chore: appcast generation

Author: deansheather

.github/workflows/release.yaml

@@ -68,6 +68,9 @@ jobs:
         service_account: ${{ secrets.GCP_SERVICE_ACCOUNT }}
         token_format: "access_token"
 
+    - name: Install gcloud
+      uses: google-github-actions/setup-gcloud@77e7a554d41e2ee56fc945c52dfd3f33d12def9a # 2.1.4
+
     - name: Install wix
       shell: pwsh
       run: |
@@ -120,6 +123,43 @@ jobs:
       env:
         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
+    - name: Update appcast
+      if: startsWith(github.ref, 'refs/tags/')
+      shell: pwsh
+        $ErrorActionPreference = "Stop"
+
+        $keyPath = Join-Path $env:TEMP "appcast-key.pem"
+        $key = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($env:APPCAST_SIGNATURE_KEY_BASE64))
+        Set-Content -Path $keyPath -Value $key
+
+        $oldAppCastPath = Join-Path $env:TEMP "appcast.old.xml"
+        & gsutil cp $env:APPCAST_GCS_URI $oldAppCastPath
+        if ($LASTEXITCODE -ne 0) { throw "Failed to download appcast" }
+
+        $newAppCastPath = Join-Path $env:TEMP "appcast.new.xml"
+        $newAppCastSignaturePath = $newAppCastPath + ".signature"
+        & ./scripts/Update-AppCast.ps1 `
+          -tag "${{ github.ref_name }}" `
+          -version "${{ steps.version.outputs.VERSION }}" `
+          -channel stable `
+          -x64Path "${{ steps.release.outputs.X64_OUTPUT_PATH }}" `
+          -arm64Path "${{ steps.release.outputs.ARM64_OUTPUT_PATH }}" `
+          -keyPath $keyPath `
+          -inputAppCastPath $oldAppCastPath `
+          -outputAppCastPath $newAppCastPath `
+          -outputAppCastSignaturePath $newAppCastSignaturePath
+        if ($LASTEXITCODE -ne 0) { throw "Failed to generate new appcast" }
+
+        & gsutil cp $newAppCastPath $env:APPCAST_GCS_URI
+        if ($LASTEXITCODE -ne 0) { throw "Failed to upload new appcast" }
+        & gsutil cp $newAppCastSignaturePath $env:APPCAST_SIGNATURE_GCS_URI
+        if ($LASTEXITCODE -ne 0) { throw "Failed to upload new appcast signature" }
+      env:
+        APPCAST_GCS_URI: gs://releases.coder.com/coder-desktop/windows/appcast.xml
+        APPCAST_SIGNATURE_GCS_URI: gs://releases.coder.com/coder-desktop/windows/appcast.xml.signature
+        APPCAST_SIGNATURE_KEY_BASE64: ${{ secrets.APPCAST_SIGNATURE_KEY_BASE64 }}
+        GCLOUD_ACCESS_TOKEN: ${{ steps.gcloud_auth.outputs.access_token }}
+
   winget:
     runs-on: depot-windows-latest
     needs: release
@@ -177,7 +217,6 @@ jobs:
           # to GitHub and then making a PR in a different repo.
           WINGET_GH_TOKEN: ${{ secrets.CDRCI_GITHUB_TOKEN }}
 
-
       - name: Comment on PR
         run: |
           # wait 30 seconds

.gitignore

@@ -411,3 +411,12 @@ publish
 *.wixmdb
 *.wixprj
 *.wixproj
+
+appcast.xml
+appcast.xml.signature
+*.key
+*.key.*
+*.pem
+*.pem.*
+*.pub
+*.pub.*

App/Assets/changelog.css

@@ -6,6 +6,8 @@
 
     Changes:
       - Removed @media queries in favor of requiring `[data-theme]` attributes
+        on the body themselves
+      - Overrides `--bgColor-default` to transparent
 */
 
