From 3dc699c39170a2def9a38b40be604ed3b19cabf3 Mon Sep 17 00:00:00 2001 From: Dain Nilsson Date: Fri, 6 May 2022 10:18:46 +0200 Subject: [PATCH 1/5] Rename RPC to Yubico Authenticator Helper. --- build-helper.bat | 10 ++++++++++ build-ykman.sh => build-helper.sh | 14 +++++++------- build-ykman.bat | 10 ---------- {ykman-rpc => helper}/.gitignore | 0 .../authenticator-helper.exe.manifest | 0 .../authenticator-helper.py | 2 +- .../authenticator-helper.spec | 8 ++++---- {ykman-rpc/rpc => helper/helper}/__init__.py | 0 {ykman-rpc/rpc => helper/helper}/base.py | 0 {ykman-rpc/rpc => helper/helper}/device.py | 0 {ykman-rpc/rpc => helper/helper}/fido.py | 0 {ykman-rpc/rpc => helper/helper}/management.py | 0 {ykman-rpc/rpc => helper/helper}/oath.py | 0 {ykman-rpc/rpc => helper/helper}/qr.py | 0 {ykman-rpc/rpc => helper/helper}/yubiotp.py | 0 {ykman-rpc => helper}/poetry.lock | 0 {ykman-rpc => helper}/pyproject.toml | 4 ++-- {ykman-rpc => helper}/shell.py | 12 ++++++------ {ykman-rpc => helper}/version_info.txt | 0 lib/desktop/init.dart | 10 +++++----- lib/desktop/rpc.dart | 18 +++++++++--------- ...ntitlements => helper-sandbox.entitlements} | 0 ...{ykman.entitlements => helper.entitlements} | 0 23 files changed, 44 insertions(+), 44 deletions(-) create mode 100644 build-helper.bat rename build-ykman.sh => build-helper.sh (53%) delete mode 100644 build-ykman.bat rename {ykman-rpc => helper}/.gitignore (100%) rename ykman-rpc/ykman-rpc.exe.manifest => helper/authenticator-helper.exe.manifest (100%) rename ykman-rpc/ykman-rpc.py => helper/authenticator-helper.py (90%) rename ykman-rpc/ykman-rpc.spec => helper/authenticator-helper.spec (86%) rename {ykman-rpc/rpc => helper/helper}/__init__.py (100%) rename {ykman-rpc/rpc => helper/helper}/base.py (100%) rename {ykman-rpc/rpc => helper/helper}/device.py (100%) rename {ykman-rpc/rpc => helper/helper}/fido.py (100%) rename {ykman-rpc/rpc => helper/helper}/management.py (100%) rename {ykman-rpc/rpc => helper/helper}/oath.py (100%) rename {ykman-rpc/rpc => helper/helper}/qr.py (100%) rename {ykman-rpc/rpc => helper/helper}/yubiotp.py (100%) rename {ykman-rpc => helper}/poetry.lock (100%) rename {ykman-rpc => helper}/pyproject.toml (88%) rename {ykman-rpc => helper}/shell.py (95%) rename {ykman-rpc => helper}/version_info.txt (100%) rename macos/{ykman-sandbox.entitlements => helper-sandbox.entitlements} (100%) rename macos/{ykman.entitlements => helper.entitlements} (100%) diff --git a/build-helper.bat b/build-helper.bat new file mode 100644 index 00000000..d8e8c54d --- /dev/null +++ b/build-helper.bat @@ -0,0 +1,10 @@ +@echo off + +echo Building authenticator-helper for Windows... +cd helper +poetry install +rmdir /s /q ..\build\windows\helper +poetry run pyinstaller authenticator-helper.spec --distpath ..\build\windows +cd .. + +echo All done, output in build/windows/ diff --git a/build-ykman.sh b/build-helper.sh similarity index 53% rename from build-ykman.sh rename to build-helper.sh index 31b44f1d..abba3558 100755 --- a/build-ykman.sh +++ b/build-helper.sh @@ -15,22 +15,22 @@ case "$(uname)" in OS="windows";; esac -echo "Building ykman-rpc for $OS..." +echo "Building authenticator-helper for $OS..." OUTPUT="build/$OS" -cd ykman-rpc +cd helper poetry install -rm -rf ../$OUTPUT/ykman-rpc -poetry run pyinstaller ykman-rpc.spec --distpath ../$OUTPUT +rm -rf ../$OUTPUT/helper +poetry