diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index d08b1409..0c9dfb32 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -255,20 +255,6 @@ jobs: env: # Keep compat with MacOS 10.15 aka Catalina by Qt 6.4 QT_VERSION: 6.4.3 - - MAC_TEAM_ID: ${{ secrets.MAC_TEAM_ID }} - - MAC_APP_CERT_CERT: ${{ secrets.MAC_APP_CERT_CERT }} - MAC_SIGNER_ID: ${{ secrets.MAC_SIGNER_ID }} - MAC_APP_CERT_PW: ${{ secrets.MAC_APP_CERT_PW }} - - MAC_INSTALLER_SIGNER_CERT: ${{ secrets.MAC_INSTALLER_SIGNER_CERT }} - MAC_INSTALLER_SIGNER_ID: ${{ secrets.MAC_INSTALLER_SIGNER_ID }} - MAC_INSTALL_CERT_PW: ${{ secrets.MAC_INSTALL_CERT_PW }} - - APPLE_DEV_EMAIL: ${{ secrets.APPLE_DEV_EMAIL }} - APPLE_DEV_PASSWORD: ${{ secrets.APPLE_DEV_PASSWORD }} - PROD_AGW_PUBLIC_KEY: ${{ secrets.PROD_AGW_PUBLIC_KEY }} PROD_S3_ENDPOINT: ${{ secrets.PROD_S3_ENDPOINT }} DEV_AGW_PUBLIC_KEY: ${{ secrets.DEV_AGW_PUBLIC_KEY }} @@ -309,7 +295,7 @@ jobs: - name: 'Build project' run: | export QT_BIN_DIR="${{ runner.temp }}/Qt/${{ env.QT_VERSION }}/macos/bin" - bash deploy/build_macos.sh -n + bash deploy/build_macos.sh - name: 'Upload installer artifact' uses: actions/upload-artifact@v4 @@ -331,21 +317,7 @@ jobs: runs-on: macos-latest env: - QT_VERSION: 6.9.1 - - MAC_TEAM_ID: ${{ secrets.MAC_TEAM_ID }} - - MAC_APP_CERT_CERT: ${{ secrets.MAC_APP_CERT_CERT }} - MAC_SIGNER_ID: ${{ secrets.MAC_SIGNER_ID }} - MAC_APP_CERT_PW: ${{ secrets.MAC_APP_CERT_PW }} - - MAC_INSTALLER_SIGNER_CERT: ${{ secrets.MAC_INSTALLER_SIGNER_CERT }} - MAC_INSTALLER_SIGNER_ID: ${{ secrets.MAC_INSTALLER_SIGNER_ID }} - MAC_INSTALL_CERT_PW: ${{ secrets.MAC_INSTALL_CERT_PW }} - - APPLE_DEV_EMAIL: ${{ secrets.APPLE_DEV_EMAIL }} - APPLE_DEV_PASSWORD: ${{ secrets.APPLE_DEV_PASSWORD }} - + QT_VERSION: 6.8.0 PROD_AGW_PUBLIC_KEY: ${{ secrets.PROD_AGW_PUBLIC_KEY }} PROD_S3_ENDPOINT: ${{ secrets.PROD_S3_ENDPOINT }} DEV_AGW_PUBLIC_KEY: ${{ secrets.DEV_AGW_PUBLIC_KEY }} @@ -386,7 +358,7 @@ jobs: - name: 'Build project' run: | export QT_BIN_DIR="${{ runner.temp }}/Qt/${{ env.QT_VERSION }}/macos/bin" - bash deploy/build_macos.sh -n + bash deploy/build_macos.sh - name: 'Upload installer artifact' uses: actions/upload-artifact@v4 diff --git a/.gitignore b/.gitignore index d905f1e3..503adc2d 100644 --- a/.gitignore +++ b/.gitignore @@ -138,4 +138,3 @@ CMakeFiles/ ios-ne-build.sh macos-ne-build.sh macos-signed-build.sh -macos-with-sign-build.sh diff --git a/client/platforms/ios/WGConfig.swift b/client/platforms/ios/WGConfig.swift index 8f693387..537687f1 100644 --- a/client/platforms/ios/WGConfig.swift +++ b/client/platforms/ios/WGConfig.swift @@ -46,29 +46,59 @@ struct WGConfig: Decodable { } var settings: String { - junkPacketCount == nil ? "" : - """ - Jc = \(junkPacketCount!) - Jmin = \(junkPacketMinSize!) - Jmax = \(junkPacketMaxSize!) - S1 = \(initPacketJunkSize!) - S2 = \(responsePacketJunkSize!) - S3 = \(cookieReplyPacketJunkSize!) - S4 = \(transportPacketJunkSize!) - H1 = \(initPacketMagicHeader!) - H2 = \(responsePacketMagicHeader!) - H3 = \(underloadPacketMagicHeader!) - H4 = \(transportPacketMagicHeader!) - I1 = \(specialJunk1!) - I2 = \(specialJunk2!) - I3 = \(specialJunk3!) - I4 = \(specialJunk4!) - I5 = \(specialJunk5!) - J1 = \(controlledJunk1!) - J2 = \(controlledJunk2!) - J3 = \(controlledJunk3!) - Itime = \(specialHandshakeTimeout!) - """ + guard junkPacketCount != nil else { return "" } + + var