 .markdown-body {
@@ -19,8 +21,10 @@
   --base-text-weight-semibold: 600;
   --fontStack-monospace: ui-monospace, SFMono-Regular, SF Mono, Menlo, Consolas, Liberation Mono, monospace;
   --fgColor-accent: Highlight;
+
+  --bgColor-default: transparent !important;
 }
-.markdown-body[data-theme="dark"] {
+body[data-theme="dark"] .markdown-body {
   /* dark */
   color-scheme: dark;
   --focus-outlineColor: #1f6feb;
@@ -74,7 +78,7 @@
   --color-prettylights-syntax-meta-diff-range: #d2a8ff;
   --color-prettylights-syntax-sublimelinter-gutter-mark: #3d444d;
 }
-.markdown-body[data-theme="light"] {
+body[data-theme=""] .markdown-body {
   /* light */
   color-scheme: light;
   --focus-outlineColor: #0969da;

App/Services/UpdateController.cs

@@ -1,6 +1,7 @@
 using System;
 using System.Collections.Generic;
 using System.ComponentModel.DataAnnotations;
+using System.Runtime.InteropServices;
 using System.Threading;
 using System.Threading.Tasks;
 using Coder.Desktop.App.ViewModels;
@@ -43,7 +44,7 @@ public class UpdaterConfig
     public bool EnableUpdater { get; set; } = true;
     //[Required] public string UpdateAppCastUrl { get; set; } = "https://releases.coder.com/coder-desktop/windows/appcast.xml";
     [Required] public string UpdateAppCastUrl { get; set; } = "http://localhost:8000/appcast.xml";
-    [Required] public string UpdatePublicKeyBase64 { get; set; } = "Uxc0ir6j3GMhkL5D1O/W3lsD4BNk5puwM9hohNfm32k=";
+    [Required] public string UpdatePublicKeyBase64 { get; set; } = "NNWN4c+3PmMuAf2G1ERLlu0EwhzHfSiUugOt120hrH8=";
     public UpdateChannel? ForcedUpdateChannel { get; set; } = null;
 }
 
@@ -83,8 +84,7 @@ public SparkleUpdateController(ILogger<SparkleUpdateController> logger, IOptions
         // Swift's Sparkle does not support verifying app cast signatures yet,
         // but we use this functionality on Windows for added security against
         // malicious release notes.
-        // TODO: REENABLE STRICT CHECKING
-        var checker = new Ed25519Checker(SecurityMode.Unsafe,
+        var checker = new Ed25519Checker(SecurityMode.Strict,
             publicKey: _config.UpdatePublicKeyBase64,
             readFileBeingVerifiedInChunks: true);
 
@@ -93,7 +93,7 @@ public SparkleUpdateController(ILogger<SparkleUpdateController> logger, IOptions
             // TODO: custom Configuration for persistence, could just specify
             //       our own save path with JSONConfiguration TBH
             LogWriter = new CoderSparkleLogger(logger),
-            AppCastHelper = new CoderSparkleAppCastHelper(logger, _config.ForcedUpdateChannel),
+            AppCastHelper = new CoderSparkleAppCastHelper(_config.ForcedUpdateChannel),
             UIFactory = uiFactory,
             UseNotificationToast = uiFactory.CanShowToastMessages(),
             RelaunchAfterUpdate = true,
@@ -103,7 +103,7 @@ public SparkleUpdateController(ILogger<SparkleUpdateController> logger, IOptions
 
         // TODO: user preference for automatic checking. Remember to
         //       StopLoop/StartLoop if it changes.
-#if !DEBUG || true
+#if !DEBUG
         _ = _sparkle.StartLoop(true, UpdateCheckInterval);
 #endif
     }
@@ -157,22 +157,20 @@ public void PrintMessage(string message, params object[]? arguments)
     }
 }
 
-public class CoderSparkleAppCastHelper : AppCastHelper
+public class CoderSparkleAppCastHelper(UpdateChannel? forcedChannel) : AppCastHelper
 {
-    private readonly UpdateChannel? _forcedChannel;
-
-    public CoderSparkleAppCastHelper(ILogger<SparkleUpdateController> logger, UpdateChannel? forcedChannel) : base()
-    {
-        _forcedChannel = forcedChannel;
-    }
+    // This might return some other OS if the user compiled the app for some
+    // different arch, but the end result is the same: no updates will be found
+    // for that arch.
+    private static string CurrentOperatingSystem => $"win-{RuntimeInformation.ProcessArchitecture.ToString().ToLowerInvariant()}";
 
     public override List<AppCastItem> FilterUpdates(List<AppCastItem> items)
     {
         items = base.FilterUpdates(items);
 
