From d7488b69847aca77adf39438c7054f88948e70fe Mon Sep 17 00:00:00 2001 From: Armin Schrenk Date: Wed, 20 Sep 2023 15:16:18 +0200 Subject: [PATCH 01/20] fix wrong pom version --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 0af0fd7ca..796e73541 100644 --- a/pom.xml +++ b/pom.xml @@ -3,7 +3,7 @@ 4.0.0 org.cryptomator cryptomator - 1.11,0-SNAPSHOT + 1.11.0-SNAPSHOT Cryptomator Desktop App From 92d9f2c18de7f064dda731035677ae055f6ba5dd Mon Sep 17 00:00:00 2001 From: Tobias Hagemann Date: Wed, 20 Sep 2023 15:27:17 +0200 Subject: [PATCH 02/20] try to fix mac build script to be compatible with create-dmg 1.2.0 --- .github/workflows/mac-dmg.yml | 5 ++--- dist/mac/dmg/build.sh | 12 ++++++------ 2 files changed, 8 insertions(+), 9 deletions(-) diff --git a/.github/workflows/mac-dmg.yml b/.github/workflows/mac-dmg.yml index a394101ff..899fc2197 100644 --- a/.github/workflows/mac-dmg.yml +++ b/.github/workflows/mac-dmg.yml @@ -62,7 +62,7 @@ jobs: curl -L ${{ matrix.openjfx-url }} -o openjfx-jmods.zip echo "${{ matrix.openjfx-sha }} *openjfx-jmods.zip" | shasum -a256 --check mkdir -p openjfx-jmods/ - unzip -j openjfx-jmods.zip \*/javafx.base.jmod \*/javafx.controls.jmod \*/javafx.fxml.jmod \*/javafx.graphics.jmod -d openjfx-jmods + unzip -jo openjfx-jmods.zip \*/javafx.base.jmod \*/javafx.controls.jmod \*/javafx.fxml.jmod \*/javafx.graphics.jmod -d openjfx-jmods - name: Ensure major jfx version in pom and in jmods is the same run: | JMOD_VERSION=$(jmod describe openjfx-jmods/javafx.base.jmod | head -1) @@ -72,7 +72,7 @@ jobs: POM_JFX_VERSION=${POM_JFX_VERSION#*@} POM_JFX_VERSION=${POM_JFX_VERSION%%.*} - if [ $POM_JFX_VERSION -ne $JMOD_VERSION ]; then + if [ "${POM_JFX_VERSION}" -ne "${JMOD_VERSION}" ]; then >&2 echo "Major JavaFX version in pom.xml (${POM_JFX_VERSION}) != jmod version (${JMOD_VERSION})" exit 1 fi @@ -222,7 +222,6 @@ jobs: --app-drop-link 512 245 --eula "dist/mac/dmg/resources/license.rtf" --icon ".background" 128 758 - --icon ".fseventsd" 320 758 --icon ".VolumeIcon.icns" 512 758 Cryptomator-${VERSION_NO}-${{ matrix.output-suffix }}.dmg dmg env: diff --git a/dist/mac/dmg/build.sh b/dist/mac/dmg/build.sh index 6d586f02c..b2c8d55e3 100755 --- a/dist/mac/dmg/build.sh +++ b/dist/mac/dmg/build.sh @@ -49,21 +49,22 @@ fi # download and check jmods curl -L ${OPENJFX_JMODS} -o openjfx-jmods.zip mkdir -p openjfx-jmods/ -unzip -j openjfx-jmods.zip \*/javafx.base.jmod \*/javafx.controls.jmod \*/javafx.fxml.jmod \*/javafx.graphics.jmod -d openjfx-jmods/ +unzip -jo openjfx-jmods.zip \*/javafx.base.jmod \*/javafx.controls.jmod \*/javafx.fxml.jmod \*/javafx.graphics.jmod -d openjfx-jmods JMOD_VERSION=$(jmod describe openjfx-jmods/javafx.base.jmod | head -1) JMOD_VERSION=${JMOD_VERSION#*@} JMOD_VERSION=${JMOD_VERSION%%.*} -POM_JFX_VERSION=$(mvn help:evaluate "-Dexpression=javafx.version" -q -DforceStdout) +POM_JFX_VERSION=$(mvn -f../../../pom.xml help:evaluate "-Dexpression=javafx.version" -q -DforceStdout) POM_JFX_VERSION=${POM_JFX_VERSION#*@} POM_JFX_VERSION=${POM_JFX_VERSION%%.*} -if [ $POM_JFX_VERSION -ne $JMOD_VERSION ]; then ->&2 echo "Major JavaFX version in pom.xml (${POM_JFX_VERSION}) != jmod version (${JMOD_VERSION})" -exit 1 +if [ "${POM_JFX_VERSION}" -ne "${JMOD_VERSION}" ]; then + >&2 echo "Major JavaFX version in pom.xml (${POM_JFX_VERSION}) != jmod version (${JMOD_VERSION})" + exit 1 fi # compile mvn -B -f../../../pom.xml clean package -DskipTests -Pmac +cp ../../../LICENSE.txt ../../../target cp ../../../target/${MAIN_JAR_GLOB} ../../../target/mods # add runtime @@ -168,6 +169,5 @@ create-dmg \ --app-drop-link 512 245 \ --eula "resources/license.rtf" \ --icon ".background" 128 758 \ - --icon ".fseventsd" 320 758 \ --icon ".VolumeIcon.icns" 512 758 \ ${APP_NAME}-${VERSION_NO}.dmg dmg From 625334c6c8d314c21fc34f0815b10c9490a15d7f Mon Sep 17 00:00:00 2001 From: Armin Schrenk Date: Mon, 25 Sep 2023 16:02:31 +0200 Subject: [PATCH 03/20] fix windows build script --- dist/win/build.ps1 | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/dist/win/build.ps1 b/dist/win/build.ps1 index bef7a9acb..d011f7cc6 100644 --- a/dist/win/build.ps1 +++ b/dist/win/build.ps1 @@ -63,9 +63,10 @@ if( !