx-21.0.1_linux-x64_bin-jmods.zip' + openjfx-sha: '7baed11ca56d5fee85995fa6612d4299f1e8b7337287228f7f12fd50407c56f8' - os: [self-hosted, Linux, ARM64] appimage-suffix: aarch64 - openjfx-url: 'https://download2.gluonhq.com/openjfx/20.0.2/openjfx-20.0.2_linux-aarch64_bin-jmods.zip' - openjfx-sha: 'c0d80ebbe0aab404ef9ad8b46c05bf533a1e40b39b2720eebd9238d81f6326ca' + openjfx-url: 'https://download2.gluonhq.com/openjfx/21.0.1/openjfx-21.0.1_linux-aarch64_bin-jmods.zip' + openjfx-sha: '871e7b9d7af16aef2e55c1b7830d0e0b2503b13dd8641374ba7e55ecb81d2ef9' steps: - uses: actions/checkout@v4 - name: Setup Java diff --git a/.github/workflows/debian.yml b/.github/workflows/debian.yml index 00b49f4fc..900a5330c 100644 --- a/.github/workflows/debian.yml +++ b/.github/workflows/debian.yml @@ -20,10 +20,10 @@ env: JAVA_VERSION: '21.0.1+12' COFFEELIBS_JDK: 21 COFFEELIBS_JDK_VERSION: '21.0.1+12-0ppa1' - OPENJFX_JMODS_AMD64: 'https://download2.gluonhq.com/openjfx/20.0.2/openjfx-20.0.2_linux-x64_bin-jmods.zip' - OPENJFX_JMODS_AMD64_HASH: 'f522ac2ae4bdd61f0219b7b8d2058ff72a22f36a44378453bcfdcd82f8f5e08c' - OPENJFX_JMODS_AARCH64: 'https://download2.gluonhq.com/openjfx/20.0.2/openjfx-20.0.2_linux-aarch64_bin-jmods.zip' - OPENJFX_JMODS_AARCH64_HASH: 'c0d80ebbe0aab404ef9ad8b46c05bf533a1e40b39b2720eebd9238d81f6326ca' + OPENJFX_JMODS_AMD64: 'https://download2.gluonhq.com/openjfx/21.0.1/openjfx-21.0.1_linux-x64_bin-jmods.zip' + OPENJFX_JMODS_AMD64_HASH: '7baed11ca56d5fee85995fa6612d4299f1e8b7337287228f7f12fd50407c56f8' + OPENJFX_JMODS_AARCH64: 'https://download2.gluonhq.com/openjfx/21.0.1/openjfx-21.0.1_linux-aarch64_bin-jmods.zip' + OPENJFX_JMODS_AARCH64_HASH: '871e7b9d7af16aef2e55c1b7830d0e0b2503b13dd8641374ba7e55ecb81d2ef9' jobs: build: diff --git a/.github/workflows/mac-dmg.yml b/.github/workflows/mac-dmg.yml index f0cd01e44..a60e03711 100644 --- a/.github/workflows/mac-dmg.yml +++ b/.github/workflows/mac-dmg.yml @@ -37,15 +37,15 @@ jobs: output-suffix: x64 xcode-path: '/Applications/Xcode_13.2.1.app' fuse-lib: macFUSE - openjfx-url: 'https://download2.gluonhq.com/openjfx/20.0.2/openjfx-20.0.2_osx-x64_bin-jmods.zip' - openjfx-sha: '55b8ff7453d59c89ae129f6c9c5ad7b09a5d359568811b376ac1766c14d6a17c' + openjfx-url: 'https://download2.gluonhq.com/openjfx/21.0.1/openjfx-21.0.1_osx-x64_bin-jmods.zip' + openjfx-sha: 'bd6abab20da73d5a968dcf2fd915d81b5fb919340e3bb84979ee9a888a829939' - os: [self-hosted, macOS, ARM64] architecture: aarch64 output-suffix: arm64 xcode-path: '/Applications/Xcode_13.2.1.app' fuse-lib: FUSE-T - openjfx-url: 'https://download2.gluonhq.com/openjfx/20.0.2/openjfx-20.0.2_osx-aarch64_bin-jmods.zip' - openjfx-sha: 'c60f5f19aa847e0e620e0b011e5de68f2c6755641c2141cec27a0b89f612beaf' + openjfx-url: 'https://download2.gluonhq.com/openjfx/21.0.1/openjfx-21.0.1_osx-aarch64_bin-jmods.zip' + openjfx-sha: '7afaa1c57a6cc3c384d636e597b9a5364693e2db4aaec0a6e63d2fa964400b58' steps: - uses: actions/checkout@v4 - name: Setup Java diff --git a/.github/workflows/win-exe.yml b/.github/workflows/win-exe.yml index 5044d2d35..43447bb29 100644 --- a/.github/workflows/win-exe.yml +++ b/.github/workflows/win-exe.yml @@ -16,8 +16,8 @@ on: env: JAVA_DIST: 'zulu' JAVA_VERSION: '21.0.1+12' - OPENJFX_JMODS_AMD64: 'https://download2.gluonhq.com/openjfx/20.0.2/openjfx-20.0.2_windows-x64_bin-jmods.zip' - OPENJFX_JMODS_AMD64_HASH: '18625bbc13c57dbf802486564247a8d8cab72ec558c240a401bf6440384ebd77' + OPENJFX_JMODS_AMD64: 'https://download2.gluonhq.com/openjfx/21.0.1/openjfx-21.0.1_windows-x64_bin-jmods.zip' + OPENJFX_JMODS_AMD64_HASH: 'daf8acae631c016c24cfe23f88469400274d3441dd890615a42dfb501f3eb94a' WINFSP_MSI: 'https://github.com/winfsp/winfsp/releases/download/v2.0/winfsp-2.0.23075.msi' WINFSP_UNINSTALLER: 'https://github.com/cryptomator/winfsp-uninstaller/releases/download/1.0.0/winfsp-uninstaller.exe' diff --git a/dist/linux/appimage/build.sh b/dist/linux/appimage/build.sh index 0126681f8..2b4b116da 100755 --- a/dist/linux/appimage/build.sh +++ b/dist/linux/appimage/build.sh @@ -25,10 +25,10 @@ cp ../../../target/cryptomator-*.jar ../../../target/mods # download javaFX jmods -OPENJFX_URL='https://download2.gluonhq.com/openjfx/20.0.2/openjfx-20.0.2_linux-x64_bin-jmods.zip' #by default we assume x64 -OPENJFX_SHA='f522ac2ae4bdd61f0219b7b8d2058ff72a22f36a44378453bcfdcd82f8f5e08c' -OPENJFX_URL_aarch64='https://download2.gluonhq.com/openjfx/20.0.2/openjfx-20.0.2_linux-aarch64_bin-jmods.zip' -OPENJFX_SHA_aarch64='c0d80ebbe0aab404ef9ad8b46c05bf533a1e40b39b2720eebd9238d81f6326ca' +OPENJFX_URL='https://download2.gluonhq.com/openjfx/21.0.1/openjfx-21.0.1_linux-x64_bin-jmods.zip' +OPENJFX_SHA='7baed11ca56d5fee85995fa6612d4299f1e8b7337287228f7f12fd50407c56f8' +OPENJFX_URL_aarch64='https://download2.gluonhq.com/openjfx/21.0.1/openjfx-21.0.1_linux-aarch64_bin-jmods.zip' +OPENJFX_SHA_aarch64='871e7b9d7af16aef2e55c1b7830d0e0b2503b13dd8641374ba7e55ecb81d2ef9' if [[ "${MACHINE_TYPE}" = "aarch64" ]]; then OPENJFX_URL="${OPENJFX_URL_aarch64}"; diff --git a/dist/mac/dmg/build.sh b/dist/mac/dmg/build.sh index d55889651..ea6b52b1e 100755 --- a/dist/mac/dmg/build.sh +++ b/dist/mac/dmg/build.sh @@ -35,7 +35,7 @@ if [ "$(machine)" = "arm64e" ]; then else ARCH="x64" fi -OPENJFX_JMODS="https://download2.gluonhq.com/openjfx/20.0.2/openjfx-20.0.2_osx-${ARCH}_bin-jmods.zip" +OPENJFX_JMODS="https://download2.gluonhq.com/openjfx/21.0.1/openjfx-21.0.1_osx-${ARCH}_bin-jmods.zip" # check preconditions if [ -z "${JAVA_HOME}" ]; then echo "JAVA_HOME not set. Run using JAVA_HOME=/path/to/jdk ./build.sh"; exit 1; fi diff --git a/dist/win/build.ps1 b/dist/win/build.ps1 index 21e3c3506..7b1f7cc47 100644 --- a/dist/win/build.ps1 +++ b/dist/win/build.ps1 @@ -51,9 +51,9 @@ if ($clean -and (Test-Path -Path $runtimeImagePath)) { } ## download jfx jmods -$jmodsVersion='20.0.2' +$jmodsVersion='21.0.1' $jmodsUrl = "https://download2.gluonhq.com/openjfx/${jmodsVersion}/openjfx-${jmodsVersion}_windows-x64_bin-jmods.zip" -$jfxJmodsChecksum = '18625bbc13c57dbf802486564247a8d8cab72ec558c240a401bf6440384ebd77' +$jfxJmodsChecksum = 'daf8acae631c016c24cfe23f88469400274d3441dd890615a42dfb501f3eb94a' $jfxJmodsZip = '.\resources\jfxJmods.zip' if( !