settingsLines: [String] = [] + + // Required parameters when junkPacketCount is present + settingsLines.append("Jc = \(junkPacketCount!)") + settingsLines.append("Jmin = \(junkPacketMinSize!)") + settingsLines.append("Jmax = \(junkPacketMaxSize!)") + settingsLines.append("S1 = \(initPacketJunkSize!)") + settingsLines.append("S2 = \(responsePacketJunkSize!)") + + settingsLines.append("H1 = \(initPacketMagicHeader!)") + settingsLines.append("H2 = \(responsePacketMagicHeader!)") + settingsLines.append("H3 = \(underloadPacketMagicHeader!)") + settingsLines.append("H4 = \(transportPacketMagicHeader!)") + + // Optional parameters - only add if not nil and not empty + if let s3 = cookieReplyPacketJunkSize, !s3.isEmpty { + settingsLines.append("S3 = \(s3)") + } + if let s4 = transportPacketJunkSize, !s4.isEmpty { + settingsLines.append("S4 = \(s4)") + } + + if let i1 = specialJunk1, !i1.isEmpty { + settingsLines.append("I1 = \(i1)") + } + if let i2 = specialJunk2, !i2.isEmpty { + settingsLines.append("I2 = \(i2)") + } + if let i3 = specialJunk3, !i3.isEmpty { + settingsLines.append("I3 = \(i3)") + } + if let i4 = specialJunk4, !i4.isEmpty { + settingsLines.append("I4 = \(i4)") + } + if let i5 = specialJunk5, !i5.isEmpty { + settingsLines.append("I5 = \(i5)") + } + if let j1 = controlledJunk1, !j1.isEmpty { + settingsLines.append("J1 = \(j1)") + } + if let j2 = controlledJunk2, !j2.isEmpty { + settingsLines.append("J2 = \(j2)") + } + if let j3 = controlledJunk3, !j3.isEmpty { + settingsLines.append("J3 = \(j3)") + } + if let itime = specialHandshakeTimeout, !itime.isEmpty { + settingsLines.append("Itime = \(itime)") + } + + return settingsLines.joined(separator: "\n") } var str: String { diff --git a/client/ui/controllers/api/apiConfigsController.cpp b/client/ui/controllers/api/apiConfigsController.cpp index 0b0a9b92..0f42beb7 100644 --- a/client/ui/controllers/api/apiConfigsController.cpp +++ b/client/ui/controllers/api/apiConfigsController.cpp @@ -221,8 +221,6 @@ namespace serverConfig[configKey::apiConfig] = apiConfig; - qDebug() << serverConfig; - return ErrorCode::NoError; } } diff --git a/client/ui/qml/Pages2/PageSettingsKillSwitch.qml b/client/ui/qml/Pages2/PageSettingsKillSwitch.qml index ca1cd0d4..d6d73b20 100644 --- a/client/ui/qml/Pages2/PageSettingsKillSwitch.qml +++ b/client/ui/qml/Pages2/PageSettingsKillSwitch.qml @@ -62,8 +62,7 @@ PageType { Layout.leftMargin: 16 Layout.rightMargin: 16 - visible: false - // enabled: SettingsController.isKillSwitchEnabled && !ConnectionController.isConnected + enabled: SettingsController.isKillSwitchEnabled && !ConnectionController.isConnected checked: !SettingsController.strictKillSwitchEnabled text: qsTr("Soft KillSwitch") @@ -74,9 +73,7 @@ PageType { } } - DividerType { - visible: false - } + DividerType {} VerticalRadioButton { id: strictKillSwitch @@ -84,7 +81,9 @@ PageType { Layout.leftMargin: 16 Layout.rightMargin: 16 - enabled: SettingsController.isKillSwitchEnabled && !ConnectionController.isConnected + visible: false + enabled: false + // enabled: SettingsController.isKillSwitchEnabled && !ConnectionController.isConnected checked: SettingsController.strictKillSwitchEnabled text: qsTr("Strict KillSwitch") @@ -106,7 +105,9 @@ PageType { } } - DividerType {} + DividerType { + visible: false + } LabelWithButtonType { Layout.topMargin: 32 diff --git a/deploy/build_macos.sh b/deploy/build_macos.sh index 6e67ee79..03f286fc 100644 --- a/deploy/build_macos.sh +++ b/deploy/build_macos.sh @@ -71,54 +71,11 @@ cmake --build . --config release --target all KEYCHAIN_PATH="$PROJECT_DIR/mac_sign.keychain" trap 'echo "Cleaning up mac_sign.keychain..."; security delete-keychain "$KEYCHAIN_PATH" 2>/dev/null || true; rm -f "$KEYCHAIN_PATH" 2>/dev/null || true' EXIT KEYCHAIN=$(security default-keychain -d user | tr -d '"[:space:]"') - -# Build a clean list of the *existing* user key-chains. The raw output of -# security list-keychains -d user -# looks roughly like: -# " \"/Users/foo/Library/Keychains/login.keychain-db\"\n \"/Library/Keychains/System.keychain\"" -# Every entry is surrounded by quotes and indented with a few blanks. Feeding -# that verbatim back to `security list-keychains -s` inside a single quoted -# argument leads to one long, invalid path on some systems. We therefore strip -# the quotes and rely on the shell to split the string on whitespace so that -# each path becomes its own argument. - -read -ra EXISTING_KEYCHAINS <<< "$(security list-keychains -d user | tr -d '"')" - -security list-keychains -d user -s "$KEYCHAIN_PATH" "$KEYCHAIN" "${EXISTING_KEYCHAINS[@]}" -KEYCHAIN_PWD="" # Empty password keeps things simple for CI jobs -# Create, unlock and configure the temporary key-chain so that `codesign` can -# access the imported identities without triggering interactive prompts. -security create-keychain -p "$KEYCHAIN_PWD" "$KEYCHAIN_PATH" -# Keep the key-chain unlocked for the duration of the job (6 hours is plenty). -security set-keychain-settings -lut 21600 "$KEYCHAIN_PATH" -security unlock-keychain -p "$KEYCHAIN_PWD" "$KEYCHAIN_PATH" - -# Import the signing certificates only when the corresponding passwords are -# available in the environment. This allows the script to run in environments -# where code-signing is intentionally turned off (e.g. CI jobs that just build -# the artefacts without releasing them). - -if [ -n "${MAC_APP_CERT_PW-}" ]; then - # If the certificate is provided via environment variable, decode it. - if [ -n "${MAC_APP_CERT_CERT-}" ]; then - echo "$MAC_APP_CERT_CERT" | base64 -d > "$DEPLOY_DIR/DeveloperIdApplicationCertificate.p12" - fi - security import "$DEPLOY_DIR/DeveloperIdApplicationCertificate.p12" \ - -k "$KEYCHAIN_PATH" -P "$MAC_APP_CERT_PW" -A -fi - -if [ -n "${MAC_INSTALL_CERT_PW-}" ]; then - # Same logic for the installer certificate. - if [ -n "${MAC_INSTALLER_SIGNER_CERT-}" ]; then - echo "$MAC_INSTALLER_SIGNER_CERT" | base64 -d > "$DEPLOY_DIR/DeveloperIdInstallerCertificate.p12" - fi - security import "$DEPLOY_DIR/DeveloperIdInstallerCertificate.p12" \ - -k "$KEYCHAIN_PATH" -P "$MAC_INSTALL_CERT_PW" -A -fi - -# This certificate has no password. +security list-keychains -d user -s "$KEYCHAIN_PATH" "$KEYCHAIN" "$(security list-keychains -d user | tr '\n' ' ')" +security create-keychain -p "" "$KEYCHAIN_PATH" +security import "$DEPLOY_DIR/DeveloperIdApplicationCertificate.p12" -k "$KEYCHAIN_PATH" -P "$MAC_APP_CERT_PW" -T /usr/bin/codesign +security import "$DEPLOY_DIR/DeveloperIdInstallerCertificate.p12" -k "$KEYCHAIN_PATH" -P "$MAC_INSTALL_CERT_PW" -T /usr/bin/codesign security import "$DEPLOY_DIR/DeveloperIDG2CA.cer" -k "$KEYCHAIN_PATH" -T /usr/bin/codesign - security list-keychains -d user -s "$KEYCHAIN_PATH" echo "____________________________________"