(Test-Path -Path $jfxJmodsZip) ) { $jmodsChecksumActual = $(Get-FileHash -Path $jfxJmodsZip -Algorithm SHA256).Hash if( $jmodsChecksumActual -ne $jfxJmodsChecksum ) { Write-Error "Checksum mismatch for jfxJmods.zip. Expected: $jfxJmodsChecksum, actual: $jmodsChecksumActual" - exit 1; + exit 1; } -Expand-Archive -Path $jfxJmodsZip -DestinationPath ".\resources\" +Expand-Archive -Path $jfxJmodsZip -Force -DestinationPath ".\resources\" +Remove-Item -Recurse -Force -Path ".\resources\javafx-jmods" Move-Item -Force -Path ".\resources\javafx-jmods-*" -Destination ".\resources\javafx-jmods" -ErrorAction Stop From 93b4cbfb2c473fa06fef67ddb7d263796925be6e Mon Sep 17 00:00:00 2001 From: Armin Schrenk Date: Tue, 26 Sep 2023 13:42:18 +0200 Subject: [PATCH 04/20] add test script --- dist/win/signJarDlls.ps1 | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 dist/win/signJarDlls.ps1 diff --git a/dist/win/signJarDlls.ps1 b/dist/win/signJarDlls.ps1 new file mode 100644 index 000000000..701ed69ff --- /dev/null +++ b/dist/win/signJarDlls.ps1 @@ -0,0 +1,23 @@ +<# +1. Select jar file +2. extract jar to own directory +3. Sign everything +4. Update dlls in the jar +#> + +New-Item -Path ".\extract" -ItemType Directory +Get-ChildItem -Path "." -File *.jar | ForEach-Object { + $jar = Copy-Item $_ -Destination ".\extract" -PassThru + Set-Location -Path ".\extract" + "Extracting jar $($jar.FullName)" + jar --file=$($_.FullName) --extract + Get-ChildItem -Path "." -Recurse -File "*.dll" | ForEach-Object { + <# pipe into signtool, here we are just writing something into the file #> + Set-Content -Path $_ -Value "Hello" + jar --file=$($jar.FullName) --update $(Resolve-Path -Relative -Path $_) + } + Move-Item -Path $($jar.FullName) -Destination $_ -Force + Remove-Item -Path ".\*" -Force -Recurse + Set-Location -Path ".." +} +Remove-Item -Path ".\extract" \ No newline at end of file From d85733590147a25e5ebd1812fd81e94f6bb84e8e Mon Sep 17 00:00:00 2001 From: Armin Schrenk Date: Tue, 26 Sep 2023 16:43:00 +0200 Subject: [PATCH 05/20] update test script: * use variables * use signtool * find newest signtool version --- dist/win/signJarDlls.ps1 | 35 ++++++++++++++++++++++------------- 1 file changed, 22 insertions(+), 13 deletions(-) diff --git a/dist/win/signJarDlls.ps1 b/dist/win/signJarDlls.ps1 index 701ed69ff..edf55aed0 100644 --- a/dist/win/signJarDlls.ps1 +++ b/dist/win/signJarDlls.ps1 @@ -1,23 +1,32 @@ -<# -1. Select jar file -2. extract jar to own directory -3. Sign everything -4. Update dlls in the jar -#> -New-Item -Path ".\extract" -ItemType Directory -Get-ChildItem -Path "." -File *.jar | ForEach-Object { - $jar = Copy-Item $_ -Destination ".\extract" -PassThru - Set-Location -Path ".\extract" +$certificateSHA1 = 5FC94CE149E5B511E621F53A060AC67CBD446B3A +$description = Cryptomator +$timestampUrl = 'http://timestamp.digicert.com' +$folder = ".\appdir\Cryptomator" +$tmpDir = ".\extract" +$signtool = $(Get-ChildItem "C:/Program Files (x86)/Windows Kits/10/bin/" -Recurse -File signtool.exe | Where-Object { $_.Directory.ToString().EndsWith("x64")} | Select-Object -Last 1).FullName + +# import certificate + +# create directory to extract every jar to +New-Item -Path $tmpDir -ItemType Directory +# iterate over all jars +Get-ChildItem -Path $folder -Recurse -File *.jar | ForEach-Object { + $jar = Copy-Item $_ -Destination $tmpDir -PassThru + Set-Location -Path $tmpDir "Extracting jar $($jar.FullName)" jar --file=$($_.FullName) --extract Get-ChildItem -Path "." -Recurse -File "*.dll" | ForEach-Object { - <# pipe into signtool, here we are just writing something into the file #> - Set-Content -Path $_ -Value "Hello" + # sign + & $signtool sign /sm /tr ${timestampUrl} /td SH256 /fd SHA256 /d $description /sha1 $certificateSHA1 $_.FullName + # update jar with signed dll jar --file=$($jar.FullName) --update $(Resolve-Path -Relative -Path $_) } + # replace old jar with its update Move-Item -Path $($jar.FullName) -Destination $_ -Force + # clear extraction dir Remove-Item -Path ".\*" -Force -Recurse Set-Location -Path ".." } -Remove-Item -Path ".