-        // TODO: factor in user choice too once we have a settings page
-        var channel = _forcedChannel ?? UpdateChannel.Stable;
-        return items.FindAll(i => i.Channel != null && i.Channel == channel.ChannelName());
+        // TODO: factor in user channel choice too once we have a settings page
+        var channel = forcedChannel ?? UpdateChannel.Stable;
+        return items.FindAll(i => i.Channel == channel.ChannelName() && i.OperatingSystem == CurrentOperatingSystem);
     }
 }
 

App/ViewModels/UpdaterUpdateAvailableViewModel.cs

@@ -189,7 +189,6 @@ public async Task Changelog_Loaded(object sender, RoutedEventArgs e)
         settings.IsStatusBarEnabled = false;
 
         // Hijack navigation to prevent links opening in the web view.
-        // TODO: block new windows as well
         webView.CoreWebView2.NavigationStarting += (_, e) =>
         {
             // webView.NavigateToString uses data URIs, so allow those to work.
@@ -203,6 +202,14 @@ public async Task Changelog_Loaded(object sender, RoutedEventArgs e)
             if (Uri.TryCreate(e.Uri, UriKind.Absolute, out var uri) && uri is { Scheme: "http" or "https" })
                 Process.Start(new ProcessStartInfo(e.Uri) { UseShellExecute = true });
         };
+        webView.CoreWebView2.NewWindowRequested += (_, e) =>
+        {
+            // Prevent new windows from being launched (e.g. target="_blank").
+            e.Handled = true;
+            // Launch HTTP or HTTPS URLs in the default browser.
+            if (Uri.TryCreate(e.Uri, UriKind.Absolute, out var uri) && uri is { Scheme: "http" or "https" })
+                Process.Start(new ProcessStartInfo(e.Uri) { UseShellExecute = true });
+        };
 
         var html = await ChangelogHtml(CurrentItem);
         webView.NavigateToString(html);

scripts/Create-AppCastSigningKey.ps1

@@ -0,0 +1,27 @@
+# This is mostly just here for reference.
+#
+# Usage: Create-AppCastSigningKey.ps1 -outputKeyPath <path>
+param (
+    [Parameter(Mandatory = $true)]
+    [string] $outputKeyPath
+)
+
+$ErrorActionPreference = "Stop"
+
+& openssl.exe genpkey -algorithm ed25519 -out $outputKeyPath
+if ($LASTEXITCODE -ne 0) { throw "Failed to generate ED25519 private key" }
+
+# Export the public key in DER format
+$pubKeyDerPath = "$outputKeyPath.pub.der"
+& openssl.exe pkey -in $outputKeyPath -pubout -outform DER -out $pubKeyDerPath
+if ($LASTEXITCODE -ne 0) { throw "Failed to export ED25519 public key" }
+
+# Remove the DER header to get the actual key bytes
+$pubBytes = [System.IO.File]::ReadAllBytes($pubKeyDerPath)[-32..-1]
+Remove-Item $pubKeyDerPath
+
+# Base64 encode and print
+Write-Output "NetSparkle formatted public key:"
+Write-Output ([Convert]::ToBase64String($pubBytes))
+Write-Output ""
+Write-Output "Private key written to $outputKeyPath"

scripts/Get-Mutagen.ps1

@@ -5,6 +5,8 @@ param (
     [string] $arch
 )
 
+$ErrorActionPreference = "Stop"
+
 function Download-File([string] $url, [string] $outputPath, [string] $etagFile) {
     Write-Host "Downloading '$url' to '$outputPath'"
     # We use `curl.exe` here because `Invoke-WebRequest` is notoriously slow.

scripts/Get-WindowsAppSdk.ps1

@@ -5,6 +5,8 @@ param (
     [string] $arch
 )
 
+$ErrorActionPreference = "Stop"
+
 function Download-File([string] $url, [string] $outputPath, [string] $etagFile) {
     Write-Host "Downloading '$url' to '$outputPath'"
     # We use `curl.exe` here because `Invoke-WebRequest` is notoriously slow.