run pyinstaller authenticator-helper.spec --distpath ../$OUTPUT cd .. # Fixup permissions (should probably be more strict) -find $OUTPUT/ykman-rpc -type f -exec chmod a-x {} + -chmod a+x $OUTPUT/ykman-rpc/ykman-rpc +find $OUTPUT/helper -type f -exec chmod a-x {} + +chmod a+x $OUTPUT/helper/authenticator-helper # Adhoc sign executable (MacOS) if [ "$OS" = "macos" ]; then - codesign -f --timestamp --entitlements macos/ykman.entitlements --sign - $OUTPUT/ykman-rpc/ykman-rpc + codesign -f --timestamp --entitlements macos/helper.entitlements --sign - $OUTPUT/helper/authenticator-helper fi echo "All done, output in $OUTPUT/" diff --git a/build-ykman.bat b/build-ykman.bat deleted file mode 100644 index 164c4b9b..00000000 --- a/build-ykman.bat +++ /dev/null @@ -1,10 +0,0 @@ -@echo off - -echo Building ykman-rpc for Windows... -cd ykman-rpc -poetry install -rmdir /s /q ..\build\windows\ykman-rpc -poetry run pyinstaller ykman-rpc.spec --distpath ..\build\windows -cd .. - -echo All done, output in build/windows/ diff --git a/ykman-rpc/.gitignore b/helper/.gitignore similarity index 100% rename from ykman-rpc/.gitignore rename to helper/.gitignore diff --git a/ykman-rpc/ykman-rpc.exe.manifest b/helper/authenticator-helper.exe.manifest similarity index 100% rename from ykman-rpc/ykman-rpc.exe.manifest rename to helper/authenticator-helper.exe.manifest diff --git a/ykman-rpc/ykman-rpc.py b/helper/authenticator-helper.py similarity index 90% rename from ykman-rpc/ykman-rpc.py rename to helper/authenticator-helper.py index 6bf6c7d9..da94ee3e 100644 --- a/ykman-rpc/ykman-rpc.py +++ b/helper/authenticator-helper.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 -from rpc import run_rpc_pipes, run_rpc_socket +from helper import run_rpc_pipes, run_rpc_socket import socket import sys diff --git a/ykman-rpc/ykman-rpc.spec b/helper/authenticator-helper.spec similarity index 86% rename from ykman-rpc/ykman-rpc.spec rename to helper/authenticator-helper.spec index 27f696b5..4c260d56 100755 --- a/ykman-rpc/ykman-rpc.spec +++ b/helper/authenticator-helper.spec @@ -5,7 +5,7 @@ block_cipher = None a = Analysis( - ["ykman-rpc.py"], + ["authenticator-helper.py"], pathex=[], binaries=[], datas=[], @@ -26,14 +26,14 @@ exe = EXE( a.scripts, [], exclude_binaries=True, - name="ykman-rpc", + name="authenticator-helper", icon="NONE", debug=False, bootloader_ignore_signals=False, strip=False, upx=True, console=True, - manifest="ykman-rpc.exe.manifest", + manifest="authenticator-helper.exe.manifest", version="version_info.txt", disable_windowed_traceback=False, target_arch=None, @@ -48,5 +48,5 @@ coll = COLLECT( strip=False, upx=True, upx_exclude=[], - name="ykman-rpc", + name="helper", ) diff --git a/ykman-rpc/rpc/__init__.py b/helper/helper/__init__.py similarity index 100% rename from ykman-rpc/rpc/__init__.py rename to helper/helper/__init__.py diff --git a/ykman-rpc/rpc/base.py b/helper/helper/base.py similarity index 100% rename from ykman-rpc/rpc/base.py rename to helper/helper/base.py diff --git a/ykman-rpc/rpc/device.py b/helper/helper/device.py similarity index 100% rename from ykman-rpc/rpc/device.py rename to helper/helper/device.py diff --git a/ykman-rpc/rpc/fido.py b/helper/helper/fido.py similarity index 100% rename from ykman-rpc/rpc/fido.py rename to helper/helper/fido.py diff --git a/ykman-rpc/rpc/management.py b/helper/helper/management.py