\extract" \ No newline at end of file +# clean up +Remove-Item -Path $tmpDir \ No newline at end of file From fadd6b761fc308b0e5b3364724427a671533c5dd Mon Sep 17 00:00:00 2001 From: Armin Schrenk Date: Tue, 26 Sep 2023 17:30:18 +0200 Subject: [PATCH 06/20] add cert import --- dist/win/signJarDlls.ps1 | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/dist/win/signJarDlls.ps1 b/dist/win/signJarDlls.ps1 index edf55aed0..3f185e249 100644 --- a/dist/win/signJarDlls.ps1 +++ b/dist/win/signJarDlls.ps1 @@ -1,4 +1,5 @@ - +$certificate = 'abc' +$password = 'secret' $certificateSHA1 = 5FC94CE149E5B511E621F53A060AC67CBD446B3A $description = Cryptomator $timestampUrl = 'http://timestamp.digicert.com' @@ -6,7 +7,14 @@ $folder = ".\appdir\Cryptomator" $tmpDir = ".\extract" $signtool = $(Get-ChildItem "C:/Program Files (x86)/Windows Kits/10/bin/" -Recurse -File signtool.exe | Where-Object { $_.Directory.ToString().EndsWith("x64")} | Select-Object -Last 1).FullName +# preps +# does this work on CI? +Install-Module -Name Microsoft.PowerShell.TextUtility + # import certificate +$bytes = ConvertFrom-Base64 -EncodedText $certificate -AsByteArray +Set-Content -Path $certificateFile -AsByteStream -Value $bytes +& certutil -f -p $password -importpfx $certificateFile # create directory to extract every jar to New-Item -Path $tmpDir -ItemType Directory From 29fedcd39032e12d09e6f5473e4cea2574632431 Mon Sep 17 00:00:00 2001 From: Armin Schrenk Date: Tue, 26 Sep 2023 17:30:56 +0200 Subject: [PATCH 07/20] integrate code from test script into github workflow --- .github/workflows/win-exe.yml | 46 ++++++++++++++++++++++++++++++----- 1 file changed, 40 insertions(+), 6 deletions(-) diff --git a/.github/workflows/win-exe.yml b/.github/workflows/win-exe.yml index 066b7d49e..b54d6731c 100644 --- a/.github/workflows/win-exe.yml +++ b/.github/workflows/win-exe.yml @@ -143,9 +143,47 @@ jobs: - name: Fix permissions run: attrib -r appdir/Cryptomator/Cryptomator.exe shell: pwsh - - name: Extract integrations DLL for code signing + - name: Codesign binaries inside jars + run: | + $certificate = '${{ secrets.WIN_CODESIGN_P12_BASE64 }}' + $password = '${{ secrets.WIN_CODESIGN_P12_PW }}' + $certificateSHA1 = '5FC94CE149E5B511E621F53A060AC67CBD446B3A' + $description = 'Cryptomator' + $timestampUrl = 'http://timestamp.digicert.com' + $folder = ".\appdir\Cryptomator\app" + $tmpDir = ".\extract" + $signtool = $(Get-ChildItem 'C:\Program Files (x86)\Windows Kits\10\bin\' -Recurse -File signtool.exe | Where-Object { $_.Directory.ToString().EndsWith('x64') } | Select-Object -Last 1).FullName + + # preps + Install-Module -Name Microsoft.PowerShell.TextUtility -Force -Confirm:$False + + # import certificate + $bytes = ConvertFrom-Base64 -EncodedText $certificate -AsByteArray + Set-Content -Path ".\certFile" -AsByteStream -Value $bytes + & certutil -f -p $password -importpfx ".\certFile" + + # create directory to extract every jar to + New-Item -Path $tmpDir -ItemType Directory + # iterate over all jars + Get-ChildItem -Path $folder -Recurse -File *.jar | ForEach-Object { + $jar = Copy-Item $_ -Destination $tmpDir -PassThru + Set-Location -Path $tmpDir + jar --file=$($_.FullName) --extract + Get-ChildItem -Path "." -Recurse -File "*.dll" | ForEach-Object { + # sign + & $signtool sign /sm /tr ${timestampUrl} /td SHA256 /fd SHA256 /d $description /sha1 $certificateSHA1 $_.FullName + # update jar with signed dll + jar --file=$($jar.FullName) --update $(Resolve-Path -Relative -Path $_) + } + # replace old jar with its update + Move-Item -Path $($jar.FullName) -Destination $_ -Force + # clear extraction dir + Remove-Item -Path ".\*" -Force -Recurse + Set-Location -Path ".." + } + # clean up + Remove-Item -Path $tmpDir shell: pwsh - run: gci ./appdir/Cryptomator/app/mods/ -File integrations-win-*.jar | ForEach-Object {Set-Location -Path $_.Directory; jar --file=$($_.FullName) --extract integrations.dll } - name: Codesign uses: skymatic/code-sign-action@v2 with: @@ -156,10 +194,6 @@ jobs: timestampUrl: 'http://timestamp.digicert.com' folder: appdir/Cryptomator recursive: true - - name: Repack signed DLL into jar - shell: pwsh - run: | - gci ./appdir/Cryptomator/app/mods/ -File integrations-win-*.jar | ForEach-Object {Set-Location -Path $_.Directory; jar --file=$($_.FullName) --update integrations.dll; Remove-Item integrations.dll} - name: Generate license for MSI run: > mvn -B license:add-third-party From 15885545b58036d2c9318a94da5681399a01cdb4 Mon Sep 17 00:00:00 2001 From: Armin Schrenk Date: Wed, 27 Sep 2023 11:13:52 +0200 Subject: [PATCH 08/20] supress some output --- .github/workflows/win-exe.