scripts/Update-AppCast.ps1

@@ -0,0 +1,194 @@
+# Updates appcast.xml and appcast.xml.signature for a given release.
+#
+# Requires openssl.exe. You can install it via winget:
+#   winget install ShiningLight.OpenSSL.Light
+#
+# Usage: Update-AppCast.ps1
+#          -tag <tag>
+#          -version <version>
+#          -channel <stable|preview>
+#          -x64Path <path>
+#          -arm64Path <path>
+#          -keyPath <path>
+#          -inputAppCastPath <path>
+#          -outputAppCastPath <path>
+#          -outputAppCastSignaturePath <path>
+param (
+    [Parameter(Mandatory = $true)]
+    [string] $tag,
+
+    [Parameter(Mandatory = $true)]
+    [string] $version,
+
+    [Parameter(Mandatory = $true)]
+    [ValidateSet('stable', 'preview')]
+    [string] $channel,
+
+    [Parameter(Mandatory = $false)]
+    [string] $pubDate = (Get-Date).ToUniversalTime().ToString("ddd, dd MMM yyyy HH:mm:ss +0000"),
+
+    [Parameter(Mandatory = $true)]
+    [ValidateScript({ Test-Path $_ })]
+    [string] $x64Path,
+
+    [Parameter(Mandatory = $true)]
+    [ValidateScript({ Test-Path $_ })]
+    [string] $arm64Path,
+
+    [Parameter(Mandatory = $true)]
+    [ValidateScript({ Test-Path $_ })]
+    [string] $keyPath,
+
+    [Parameter(Mandatory = $false)]
+    [ValidateScript({ Test-Path $_ })]
+    [string] $inputAppCastPath = "appcast.xml",
+
+    [Parameter(Mandatory = $false)]
+    [string] $outputAppCastPath = "appcast.xml",
+
+    [Parameter(Mandatory = $false)]
+    [string] $outputAppCastSignaturePath = "appcast.xml.signature"
+)
+
+$ErrorActionPreference = "Stop"
+
+$repo = "coder/coder-desktop-windows"
+
+function Get-Ed25519Signature {
+    param (
+        [Parameter(Mandatory = $true)]
+        [ValidateScript({ Test-Path $_ })]
+        [string] $path
+    )
+
+    # Use a temporary file. We can't just pipe directly because PowerShell
+    # operates with strings for third party commands.
+    $tempPath = Join-Path $env:TEMP "coder-desktop-temp.bin"
+    & openssl.exe pkeyutl -sign -inkey $keyPath -rawin -in $path -out $tempPath
+    if ($LASTEXITCODE -ne 0) { throw "Failed to sign file: $path" }
+    $signature = [Convert]::ToBase64String([System.IO.File]::ReadAllBytes($tempPath))
+    Remove-Item -Force $tempPath
+    return $signature
+}
+
+# Retrieve the release notes from the GitHub releases API
+$releaseNotesMarkdown = & gh.exe release view $tag `
+    --json body `
+    --jq ".body"
+if ($LASTEXITCODE -ne 0) { throw "Failed to retrieve release notes markdown" }
+$releaseNotesMarkdown = $releaseNotesMarkdown -replace "`r`n", "`n"
+$releaseNotesMarkdownPath = Join-Path $env:TEMP "coder-desktop-release-notes.md"
+Set-Content -Path $releaseNotesMarkdownPath -Value $releaseNotesMarkdown -Encoding UTF8
+
+Write-Output "---- Release Notes Markdown -----"
+Get-Content $releaseNotesMarkdownPath
+Write-Output "---- End of Release Notes Markdown ----"
+Write-Output ""
+
+# Convert the release notes markdown to HTML using the GitHub API to match
+# GitHub's formatting
+$releaseNotesHtmlPath = Join-Path $env:TEMP "coder-desktop-release-notes.html"
+& gh.exe api `
+    --method POST `
+    -H "Accept: application/vnd.github+json" `
+    -H "X-GitHub-Api-Version: 2022-11-28" `
+    /markdown `
+    -F "text=@$releaseNotesMarkdownPath" `
+    -F "mode=gfm" `
+    -F "context=$repo" `
+    > $releaseNotesHtmlPath
+if ($LASTEXITCODE -ne 0) { throw "Failed to convert release notes markdown to HTML" }
+
+Write-Output "---- Release Notes HTML -----"
+Get-Content $releaseNotesHtmlPath