similarity index 100% rename from ykman-rpc/rpc/management.py rename to helper/helper/management.py diff --git a/ykman-rpc/rpc/oath.py b/helper/helper/oath.py similarity index 100% rename from ykman-rpc/rpc/oath.py rename to helper/helper/oath.py diff --git a/ykman-rpc/rpc/qr.py b/helper/helper/qr.py similarity index 100% rename from ykman-rpc/rpc/qr.py rename to helper/helper/qr.py diff --git a/ykman-rpc/rpc/yubiotp.py b/helper/helper/yubiotp.py similarity index 100% rename from ykman-rpc/rpc/yubiotp.py rename to helper/helper/yubiotp.py diff --git a/ykman-rpc/poetry.lock b/helper/poetry.lock similarity index 100% rename from ykman-rpc/poetry.lock rename to helper/poetry.lock diff --git a/ykman-rpc/pyproject.toml b/helper/pyproject.toml similarity index 88% rename from ykman-rpc/pyproject.toml rename to helper/pyproject.toml index 838550af..2ea23dfa 100644 --- a/ykman-rpc/pyproject.toml +++ b/helper/pyproject.toml @@ -1,7 +1,7 @@ [tool.poetry] -name = "ykman-rpc" +name = "authenticator-helper" version = "0.1.0" -description = "Yubico Authenticator helper app" +description = "Yubico Authenticator Helper" authors = ["Dain Nilsson "] [tool.poetry.dependencies] diff --git a/ykman-rpc/shell.py b/helper/shell.py similarity index 95% rename from ykman-rpc/shell.py rename to helper/shell.py index d83b75fe..e37f3242 100755 --- a/ykman-rpc/shell.py +++ b/helper/shell.py @@ -228,22 +228,22 @@ def log_stderr(stderr): @click.command() @click.argument("executable", nargs=-1) def shell(executable): - """A basic shell for interacting with the ykman rpc.""" - rpc = subprocess.Popen( # nosec - executable or [sys.executable, "ykman-rpc.py"], + """A basic shell for interacting with the Yubico Authenticator Helper.""" + helper = subprocess.Popen( # nosec + executable or [sys.executable, "authenticator-helper.py"], stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, encoding="utf8", ) - Thread(daemon=True, target=log_stderr, args=(rpc.stderr,)).start() + Thread(daemon=True, target=log_stderr, args=(helper.stderr,)).start() click.echo("Shell starting...") - shell = RpcShell(rpc.stdin, cast(IO[str], rpc.stdout)) + shell = RpcShell(helper.stdin, cast(IO[str], helper.stdout)) shell.cmdloop() click.echo("Stopping...") - rpc.communicate() + helper.communicate() if __name__ == "__main__": diff --git a/ykman-rpc/version_info.txt b/helper/version_info.txt similarity index 100% rename from ykman-rpc/version_info.txt rename to helper/version_info.txt diff --git a/lib/desktop/init.dart b/lib/desktop/init.dart index 3286e5ed..79d5829c 100755 --- a/lib/desktop/init.dart +++ b/lib/desktop/init.dart @@ -59,10 +59,10 @@ Future initialize(List argv) async { } })); - // Either use the _YKMAN_EXE environment variable, or look relative to executable. - var exe = Platform.environment['_YKMAN_PATH']; + // Either use the _HELPER_PATH environment variable, or look relative to executable. + var exe = Platform.environment['_HELPER_PATH']; if (exe?.isEmpty ?? true) { - var relativePath = 'ykman-rpc/ykman-rpc'; + var relativePath = 'helper/authenticator-helper'; if (Platform.isMacOS) { relativePath = '../Resources/' + relativePath; } else if (Platform.isWindows) { @@ -73,10 +73,10 @@ Future initialize(List argv) async { .toFilePath(); } - _log.info('Starting subprocess: $exe'); + _log.info('Starting Helper subprocess: $exe'); final rpc = RpcSession(exe!); await rpc.initialize(); - _log.info('ykman-rpc process started', exe); + _log.info('Helper process started', exe); rpc.setLogLevel(Logger.root.level); return ProviderScope( diff --git a/lib/desktop/rpc.dart b/lib/desktop/rpc.dart index 2d93ed2b..88dbee99 100644 --- a/lib/desktop/rpc.dart +++ b/lib/desktop/rpc.dart @@ -10,7 +10,7 @@ import 'package:yubico_authenticator/app/logging.dart'; import '../app/models.dart'; import 'models.dart'; -final _log = Logger('rpc'); +final _log = Logger('helper'); class Signaler { final _send = StreamController(); @@ -92,7 +92,7 @@ class RpcSession { static void _logEntry(String entry) { try { final record = jsonDecode(entry); - Logger('rpc.${record['name']}').log( + Logger('helper.${record['name']}').log( _py2level[record['level']] ?? Level.INFO, record['message'], record['exc_text'], @@ -105,7 +105,7 @@ class RpcSession { Future initialize() async { final process = await Process.start(executable, []); - _log.debug('RPC process started'); + _log.debug('Helper process started'); process.stderr .transform(const Utf8Decoder()) .transform(const LineSplitter()) @@ -133,7 +133,7 @@ class RpcSession { // Bind to random port final server = await ServerSocket.bind(InternetAddress.loopbackIPv4, 0); final port = server.port; - _log.debug('Listening for RPC connection on $port'); + _log.debug('Listening for Helper connection on $port'); // Launch the elevated process final process = @@ -150,15 +150,15 @@ class RpcSession { .transform(const Utf8Decoder()) .transform(const LineSplitter()) .join('\n'); - _log.warning('Failed to elevate RPC process', error); + _log.warning('Failed to elevate the Helper process', error); return false; } - _log.debug('Elevated RPC process started'); + _log.debug('Elevated Helper process started'); // Accept only a single connection final client = await server.first; await server.close(); - _log.debug('Client connected: $client'); + _log.debug('Helper connected: $client'); // Stop the old subprocess. try { @@ -174,12 +174,12 @@ class RpcSession { // The nonce needs to be received first. if (!authenticated) { if (nonce == line) { - _log.debug('Client authenticated with correct nonce'); + _log.debug('Helper authenticated with correct nonce'); authenticated = true; completer.complete(); return ''; } else { - _log.warning('Client used WRONG NONCE: $line'); + _log.warning('Helper used WRONG NONCE: $line'); client.close(); completer.completeError(Exception('Invalid nonce')); throw Exception('Invalid nonce'); diff --git a/macos/ykman-sandbox.entitlements b/macos/helper-sandbox.entitlements similarity index 100% rename from macos/ykman-sandbox.entitlements rename to macos/helper-sandbox.entitlements diff --git a/macos/ykman.entitlements b/macos/helper.entitlements similarity index 100% rename from macos/ykman.entitlements rename to macos/helper.entitlements From d6fdc233fcd0a5e2995c787c152728d89d60af3a Mon Sep 17 00:00:00 2001 From: Dain Nilsson Date: Fri, 6 May 2022 14:50:00 +0200 Subject: [PATCH 2/5] Update platform builds to use new helper. --- helper/pyproject.toml | 4 ++++ linux/CMakeLists.txt | 4 ++-- macos/Runner.xcodeproj/project.pbxproj | 8 ++++---- windows/runner/CMakeLists.txt | 4 ++-- 4 files changed, 12 insertions(+), 8 deletions(-) diff --git a/helper/pyproject.toml b/helper/pyproject.toml index 2ea23dfa..4665cd66 100644 --- a/helper/pyproject.toml +++ b/helper/pyproject.toml @@ -3,6 +3,10 @@ name = "authenticator-helper" version = "0.1.0" description = "Yubico Authenticator Helper" authors = ["Dain Nilsson "] +packages = [ + { include = "helper" }, +] + [tool.poetry.dependencies] python = "^3.8" diff --git a/linux/CMakeLists.txt b/linux/CMakeLists.txt index 587b6ddb..19afa71d 100644 --- a/linux/CMakeLists.txt +++ b/linux/CMakeLists.txt @@ -115,5 +115,5 @@ if(NOT CMAKE_BUILD_TYPE MATCHES "Debug") COMPONENT Runtime) endif() -# Copy the ykman RPC -install(DIRECTORY "../build/linux/ykman-rpc" DESTINATION "${BUILD_BUNDLE_DIR}" USE_SOURCE_PERMISSIONS) +# Copy the Helper +install(DIRECTORY "../build/linux/helper" DESTINATION "${BUILD_BUNDLE_DIR}" USE_SOURCE_PERMISSIONS) diff --git a/macos/Runner.xcodeproj/project.pbxproj b/macos/Runner.xcodeproj/project.pbxproj index 21da19b2..db3c36f6 100644 --- a/macos/Runner.xcodeproj/project.pbxproj +++ b/macos/Runner.xcodeproj/project.pbxproj @@ -26,7 +26,7 @@ 33CC10F32044A3C60003C045 /* Assets.xcassets in Resources */ = {isa = PBXBuildFile; fileRef = 33CC10F22044A3C60003C045 /* Assets.xcassets */; }; 33CC10F62044A3C60003C045 /* MainMenu.xib in Resources */ = {isa = PBXBuildFile; fileRef = 33CC10F42044A3C60003C045 /* MainMenu.xib */; }; 33CC11132044BFA00003C045 /* MainFlutterWindow.swift in Sources */ = {isa = PBXBuildFile; fileRef = 33CC11122044BFA00003C045 /* MainFlutterWindow.swift */; }; - A549BDAB2747CBBE0016F37D /* ykman-rpc in Resources */ = {isa = PBXBuildFile; fileRef = A549BDAA2747CBBE0016F37D /* ykman-rpc */; }; + A5DD3DBC2825505C001ACA3A /* helper in Resources */ = {isa = PBXBuildFile; fileRef = A5DD3DBB2825505C001ACA3A /* helper */; }; CCE73883AA6E76B42D34D392 /* Pods_Runner.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = E5437883A25FD13EEA6A730E /* Pods_Runner.framework */; }; /* End PBXBuildFile section */ @@ -71,7 +71,7 @@ 6EAF9B998D311C2D6DD1409C /* Pods-Runner.debug.xcconfig */ = {isa = PBXFileReference; includeInIndex = 1; lastKnownFileType = text.xcconfig; name = "Pods-Runner.debug.xcconfig"; path = "Target Support Files/Pods-Runner/Pods-Runner.debug.xcconfig"; sourceTree = ""; }; 7AFA3C8E1D35360C0083082E /* Release.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = Release.xcconfig; sourceTree = ""; }; 9740EEB21CF90195004384FC /* Debug.xcconfig */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.xcconfig; path = Debug.xcconfig; sourceTree = ""; }; - A549BDAA2747CBBE0016F37D /* ykman-rpc */ = {isa = PBXFileReference; lastKnownFileType = folder; name = "ykman-rpc"; path = "../build/macos/ykman-rpc"; sourceTree = ""; }; + A5DD3DBB2825505C001ACA3A /* helper */ = {isa = PBXFileReference; lastKnownFileType = folder; name = helper; path = ../build/macos/helper; sourceTree = ""; }; E5437883A25FD13EEA6A730E /* Pods_Runner.framework */ = {isa = PBXFileReference; explicitFileType = wrapper.framework; includeInIndex = 0; path = Pods_Runner.framework; sourceTree = BUILT_PRODUCTS_DIR; }; F18D61C5361D1EF615E824EE /* Pods-Runner.profile.xcconfig */ = {isa = PBXFileReference; includeInIndex = 1; lastKnownFileType = text.xcconfig; name = "Pods-Runner.profile.xcconfig"; path = "Target Support Files/Pods-Runner/Pods-Runner.profile.xcconfig"; sourceTree = ""; }; FFD2BDD751CD366AEDC4D417 /* Pods-Runner.release.xcconfig */ = {isa = PBXFileReference; includeInIndex = 1; lastKnownFileType = text.xcconfig; name = "Pods-Runner.release.xcconfig"; path = "Target Support Files/Pods-Runner/Pods-Runner.release.xcconfig"; sourceTree = ""; }; @@ -122,7 +122,7 @@ 33CC11242044D66E0003C045 /* Resources */ = { isa = PBXGroup; children = ( - A549BDAA2747CBBE0016F37D /* ykman-rpc */, + A5DD3DBB2825505C001ACA3A /* helper */, 33CC10F22044A3C60003C045 /* Assets.xcassets */, 33CC10F42044A3C60003C045 /* MainMenu.xib */, 33CC10F72044A3C60003C045 /* Info.plist */, @@ -248,8 +248,8 @@ isa = PBXResourcesBuildPhase; buildActionMask = 2147483647; files = ( - A549BDAB2747CBBE0016F37D /* ykman-rpc in Resources */, 33CC10F32044A3C60003C045 /* Assets.xcassets in Resources */, + A5DD3DBC2825505C001ACA3A /* helper in Resources */, 33CC10F62044A3C60003C045 /* MainMenu.xib in Resources */, ); runOnlyForDeploymentPostprocessing = 0; diff --git a/windows/runner/CMakeLists.txt b/windows/runner/CMakeLists.txt index c08fdd6c..6034f077 100644 --- a/windows/runner/CMakeLists.txt +++ b/windows/runner/CMakeLists.txt @@ -17,5 +17,5 @@ target_include_directories(${BINARY_NAME} PRIVATE "${CMAKE_SOURCE_DIR}") add_dependencies(${BINARY_NAME} flutter_assemble) # This can probably be done in a cleaner way. -file(COPY "../../build/windows/ykman-rpc" DESTINATION "${CMAKE_CURRENT_BINARY_DIR}/Release") -file(COPY "../../build/windows/ykman-rpc" DESTINATION "${CMAKE_CURRENT_BINARY_DIR}/Debug") +file(COPY "../../build/windows/helper" DESTINATION "${CMAKE_CURRENT_BINARY_DIR}/Release") +file(COPY "../../build/windows/helper" DESTINATION "${CMAKE_CURRENT_BINARY_DIR}/Debug") From d18531dcce2fc9c2623d1b893899eb6352c96375 Mon Sep 17 00:00:00 2001 From: Dain Nilsson Date: Fri, 6 May 2022 16:31:46 +0200 Subject: [PATCH 3/5] Update Github workflows. --- .github/workflows/linux.yml | 4 ++-- .github/workflows/macos.yml | 4 ++-- .github/workflows/windows.yml | 10 +++++----- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/.github/workflows/linux.yml b/.github/workflows/linux.yml index e472aeb7..0309bd73 100644 --- a/.github/workflows/linux.yml +++ b/.github/workflows/linux.yml @@ -36,8 +36,8 @@ jobs: flutter test flutter analyze - - name: Install ykman - run: ./build-ykman.sh + - name: Build the Helper + run: ./build-helper.sh - name: Build the app run: flutter build linux diff --git a/.github/workflows/macos.yml b/.github/workflows/macos.yml index b077e5c1..575a45aa 100644 --- a/.github/workflows/macos.yml +++ b/.github/workflows/macos.yml @@ -34,8 +34,8 @@ jobs: flutter test flutter analyze - - name: Install ykman - run: ./build-ykman.sh + - name: Build the Helper + run: ./build-helper.sh - name: Build the app run: flutter build macos diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml index 2da88039..65dd50af 100644 --- a/.github/workflows/windows.yml +++ b/.github/workflows/windows.yml @@ -32,8 +32,8 @@ jobs: flutter test flutter analyze - - name: Install ykman - run: .\build-ykman.bat + - name: Build the Helper + run: .