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/win-exe.yml b/.github/workflows/win-exe.yml index b54d6731c..3b43a24ec 100644 --- a/.github/workflows/win-exe.yml +++ b/.github/workflows/win-exe.yml @@ -163,7 +163,7 @@ jobs: & certutil -f -p $password -importpfx ".\certFile" # create directory to extract every jar to - New-Item -Path $tmpDir -ItemType Directory + New-Item -Path $tmpDir -ItemType Directory > $null # iterate over all jars Get-ChildItem -Path $folder -Recurse -File *.jar | ForEach-Object { $jar = Copy-Item $_ -Destination $tmpDir -PassThru From ce466e7715414238ecb1ccc26ccff485a994df5b Mon Sep 17 00:00:00 2001 From: Armin Schrenk Date: Thu, 28 Sep 2023 13:42:16 +0200 Subject: [PATCH 09/20] fixes #3130 --- .github/workflows/win-exe.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/win-exe.yml b/.github/workflows/win-exe.yml index 3b43a24ec..2b0352e79 100644 --- a/.github/workflows/win-exe.yml +++ b/.github/workflows/win-exe.yml @@ -14,7 +14,7 @@ on: env: - JAVA_DIST: 'temurin' + JAVA_DIST: 'corretto' JAVA_VERSION: 20 OPENJFX_JMODS_AMD64: 'https://download2.gluonhq.com/openjfx/20.0.2/openjfx-20.0.2_windows-x64_bin-jmods.zip' OPENJFX_JMODS_AMD64_HASH: '18625bbc13c57dbf802486564247a8d8cab72ec558c240a401bf6440384ebd77' From ae50846257d673a8bfb561fc7e00b5bfa769b4cb Mon Sep 17 00:00:00 2001 From: Armin Schrenk Date: Thu, 28 Sep 2023 18:33:01 +0200 Subject: [PATCH 10/20] Revert ce466e7715414238ecb1ccc26ccff485a994df5b --- .github/workflows/win-exe.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/win-exe.yml b/.github/workflows/win-exe.yml index 2b0352e79..3b43a24ec 100644 --- a/.github/workflows/win-exe.yml +++ b/.github/workflows/win-exe.yml @@ -14,7 +14,7 @@ on: env: - JAVA_DIST: 'corretto' + JAVA_DIST: 'temurin' JAVA_VERSION: 20 OPENJFX_JMODS_AMD64: 'https://download2.gluonhq.com/openjfx/20.0.2/openjfx-20.0.2_windows-x64_bin-jmods.zip' OPENJFX_JMODS_AMD64_HASH: '18625bbc13c57dbf802486564247a8d8cab72ec558c240a401bf6440384ebd77' From 7bc47fe6d72f97d950fdcfb8777e4b490d9dcc4b Mon Sep 17 00:00:00 2001 From: Armin Schrenk Date: Thu, 28 Sep 2023 18:33:26 +0200 Subject: [PATCH 11/20] Really fixes #3130 --- .github/workflows/win-exe.yml | 9 ++++++++- dist/win/build.ps1 | 1 + dist/win/resources/main.wxs | 2 +- 3 files changed, 10 insertions(+), 2 deletions(-) diff --git a/.github/workflows/win-exe.yml b/.github/workflows/win-exe.yml index 3b43a24ec..c6ebdecbb 100644 --- a/.github/workflows/win-exe.yml +++ b/.github/workflows/win-exe.yml @@ -184,6 +184,12 @@ jobs: # clean up Remove-Item -Path $tmpDir shell: pwsh + - name: Extract wixhelper.dll for Codesigning #see https://github.com/cryptomator/cryptomator/issues/3130 + run: | + New-Item -Path appdir/jpackage-jmod -ItemType Directory + & $env:JAVA_HOME\bin\jmod.exe extract --dir jpackage-jmod "${env:JAVA_HOME}\jmods\jdk.jpackage.jmod" + Get-ChildItem -Recurse -Path "jpackage-jmod" -File wixhelper.dll | Select-Object -Last 1 | Copy-Item -Destination "appdir" + shell: pwsh - name: Codesign uses: skymatic/code-sign-action@v2 with: @@ -192,7 +198,7 @@ jobs: certificatesha1: 5FC94CE149E5B511E621F53A060AC67CBD446B3A description: Cryptomator timestampUrl: 'http://timestamp.digicert.com' - folder: appdir/Cryptomator + folder: appdir recursive: true - name: Generate license for MSI run: > @@ -227,6 +233,7 @@ jobs: --file-associations dist/win/resources/FAvaultFile.properties env: JP_WIXWIZARD_RESOURCES: ${{ github.workspace }}/dist/win/resources # requires abs path, used in resources/main.wxs + JP_WIXHELPER_DIR: ${{ github.workspace }}\appdir - name: Codesign MSI uses: skymatic/code-sign-action@v2 with: diff --git a/dist/win/build.ps1 b/dist/win/build.ps1 index d011f7cc6..9d2fb0def 100644 --- a/dist/win/build.ps1 +++ b/dist/win/build.ps1 @@ -144,6 +144,7 @@ try { # create .msi $Env:JP_WIXWIZARD_RESOURCES = "$buildDir\resources" +$Env:JP_WIXHELPER_DIR = "." & "$Env:JAVA_HOME\bin\jpackage" ` --verbose ` --type msi ` diff --git a/dist/win/resources/main.wxs b/dist/win/resources/main.wxs index c940b9f9a..2fe2eb348 100644 --- a/dist/win/resources/main.wxs +++ b/dist/win/resources/main.wxs @@ -70,7 +70,7 @@ - + From 0d805b2d432e8a4ca35410a72aca18adb45066ff Mon Sep 17 00:00:00 2001 From: Armin Schrenk Date: Thu, 28 Sep 2023 18:34:38 +0200 Subject: [PATCH 12/20] clean up --- dist/win/signJarDlls.ps1 | 40 ---------------------------------------- 1 file changed, 40 deletions(-) delete mode 100644 dist/win/signJarDlls.ps1 diff --git a/dist/win/signJarDlls.ps1 b/dist/win/signJarDlls.ps1 deleted file mode 100644 index 3f185e249..000000000 --- a/dist/win/signJarDlls.ps1 +++ /dev/null @@ -1,40 +0,0 @@ -$certificate = 'abc' -$password = 'secret' -$certificateSHA1 = 5FC94CE149E5B511E621F53A060AC67CBD446B3A -$description = Cryptomator -$timestampUrl = 'http://timestamp.digicert.com' -$folder = ".