+Write-Output "---- End of Release Notes HTML ----"
+Write-Output ""
+
+[xml] $appCast = Get-Content $inputAppCastPath
+
+# Set up namespace manager for sparkle: prefix
+$nsManager = New-Object System.Xml.XmlNamespaceManager($appCast.NameTable)
+$nsManager.AddNamespace("sparkle", "http://www.andymatuschak.org/xml-namespaces/sparkle")
+
+# Find the matching channel item
+$channelItem = $appCast.SelectSingleNode("//item[sparkle:channel='$channel']", $nsManager)
+if ($null -eq $channelItem) {
+    throw "Could not find channel item for channel: $channel"
+}
+
+# Update the item properties
+$channelItem.title = $tag
+$channelItem.pubDate = $pubDate
+$channelItem.SelectSingleNode("sparkle:version", $nsManager).InnerText = $version
+$channelItem.SelectSingleNode("sparkle:shortVersionString", $nsManager).InnerText = $version
+$channelItem.SelectSingleNode("sparkle:fullReleaseNotesLink", $nsManager).InnerText = "https://github.com/$repo/releases"
+
+# Set description with proper line breaks
+$descriptionNode = $channelItem.SelectSingleNode("description")
+$descriptionNode.InnerXml = "" # Clear existing content
+$cdata = $appCast.CreateCDataSection([System.IO.File]::ReadAllText($releaseNotesHtmlPath))
+$descriptionNode.AppendChild($cdata) | Out-Null
+
+# Remove existing enclosures
+$existingEnclosures = $channelItem.SelectNodes("enclosure")
+foreach ($enclosure in $existingEnclosures) {
+    $channelItem.RemoveChild($enclosure) | Out-Null
+}
+
+# Add new enclosures
+$enclosures = @(
+    @{
+        path = $x64Path
+        os   = "win-x64"
+    },
+    @{
+        path = $arm64Path
+        os   = "win-arm64"
+    }
+)
+foreach ($enclosure in $enclosures) {
+    $fileName = Split-Path $enclosure.path -Leaf
+    $url = "https://github.com/$repo/releases/download/$tag/$fileName"
+    $fileSize = (Get-Item $enclosure.path).Length
+    $signature = Get-Ed25519Signature $enclosure.path
+
+    $newEnclosure = $appCast.CreateElement("enclosure")
+    $newEnclosure.SetAttribute("url", $url)
+    $newEnclosure.SetAttribute("type", "application/x-msdos-program")
+    $newEnclosure.SetAttribute("length", $fileSize)
+
+    # Set namespaced attributes
+    $sparkleNs = $nsManager.LookupNamespace("sparkle")
+    $attrs = @{
+        "os"                 = $enclosure.os
+        "version"            = $version
+        "shortVersionString" = $version
+        "criticalUpdate"     = "false"
+        "edSignature"        = $signature # NetSparkle prefers edSignature over signature
+    }
+    foreach ($key in $attrs.Keys) {
+        $attr = $appCast.CreateAttribute("sparkle", $key, $sparkleNs)
+        $attr.Value = $attrs[$key]
+        $newEnclosure.Attributes.Append($attr) | Out-Null
+    }
+
+    $channelItem.AppendChild($newEnclosure) | Out-Null
+}
+
+# Save the updated XML. Convert CRLF to LF since CRLF seems to break NetSparkle
+$appCast.Save($outputAppCastPath)
+$content = [System.IO.File]::ReadAllText($outputAppCastPath)
+$content = $content -replace "`r`n", "`n"
+[System.IO.File]::WriteAllText($outputAppCastPath, $content)
+
+Write-Output "---- Updated appcast -----"
+Get-Content $outputAppCastPath
+Write-Output "---- End of updated appcast ----"
+Write-Output ""
+
+# Generate the signature for the appcast itself
+$appCastSignature = Get-Ed25519Signature $outputAppCastPath
+[System.IO.File]::WriteAllText($outputAppCastSignaturePath, $appCastSignature)
+Write-Output "---- Updated appcast signature -----"
+Get-Content $outputAppCastSignaturePath
+Write-Output "---- End of updated appcast signature ----"