Skip to content

impl: verify cli signature #148

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 43 commits into from
Jul 17, 2025
Merged

impl: verify cli signature #148

Changes from 1 commit
Commits
Show all changes
43 commits
Select commit Hold shift + click to select a range
4227ebd
impl: new UI setting for running unsigned binary execution
fioan89 Jul 8, 2025
021e53a
chore: refactor CLI downloading logic
fioan89 Jul 9, 2025
fb6e784
impl: support for downloading the cli signature
fioan89 Jul 9, 2025
dbf8560
impl: support for downloading the releases.coder.com signature
fioan89 Jul 10, 2025
6754300
fix: read fresh values from the config store
fioan89 Jul 10, 2025
8d768ee
impl: prompt user when running unsigned binaries
fioan89 Jul 10, 2025
ea3e379
fix: used proper result to verify if signature is downloaded
fioan89 Jul 10, 2025
3668d46
chore: compact code and run signature download on the IO thread
fioan89 Jul 10, 2025
a476364
chore: add support for bouncycastle
fioan89 Jul 10, 2025
45a72fb
chore: update i18n bundle with new strings related to signature verif…
fioan89 Jul 10, 2025
ad44346
impl: verify gpg signed cli binaries
fioan89 Jul 10, 2025
4cd5148
impl: embed the pgp public key as a plugin resource
fioan89 Jul 11, 2025
fbe68de
impl: load the public key from a resource file
fioan89 Jul 11, 2025
270b949
impl: run the signature verification on the IO thread
fioan89 Jul 11, 2025
d5ae289
fix: find the key id in multiple key rings
fioan89 Jul 11, 2025
96663e6
fix: remove the cli if it is not properly signed
fioan89 Jul 11, 2025
6a79995
fix: avoid out of memory when verifying signatures
fioan89 Jul 11, 2025
5fcb4b9
fix: don't run signature verification
fioan89 Jul 11, 2025
3543377
chore: fix UTs
fioan89 Jul 11, 2025
0a5de76
Merge branch 'main' into impl-verify-cli-signature
fioan89 Jul 11, 2025
97dbc8d
chore: next version is 0.5.0
fioan89 Jul 11, 2025
27066d8
fix: more UTs
fioan89 Jul 11, 2025
811fc85
fix: display errors that happened while handling URIs
fioan89 Jul 14, 2025
9851dec
impl: check if the cli exists before running it to spill out the version
fioan89 Jul 14, 2025
306848f
impl: download retroactive cli signatures from releases.coder.com/cod…
fioan89 Jul 14, 2025
5dcdff0
fix: UTs after fallback to signatures from releases.coder.com were pu…
fioan89 Jul 14, 2025
5bf0792
chore: refactor code around signature name
fioan89 Jul 14, 2025
bce103b
chore: remove code around URL building
fioan89 Jul 14, 2025
8342a21
fix: raise the original error when cli can't be downloaded
fioan89 Jul 15, 2025
881a662
impl: download the cli to a temporary location
fioan89 Jul 15, 2025
aeb79e5
impl: prompt the user if when signature verification fails
fioan89 Jul 15, 2025
f57c07d
impl: introduce signature fallback setting
fioan89 Jul 16, 2025
dcba5ec
impl: ask the user only once in the login screen for fallback strategy
fioan89 Jul 16, 2025
a8767d2
fix: the settings page doesn't see changes done from other screens
fioan89 Jul 16, 2025
0ad2121
impl: prompt user for allowing unverified binaries to run
fioan89 Jul 16, 2025
eba8118
chore: always run unsigned binaries in the UTs
fioan89 Jul 16, 2025
26a94c1
Merge branch 'main' into impl-verify-cli-signature
fioan89 Jul 16, 2025
3856d57
fix: fallback to releases.coder.com was not properly treated
fioan89 Jul 16, 2025
65eb1ec
fix: report cli download progress with the real name
fioan89 Jul 16, 2025
736325e
fix: don't report version for signatures while downloading
fioan89 Jul 16, 2025
5ea0967
impl: improve progress reporting while downloading the cli
fioan89 Jul 17, 2025
6529069
chore: improve fallback setting text
fioan89 Jul 17, 2025
53d5b32
fix: don't send custom request headers when accessing release.coder.com
fioan89 Jul 17, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
39 changes: 35 additions & 4 deletions src/main/kotlin/com/coder/toolbox/views/DeploymentUrlStep.kt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,9 +1,13 @@
package com.coder.toolbox.views

import com.coder.toolbox.CoderToolboxContext
import com.coder.toolbox.settings.SignatureFallbackStrategy
import com.coder.toolbox.util.toURL
import com.coder.toolbox.views.state.CoderCliSetupContext
import com.coder.toolbox.views.state.CoderCliSetupWizardState
import com.jetbrains.toolbox.api.ui.components.CheckboxField
import com.jetbrains.toolbox.api.ui.components.LabelField
import com.jetbrains.toolbox.api.ui.components.LabelStyleType
import com.jetbrains.toolbox.api.ui.components.RowGroup
import com.jetbrains.toolbox.api.ui.components.TextField
import com.jetbrains.toolbox.api.ui.components.TextType
Expand All @@ -24,12 +28,34 @@ class DeploymentUrlStep(
) :
WizardStep {
private val urlField = TextField(context.i18n.ptrl("Deployment URL"), "", TextType.General)
private val errorField = ValidationErrorField(context.i18n.pnotr(""))
private val emptyLine = LabelField(context.i18n.pnotr(""), LabelStyleType.Normal)

override val panel: RowGroup = RowGroup(
RowGroup.RowField(urlField),
RowGroup.RowField(errorField)
private val signatureFallbackStrategyField = CheckboxField(
context.settingsStore.fallbackOnCoderForSignatures.isAllowed(),
context.i18n.ptrl("Fallback on releases.coder.com when CLI signatures can't be found")
)
private val infoLine =
LabelField(context.i18n.ptrl("Can be reconfigured later on from the Settings page"), LabelStyleType.Secondary)

private val errorField = ValidationErrorField(context.i18n.pnotr(""))

override val panel: RowGroup
get() {
if (context.settingsStore.fallbackOnCoderForSignatures == SignatureFallbackStrategy.NOT_CONFIGURED) {
return RowGroup(
RowGroup.RowField(urlField),
RowGroup.RowField(emptyLine),
RowGroup.RowField(signatureFallbackStrategyField),
RowGroup.RowField(infoLine),
RowGroup.RowField(errorField)
)

}
return RowGroup(
RowGroup.RowField(urlField),
RowGroup.RowField(errorField)
)
}

override fun onVisible() {
errorField.textState.update {
Expand All @@ -38,9 +64,14 @@ class DeploymentUrlStep(
urlField.textState.update {
context.secrets.lastDeploymentURL
}

signatureFallbackStrategyField.checkedState.update {
context.settingsStore.fallbackOnCoderForSignatures.isAllowed()
}
}

override fun onNext(): Boolean {
context.settingsStore.updateSignatureFallbackStrategy(signatureFallbackStrategyField.checkedState.value)
var url = urlField.textState.value
if (url.isBlank()) {
errorField.textState.update { context.i18n.ptrl("URL is required") }
Expand Down