\appdir\Cryptomator" -$tmpDir = ".\extract" -$signtool = $(Get-ChildItem "C:/Program Files (x86)/Windows Kits/10/bin/" -Recurse -File signtool.exe | Where-Object { $_.Directory.ToString().EndsWith("x64")} | Select-Object -Last 1).FullName - -# preps -# does this work on CI? -Install-Module -Name Microsoft.PowerShell.TextUtility - -# import certificate -$bytes = ConvertFrom-Base64 -EncodedText $certificate -AsByteArray -Set-Content -Path $certificateFile -AsByteStream -Value $bytes -& certutil -f -p $password -importpfx $certificateFile - -# create directory to extract every jar to -New-Item -Path $tmpDir -ItemType Directory -# iterate over all jars -Get-ChildItem -Path $folder -Recurse -File *.jar | ForEach-Object { - $jar = Copy-Item $_ -Destination $tmpDir -PassThru - Set-Location -Path $tmpDir - "Extracting jar $($jar.FullName)" - jar --file=$($_.FullName) --extract - Get-ChildItem -Path "." -Recurse -File "*.dll" | ForEach-Object { - # sign - & $signtool sign /sm /tr ${timestampUrl} /td SH256 /fd SHA256 /d $description /sha1 $certificateSHA1 $_.FullName - # update jar with signed dll - jar --file=$($jar.FullName) --update $(Resolve-Path -Relative -Path $_) - } - # replace old jar with its update - Move-Item -Path $($jar.FullName) -Destination $_ -Force - # clear extraction dir - Remove-Item -Path ".\*" -Force -Recurse - Set-Location -Path ".." -} -# clean up -Remove-Item -Path $tmpDir \ No newline at end of file From 24a63c10d0578390dd5fa6c7211646e1a8592911 Mon Sep 17 00:00:00 2001 From: Ralph Plawetzki Date: Sat, 30 Sep 2023 14:54:15 +0200 Subject: [PATCH 13/20] Build for aarch64 too --- dist/linux/appimage/build.sh | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/dist/linux/appimage/build.sh b/dist/linux/appimage/build.sh index d3390c717..0a4b7f65d 100755 --- a/dist/linux/appimage/build.sh +++ b/dist/linux/appimage/build.sh @@ -1,4 +1,5 @@ #!/bin/bash +set -e cd $(dirname $0) REVISION_NO=`git rev-list --count HEAD` @@ -10,6 +11,7 @@ command -v curl >/dev/null 2>&1 || { echo >&2 "curl not found."; exit 1; } VERSION=$(mvn -f ../../../pom.xml help:evaluate -Dexpression=project.version -q -DforceStdout) SEMVER_STR=${VERSION} +MACHINE_TYPE=$(uname -m) mvn -f ../../../pom.xml versions:set -DnewVersion=${SEMVER_STR} @@ -83,17 +85,17 @@ ln -s usr/share/applications/org.cryptomator.Cryptomator.desktop Cryptomator.App ln -s bin/cryptomator.sh Cryptomator.AppDir/AppRun # load AppImageTool -curl -L https://github.com/AppImage/AppImageKit/releases/download/13/appimagetool-x86_64.AppImage -o /tmp/appimagetool.AppImage +curl -L https://github.com/AppImage/AppImageKit/releases/download/13/appimagetool-${MACHINE_TYPE}.AppImage -o /tmp/appimagetool.AppImage chmod +x /tmp/appimagetool.AppImage # create AppImage /tmp/appimagetool.AppImage \ Cryptomator.AppDir \ - cryptomator-${SEMVER_STR}-x86_64.AppImage \ - -u 'gh-releases-zsync|cryptomator|cryptomator|latest|cryptomator-*-x86_64.AppImage.zsync' + cryptomator-${SEMVER_STR}-${MACHINE_TYPE}.AppImage \ + -u 'gh-releases-zsync|cryptomator|cryptomator|latest|cryptomator-*-${MACHINE_TYPE}.AppImage.zsync' echo "" -echo "Done. AppImage successfully created: cryptomator-${SEMVER_STR}-x86_64.AppImage" +echo "Done. AppImage successfully created: cryptomator-${SEMVER_STR}-${MACHINE_TYPE}.AppImage" echo "" echo >&2 "To clean up, run: rm -rf Cryptomator.AppDir appdir jni runtime squashfs-root; rm launcher-gtk2.properties /tmp/appimagetool.AppImage" echo "" \ No newline at end of file From 4ee1e6d9f1c79efc2bc25e3eaf88e54d20a68840 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 4 Oct 2023 20:24:43 +0000 Subject: [PATCH 14/20] Bump the github-actions group with 1 update (#3135) --- .github/workflows/appimage.yml | 2 +- .github/workflows/build.yml | 2 +- .github/workflows/debian.yml | 2 +- .github/workflows/get-version.yml | 2 +- .github/workflows/mac-dmg.yml | 2 +- .github/workflows/pullrequest.yml | 2 +- .github/workflows/release-check.yml | 2 +- .github/workflows/win-exe.yml | 4 ++-- 8 files changed, 9 insertions(+), 9 deletions(-) diff --git a/.github/workflows/appimage.yml b/.github/workflows/appimage.yml index fbbc879b6..ee89a17ec 100644 --- a/.github/workflows/appimage.yml +++ b/.github/workflows/appimage.yml @@ -36,7 +36,7 @@ jobs: openjfx-url: 'https://download2.gluonhq.com/openjfx/20.0.2/openjfx-20.0.2_linux-aarch64_bin-jmods.zip' openjfx-sha: 'c0d80ebbe0aab404ef9ad8b46c05bf533a1e40b39b2720eebd9238d81f6326ca' steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Setup Java uses: actions/setup-java@v3 with: diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 13acee970..1416c3809 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -18,7 +18,7 @@ jobs: name: Compile and Test runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - uses: actions/setup-java@v3 with: distribution: ${{ env.JAVA_DIST }} diff --git a/.github/workflows/debian.yml b/.github/workflows/debian.yml index 2ae6c3262..6c1a68944 100644 --- a/.github/workflows/debian.yml +++ b/.github/workflows/debian.yml @@ -28,7 +28,7 @@ jobs: name: Build Debian Package runs-on: ubuntu-20.04 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - id: versions name: Get version information run: | diff --git a/.github/workflows/get-version.yml b/.github/workflows/get-version.yml index 44f5ccd85..f05d7742a 100644 --- a/.github/workflows/get-version.yml +++ b/.github/workflows/get-version.yml @@ -35,7 +35,7 @@ jobs: revNum: ${{ steps.versions.outputs.revNum }} type: ${{ steps.versions.outputs.type}} steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: fetch-depth: 0 - name: Setup Java diff --git a/.github/workflows/mac-dmg.yml b/.github/workflows/mac-dmg.yml index 899fc2197..ea6fed274 100644 --- a/.github/workflows/mac-dmg.yml +++ b/.github/workflows/mac-dmg.yml @@ -47,7 +47,7 @@ jobs: openjfx-url: 'https://download2.gluonhq.com/openjfx/20.0.2/openjfx-20.0.2_osx-aarch64_bin-jmods.zip' openjfx-sha: 'c60f5f19aa847e0e620e0b011e5de68f2c6755641c2141cec27a0b89f612beaf' steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Setup Java uses: actions/setup-java@v3 with: diff --git a/.github/workflows/pullrequest.yml b/.github/workflows/pullrequest.yml index 14146d0cb..9b615756a 100644 --- a/.github/workflows/pullrequest.yml +++ b/.github/workflows/pullrequest.yml @@ -17,7 +17,7 @@ jobs: runs-on: ubuntu-latest if: "!contains(github.event.head_commit.message, '[ci skip]') && !contains(github.event.head_commit.message, '[skip ci]')" steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - uses: actions/setup-java@v3 with: distribution: ${{ env.JAVA_DIST }} diff --git a/.github/workflows/release-check.yml b/.github/workflows/release-check.yml index ec532081b..1bbfb5d1a 100644 --- a/.github/workflows/release-check.yml +++ b/.github/workflows/release-check.yml @@ -15,7 +15,7 @@ jobs: name: Validate commits pushed to release/hotfix branch to fulfill release requirements runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - id: validate-pom-version name: Validate POM version run: | diff --git a/.github/workflows/win-exe.yml b/.github/workflows/win-exe.yml index 066b7d49e..7066a0bb6 100644 --- a/.github/workflows/win-exe.yml +++ b/.github/workflows/win-exe.yml @@ -37,7 +37,7 @@ jobs: LOOPBACK_ALIAS: 'cryptomator-vault' WIN_CONSOLE_FLAG: '' steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Setup Java uses: actions/setup-java@v3 with: @@ -234,7 +234,7 @@ jobs: runs-on: windows-latest needs: [get-version, build-msi] steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Download .msi uses: actions/download-artifact@v3 with: From a7eba377baf511f5107c24808de5b48bfa10ea3f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 9 Oct 2023 09:58:47 +0000 Subject: [PATCH 15/20] Bump org.mockito:mockito-core from 5.5.0 to 5.6.0 (#3142) --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 796e73541..2c6faa90c 100644 --- a/pom.xml +++ b/pom.xml @@ -58,7 +58,7 @@ 5.10.0 - 5.5.0 + 5.6.0 2.2 From 9b55f6fc56cb0a91aaa5eb80899fe3225f91eb37 Mon Sep 17 00:00:00 2001 From: Armin Schrenk Date: Wed, 11 Oct 2023 12:55:05 +0200 Subject: [PATCH 16/20] Refactor extraction and singing in seperate steps --- .github/workflows/win-exe.yml | 72 +++++++++++++++-------------------- 1 file changed, 31 insertions(+), 41 deletions(-) diff --git a/.github/workflows/win-exe.yml b/.github/workflows/win-exe.yml index c6ebdecbb..490c7eafb 100644 --- a/.github/workflows/win-exe.yml +++ b/.github/workflows/win-exe.yml @@ -143,53 +143,29 @@ jobs: - name: Fix permissions run: attrib -r appdir/Cryptomator/Cryptomator.exe shell: pwsh - - name: Codesign binaries inside jars - run: | - $certificate = '${{ secrets.WIN_CODESIGN_P12_BASE64 }}' - $password = '${{ secrets.WIN_CODESIGN_P12_PW }}' - $certificateSHA1 = '5FC94CE149E5B511E621F53A060AC67CBD446B3A' - $description = 'Cryptomator' - $timestampUrl = 'http://timestamp.digicert.com' - $folder = ".\appdir\Cryptomator\app" - $tmpDir = ".\extract" - $signtool = $(Get-ChildItem 'C:\Program Files (x86)\Windows Kits\10\bin\' -Recurse -File signtool.exe | Where-Object { $_.Directory.ToString().EndsWith('x64') } | Select-Object -Last 1).FullName - - # preps - Install-Module -Name Microsoft.PowerShell.TextUtility -Force -Confirm:$False - - # import certificate - $bytes = ConvertFrom-Base64 -EncodedText $certificate -AsByteArray - Set-Content -Path ".\certFile" -AsByteStream -Value $bytes - & certutil -f -p $password -importpfx ".\certFile" - - # create directory to extract every jar to - New-Item -Path $tmpDir -ItemType Directory > $null - # iterate over all jars - Get-ChildItem -Path $folder -Recurse -File *.jar | ForEach-Object { - $jar = Copy-Item $_ -Destination $tmpDir -PassThru - Set-Location -Path $tmpDir - jar --file=$($_.FullName) --extract - Get-ChildItem -Path "." -Recurse -File "*.dll" | ForEach-Object { - # sign - & $signtool sign /sm /tr ${timestampUrl} /td SHA256 /fd SHA256 /d $description /sha1 $certificateSHA1 $_.FullName - # update jar with signed dll - jar --file=$($jar.FullName) --update $(Resolve-Path -Relative -Path $_) - } - # replace old jar with its update - Move-Item -Path $($jar.FullName) -Destination $_ -Force - # clear extraction dir - Remove-Item -Path ".\*" -Force -Recurse - Set-Location -Path ".." - } - # clean up - Remove-Item -Path $tmpDir + - name: Extract jars with DLLs for Codesigning shell: pwsh + run: | + Add-Type -AssemblyName "System.io.compression.filesystem" + $jarFolder = Resolve-Path ".\appdir\Cryptomator\app\mods" + $jarExtractDir = New-Item -Path ".\appdir\jar-extract" -ItemType Directory + + #for all jars inspect + Get-ChildItem -Path $jarFolder -Filter "*.jar" | ForEach-Object { + $jar = [Io.compression.zipfile]::OpenRead($_.FullName) + if (@($jar.Entries | Where-Object {$_.Name.ToString().EndsWith(".dll")} | Select-Object -First 1).Count -gt 0) { + #jars containing dlls extract + Set-Location $jarExtractDir + Expand-Archive -Path $_.FullName + } + $jar.Dispose() + } - name: Extract wixhelper.dll for Codesigning #see https://github.com/cryptomator/cryptomator/issues/3130 + shell: pwsh run: | New-Item -Path appdir/jpackage-jmod -ItemType Directory & $env:JAVA_HOME\bin\jmod.exe extract --dir jpackage-jmod "${env:JAVA_HOME}\jmods\jdk.jpackage.jmod" Get-ChildItem -Recurse -Path "jpackage-jmod" -File wixhelper.dll | Select-Object -Last 1 | Copy-Item -Destination "appdir" - shell: pwsh - name: Codesign uses: skymatic/code-sign-action@v2 with: @@ -200,6 +176,20 @@ jobs: timestampUrl: 'http://timestamp.digicert.com' folder: appdir recursive: true + - name: Replace DLLs inside jars with signed ones + shell: pwsh + run: | + $jarExtractDir = Resolve-Path ".\appdir\jar-extract" + $jarFolder = Resolve-Path ".\appdir\Cryptomator\app\mods" + Get-ChildItem -Path $jarExtractDir | ForEach-Object { + $jarName = $_.Name + $jarFile = "${jarFolder}\${jarName}.jar" + Set-Location $_ + Get-ChildItem -Path $_ -Recurse -File "*.dll" | ForEach-Object { + # update jar with signed dll + jar --file="$jarFile" --update $(Resolve-Path -Relative -Path $_) + } + } - name: Generate license for MSI run: > mvn -B license:add-third-party From 109f5d1faa1057884445ed16f0b9c16d54dfe845 Mon Sep 17 00:00:00 2001 From: Julian Raufelder Date: Thu, 12 Oct 2023 10:56:14 +0200 Subject: [PATCH 17/20] Update the error-db when a discussion is deleted --- .github/workflows/error-db.