\build-helper.bat - name: Build the app run: flutter build windows @@ -44,9 +44,9 @@ jobs: - name: Move .dll files run: | $dest = "build\windows\runner\Release" - cp $dest\ykman-rpc\MSVCP140.dll $dest\ - cp $dest\ykman-rpc\VCRUNTIME140.dll $dest\ - cp $dest\ykman-rpc\VCRUNTIME140_1.dll $dest\ + cp $dest\helper\MSVCP140.dll $dest\ + cp $dest\helper\VCRUNTIME140.dll $dest\ + cp $dest\helper\VCRUNTIME140_1.dll $dest\ - name: Create an unsigned .msi installer package From 43f93aff8ca4eb9671f1bb453f5bf21278a02a81 Mon Sep 17 00:00:00 2001 From: Dain Nilsson Date: Fri, 6 May 2022 16:52:07 +0200 Subject: [PATCH 4/5] Win: Update helper version info. --- helper/version_info.txt | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/helper/version_info.txt b/helper/version_info.txt index 4c3c6070..17a548a6 100755 --- a/helper/version_info.txt +++ b/helper/version_info.txt @@ -30,11 +30,11 @@ VSVersionInfo( StringTable( '040904b0', [StringStruct('CompanyName', 'Yubico'), - StringStruct('FileDescription', 'YubiKey Manager RPC'), + StringStruct('FileDescription', 'Yubico Authenticator Helper'), StringStruct('FileVersion', '4.1.0.0'), - StringStruct('LegalCopyright', 'Copyright (c) 2021 Yubico AB'), - StringStruct('OriginalFilename', 'ykman-rpc.exe'), - StringStruct('ProductName', 'YubiKey Manager'), + StringStruct('LegalCopyright', 'Copyright (c) 2022 Yubico AB'), + StringStruct('OriginalFilename', 'authenticator-helper.exe'), + StringStruct('ProductName', 'Yubico Authenticator'), StringStruct('ProductVersion', '4.1.0.0')]) ]), VarFileInfo([VarStruct('Translation', [1033, 1200])]) From ef381d0cc497083ea55d114b32d3600a82325ad8 Mon Sep 17 00:00:00 2001 From: Dain Nilsson Date: Mon, 9 May 2022 12:48:08 +0200 Subject: [PATCH 5/5] Update documentation for Helper. --- README.adoc | 16 ++++++++-------- doc/MacOS_Packaging.adoc | 30 +++++++++++++++--------------- 2 files changed, 23 insertions(+), 23 deletions(-) diff --git a/README.adoc b/README.adoc index 52e10c8f..e7a78b87 100644 --- a/README.adoc +++ b/README.adoc @@ -7,20 +7,20 @@ https://flutter.dev/desktop Development has been done using the "Install from git" method of installing the SDK, from the "beta" channel. -You will also need to provide a compiled version of ykman-rpc, as described in +You will also need to provide a compiled version of the Helper, as described in the next section. -=== Building ykman-rpc +=== Building the Yubico Authenticator Helper Requirements: Python >= 3.8 and Poetry. -The GUI requires a compiled version of ykman-rpc to run, which is built from -the sources in ykman-rpc/ in this repository. This needs to be build prior to -running `flutter build` or `flutter run`, by running `build-ykman.sh` (or -`build-ykman.bat` on Windows). +The GUI requires a compiled version of Helper to run, which is built from the +sources in helper/ in this repository. This needs to be build prior to running +`flutter build` or `flutter run`, by running `build-helper.sh` (or +`build-helper.bat` on Windows). -NOTE: You will need to re-run `ykman-build.sh` if changes have been made to -ykman-rpc's code, or if `flutter clean` has been run. +NOTE: You will need to re-run `ykman-helper.sh` if changes have been made to +Helper's code, or if `flutter clean` has been run. === Running the app diff --git a/doc/MacOS_Packaging.adoc b/doc/MacOS_Packaging.adoc index c67eaa46..94c79451 100644 --- a/doc/MacOS_Packaging.adoc +++ b/doc/MacOS_Packaging.adoc @@ -1,7 +1,7 @@ == Packaging for MacOS -Building the ykman CLI locally will result in an adhoc-signed build, which -works for local development, but not for distribution. Before distributing it -needs to be re-signed. Build the CLI by running `build-ykman.sh`, see the main +Building the Helper locally will result in an adhoc-signed build, which works +for local development, but not for