(Test-Path -Path $jfxJmodsZip) ) { Write-Output "Downloading ${jmodsUrl}..." From 8e520583738b7055ca42113d6e6dc4d8fe179b84 Mon Sep 17 00:00:00 2001 From: Sebastian Stenzel Date: Tue, 16 Jan 2024 03:58:30 +0100 Subject: [PATCH 09/15] re-attempt receiving key after registering device --- .../keyloading/hub/ReceiveKeyController.java | 6 ++++- .../hub/RegisterSuccessController.java | 25 ++++++++++++++++--- .../resources/fxml/hub_register_success.fxml | 4 +-- 3 files changed, 29 insertions(+), 6 deletions(-) diff --git a/src/main/java/org/cryptomator/ui/keyloading/hub/ReceiveKeyController.java b/src/main/java/org/cryptomator/ui/keyloading/hub/ReceiveKeyController.java index 0604036f9..eec91b194 100644 --- a/src/main/java/org/cryptomator/ui/keyloading/hub/ReceiveKeyController.java +++ b/src/main/java/org/cryptomator/ui/keyloading/hub/ReceiveKeyController.java @@ -78,7 +78,11 @@ public class ReceiveKeyController implements FxController { @FXML public void initialize() { - requestApiConfig(); // FIXME: only called once - need to restart after returning from register device + receiveKey(); + } + + public void receiveKey() { + requestApiConfig(); } /** diff --git a/src/main/java/org/cryptomator/ui/keyloading/hub/RegisterSuccessController.java b/src/main/java/org/cryptomator/ui/keyloading/hub/RegisterSuccessController.java index bba13516c..6988283a3 100644 --- a/src/main/java/org/cryptomator/ui/keyloading/hub/RegisterSuccessController.java +++ b/src/main/java/org/cryptomator/ui/keyloading/hub/RegisterSuccessController.java @@ -1,24 +1,43 @@ package org.cryptomator.ui.keyloading.hub; +import dagger.Lazy; import org.cryptomator.ui.common.FxController; +import org.cryptomator.ui.common.FxmlFile; +import org.cryptomator.ui.common.FxmlScene; import org.cryptomator.ui.keyloading.KeyLoading; import javax.inject.Inject; import javafx.fxml.FXML; +import javafx.scene.Scene; import javafx.stage.Stage; +import javafx.stage.WindowEvent; +import java.util.concurrent.CompletableFuture; public class RegisterSuccessController implements FxController { private final Stage window; + private final CompletableFuture result; + private final Lazy receiveKeyScene; + private final ReceiveKeyController receiveKeyController; @Inject - public RegisterSuccessController(@KeyLoading Stage window) { + public RegisterSuccessController(@KeyLoading Stage window, CompletableFuture result, @FxmlScene(FxmlFile.HUB_RECEIVE_KEY) Lazy receiveKeyScene, ReceiveKeyController receiveKeyController) { this.window = window; + this.result = result; + this.receiveKeyScene = receiveKeyScene; + this.receiveKeyController = receiveKeyController; + this.window.addEventHandler(WindowEvent.WINDOW_HIDING, this::windowClosed); } @FXML - public void close() { - window.close(); + public void complete() { + window.setScene(receiveKeyScene.get()); + receiveKeyController.receiveKey(); } + private void windowClosed(WindowEvent windowEvent) { + result.cancel(true); + } + + } diff --git a/src/main/resources/fxml/hub_register_success.fxml b/src/main/resources/fxml/hub_register_success.fxml index 822a4489e..c8309c2f7 100644 --- a/src/main/resources/fxml/hub_register_success.fxml +++ b/src/main/resources/fxml/hub_register_success.fxml @@ -41,9 +41,9 @@