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/error-db.yml b/.github/workflows/error-db.yml index 09a15fe1f..57c5ca057 100644 --- a/.github/workflows/error-db.yml +++ b/.github/workflows/error-db.yml @@ -2,7 +2,7 @@ name: Update Error Database on: discussion: - types: [created, edited, category_changed, answered, unanswered] + types: [created, edited, deleted, category_changed, answered, unanswered] discussion_comment: types: [created, edited, deleted] From 7f7f0a099a03d55e1e14ae95c737b0c43c7abf6e Mon Sep 17 00:00:00 2001 From: Julian Raufelder Date: Thu, 12 Oct 2023 14:11:54 +0200 Subject: [PATCH 18/20] Propagate deleted discussions to the error database --- .github/workflows/error-db.yml | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/.github/workflows/error-db.yml b/.github/workflows/error-db.yml index 57c5ca057..e885af4a2 100644 --- a/.github/workflows/error-db.yml +++ b/.github/workflows/error-db.yml @@ -12,6 +12,7 @@ jobs: if: github.event.discussion.category.name == 'Errors' steps: - name: Query Discussion Data + if: github.event_name == 'discussion_comment' || github.event_name == 'discussion' && github.event.action != 'deleted' id: query-data uses: actions/github-script@v6 with: @@ -47,8 +48,13 @@ jobs: - name: Merge Error Code Data run: | jq -c '.' ${{ steps.get-gist.outputs.file }} > original.json - echo $DISCUSSION | jq -c '.repository.discussion | .comments = .comments.totalCount | {(.id|tostring) : .}' > new.json - jq -s '.[0] * .[1]' original.json new.json > merged.json + if [ ! -z "$DISCUSSION" ] + then + echo $DISCUSSION | jq -c '.repository.discussion | .comments = .comments.totalCount | {(.id|tostring) : .}' > new.json + jq -s '.[0] * .[1]' original.json new.json > merged.json + else + cat original.json | jq 'del(.[] | select(.url=="https://github.com/cryptomator/cryptomator/discussions/${{ github.event.discussion.number }}"))' > merged.json + fi env: DISCUSSION: ${{ steps.query-data.outputs.result }} - name: Patch Gist From 1debe4c7c8593e24d6fa8f81db9da6d19913eefc Mon Sep 17 00:00:00 2001 From: Sebastian Stenzel Date: Mon, 16 Oct 2023 16:20:03 +0200 Subject: [PATCH 19/20] explicitly set Logback `ConfiguratorRank` --- src/main/java/org/cryptomator/logging/LogbackConfigurator.java | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/main/java/org/cryptomator/logging/LogbackConfigurator.java b/src/main/java/org/cryptomator/logging/LogbackConfigurator.java index 511599132..3b77993cc 100644 --- a/src/main/java/org/cryptomator/logging/LogbackConfigurator.java +++ b/src/main/java/org/cryptomator/logging/LogbackConfigurator.java @@ -5,6 +5,7 @@ import ch.qos.logback.classic.Logger; import ch.qos.logback.classic.LoggerContext; import ch.qos.logback.classic.encoder.PatternLayoutEncoder; import ch.qos.logback.classic.spi.Configurator; +import ch.qos.logback.classic.spi.ConfiguratorRank; import ch.qos.logback.classic.spi.ILoggingEvent; import ch.qos.logback.core.Appender; import ch.qos.logback.core.ConsoleAppender; @@ -19,6 +20,7 @@ import org.cryptomator.common.Environment; import java.nio.file.Path; import java.util.Map; +@ConfiguratorRank(ConfiguratorRank.CUSTOM_NORMAL_PRIORITY) public class LogbackConfigurator extends ContextAwareBase implements Configurator { private static final String LOG_PATTERN = "%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n"; From 209f60727e5d4329ac6ef22809f847cc9a1bb998 Mon Sep 17 00:00:00 2001 From: Armin Schrenk Date: Mon, 16 Oct 2023 16:38:12 +0200 Subject: [PATCH 20/20] fix f4ad7aa43dd36c23a3573bc120e21337753d98f0 --- .../locationpresets/OneDriveWindowsLocationPresetsProvider.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/java/org/cryptomator/common/locationpresets/OneDriveWindowsLocationPresetsProvider.java b/src/main/java/org/cryptomator/common/locationpresets/OneDriveWindowsLocationPresetsProvider.java index 1d5bffd70..467d7785b 100644 --- a/src/main/java/org/cryptomator/common/locationpresets/OneDriveWindowsLocationPresetsProvider.java +++ b/src/main/java/org/cryptomator/common/locationpresets/OneDriveWindowsLocationPresetsProvider.java @@ -62,7 +62,7 @@ public final class OneDriveWindowsLocationPresetsProvider implements LocationPre ProcessBuilder command = new ProcessBuilder(args); Process p = command.start(); waitForSuccess(p, 3, "`reg query`"); - return p.inputReader(StandardCharsets.UTF_8).lines().filter(outputFilter); + return p.inputReader(StandardCharsets.ISO_8859_1).lines().filter(outputFilter); }