distribution. Before distributing it needs +to be re-signed. Build the Helper by running `build-helper.sh`, see the main README for details. To distribute the app you will need the Yubico MacOS signing key. The method of @@ -14,22 +14,22 @@ To distribute the app outside of the App Store, we need to sign it and Notarize it. For Notarization to work, we must enable "hardened runtime" by setting the `--options runtime` when signing. -==== Signing the ykman CLI +==== Signing the Yubico Authenticator Helper The following commands can be done to re-sign the files using the Yubico signing key: # Sign the main binary, with the entitlements: - codesign -f --timestamp --options runtime --entitlements macos/ykman.entitlements --sign 'Application' build/macos/ykman-rpc/ykman-rpc + codesign -f --timestamp --options runtime --entitlements macos/helper.entitlements --sign 'Application' build/macos/helper/authenticator-helper # Sign the dylib and so files, without entitlements: - codesign -f --timestamp --options runtime --sign 'Application' $(find build/macos/ykman-rpc/ -name "*.dylib" -o -name "*.so") + codesign -f --timestamp --options runtime --sign 'Application' $(find build/macos/helper/ -name "*.dylib" -o -name "*.so") # Sign the Python binary (if it exists), without entitlements: - codesign -f --timestamp --options runtime --sign 'Application' build/macos/ykman-rpc/Python + codesign -f --timestamp --options runtime --sign 'Application' build/macos/helper/Python ==== Signing the GUI -After signing the CLI, make a release build of the GUI and then re-sign it with -the Yubico key: +After signing the Helper, make a release build of the GUI and then re-sign it +with the Yubico key: codesign --timestamp --options runtime --sign 'Application' --entitlements macos/Runner/Release.entitlements --deep "build/macos/Build/Products/Release/Yubico Authenticator.app" @@ -71,19 +71,19 @@ Choose the folder you just created. === Signing for the App Store -All binaries must have sandbox enabled for the Apple App Store, but the ykman +All binaries must have sandbox enabled for the Apple App Store, but the Helper binary doesn't work when sandboxed AND hardened. Luckily, App Store binaries do -not need to be hardened. Thus, we need to sign the ykman executable with +not need to be hardened. Thus, we need to sign the Helper executable with sandbox enabled, but NOT as a hardened build. The App Store build also uses a different code signing key than the standalone distribution. -==== Signing the ykman CLI -Follow the same steps as for "standalone", with the exception of signing the `ykman` binary: +==== Signing the Yubico Authenticator Helper +Follow the same steps as for "standalone", with the exception of signing the `authenticator-helper` binary: # Sign the main binary, with sandbox enabled, without hardened runtime: - codesign -f --timestamp --entitlements macos/ykman-sandbox.entitlements --sign 'Application' build/macos/ykman/ykman + codesign -f --timestamp --entitlements macos/helper-sandbox.entitlements --sign 'Application' build/macos/helper/authenticator-helper -NOTE: This sandboxed ykman will not run on its own, it has to be run as a +NOTE: This sandboxed Helper will not run on its own, it has to be run as a subprocess to the main application. Once you have the signed .app, (no Notarization required) build the package for AppStore submission: