diff --git a/.github/CONTRIBUTING.md b/.github/CONTRIBUTING.md
index 4547fb8df..93066b9d9 100644
--- a/.github/CONTRIBUTING.md
+++ b/.github/CONTRIBUTING.md
@@ -3,7 +3,7 @@
## Did you find a bug?
- Ensure you're running the latest version of Cryptomator.
-- Ensure the bug is related to the desktop version of Cryptomator. Bugs concerning the Cryptomator iOS and Android app can be reported on the [Cryptomator for iOS issues list](https://github.com/cryptomator/cryptomator-ios/issues) and [Cryptomator for Android issues list](https://github.com/cryptomator/cryptomator-android/issues) respectively.
+- Ensure the bug is related to the desktop version of Cryptomator. Bugs concerning the Cryptomator iOS and Android app can be reported on the [Cryptomator for iOS issues list](https://github.com/cryptomator/ios/issues) and [Cryptomator for Android issues list](https://github.com/cryptomator/android/issues) respectively.
- Ensure the bug was not [already reported](https://github.com/cryptomator/cryptomator/issues). You can also check out our [FAQ](https://community.cryptomator.org/c/kb/faq).
- If you're unable to find an open issue addressing the problem, [submit a new one](https://github.com/cryptomator/cryptomator/issues/new/choose).
@@ -16,6 +16,10 @@
- Suggest your change by [submitting a new issue](https://github.com/cryptomator/cryptomator/issues/new/choose) and start writing code.
+## Do you intend to add a new translation or change an existing one?
+
+Translations are not managed directly in this repository. Instead, we use [Crowdin](https://translate.cryptomator.org/), which automatically synchronizes translations with this repository. If you want to help us with translations, please visit our translation project on Crowdin.
+
## Code of Conduct
Help us keep Cryptomator open and inclusive. Please read and follow our [Code of Conduct](https://github.com/cryptomator/cryptomator/blob/develop/.github/CODE_OF_CONDUCT.md).
diff --git a/.github/ISSUE_TEMPLATE/bug.yml b/.github/ISSUE_TEMPLATE/bug.yml
index 70bf9654f..abb1b4a92 100644
--- a/.github/ISSUE_TEMPLATE/bug.yml
+++ b/.github/ISSUE_TEMPLATE/bug.yml
@@ -1,7 +1,14 @@
name: Bug Report
description: Create a report to help us improve
-labels: ["type:bug"]
+type: "Bug"
body:
+ - type: input
+ id: summary
+ attributes:
+ label: Summary
+ placeholder: Please summarize your problem.
+ validations:
+ required: true
- type: checkboxes
id: terms
attributes:
@@ -11,13 +18,6 @@ body:
required: true
- label: I agree to follow this project's [Code of Conduct](https://github.com/cryptomator/cryptomator/blob/develop/.github/CODE_OF_CONDUCT.md)
required: true
- - type: input
- id: summary
- attributes:
- label: Summary
- placeholder: Please summarize your problem.
- validations:
- required: true
- type: textarea
id: software-versions
attributes:
@@ -26,6 +26,7 @@ body:
Examples:
- Operating System: Windows 10
- Cryptomator: 1.5.16
+ - OneDrive: 23.226
- LibreOffice: 7.1.4
value: |
- Operating System:
@@ -37,12 +38,18 @@ body:
id: volume-type
attributes:
label: Volume Type
- description: What is selected under Settings → Virtual Drive?
- multiple: true
+ description: What volume type is selected under Settings → Virtual Drive?
options:
+ - WinFsp
+ - WinFsp (Local Drive)
+ - FUSE-T
+ - macFUSE
- FUSE
- - Dokany
- - WebDAV
+ - WebDAV (Windows Explorer)
+ - WebDAV (AppleScript)
+ - WebDAV (gio)
+ - WebDAV (HTTP Address)
+ - Dokany (1.5)
validations:
required: false
- type: textarea
diff --git a/.github/ISSUE_TEMPLATE/feature.yml b/.github/ISSUE_TEMPLATE/feature.yml
index 652f27234..826f3410a 100644
--- a/.github/ISSUE_TEMPLATE/feature.yml
+++ b/.github/ISSUE_TEMPLATE/feature.yml
@@ -1,7 +1,14 @@
name: Feature Request
description: Suggest an idea for this project
-labels: ["type:feature-request"]
+type: "Feature"
body:
+ - type: input
+ id: summary
+ attributes:
+ label: Summary
+ placeholder: Please summarize your feature request.
+ validations:
+ required: true
- type: checkboxes
id: terms
attributes:
@@ -11,13 +18,6 @@ body:
required: true
- label: I agree to follow this project's [Code of Conduct](https://github.com/cryptomator/cryptomator/blob/develop/.github/CODE_OF_CONDUCT.md)
required: true
- - type: input
- id: summary
- attributes:
- label: Summary
- placeholder: Please summarize your feature request.
- validations:
- required: true
- type: textarea
id: motivation
attributes:
diff --git a/.github/SECURITY.md b/.github/SECURITY.md
index 7cc13ff3c..8c3d2a7d5 100644
--- a/.github/SECURITY.md
+++ b/.github/SECURITY.md
@@ -2,123 +2,25 @@
## Reporting a Vulnerability
-For reporting security-related vulnerabilities or exploits that [haven't been reported yet](https://github.com/cryptomator/cryptomator/labels/type%3Asecurity-issue), contact us at: security@cryptomator.org
+We take security seriously at Cryptomator. We appreciate your efforts to responsibly disclose your findings, and will make every effort to acknowledge your contributions.
-
-PGP Key
+To report a security vulnerability, please use the [GitHub Security Advisory feature](https://github.com/cryptomator/cryptomator/security/advisories). This feature allows you to privately discuss, fix, and publish information about security vulnerabilities.
-```
------BEGIN PGP PUBLIC KEY BLOCK-----
-Comment: GPGTools - https://gpgtools.org
+If you prefer to report the vulnerability via email, please send an email to security@cryptomator.org.
-mQINBFbgeicBEADM9AcU6DTgM5KZnBaJc6x9DBLr+TCMHntTt7YM9GLTlO2Z43Jt
-oYoyqdRWAY28veqpLEFgRvvVD3fdBj/KUOxF1cr2JsErwXqbjwaLq0o/0KIXz7UK
-a6pQSemZKfpOtJrfacofOTwvG6AuG9uakBYNMyxuojyOkoh3xsYS1KZ7TwPgCdET
-t8/zva41Pa5kh5+GeSZJdCuygG6ynPBJEpmK5V7Qizvics5fziXecF+QaFZijafv
-YahfxokvF9pXCQTmV4m57NQma9uK0w83U9nJCPjEd+x3wK0Hxrc1ojy8ZFTA1YND
-AQg/MTABgHbQQkXDQhjS/TloOObqtbMBqNSbcSXpaR4teaCWKBl1MSq00nJLj8db
-vPJGqfg7UbXhlALggp029/kskYlR5SmbxWquLbl0Xre3fDHuHEiWcJL6MS3454Wt
-Mno13/4UhOlRFh5g0pLmPz7seOTJjDqc9abn/RXOLq0+3qX0gC0bDm5aCE5dQ2MV
-FMbrrlw/dZESNLZvtB3gOsramSry1R3HVZ0QJ2vMaF2cxewebqcYbuecUNj6bxpv
-5LEhEmqz6dG1meLLWDsvQLPEUWEIJnfpBiDSm342yxJq4pXnVF+aqAQsCL3FpmvZ
-2j0FgFOs7iXOcFUJIiR0xUmWPk1NWYcUowqmRW8pMM9nFUzFF99iggPznwARAQAB
-tC1DcnlwdG9tYXRvciBTdXBwb3J0IDxzdXBwb3J0QGNyeXB0b21hdG9yLm9yZz6J
-AkAEEwEKACoCGwMFCQcrKAAFCwkIBwMFFQoJCAsFFgIDAQACHgECF4AFAleu2cQC
-GQEACgkQI7Xb75TU2B3+7A/7BKRWdo5/moCCEbBzYQ7vRMLFdwmjFFlSZ7aGC0fP
-YHdeUwxPbO0cATwmNpGMma7rBn1FDg3Vto6/wottGxm+XIRwlyY84CD1VZAihZ/e
-WvjOO28/7VgRy6PGKzlhpDSoT8GwFOgO69e7bEff1Zj562RZe7nXc4tDivILMB++
-KgmmSgtddygmNQCS3RD3KssGo+l+cSjsg09F5WAJ6nQe8Jq2hICq+o/P6UXPI5lX
-bhvWYDn4/8sRHsIlGpQYYDDe0fz7IQKuSLAHpF5upNDxj6dYb05F8PPVrk6MW6nL
-/kf1fZ27DlLN5/NFvhhBRuwxxoAFqPS7Iel3z7L0JkRUYmGLVB5m9Cqiw6FK8JRv
-OtvakdDoKb5lVAoN5NeBfNBSqEcXVF/EdfTfIyyo7hZRA6xFMEVbmYbzt0sj0djV
-ZOey2TOFrTCpkHfUUDgKvk5sn+F3u8mmPIbqquEzlFJSFjcyiYYDv22rg1In+zKV
-Xmw4BFZRDS6IVSQRGlskRGJBixCaGyDYxHXXT2cg4Rk9uiCX11+0E9qlAsg6xPe6
-rnaYDT8dU0AFyVpDpshflXH3kVQSpiqZS3jkAk1/54ODO8pE80Zrnd5m5AMuNcmX
-+9MkZKE+h0882UskDs1dyt26GU2hoy4lAeRUaut7zIK/WO6nnuLaTvGWT95RDz+q
-kD2JAiIEEwEKAAwFAleu2iYFgweGH4AACgkQZnuGbqgkCgnmCA//U22uhyEC/Tp3
-Cbt5lctQmqbgMbjRBaHQyW52tPFMaq8vXMbo/5TTtVC6xsp2PJT84cxAd8KX8hWq
-cPtF4wWCJGng/AzyxQ5dWfGvA/ll32ygjtJN3P/AvA9KlhG+6XYmS8cPkBkJBi6B
-2yCdZT1cXc/TPAFzjgAwz7K9g3awG0OeOc/CXymH0DD/snkiwKQoucStolYywZGc
-GszjMQgeT4zOc1wtEz24uL3dMNDlDcQMAh56YvK2oB0iMYmAFyX/IS+f2bM9paXi
-HX+mg/z53iwgf5ZXbslNDbMTJ5GNksjEGjCFfDHAdNdgT+lcW4l2U7q4PYUaN4LA
-DE9j2OlOlQ9qjucOgoCStirnTP7XHd4p31lgdz8+THOQowB5Ji95OkiNQAFCfxBt
-mcA/bWnJZQDm7L8RVzHovBpAaK6vUjxEvR+DXdESSzyZwkpsZwGZcyqGRT26R1/L
-JE5WvjKufNc5v3Cat320MjyrLZwVGRgvEpDMoCw3nTWl9AtOj5vgaakEWr7AnqET
-xk7UFbYmdTlQqkWuLKubz9Rx/FbrBmvd6vwTHy1Dfl6QyMWNCClatgN00Hxped/6
-CErg+R/RXd8apGxnOuWDqoujPn5LOHzgJolp1Ox16nTiZe2G+LbDr3hqRFi1wW6w
-ioMB4KpkdA03uyxJSWmDEMiR1l3Oxom0KUNyeXB0b21hdG9yIFByZXNzIDxwcmVz
-c0BjcnlwdG9tYXRvci5vcmc+iQI9BBMBCgAnBQJXrtnDAhsDBQkHKygABQsJCAcD
-BRUKCQgLBRYCAwEAAh4BAheAAAoJECO12++U1NgdQYMQAKCIzNJF8rURQcFLSv3J
-sPBjRy2HCzCWm21MuhU+bsaZx7U9M9dgEjzLfxN9s19VsBH3WKLgok2FgiYSGka3
-6Oy/P8VFLFmHs7dS9i2fro2eF7i4zj/ZD/9t0jM4ZIgLpbzr5sTBld292nsfXGob
-xOJeOx3oWYyR2FO9VQxXjC3JvJyZkFgoy0tauS4Mvii4cF56wJGcxDTbe1s7UaRC
-a/fh4zgISZSBE3rYhCawkN4mqMDM5RDjrdtjKUPWk345HcjjQ4Wos8xw4YbGbNr9
-Pc7m2URYJJ0jFM4tnoRF6cmA3bT9tm8pcOFg+K/ycVrltVEy+A8Wj8UGjyP1uI1t
-EqWHN3LZpIGfW0w9AGrw7OUI9czXcukfngj/DsOU3WMBDIM8pW9+zBpr75yIS6lz
-C0IqksLXSqX0b/Rby4O+wb6UZ1ZFkaim2GGtAZV+nGXtdnEXSNFiP7ykzjZ02m/1
-7CKyj3VmdAgT56zEIypFSfxm9gOWsJPmfhSyuE8bFyoitgNxpheZk6xZy4upVMPR
-WK3hutScU0yDv2HVCiA3o3Ggy42nmz9HpGF6W2DmBx4bhMaVs6I2VFyKdQzmJD/3
-FCWjwz8PiEgVGHGPnD+WdPFLhrc/44gF4h/VuLjkubtULGuTVvgjeTIJ5LR1Gmwc
-YOk6eD7MAJPzJVj5/PYFtIbKiQIiBBMBCgAMBQJXrtonBYMHhh+AAAoJEGZ7hm6o
-JAoJBh4P/1w88YMTKUHpFTfJEwH2hK36BZN96Bf/k+vP7n1Xxp3NheInJblHFOt/
-ccsup6am+APrk8gGtlIVmtVc3nO8WMsWxfJxGDecyRsNbessnODv/llyg3tzVU/H
-tLk7gLiK0TcIsOLfeNXGTxRRSKWjVFsNfuixNCzzHa7tFq6ddVn9VRZ8fqJB2p21
-OogWSDqUo9q9Wfb4RkYHguDx+8Jzoo/MxR1TSt8gUO2xDvEbqgeQiMCLF8R0lO3Y
-zz0FrpyOsFU1CxVp+wo55bWv1UdwgQKQt4o0m5/zDJ2RAtscXpd4YcTE+XxKeK+4
-qhihhkhLGpKsxzK5m9/qwMbodHwoBCBzfalkUR9xOq9yQIeEoC8XYL62NqB3BCSU
-KfWFIHxUkE9WH5zHWaV+bhrlNgk7nz3xBfPf1P2mNIc1VUHoNqOZOmWwz2VaKLSW
-f3GIqx9wGythFbLdXmUoC3W//DDYgQnvImvkncMqQ5nRHPf8uHcLQK5WZyIxpgWT
-eKon5G/cj0BTptcBhapMwSIyfaC5FV7so0/CkOA6R9Fyq2VpGoHy7XPhFS+6ieLi
-KUWhCvbuf2deWbSaJ0peMdzy1p72UXwrsEM0M3Fz+Jd8zvCaFzf5Fx27+pAAdlfg
-4bT3/2gSf7S+cU3+DnYOH0NeRt2Z2mjEKg9OwttTO/oDboQHdZlrtDRDcnlwdG9t
-YXRvciBTZWN1cml0eS1UZWFtIDxzZWN1cml0eUBjcnlwdG9tYXRvci5vcmc+iQI9
-BBMBCgAnBQJXrtnWAhsDBQkHKygABQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJ
-ECO12++U1NgddzoQAI78+Nvm6VvNuptXJjEmrpHRyKCnHF9wH5kxvF8WZCgpOkJ4
-vONmyS+9ZlepnT83MpGm/MzdIMCnDJmDmqmA5ISBRcD7k9Gjzz5rPKwE2zDyo0M0
-wF1L2UEUqAlcvE0e4twZcP2DGoNqdSf6IaWsXhQMb1a/rTMsoGZLuTB8kCbv6Ntl
-ULahcRToTB2shsbZjzE896P6X5hDCfGWl0Jhcbf53pnXX1dOsEw3et9AGru1IUMs
-UGM+wpgTwagRj+XB/WY1x9IznKtiHTq83Fvt+3bkg0+NIcV3GDqXDIUtqIwy8gDd
-4KgBU+LkyxXFDa4OxLc53n6b+Iy1nDosM+SiqSzdCCgEs/dY1tQBn/7P1GT18dEe
-tFgeH/c6wLvEpDIc9urAsYXf8H+1uy7glWpWTq8DE0yhCr4adjCqlIsVHQQO4UUW
-NfqMGEFpJ+3HjSSwnvDGY78lLQh5d4vqWV435aNaMqZg0gJIA0FtiP1fRtmT73BG
-N/tBNiBxretFR4B+x/TWqPd5iJV7/MAn/pa1WSOcaxzJrVUsjXdgLQCqcHWd4/w1
-f4DU9cJjl3sxZlMdAlg8Q1bF+pmjQQ4WKZkqMtwpoUilfVXmL42ay1LBCgW68/uJ
-OTyGfp8ntUsbbm5raGsny3TLqnacyG9hxcPGNTzD1+MrbUvfsc7+4U0dCZTuiQIi
-BBMBCgAMBQJXrtonBYMHhh+AAAoJEGZ7hm6oJAoJ1DQP/R+1drZiZQU45ChMbfTb
-XQjJRsUOGZp3PTWtx4KrVFvE8ea0PF+DZX5gLJYIU+iZmPXRpzFu6dKPbcZ7RfRt
-5RRH102zDZzijt2CQd7YLO8wxUFoWX9X7DGgxXEcNjl9kFVmnyHgiTwTzuZ0Zy4y
-PvoiwrhcZmXEYbOeV40gLFie6wuzz5IIcs01e30xIs+1/1gwmgI5UnG3jveUgmcj
-f/lvg3POKiwrY5Uzw1FSruJx21X06wTpDcfOACID4L7aY9eg2B/qL2Xj8nuhejqG
-+1AVTMk2o6pxkvevHmxYQfEpuWGCw0RCBn9ObWwz6Zn5J9pjGbMrM+b1/M2Ouv3N
-cpoGgCSahKNsRMKO7RMrBG0jtLcasPSgZFYPJSZAAb+YhxKUbpPHzDIwTEjgM7CL
-gKSyRTKyp5IoFK53bpXL/ZIjkAhMvyDult6+BL6vI0+h3BBA9I0FF2Qhe139xLv/
-DS7aDiYAE9vGMGoeCBfxJPwUsDU3hrGe/wgL7fR6nmN7R2QffisBHKHsklORy9t3
-w3YFRd5sBAxv+EOcdkgXEmqKOfVQ8KU9adQcxPDGMAK/esjVwxUxsaf2PF5noxxW
-3zL2ureUO/mMoH5Cwr0BuM3HFb82t1JJd4IXlLEyNvDMFMwD2d7h37bGK7Y5hEsl
-zL7Dm+wQRY8sxg4QOZHbJjQXuQINBFbgeicBEADnkxGSEL1zwACaiVqADKC6/pgO
-MMWjxoENBT6r8Vnp1D5hfNDkEi9iXUpCEO6nzywBf3/4c4Yk1wBOBZ7YWyWXMf4v
-2g1evxELO5z1UlAwna6HSl7G0omIBqzz1Er5IS7C9WEZM8ZggwcuswCrbxfz4+fN
-t7cCL5QyOvuxez+vrn+VIgLQzKm+LV4Wc+OFbHIys+0saQUhItKO0/CsXGc8R314
-jdN5UsZk/MUdPPAs+6OCr8d3PpJvR6IST76TtN8aDjSS9T6em7dwdGFEwCGww3Jc
-xrAkvvUmSlscz+rnvHA5DYQGK6NXLenB40sVQVfch1r1VqwvlzA0u7OovjwM8+7u
-+DaBQ0YejbdnC7yfeE91LmZkG6jRKfvTJkv18tjNsgZsVmM13xzP67fCFIB9M+lN
-t9zEldGKHVwm+06FHIWJsBDRgrquNb9xd1vgHHeIbJvKf+LqZhVrbKVEneG34Km+
-ndtb+mvcGc0fOoMU9lYrFaxAWl8oU9BchC9IyjcPZB445R+AhfTuoHSUViSCo6IO
-TG0hQsJuNoKmDAU8l5sTsiFXuXBOo1wK8gTkRnhZHduZrZIjJXvT7efz1knLQ6eG
-prZHf4CtbgHyAe2XZabetWtCsFcPbOjC7ezNK57UvVH98h2GkckxOM00BESMCTee
-kYy7uG0v0rrajzHY1wARAQABiQIlBBgBCgAPBQJW4HonAhsMBQkHKygAAAoJECO1
-2++U1NgdyAsQAKZUVA6pY225BASkeNiW31L7K4VeRYpAdFkiRex2zQFtj9Vovfi1
-JeTs0fRm35dUsQraf1bkhsjEdPVZ3gD324/baauFO04KX+soyQvK/tUq8KO+5ALt
-Ul5aAljuSwxfJWFpApv+Mbf7gOjm+77jirs7pgG/gCow/mkRlmKTwAmn2DXjkckC
-2EH0mqmh5pdoNWKO7WeTFFbUmESsPcnB2FwTpEjHFvgHll+rmKpXZTgFYN4dDhhm
-HsL/SCf/Nw+YIsuvErQ9TJVdJDLG8ZYatruk7dZZMPtFxvxM1Q36gDIpPEOKPkvm
-dMXg6jHaIdYIaoMpzXFaXsQMdRuMtzbcA+CdwXVY55qGLtfmM/QuEiIJdDeeh7iB
-+VAMyEFOOpi8IFhixaeMoZAmrKDqOkzPcMJVklLYq8N+b9p5JszYNwZEbpyWCACM
-6K+iJzlWzW/OPZttGLJBgYuSYIJIuG80Cx5m5m1e5RAgQ1iT8nbfrS+gYttwP48J
-V7SXQg7QugxG9l1vlK4VjnXiOFulJ7V0e/VyUBpJp3qHcCxFq3RnxVwlIqKZh+jm
-Q1bk0H0Xodd27nQITfDP5ullByGW2Jrjs6SsXeR3jl9+t0XQfInU1L9d/wSOkMjL
-9IMUt06lV4vB/WP2xioqLZiZ4eAi0E+lWkFxjZsgNs2xbOAYRThMB8a5
-=W1Ri
------END PGP PUBLIC KEY BLOCK-----
-```
-
+PGP key fingerprint: `3647 9903 B23A E0A5 9359 9A3E 23B5 DBEF 94D4 D81D` ([public key](https://gist.github.com/cryptobot/864300b6b44ae2d2a15abedfe14bd040))
+
+## Expectations
+
+When reporting a vulnerability, please provide us with a detailed report that includes:
+
+- A description of the vulnerability
+- Steps to reproduce the vulnerability
+- Possible impact of the vulnerability
+- Any additional information that may be helpful
+
+We ask that you do not publicly disclose the vulnerability until we have had a chance to address it.
+
+## Thank You
+
+We appreciate your help in keeping Cryptomator secure. Thank you for your contributions to the security of our project.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 000000000..be3ba6a19
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,58 @@
+version: 2
+updates:
+ - package-ecosystem: "maven"
+ directory: "/"
+ schedule:
+ interval: "weekly"
+ day: "monday"
+ time: "06:00"
+ timezone: "Etc/UTC"
+ ignore:
+ - dependency-name: "org.cryptomator:integrations-api"
+ versions: ["2.0.0-alpha1"]
+ - dependency-name: "jakarta.inject:jakarta.inject-api"
+ versions: ["2.0.1.MR"]
+ - dependency-name: "org.openjfx:*"
+ update-types: ["version-update:semver-major"]
+ groups:
+ java-test-dependencies:
+ patterns:
+ - "org.junit.jupiter:*"
+ - "org.mockito:*"
+ - "org.hamcrest:*"
+ - "com.google.jimfs:jimfs"
+ maven-build-plugins:
+ patterns:
+ - "org.apache.maven.plugins:*"
+ - "org.jacoco:jacoco-maven-plugin"
+ - "org.owasp:dependency-check-maven"
+ - "me.fabriciorby:maven-surefire-junit5-tree-reporter"
+ - "org.codehaus.mojo:license-maven-plugin"
+ javafx:
+ patterns:
+ - "org.openjfx:*"
+ java-production-dependencies:
+ patterns:
+ - "*"
+ exclude-patterns:
+ - "org.openjfx:*"
+ - "org.apache.maven.plugins:*"
+ - "org.jacoco:jacoco-maven-plugin"
+ - "org.owasp:dependency-check-maven"
+ - "me.fabriciorby:maven-surefire-junit5-tree-reporter"
+ - "org.codehaus.mojo:license-maven-plugin"
+ - "org.junit.jupiter:*"
+ - "org.mockito:*"
+ - "org.hamcrest:*"
+ - "com.google.jimfs:jimfs"
+
+ - package-ecosystem: "github-actions"
+ directory: "/" # even for `.github/workflows`
+ schedule:
+ interval: "monthly"
+ groups:
+ github-actions:
+ patterns:
+ - "*"
+ labels:
+ - "misc:ci"
\ No newline at end of file
diff --git a/.github/no-response.yml b/.github/no-response.yml
deleted file mode 100644
index 090694a5b..000000000
--- a/.github/no-response.yml
+++ /dev/null
@@ -1,13 +0,0 @@
-# Configuration for probot-no-response - https://github.com/probot/no-response
-
-# Number of days of inactivity before an Issue is closed for lack of response
-daysUntilClose: 14
-# Label requiring a response
-responseRequiredLabel: state:awaiting-response
-# Comment to post when closing an Issue for lack of response. Set to `false` to disable
-closeComment: >
- This issue has been automatically closed because there has been no response
- to our request for more information from the original author. With only the
- information that is currently in the issue, we don't have enough information
- to take action. Please reach out if you have or find the answers we need so
- that we can investigate further.
diff --git a/.github/release.yml b/.github/release.yml
new file mode 100644
index 000000000..5ab2e03f7
--- /dev/null
+++ b/.github/release.yml
@@ -0,0 +1,29 @@
+# .github/release.yml
+# see https://docs.github.com/en/repositories/releasing-projects-on-github/automatically-generated-release-notes#configuring-automatically-generated-release-notes
+
+changelog:
+ exclude:
+ authors:
+ - cryptobot
+ - dependabot
+ - github-actions
+ categories:
+ - title: What's New 🎉
+ labels:
+ - type:feature-request
+ - type:enhancement
+ - title: Bugfixes 🐛
+ labels:
+ - type:security-issue
+ - type:bug
+ - type:minor-bug
+ - title: Other Changes 📎
+ labels:
+ - "*"
+ exclude:
+ labels:
+ - type:feature-request
+ - type:enhancement
+ - type:security-issue
+ - type:bug
+ - type:minor-bug
\ No newline at end of file
diff --git a/.github/stale.yml b/.github/stale.yml
deleted file mode 100644
index e32981b00..000000000
--- a/.github/stale.yml
+++ /dev/null
@@ -1,24 +0,0 @@
-# Number of days of inactivity before an issue becomes stale
-daysUntilStale: 365
-# Number of days of inactivity before a stale issue is closed
-daysUntilClose: 90
-# Issues with these labels will never be considered stale
-exemptLabels:
- - type:security-issue # never close automatically
- - type:feature-request # never close automatically
- - type:enhancement # never close automatically
- - type:upstream-bug # never close automatically
- - state:awaiting-response # handled by different bot
- - state:blocked
- - state:confirmed
-# Set to true to ignore issues in a milestone (defaults to false)
-exemptMilestones: true
-# Label to use when marking an issue as stale
-staleLabel: state:stale
-# Comment to post when marking an issue as stale. Set to `false` to disable
-markComment: >
- This issue has been automatically marked as stale because it has not had
- recent activity. It will be closed if no further activity occurs. Thank you
- for your contributions.
-# Comment to post when closing a stale issue. Set to `false` to disable
-closeComment: false
diff --git a/.github/workflows/appimage.yml b/.github/workflows/appimage.yml
index 4e81a4295..0d52b973c 100644
--- a/.github/workflows/appimage.yml
+++ b/.github/workflows/appimage.yml
@@ -10,7 +10,8 @@ on:
required: false
env:
- JAVA_VERSION: 19
+ JAVA_DIST: 'temurin'
+ JAVA_VERSION: '24.0.1+9'
jobs:
get-version:
@@ -20,51 +21,79 @@ jobs:
build:
name: Build AppImage
- runs-on: ubuntu-latest
+ runs-on: ${{ matrix.os }}
needs: [get-version]
+ strategy:
+ fail-fast: false
+ matrix:
+ include:
+ - os: ubuntu-latest
+ appimage-suffix: x86_64
+ openjfx-url: 'https://download2.gluonhq.com/openjfx/23.0.2/openjfx-23.0.2_linux-x64_bin-jmods.zip'
+ openjfx-sha: '063baebc6922e4a89c94b9dfb7a4f53e59e8d6fec400d4e670b31bc2ab324dec'
+ - os: ubuntu-24.04-arm
+ appimage-suffix: aarch64
+ openjfx-url: 'https://download2.gluonhq.com/openjfx/23.0.2/openjfx-23.0.2_linux-aarch64_bin-jmods.zip'
+ openjfx-sha: '9bbedaeae1590b69e2b22237bda310936df33e344dbc243bea2e86acaab3a0d8'
steps:
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
- name: Setup Java
- uses: actions/setup-java@v3
+ uses: actions/setup-java@v4
with:
- distribution: 'zulu'
+ distribution: ${{ env.JAVA_DIST }}
java-version: ${{ env.JAVA_VERSION }}
- java-package: 'jdk+fx'
+ check-latest: true
cache: 'maven'
- - name: Ensure major jfx version in pom equals in jdk
- shell: pwsh
+
+ - name: Download OpenJFX jmods
+ id: download-jmods
run: |
- $jfxPomVersion = (&mvn help:evaluate "-Dexpression=javafx.version" -q -DforceStdout) -split "\."
- $jfxJdkVersion = ((Get-Content -path "${env:JAVA_HOME}/lib/javafx.properties" | Where-Object {$_ -like 'javafx.version=*' }) -replace '.*=','') -split "\."
- if ($jfxPomVersion[0] -ne $jfxJdkVersion[0]) {
- Write-Error "Major part of JavaFX version in pom($($jfxPomVersion[0])) does not match the version in JDK($($jfxJdkVersion[0])) "
+ curl -L ${{ matrix.openjfx-url }} -o openjfx-jmods.zip
+ echo "${{ matrix.openjfx-sha }} openjfx-jmods.zip" | shasum -a256 --check
+ mkdir -p openjfx-jmods
+ unzip -j openjfx-jmods.zip \*/javafx.base.jmod \*/javafx.controls.jmod \*/javafx.fxml.jmod \*/javafx.graphics.jmod -d openjfx-jmods
+ - name: Ensure major jfx version in pom and in jmods is the same
+ run: |
+ JMOD_VERSION=$(jmod describe openjfx-jmods/javafx.base.jmod | head -1)
+ JMOD_VERSION=${JMOD_VERSION#*@}
+ JMOD_VERSION=${JMOD_VERSION%%.*}
+ POM_JFX_VERSION=$(mvn help:evaluate "-Dexpression=javafx.version" -q -DforceStdout)
+ POM_JFX_VERSION=${POM_JFX_VERSION#*@}
+ POM_JFX_VERSION=${POM_JFX_VERSION%%.*}
+
+ if [ $POM_JFX_VERSION -ne $JMOD_VERSION ]; then
+ >&2 echo "Major JavaFX version in pom.xml (${POM_JFX_VERSION}) != amd64 jmod version (${JMOD_VERSION})"
exit 1
- }
+ fi
- name: Set version
run : mvn versions:set -DnewVersion=${{ needs.get-version.outputs.semVerStr }}
- name: Run maven
- run: mvn -B clean package -Pdependency-check,linux -DskipTests
+ run: mvn -B clean package -Plinux -DskipTests -Djavafx.platform=linux
- name: Patch target dir
run: |
cp LICENSE.txt target
cp target/cryptomator-*.jar target/mods
+ - name: Run jlink with help option
+ id: jep-493-check
+ run: |
+ JMOD_PATHS="openjfx-jmods"
+ if ! ${JAVA_HOME}/bin/jlink --help | grep -q "Linking from run-time image enabled"; then
+ JMOD_PATHS="${JAVA_HOME}/jmods:${JMOD_PATHS}"
+ fi
+ echo "jmod_paths=${JMOD_PATHS}" >> "$GITHUB_OUTPUT"
- name: Run jlink
+ #Remark: no compression is applied for improved build compression later (here appimage)
run: >
${JAVA_HOME}/bin/jlink
--verbose
--output runtime
- --module-path "${JAVA_HOME}/jmods"
- --add-modules java.base,java.desktop,java.instrument,java.logging,java.naming,java.net.http,java.scripting,java.sql,java.xml,javafx.base,javafx.graphics,javafx.controls,javafx.fxml,jdk.unsupported,jdk.crypto.ec,jdk.security.auth,jdk.accessibility,jdk.management.jfr
+ --module-path "${{ steps.jep-493-check.outputs.jmod_paths }}"
+ --add-modules java.base,java.desktop,java.instrument,java.logging,java.naming,java.net.http,java.scripting,java.sql,java.xml,javafx.base,javafx.graphics,javafx.controls,javafx.fxml,jdk.unsupported,jdk.security.auth,jdk.accessibility,jdk.management.jfr,jdk.net,java.compiler
--strip-native-commands
--no-header-files
--no-man-pages
--strip-debug
- --compress=1
- - name: Prepare additional launcher
- run: envsubst '${SEMVER_STR} ${REVISION_NUM}' < dist/linux/launcher-gtk2.properties > launcher-gtk2.properties
- env:
- SEMVER_STR: ${{ needs.get-version.outputs.semVerStr }}
- REVISION_NUM: ${{ needs.get-version.outputs.revNum }}
+ --compress zip-0
- name: Run jpackage
run: >
${JAVA_HOME}/bin/jpackage
@@ -77,23 +106,25 @@ jobs:
--dest appdir
--name Cryptomator
--vendor "Skymatic GmbH"
- --copyright "(C) 2016 - 2023 Skymatic GmbH"
+ --copyright "(C) 2016 - 2025 Skymatic GmbH"
--app-version "${{ needs.get-version.outputs.semVerNum }}.${{ needs.get-version.outputs.revNum }}"
--java-options "--enable-preview"
- --java-options "--enable-native-access=org.cryptomator.jfuse.linux.amd64,org.cryptomator.jfuse.linux.aarch64"
+ --java-options "--enable-native-access=org.cryptomator.jfuse.linux.amd64,org.cryptomator.jfuse.linux.aarch64,org.purejava.appindicator"
--java-options "-Xss5m"
--java-options "-Xmx256m"
--java-options "-Dcryptomator.appVersion=\"${{ needs.get-version.outputs.semVerStr }}\""
--java-options "-Dfile.encoding=\"utf-8\""
- --java-options "-Dcryptomator.logDir=\"~/.local/share/Cryptomator/logs\""
- --java-options "-Dcryptomator.pluginDir=\"~/.local/share/Cryptomator/plugins\""
- --java-options "-Dcryptomator.settingsPath=\"~/.config/Cryptomator/settings.json:~/.Cryptomator/settings.json\""
- --java-options "-Dcryptomator.p12Path=\"~/.config/Cryptomator/key.p12\""
- --java-options "-Dcryptomator.ipcSocketPath=\"~/.config/Cryptomator/ipc.socket\""
- --java-options "-Dcryptomator.mountPointsDir=\"~/.local/share/Cryptomator/mnt\""
- --java-options "-Dcryptomator.showTrayIcon=false"
+ --java-options "-Djava.net.useSystemProxies=true"
+ --java-options "-Dcryptomator.logDir=\"@{userhome}/.local/share/Cryptomator/logs\""
+ --java-options "-Dcryptomator.pluginDir=\"@{userhome}/.local/share/Cryptomator/plugins\""
+ --java-options "-Dcryptomator.settingsPath=\"@{userhome}/.config/Cryptomator/settings.json:@{userhome}/.Cryptomator/settings.json\""
+ --java-options "-Dcryptomator.p12Path=\"@{userhome}/.config/Cryptomator/key.p12\""
+ --java-options "-Dcryptomator.ipcSocketPath=\"@{userhome}/.config/Cryptomator/ipc.socket\""
+ --java-options "-Dcryptomator.mountPointsDir=\"@{userhome}/.local/share/Cryptomator/mnt\""
+ --java-options "-Dcryptomator.showTrayIcon=true"
+ --java-options "-Dcryptomator.integrationsLinux.trayIconsDir=\"@{appdir}/usr/share/icons/hicolor/symbolic/apps\""
--java-options "-Dcryptomator.buildNumber=\"appimage-${{ needs.get-version.outputs.revNum }}\""
- --add-launcher Cryptomator-gtk2=launcher-gtk2.properties
+ --java-options "-Dcryptomator.networking.truststore.p12Path=\"/etc/cryptomator/certs.p12\""
--resource-dir dist/linux/resources
- name: Patch Cryptomator.AppDir
run: |
@@ -102,17 +133,21 @@ jobs:
cp dist/linux/common/org.cryptomator.Cryptomator256.png Cryptomator.AppDir/usr/share/icons/hicolor/256x256/apps/org.cryptomator.Cryptomator.png
cp dist/linux/common/org.cryptomator.Cryptomator512.png Cryptomator.AppDir/usr/share/icons/hicolor/512x512/apps/org.cryptomator.Cryptomator.png
cp dist/linux/common/org.cryptomator.Cryptomator.svg Cryptomator.AppDir/usr/share/icons/hicolor/scalable/apps/org.cryptomator.Cryptomator.svg
+ cp dist/linux/common/org.cryptomator.Cryptomator.tray.svg Cryptomator.AppDir/usr/share/icons/hicolor/scalable/apps/org.cryptomator.Cryptomator.tray.svg
+ cp dist/linux/common/org.cryptomator.Cryptomator.tray-unlocked.svg Cryptomator.AppDir/usr/share/icons/hicolor/scalable/apps/org.cryptomator.Cryptomator.tray-unlocked.svg
+ cp dist/linux/common/org.cryptomator.Cryptomator.tray.svg Cryptomator.AppDir/usr/share/icons/hicolor/symbolic/apps/org.cryptomator.Cryptomator.tray-symbolic.svg
+ cp dist/linux/common/org.cryptomator.Cryptomator.tray-unlocked.svg Cryptomator.AppDir/usr/share/icons/hicolor/symbolic/apps/org.cryptomator.Cryptomator.tray-unlocked-symbolic.svg
cp dist/linux/common/org.cryptomator.Cryptomator.metainfo.xml Cryptomator.AppDir/usr/share/metainfo/org.cryptomator.Cryptomator.metainfo.xml
cp dist/linux/common/org.cryptomator.Cryptomator.desktop Cryptomator.AppDir/usr/share/applications/org.cryptomator.Cryptomator.desktop
cp dist/linux/common/application-vnd.cryptomator.vault.xml Cryptomator.AppDir/usr/share/mime/packages/application-vnd.cryptomator.vault.xml
ln -s usr/share/icons/hicolor/scalable/apps/org.cryptomator.Cryptomator.svg Cryptomator.AppDir/org.cryptomator.Cryptomator.svg
- ln -s usr/share/icons/hicolor/scalable/apps/org.cryptomator.Cryptomator.svg Cryptomator.AppDir/Cryptomator.svg
ln -s usr/share/icons/hicolor/scalable/apps/org.cryptomator.Cryptomator.svg Cryptomator.AppDir/.DirIcon
- ln -s usr/share/applications/org.cryptomator.Cryptomator.desktop Cryptomator.AppDir/Cryptomator.desktop
+ ln -s usr/share/applications/org.cryptomator.Cryptomator.desktop Cryptomator.AppDir/org.cryptomator.Cryptomator.desktop
+ ln -s org.cryptomator.Cryptomator.metainfo.xml Cryptomator.AppDir/usr/share/metainfo/org.cryptomator.Cryptomator.appdata.xml
ln -s bin/cryptomator.sh Cryptomator.AppDir/AppRun
- name: Download AppImageKit
run: |
- curl -L https://github.com/AppImage/AppImageKit/releases/download/13/appimagetool-x86_64.AppImage -o appimagetool.AppImage
+ curl -L https://github.com/AppImage/appimagetool/releases/download/continuous/appimagetool-${{ matrix.appimage-suffix }}.AppImage -o appimagetool.AppImage
chmod +x appimagetool.AppImage
./appimagetool.AppImage --appimage-extract
- name: Prepare GPG-Agent for signing with key 615D449FE6E6A235
@@ -124,29 +159,29 @@ jobs:
GPG_PASSPHRASE: ${{ secrets.RELEASES_GPG_PASSPHRASE }}
- name: Build AppImage
run: >
- ./squashfs-root/AppRun Cryptomator.AppDir cryptomator-${{ needs.get-version.outputs.semVerStr }}-x86_64.AppImage
- -u 'gh-releases-zsync|cryptomator|cryptomator|latest|cryptomator-*-x86_64.AppImage.zsync'
- --sign --sign-key=615D449FE6E6A235 --sign-args="--batch --pinentry-mode loopback"
+ ./squashfs-root/AppRun Cryptomator.AppDir cryptomator-${{ needs.get-version.outputs.semVerStr }}-${{ matrix.appimage-suffix }}.AppImage
+ -u 'gh-releases-zsync|cryptomator|cryptomator|latest|cryptomator-*-${{ matrix.appimage-suffix }}.AppImage.zsync'
+ --sign --sign-key=615D449FE6E6A235
- name: Create detached GPG signatures
run: |
gpg --batch --quiet --passphrase-fd 0 --pinentry-mode loopback -u 615D449FE6E6A235 --detach-sign -a cryptomator-*.AppImage
gpg --batch --quiet --passphrase-fd 0 --pinentry-mode loopback -u 615D449FE6E6A235 --detach-sign -a cryptomator-*.AppImage.zsync
- name: Upload artifacts
- uses: actions/upload-artifact@v3
+ uses: actions/upload-artifact@v4
with:
- name: appimage
+ name: appimage-${{ matrix.appimage-suffix }}
path: |
cryptomator-*.AppImage
cryptomator-*.AppImage.zsync
cryptomator-*.asc
if-no-files-found: error
- name: Publish AppImage on GitHub Releases
- if: startsWith(github.ref, 'refs/tags/')
- uses: softprops/action-gh-release@v1
+ if: startsWith(github.ref, 'refs/tags/') && github.event.action == 'published'
+ uses: softprops/action-gh-release@v2
with:
fail_on_unmatched_files: true
token: ${{ secrets.CRYPTOBOT_RELEASE_TOKEN }}
files: |
cryptomator-*.AppImage
cryptomator-*.zsync
- cryptomator-*.asc
\ No newline at end of file
+ cryptomator-*.asc
diff --git a/.github/workflows/av-whitelist.yml b/.github/workflows/av-whitelist.yml
new file mode 100644
index 000000000..3cc164b30
--- /dev/null
+++ b/.github/workflows/av-whitelist.yml
@@ -0,0 +1,88 @@
+name: AntiVirus Whitelisting
+
+on:
+ workflow_call:
+ inputs:
+ url:
+ description: "Url to the file to upload"
+ required: true
+ type: string
+ workflow_dispatch:
+ inputs:
+ url:
+ description: "Url to the file to upload"
+ required: true
+ type: string
+ avast:
+ description: "Upload to Avast"
+ required: false
+ type: boolean
+ default: false
+ kaspersky:
+ description: "Upload to Kaspersky"
+ required: false
+ type: boolean
+ default: false
+
+jobs:
+ download-file:
+ name: Downloads the file into the VM
+ runs-on: ubuntu-latest
+ outputs:
+ fileName: ${{ steps.extractName.outputs.fileName}}
+ steps:
+ - name: Extract file name
+ id: extractName
+ run: |
+ url="${{ inputs.url }}"
+ echo "fileName=${url##*/}" >> $GITHUB_OUTPUT
+ - name: Download file
+ run: curl --remote-name ${{ inputs.url }} -L -o ${{steps.extractName.outputs.fileName}}
+ - name: Upload artifact
+ uses: actions/upload-artifact@v4
+ with:
+ name: ${{ steps.extractName.outputs.fileName }}
+ path: ${{ steps.extractName.outputs.fileName }}
+ if-no-files-found: error
+ allowlist-kaspersky:
+ name: Anti Virus Allowlisting Kaspersky
+ runs-on: ubuntu-latest
+ needs: download-file
+ if: github.event_name == 'workflow_call' || inputs.kaspersky
+ steps:
+ - name: Download artifact
+ uses: actions/download-artifact@v4
+ with:
+ name: ${{ needs.download-file.outputs.fileName }}
+ path: upload
+ - name: Upload to Kaspersky
+ uses: SamKirkland/FTP-Deploy-Action@v4.3.5
+ with:
+ protocol: ftps
+ server: allowlist.kaspersky-labs.com
+ port: 990
+ username: ${{ secrets.ALLOWLIST_KASPERSKY_USERNAME }}
+ password: ${{ secrets.ALLOWLIST_KASPERSKY_PASSWORD }}
+ local-dir: ./upload/
+ allowlist-avast:
+ name: Anti Virus Allowlisting Avast
+ runs-on: ubuntu-latest
+ needs: download-file
+ if: github.event_name == 'workflow_call' || inputs.avast
+ steps:
+ - name: Download artifact
+ uses: actions/download-artifact@v4
+ with:
+ name: ${{ needs.download-file.outputs.fileName }}
+ path: upload
+ - name: Upload to Avast
+ uses: wlixcc/SFTP-Deploy-Action@v1.2.5
+ with:
+ server: whitelisting.avast.com
+ port: 22
+ username: ${{ secrets.ALLOWLIST_AVAST_USERNAME }}
+ password: ${{ secrets.ALLOWLIST_AVAST_PASSWORD }}
+ ssh_private_key: ''
+ sftp_only: true
+ local_path: './upload/*'
+ remote_path: '/data'
\ No newline at end of file
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index b31bfa08a..fc95c2d93 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -6,7 +6,8 @@ on:
types: [labeled]
env:
- JAVA_VERSION: 19
+ JAVA_DIST: 'temurin'
+ JAVA_VERSION: 24
defaults:
run:
@@ -17,14 +18,14 @@ jobs:
name: Compile and Test
runs-on: ubuntu-latest
steps:
- - uses: actions/checkout@v3
- - uses: actions/setup-java@v3
+ - uses: actions/checkout@v4
+ - uses: actions/setup-java@v4
with:
- distribution: 'zulu'
+ distribution: ${{ env.JAVA_DIST }}
java-version: ${{ env.JAVA_VERSION }}
cache: 'maven'
- name: Cache SonarCloud packages
- uses: actions/cache@v3
+ uses: actions/cache@v4
with:
path: ~/.sonar/cache
key: ${{ runner.os }}-sonar
@@ -32,10 +33,10 @@ jobs:
- name: Build and Test
run: >
xvfb-run
- mvn -B verify
+ mvn -B verify -Djavafx.platform=linux
jacoco:report
org.sonarsource.scanner.maven:sonar-maven-plugin:sonar
- -Pcoverage,dependency-check
+ -Pcoverage
-Dsonar.projectKey=cryptomator_cryptomator
-Dsonar.organization=cryptomator
-Dsonar.host.url=https://sonarcloud.io
@@ -44,7 +45,7 @@ jobs:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
- name: Draft a release
if: startsWith(github.ref, 'refs/tags/')
- uses: softprops/action-gh-release@v1
+ uses: softprops/action-gh-release@v2
with:
draft: true
discussion_category_name: releases
@@ -52,5 +53,25 @@ jobs:
generate_release_notes: true
body: |-
:construction: Work in Progress
+ ### What's New 🎉
+
+ ### Bugfixes 🐛
+
+ ### Other Changes 📎
---
+
+ TODO FULL CHANGELOG
+
+ 📜 List of closed issues is available [here](TODO)
+
+ ---
+ ⏳ Please be patient, the builds are still [running](https://github.com/cryptomator/cryptomator/actions). New versions of Cryptomator can be found here in a few moments. ⏳
+
+
+
+ As usual, the GPG signatures can be checked using [our public key `5811 7AFA 1F85 B3EE C154 677D 615D 449F E6E6 A235`](https://gist.github.com/cryptobot/211111cf092037490275f39d408f461a).
diff --git a/.github/workflows/check-jdk-updates.yml b/.github/workflows/check-jdk-updates.yml
new file mode 100644
index 000000000..bf8d19e15
--- /dev/null
+++ b/.github/workflows/check-jdk-updates.yml
@@ -0,0 +1,83 @@
+name: Check JDK for non-major updates
+
+on:
+ schedule:
+ - cron: '0 0 1 * *' # run once a month at the first day of month
+ workflow_dispatch:
+
+env:
+ JDK_VERSION: '24.0.1+9'
+ JDK_VENDOR: temurin
+ RUNTIME_VERSION_HELPER: >
+ public class Test {
+ public static void main(String[] args) {
+ System.out.println(Runtime.version());
+ }
+ }
+
+jobs:
+ check-version:
+ name: Checkout latest jdk version
+ runs-on: ubuntu-latest
+ env:
+ JDK_MAJOR_VERSION: 'toBeFilled'
+ steps:
+ - name: Determine current major version
+ run: echo 'JDK_MAJOR_VERSION=${{ env.JDK_VERSION }}'.substring(0,20) >> "$env:GITHUB_ENV"
+ shell: pwsh
+ - name: Checkout latest JDK ${{ env.JDK_MAJOR_VERSION }}
+ uses: actions/setup-java@v4
+ with:
+ java-version: ${{ env.JDK_MAJOR_VERSION}}
+ distribution: ${{ env.JDK_VENDOR }}
+ check-latest: true
+ - name: Determine if update is available
+ id: determine
+ shell: pwsh
+ run: |
+ $latestVersion = 0,0,0,0 #INTERIM, UPDATE, PATCH and BUILD
+ $currentVersion = 0,0,0,0
+
+ # Get the latest JDK runtime version
+ "${env:RUNTIME_VERSION_HELPER}" | Set-Content -Path "GetRuntimeVersion.java"
+ $latestVersionString = & java GetRuntimeVersion.java
+ $runtimeVersionAndBuild = $latestVersionString.Split('+')
+ if($runtimeVersionAndBuild.Length -eq 2) {
+ $latestVersion[3]=$runtimeVersionAndBuild[1];
+ }
+ $tmp=$runtimeVersionAndBuild[0].Split('.')
+ for($i=0;$i -lt $latestVersion.Length; $i++) {
+ $latestVersion[$i]=$tmp[$i+1];
+ }
+
+ # Get the current JDK version
+ $runtimeVersionAndBuild = '${{ env.JDK_VERSION}}'.Split('+')
+ if($runtimeVersionAndBuild.Length -eq 2) {
+ $currentVersion[3]=$runtimeVersionAndBuild[1];
+ }
+ $tmp=$runtimeVersionAndBuild[0].Split('.')
+ for($i=0;$i -lt $currentVersion.Length; $i++) {
+ $currentVersion[$i]=$tmp[$i+1];
+ }
+
+ # compare
+ for($i=0; $i -lt $currentVersion.Length ; $i++) {
+ if($latestVersion[$i] -gt $currentVersion[$i]){
+ echo 'UPDATE_AVAILABLE=true' >> "$env:GITHUB_OUTPUT"
+ echo "LATEST_JDK_VERSION='${latestVersionString}'" >> "$env:GITHUB_OUTPUT"
+ return 0;
+ }
+ }
+ - name: Notify
+ if: steps.determine.outputs.UPDATE_AVAILABLE == 'true'
+ uses: rtCamp/action-slack-notify@v2
+ env:
+ SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_URL }}
+ SLACK_USERNAME: 'Cryptobot'
+ SLACK_ICON: false
+ SLACK_ICON_EMOJI: ':bot:'
+ SLACK_CHANNEL: 'cryptomator-desktop'
+ SLACK_TITLE: "JDK update available"
+ SLACK_MESSAGE: "Cryptomator-CI JDK can be upgraded to ${{ steps.determine.outputs.LATEST_JDK_VERSION }}. Check the Nextcloud collective for instructions."
+ SLACK_FOOTER: false
+ MSG_MINIMAL: true
\ No newline at end of file
diff --git a/.github/workflows/debian.yml b/.github/workflows/debian.yml
index d406d3883..32944b0b2 100644
--- a/.github/workflows/debian.yml
+++ b/.github/workflows/debian.yml
@@ -3,9 +3,6 @@ name: Build Debian Package
on:
workflow_dispatch:
inputs:
- ref:
- description: 'GitHub Ref (e.g. refs/tags/1.6.16)'
- required: true
semver:
description: 'SemVer String (e.g. 1.7.0-beta1)'
required: true
@@ -19,19 +16,21 @@ on:
type: boolean
env:
- JAVA_VERSION: 19
- OPENJFX_JMODS_AMD64: 'https://download2.gluonhq.com/openjfx/19/openjfx-19_linux-x64_bin-jmods.zip'
- OPENJFX_JMODS_AARCH64: 'https://download2.gluonhq.com/openjfx/19/openjfx-19_linux-aarch64_bin-jmods.zip'
+ JAVA_DIST: 'temurin'
+ JAVA_VERSION: '24.0.1+9'
+ COFFEELIBS_JDK: 24
+ COFFEELIBS_JDK_VERSION: '24.0.1+9-0ppa3'
+ OPENJFX_JMODS_AMD64: 'https://download2.gluonhq.com/openjfx/23.0.2/openjfx-23.0.2_linux-x64_bin-jmods.zip'
+ OPENJFX_JMODS_AMD64_HASH: '063baebc6922e4a89c94b9dfb7a4f53e59e8d6fec400d4e670b31bc2ab324dec'
+ OPENJFX_JMODS_AARCH64: 'https://download2.gluonhq.com/openjfx/23.0.2/openjfx-23.0.2_linux-aarch64_bin-jmods.zip'
+ OPENJFX_JMODS_AARCH64_HASH: '9bbedaeae1590b69e2b22237bda310936df33e344dbc243bea2e86acaab3a0d8'
jobs:
build:
name: Build Debian Package
- runs-on: ubuntu-20.04
+ runs-on: ubuntu-22.04
steps:
- - uses: actions/checkout@v3
- with:
- ref: ${{ inputs.ref }}
- fetch-depth: 0
+ - uses: actions/checkout@v4
- id: versions
name: Get version information
run: |
@@ -45,22 +44,25 @@ jobs:
run: |
sudo add-apt-repository ppa:coffeelibs/openjdk
sudo apt-get update
- sudo apt-get install debhelper devscripts dput coffeelibs-jdk-19 libgtk2.0-0
+ sudo apt-get install debhelper devscripts dput coffeelibs-jdk-${{ env.COFFEELIBS_JDK }}=${{ env.COFFEELIBS_JDK_VERSION }}
- name: Setup Java
- uses: actions/setup-java@v3
+ uses: actions/setup-java@v4
with:
- distribution: 'zulu'
+ distribution: ${{ env.JAVA_DIST }}
java-version: ${{ env.JAVA_VERSION }}
+ check-latest: true
cache: 'maven'
- name: Run maven
- run: mvn -B clean package -Pdependency-check,linux -DskipTests
+ run: mvn -B clean package -Plinux -Djavafx.platform=linux -DskipTests
- name: Download OpenJFX jmods
id: download-jmods
run: |
curl -L ${{ env.OPENJFX_JMODS_AMD64 }} -o openjfx-amd64.zip
+ echo "${{ env.OPENJFX_JMODS_AMD64_HASH }} openjfx-amd64.zip" | shasum -a256 --check
mkdir -p jmods/amd64
unzip -j openjfx-amd64.zip \*/javafx.base.jmod \*/javafx.controls.jmod \*/javafx.fxml.jmod \*/javafx.graphics.jmod -d jmods/amd64
curl -L ${{ env.OPENJFX_JMODS_AARCH64 }} -o openjfx-aarch64.zip
+ echo "${{ env.OPENJFX_JMODS_AARCH64_HASH }} openjfx-aarch64.zip" | shasum -a256 --check
mkdir -p jmods/aarch64
unzip -j openjfx-aarch64.zip \*/javafx.base.jmod \*/javafx.controls.jmod \*/javafx.fxml.jmod \*/javafx.graphics.jmod -d jmods/aarch64
- name: Ensure major jfx version in pom and in jmods is the same
@@ -97,7 +99,8 @@ jobs:
run: |
cp -r dist/linux/debian/ pkgdir
export RFC2822_TIMESTAMP=`date --rfc-2822`
- envsubst '${SEMVER_STR} ${VERSION_NUM} ${REVISION_NUM}' < dist/linux/debian/rules > pkgdir/debian/rules
+ export DISABLE_UPDATE_CHECK=${{ inputs.dput }}
+ envsubst '${SEMVER_STR} ${VERSION_NUM} ${REVISION_NUM} ${DISABLE_UPDATE_CHECK}' < dist/linux/debian/rules > pkgdir/debian/rules
envsubst '${PPA_VERSION} ${RFC2822_TIMESTAMP}' < dist/linux/debian/changelog > pkgdir/debian/changelog
find . -name "*.jar" >> pkgdir/debian/source/include-binaries
mv pkgdir cryptomator_${{ inputs.ppaver }}
@@ -115,6 +118,7 @@ jobs:
GPG_PASSPHRASE: ${{ secrets.RELEASES_GPG_PASSPHRASE }}
- name: debuild
run: |
+ (sleep 8m; gpg --batch --quiet --pinentry-mode loopback -u 615D449FE6E6A235 --dry-run --sign README.md) &
debuild -S -sa -d
debuild -b -sa -d
env:
@@ -125,7 +129,7 @@ jobs:
run: |
gpg --batch --quiet --passphrase-fd 0 --pinentry-mode loopback -u 615D449FE6E6A235 --detach-sign -a cryptomator_*_amd64.deb
- name: Upload artifacts
- uses: actions/upload-artifact@v3
+ uses: actions/upload-artifact@v4
with:
name: linux-deb-package
path: |
@@ -139,17 +143,11 @@ jobs:
- name: Publish on PPA
if: inputs.dput
run: dput ppa:sebastian-stenzel/cryptomator-beta cryptomator_*_source.changes
-
# If ref is a tag, also upload to GitHub Releases:
- - name: Determine tag name
- if: startsWith(inputs.ref, 'refs/tags/')
- run: |
- REF=${{ inputs.ref }}
- echo "TAG_NAME=${REF##*/}" >> $GITHUB_ENV
- name: Publish Debian package on GitHub Releases
- if: startsWith(inputs.ref, 'refs/tags/')
+ if: startsWith(github.ref, 'refs/tags/') && inputs.dput
env:
GITHUB_TOKEN: ${{ secrets.CRYPTOBOT_RELEASE_TOKEN }}
run: |
artifacts=$(ls | grep cryptomator*.deb)
- gh release upload ${{ env.TAG_NAME }} $artifacts
\ No newline at end of file
+ gh release upload ${{ github.ref_name }} $artifacts
diff --git a/.github/workflows/dependency-check.yml b/.github/workflows/dependency-check.yml
new file mode 100644
index 000000000..b44604490
--- /dev/null
+++ b/.github/workflows/dependency-check.yml
@@ -0,0 +1,18 @@
+name: OWASP Maven Dependency Check
+on:
+ schedule:
+ - cron: '0 8 * * 0'
+ workflow_dispatch:
+
+
+jobs:
+ check-dependencies:
+ uses: skymatic/workflows/.github/workflows/run-dependency-check.yml@v1
+ with:
+ runner-os: 'ubuntu-latest'
+ java-distribution: 'temurin'
+ java-version: 24
+ check-command: 'mvn -B validate -Pdependency-check -Djavafx.platform=linux'
+ secrets:
+ nvd-api-key: ${{ secrets.NVD_API_KEY }}
+ slack-webhook-url: ${{ secrets.SLACK_WEBHOOK_URL }}
diff --git a/.github/workflows/dl-stats.yml b/.github/workflows/dl-stats.yml
index dc87a2bbd..b16899520 100644
--- a/.github/workflows/dl-stats.yml
+++ b/.github/workflows/dl-stats.yml
@@ -10,7 +10,7 @@ jobs:
steps:
- name: Get download count of latest releases
id: get-stats
- uses: actions/github-script@v6
+ uses: actions/github-script@v7
with:
script: |
const query = `query($owner:String!, $name:String!) {
diff --git a/.github/workflows/error-db.yml b/.github/workflows/error-db.yml
index 09a15fe1f..301713681 100644
--- a/.github/workflows/error-db.yml
+++ b/.github/workflows/error-db.yml
@@ -2,7 +2,7 @@ name: Update Error Database
on:
discussion:
- types: [created, edited, category_changed, answered, unanswered]
+ types: [created, edited, deleted, category_changed, answered, unanswered]
discussion_comment:
types: [created, edited, deleted]
@@ -12,8 +12,9 @@ jobs:
if: github.event.discussion.category.name == 'Errors'
steps:
- name: Query Discussion Data
+ if: github.event_name == 'discussion_comment' || github.event_name == 'discussion' && github.event.action != 'deleted'
id: query-data
- uses: actions/github-script@v6
+ uses: actions/github-script@v7
with:
script: |
const query = `query ($owner: String!, $name: String!, $discussionNumber: Int!) {
@@ -47,8 +48,13 @@ jobs:
- name: Merge Error Code Data
run: |
jq -c '.' ${{ steps.get-gist.outputs.file }} > original.json
- echo $DISCUSSION | jq -c '.repository.discussion | .comments = .comments.totalCount | {(.id|tostring) : .}' > new.json
- jq -s '.[0] * .[1]' original.json new.json > merged.json
+ if [ ! -z "$DISCUSSION" ]
+ then
+ echo $DISCUSSION | jq -c '.repository.discussion | .comments = .comments.totalCount | {(.id|tostring) : .}' > new.json
+ jq -s '.[0] * .[1]' original.json new.json > merged.json
+ else
+ cat original.json | jq 'del(.[] | select(.url=="https://github.com/cryptomator/cryptomator/discussions/${{ github.event.discussion.number }}"))' > merged.json
+ fi
env:
DISCUSSION: ${{ steps.query-data.outputs.result }}
- name: Patch Gist
diff --git a/.github/workflows/flathub.yml b/.github/workflows/flathub.yml
new file mode 100644
index 000000000..da8f6c77f
--- /dev/null
+++ b/.github/workflows/flathub.yml
@@ -0,0 +1,88 @@
+name: Create PR for flathub
+
+on:
+ release:
+ types: [published]
+ workflow_dispatch:
+ inputs:
+ tag:
+ description: 'Release tag'
+ required: true
+
+jobs:
+ get-version:
+ uses: ./.github/workflows/get-version.yml
+ with:
+ version: ${{ inputs.tag }}
+ tarball:
+ name: Determines tarball url and compute checksum
+ runs-on: ubuntu-latest
+ needs: [get-version]
+ if: github.event_name == 'workflow_dispatch' || needs.get-version.outputs.versionType == 'stable'
+ outputs:
+ url: ${{ steps.url.outputs.url}}
+ sha512: ${{ steps.sha512.outputs.sha512}}
+ steps:
+ - name: Determine tarball url
+ id: url
+ run: |
+ URL="";
+ if [[ -n "${{ inputs.tag }}" ]]; then
+ URL="https://github.com/cryptomator/cryptomator/archive/refs/tags/${{ inputs.tag }}.tar.gz"
+ else
+ URL="https://github.com/cryptomator/cryptomator/archive/refs/tags/${{ github.event.release.tag_name }}.tar.gz"
+ fi
+ echo "url=${URL}" >> "$GITHUB_OUTPUT"
+ - name: Download source tarball and compute checksum
+ id: sha512
+ run: |
+ curl --silent --fail-with-body -L -H "Accept: application/vnd.github+json" ${{ steps.url.outputs.url }} --output cryptomator.tar.gz
+ TARBALL_SHA512=$(sha512sum cryptomator.tar.gz | cut -d ' ' -f1)
+ echo "sha512=${TARBALL_SHA512}" >> "$GITHUB_OUTPUT"
+ flathub:
+ name: Create PR for flathub
+ runs-on: ubuntu-latest
+ needs: [tarball, get-version]
+ env:
+ FLATHUB_PR_URL: tbd
+ steps:
+ - uses: actions/checkout@v4
+ with:
+ repository: 'flathub/org.cryptomator.Cryptomator'
+ token: ${{ secrets.CRYPTOBOT_WINGET_TOKEN }}
+ - name: Checkout release branch
+ run: |
+ git checkout -b release/${{ needs.get-version.outputs.semVerStr }}
+ - name: Update build file
+ run: |
+ sed -i -e 's/VERSION: [0-9]\+\.[0-9]\+\.[0-9]\+.*/VERSION: ${{ needs.get-version.outputs.semVerStr }}/g' org.cryptomator.Cryptomator.yaml
+ sed -i -e 's/sha512: [0-9A-Za-z_\+-]\{128\} #CRYPTOMATOR/sha512: ${{ needs.tarball.outputs.sha512 }} #CRYPTOMATOR/g' org.cryptomator.Cryptomator.yaml
+ sed -i -e 's;url: https://github.com/cryptomator/cryptomator/archive/refs/tags/[^[:blank:]]\+;url: ${{ needs.tarball.outputs.url }};g' org.cryptomator.Cryptomator.yaml
+ - name: Commit and push
+ run: |
+ git config user.name "${{ github.actor }}"
+ git config user.email "${{ github.actor_id }}+${{ github.actor }}@users.noreply.github.com"
+ git config push.autoSetupRemote true
+ git stage .
+ git commit -m "Prepare release ${{needs.get-version.outputs.semVerStr}}"
+ git push
+ - name: Create pull request
+ run: |
+ printf "> [!IMPORTANT]\n> Todos:\n> - [ ] Update maven dependencies\n> - [ ] Check for JDK update\n> - [ ] Check for JFX update" > pr_body.md
+ PR_URL=$(gh pr create --title "Release ${{ needs.get-version.outputs.semVerStr }}" --body-file pr_body.md)
+ echo "FLATHUB_PR_URL=$PR_URL" >> "$GITHUB_ENV"
+ env:
+ GH_TOKEN: ${{ secrets.CRYPTOBOT_WINGET_TOKEN }}
+ - name: Slack Notification
+ uses: rtCamp/action-slack-notify@v2
+ if: github.event_name == 'release'
+ env:
+ SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_URL }}
+ SLACK_USERNAME: 'Cryptobot'
+ SLACK_ICON: false
+ SLACK_ICON_EMOJI: ':bot:'
+ SLACK_CHANNEL: 'cryptomator-desktop'
+ SLACK_TITLE: "Flathub release PR created for ${{ github.event.repository.name }} ${{ github.event.release.tag_name }} created."
+ SLACK_MESSAGE: "See <${{ env.FLATHUB_PR_URL }}|PR> on how to proceed.>."
+ SLACK_FOOTER: false
+ MSG_MINIMAL: true
\ No newline at end of file
diff --git a/.github/workflows/get-version.yml b/.github/workflows/get-version.yml
index 5cffb56fb..4ee423386 100644
--- a/.github/workflows/get-version.yml
+++ b/.github/workflows/get-version.yml
@@ -22,9 +22,8 @@ on:
value: ${{ jobs.determine-version.outputs.type }}
env:
- JAVA_VERSION: 19
JAVA_DIST: 'temurin'
- JAVA_CACHE: 'maven'
+ JAVA_VERSION: 24
jobs:
determine-version:
@@ -36,22 +35,22 @@ jobs:
revNum: ${{ steps.versions.outputs.revNum }}
type: ${{ steps.versions.outputs.type}}
steps:
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Setup Java
- uses: actions/setup-java@v3
+ uses: actions/setup-java@v4
with:
distribution: ${{ env.JAVA_DIST }}
java-version: ${{ env.JAVA_VERSION }}
- cache: ${{ env.JAVA_CACHE }}
+ cache: 'maven'
- id: versions
name: Get version information
run: |
if [[ $GITHUB_REF =~ refs/tags/[0-9]+\.[0-9]+\.[0-9]+.* ]]; then
SEM_VER_STR=${GITHUB_REF##*/}
elif [[ "${{ inputs.version }}" =~ [0-9]+\.[0-9]+\.[0-9]+.* ]]; then
- SEM_VER_STR="${{ github.event.inputs.version }}"
+ SEM_VER_STR="${{ inputs.version }}"
else
SEM_VER_STR=`mvn help:evaluate -Dexpression=project.version -q -DforceStdout`
fi
@@ -72,6 +71,6 @@ jobs:
echo "revNum=${REVCOUNT}" >> $GITHUB_OUTPUT
echo "type=${TYPE}" >> $GITHUB_OUTPUT
- name: Validate Version
- uses: skymatic/semver-validation-action@v2
+ uses: skymatic/semver-validation-action@v3
with:
- version: ${{ steps.versions.outputs.semVerStr }}
\ No newline at end of file
+ version: ${{ steps.versions.outputs.semVerStr }}
\ No newline at end of file
diff --git a/.github/workflows/mac-dmg-x64.yml b/.github/workflows/mac-dmg-x64.yml
new file mode 100644
index 000000000..69c15a29e
--- /dev/null
+++ b/.github/workflows/mac-dmg-x64.yml
@@ -0,0 +1,281 @@
+name: Build macOS .dmg for x64
+
+#######################################
+# STOP! DO NOT EDIT THIS FILE!
+#
+# It is a copy of mac-dmg.yml with tiny adjustements (mainly lines 42 to 47)
+# It was made necessary, since Github does not offer free macos intel runners for macos 15 and above.
+#
+#######################################
+
+on:
+ release:
+ types: [published]
+ workflow_dispatch:
+ inputs:
+ version:
+ description: 'Version'
+ required: false
+ notarize:
+ description: 'Notarize'
+ required: true
+ default: false
+ type: boolean
+
+env:
+ JAVA_DIST: 'temurin'
+ JAVA_VERSION: '24.0.1+9'
+
+jobs:
+ get-version:
+ uses: ./.github/workflows/get-version.yml
+ with:
+ version: ${{ inputs.version }}
+
+ build-arm:
+ name: Build Cryptomator.app for ${{ matrix.output-suffix }}
+ runs-on: ${{ matrix.os }}
+ needs: [get-version]
+ strategy:
+ fail-fast: false
+ matrix:
+ include:
+ - os: macos-15-large
+ architecture: x64
+ output-suffix: x64
+ fuse-lib: macFUSE
+ openjfx-url: 'https://download2.gluonhq.com/openjfx/23.0.2/openjfx-23.0.2_osx-x64_bin-jmods.zip'
+ openjfx-sha: '5e6c65c065eea22430c0eab36f37a5985eb8ad99e19e8772262021740d338f68'
+ steps:
+ - uses: actions/checkout@v4
+ - name: Setup Java
+ uses: actions/setup-java@v4
+ with:
+ distribution: ${{ env.JAVA_DIST }}
+ java-version: ${{ env.JAVA_VERSION }}
+ architecture: ${{ matrix.architecture }}
+ check-latest: true
+ cache: 'maven'
+ - name: Download OpenJFX jmods
+ id: download-jmods
+ run: |
+ curl -L ${{ matrix.openjfx-url }} -o openjfx-jmods.zip
+ echo "${{ matrix.openjfx-sha }} *openjfx-jmods.zip" | shasum -a256 --check
+ mkdir -p openjfx-jmods/
+ unzip -jo openjfx-jmods.zip \*/javafx.base.jmod \*/javafx.controls.jmod \*/javafx.fxml.jmod \*/javafx.graphics.jmod -d openjfx-jmods
+ - name: Ensure major jfx version in pom and in jmods is the same
+ run: |
+ JMOD_VERSION=$(jmod describe openjfx-jmods/javafx.base.jmod | head -1)
+ JMOD_VERSION=${JMOD_VERSION#*@}
+ JMOD_VERSION=${JMOD_VERSION%%.*}
+ POM_JFX_VERSION=$(mvn help:evaluate "-Dexpression=javafx.version" -q -DforceStdout)
+ POM_JFX_VERSION=${POM_JFX_VERSION#*@}
+ POM_JFX_VERSION=${POM_JFX_VERSION%%.*}
+
+ if [ "${POM_JFX_VERSION}" -ne "${JMOD_VERSION}" ]; then
+ >&2 echo "Major JavaFX version in pom.xml (${POM_JFX_VERSION}) != jmod version (${JMOD_VERSION})"
+ exit 1
+ fi
+ - name: Set version
+ run : mvn versions:set -DnewVersion=${{ needs.get-version.outputs.semVerStr }}
+ - name: Run maven
+ run: mvn -B -Djavafx.platform=mac clean package -Pmac -DskipTests
+ - name: Patch target dir
+ run: |
+ cp LICENSE.txt target
+ cp target/cryptomator-*.jar target/mods
+ - name: Run jlink with help option
+ id: jep-493-check
+ run: |
+ JMOD_PATHS="openjfx-jmods"
+ if ! ${JAVA_HOME}/bin/jlink --help | grep -q "Linking from run-time image enabled"; then
+ JMOD_PATHS="${JAVA_HOME}/jmods:${JMOD_PATHS}"
+ fi
+ echo "jmod_paths=${JMOD_PATHS}" >> "$GITHUB_OUTPUT"
+ - name: Run jlink
+ #Remark: no compression is applied for improved build compression later (here dmg)
+ run: >
+ ${JAVA_HOME}/bin/jlink
+ --verbose
+ --output runtime
+ --module-path "${{ steps.jep-493-check.outputs.jmod_paths }}"
+ --add-modules java.base,java.desktop,java.instrument,java.logging,java.naming,java.net.http,java.scripting,java.sql,java.xml,javafx.base,javafx.graphics,javafx.controls,javafx.fxml,jdk.unsupported,jdk.accessibility,jdk.management.jfr,java.compiler
+ --strip-native-commands
+ --no-header-files
+ --no-man-pages
+ --strip-debug
+ --compress zip-0
+ - name: Run jpackage
+ run: >
+ ${JAVA_HOME}/bin/jpackage
+ --verbose
+ --type app-image
+ --runtime-image runtime
+ --input target/libs
+ --module-path target/mods
+ --module org.cryptomator.desktop/org.cryptomator.launcher.Cryptomator
+ --dest appdir
+ --name Cryptomator
+ --vendor "Skymatic GmbH"
+ --copyright "(C) 2016 - 2025 Skymatic GmbH"
+ --app-version "${{ needs.get-version.outputs.semVerNum }}"
+ --java-options "--enable-preview"
+ --java-options "--enable-native-access=org.cryptomator.jfuse.mac"
+ --java-options "-Xss5m"
+ --java-options "-Xmx256m"
+ --java-options "-Dfile.encoding=\"utf-8\""
+ --java-options "-Djava.net.useSystemProxies=true"
+ --java-options "-Dapple.awt.enableTemplateImages=true"
+ --java-options "-Dsun.java2d.metal=true"
+ --java-options "-Dcryptomator.appVersion=\"${{ needs.get-version.outputs.semVerStr }}\""
+ --java-options "-Dcryptomator.logDir=\"@{userhome}/Library/Logs/Cryptomator\""
+ --java-options "-Dcryptomator.pluginDir=\"@{userhome}/Library/Application Support/Cryptomator/Plugins\""
+ --java-options "-Dcryptomator.settingsPath=\"@{userhome}/Library/Application Support/Cryptomator/settings.json\""
+ --java-options "-Dcryptomator.p12Path=\"@{userhome}/Library/Application Support/Cryptomator/key.p12\""
+ --java-options "-Dcryptomator.ipcSocketPath=\"@{userhome}/Library/Application Support/Cryptomator/ipc.socket\""
+ --java-options "-Dcryptomator.integrationsMac.keychainServiceName=\"Cryptomator\""
+ --java-options "-Dcryptomator.mountPointsDir=\"@{userhome}/Library/Application Support/Cryptomator/mnt\""
+ --java-options "-Dcryptomator.showTrayIcon=true"
+ --java-options "-Dcryptomator.buildNumber=\"dmg-${{ needs.get-version.outputs.revNum }}\""
+ --mac-package-identifier org.cryptomator
+ --resource-dir dist/mac/resources
+ - name: Patch Cryptomator.app
+ run: |
+ mv appdir/Cryptomator.app Cryptomator.app
+ mv dist/mac/resources/Cryptomator-Vault.icns Cryptomator.app/Contents/Resources/
+ sed -i '' "s|###BUNDLE_SHORT_VERSION_STRING###|${VERSION_NO}|g" Cryptomator.app/Contents/Info.plist
+ sed -i '' "s|###BUNDLE_VERSION###|${REVISION_NO}|g" Cryptomator.app/Contents/Info.plist
+ echo -n "$PROVISIONING_PROFILE_BASE64" | base64 --decode --output Cryptomator.app/Contents/embedded.provisionprofile
+ env:
+ VERSION_NO: ${{ needs.get-version.outputs.semVerNum }}
+ REVISION_NO: ${{ needs.get-version.outputs.revNum }}
+ PROVISIONING_PROFILE_BASE64: ${{ secrets.MACOS_PROVISIONING_PROFILE_BASE64 }}
+ - name: Generate license for dmg
+ run: >
+ mvn -B -Djavafx.platform=mac license:add-third-party
+ -Dlicense.thirdPartyFilename=license.rtf
+ -Dlicense.outputDirectory=dist/mac/dmg/resources
+ -Dlicense.fileTemplate=dist/mac/dmg/resources/licenseTemplate.ftl
+ -Dlicense.includedScopes=compile
+ -Dlicense.excludedGroups=^org\.cryptomator
+ -Dlicense.failOnMissing=true
+ -Dlicense.licenseMergesUrl=file://${{ github.workspace }}/license/merges
+ - name: Install codesign certificate
+ run: |
+ # create variables
+ CERTIFICATE_PATH=$RUNNER_TEMP/codesign.p12
+ KEYCHAIN_PATH=$RUNNER_TEMP/codesign.keychain-db
+
+ # import certificate and provisioning profile from secrets
+ echo -n "$CODESIGN_P12_BASE64" | base64 --decode --output $CERTIFICATE_PATH
+
+ # create temporary keychain
+ security create-keychain -p "$CODESIGN_TMP_KEYCHAIN_PW" $KEYCHAIN_PATH
+ security set-keychain-settings -lut 900 $KEYCHAIN_PATH
+ security unlock-keychain -p "$CODESIGN_TMP_KEYCHAIN_PW" $KEYCHAIN_PATH
+
+ # import certificate to keychain
+ security import $CERTIFICATE_PATH -P "$CODESIGN_P12_PW" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
+ security list-keychain -d user -s $KEYCHAIN_PATH
+ env:
+ CODESIGN_P12_BASE64: ${{ secrets.MACOS_CODESIGN_P12_BASE64 }}
+ CODESIGN_P12_PW: ${{ secrets.MACOS_CODESIGN_P12_PW }}
+ CODESIGN_TMP_KEYCHAIN_PW: ${{ secrets.MACOS_CODESIGN_TMP_KEYCHAIN_PW }}
+ - name: Codesign
+ run: |
+ echo "Codesigning jdk files..."
+ find Cryptomator.app/Contents/runtime/Contents/Home/lib/ -name '*.dylib' -exec codesign --force -s ${CODESIGN_IDENTITY} {} \;
+ find Cryptomator.app/Contents/runtime/Contents/Home/lib/ \( -name 'jspawnhelper' -o -name 'pauseengine' -o -name 'simengine' \) -exec codesign --force -o runtime -s ${CODESIGN_IDENTITY} {} \;
+ echo "Codesigning jar contents..."
+ find Cryptomator.app/Contents/runtime/Contents/MacOS -name '*.dylib' -exec codesign --force -s ${CODESIGN_IDENTITY} {} \;
+ for JAR_PATH in `find Cryptomator.app -name "*.jar"`; do
+ if [[ `unzip -l ${JAR_PATH} | grep '.dylib\|.jnilib'` ]]; then
+ JAR_FILENAME=$(basename ${JAR_PATH})
+ OUTPUT_PATH=${JAR_PATH%.*}
+ echo "Codesigning libs in ${JAR_FILENAME}..."
+ unzip -q ${JAR_PATH} -d ${OUTPUT_PATH}
+ find ${OUTPUT_PATH} -name '*.dylib' -exec codesign --force -s ${CODESIGN_IDENTITY} {} \;
+ find ${OUTPUT_PATH} -name '*.jnilib' -exec codesign --force -s ${CODESIGN_IDENTITY} {} \;
+ rm ${JAR_PATH}
+ pushd ${OUTPUT_PATH} > /dev/null
+ zip -qr ../${JAR_FILENAME} *
+ popd > /dev/null
+ rm -r ${OUTPUT_PATH}
+ fi
+ done
+ echo "Codesigning Cryptomator.app..."
+ sed -i '' "s|###APP_IDENTIFIER_PREFIX###|${TEAM_IDENTIFIER}.|g" dist/mac/Cryptomator.entitlements
+ sed -i '' "s|###TEAM_IDENTIFIER###|${TEAM_IDENTIFIER}|g" dist/mac/Cryptomator.entitlements
+ codesign --force --deep --entitlements dist/mac/Cryptomator.entitlements -o runtime -s ${CODESIGN_IDENTITY} Cryptomator.app
+ env:
+ CODESIGN_IDENTITY: ${{ secrets.MACOS_CODESIGN_IDENTITY }}
+ TEAM_IDENTIFIER: ${{ secrets.MACOS_TEAM_IDENTIFIER }}
+ - name: Prepare .dmg contents
+ run: |
+ mkdir dmg
+ mv Cryptomator.app dmg
+ cp dist/mac/dmg/resources/${{ matrix.fuse-lib }}.webloc dmg
+ ls -l dmg
+ - name: Install create-dmg
+ run: |
+ brew install create-dmg
+ create-dmg --help
+ - name: Create .dmg
+ run: >
+ create-dmg
+ --volname Cryptomator
+ --volicon "dist/mac/dmg/resources/Cryptomator-Volume.icns"
+ --background "dist/mac/dmg/resources/Cryptomator-${{ matrix.fuse-lib }}-background.tiff"
+ --window-pos 400 100
+ --window-size 640 694
+ --icon-size 128
+ --icon "Cryptomator.app" 128 245
+ --hide-extension "Cryptomator.app"
+ --icon "${{ matrix.fuse-lib }}.webloc" 320 501
+ --hide-extension "${{ matrix.fuse-lib }}.webloc"
+ --app-drop-link 512 245
+ --eula "dist/mac/dmg/resources/license.rtf"
+ --icon ".background" 128 758
+ --icon ".VolumeIcon.icns" 512 758
+ Cryptomator-${VERSION_NO}-${{ matrix.output-suffix }}.dmg dmg
+ env:
+ VERSION_NO: ${{ needs.get-version.outputs.semVerNum }}
+ - name: Notarize .dmg
+ if: startsWith(github.ref, 'refs/tags/') || inputs.notarize
+ uses: cocoalibs/xcode-notarization-action@v1
+ with:
+ app-path: 'Cryptomator-*.dmg'
+ apple-id: ${{ secrets.MACOS_NOTARIZATION_APPLE_ID }}
+ password: ${{ secrets.MACOS_NOTARIZATION_PW }}
+ team-id: ${{ secrets.MACOS_NOTARIZATION_TEAM_ID }}
+ xcode-path: '/Applications/Xcode_16.app'
+ - name: Add possible alpha/beta tags to installer name
+ run: mv Cryptomator-*.dmg Cryptomator-${{ needs.get-version.outputs.semVerStr }}-${{ matrix.output-suffix }}.dmg
+ - name: Create detached GPG signature with key 615D449FE6E6A235
+ run: |
+ echo "${GPG_PRIVATE_KEY}" | gpg --batch --quiet --import
+ echo "${GPG_PASSPHRASE}" | gpg --batch --quiet --passphrase-fd 0 --pinentry-mode loopback -u 615D449FE6E6A235 --detach-sign -a Cryptomator-*.dmg
+ env:
+ GPG_PRIVATE_KEY: ${{ secrets.RELEASES_GPG_PRIVATE_KEY }}
+ GPG_PASSPHRASE: ${{ secrets.RELEASES_GPG_PASSPHRASE }}
+ - name: Clean up codesign certificate
+ if: ${{ always() }}
+ run: security delete-keychain $RUNNER_TEMP/codesign.keychain-db
+ continue-on-error: true
+ - name: Upload artifacts
+ uses: actions/upload-artifact@v4
+ with:
+ name: dmg-${{ matrix.output-suffix }}
+ path: |
+ Cryptomator-*.dmg
+ Cryptomator-*.asc
+ if-no-files-found: error
+ - name: Publish dmg on GitHub Releases
+ if: startsWith(github.ref, 'refs/tags/') && github.event.action == 'published'
+ uses: softprops/action-gh-release@v2
+ with:
+ fail_on_unmatched_files: true
+ token: ${{ secrets.CRYPTOBOT_RELEASE_TOKEN }}
+ files: |
+ Cryptomator-*.dmg
+ Cryptomator-*.asc
diff --git a/.github/workflows/mac-dmg.yml b/.github/workflows/mac-dmg.yml
index d86f6912e..115e7ccc1 100644
--- a/.github/workflows/mac-dmg.yml
+++ b/.github/workflows/mac-dmg.yml
@@ -1,4 +1,4 @@
-name: Build macOS .dmg
+name: Build macOS .dmg for arm64
on:
release:
@@ -8,9 +8,15 @@ on:
version:
description: 'Version'
required: false
+ notarize:
+ description: 'Notarize'
+ required: true
+ default: false
+ type: boolean
env:
- JAVA_VERSION: 19
+ JAVA_DIST: 'temurin'
+ JAVA_VERSION: '24.0.1+9'
jobs:
get-version:
@@ -26,54 +32,71 @@ jobs:
fail-fast: false
matrix:
include:
- - os: macos-11
- architecture: x64
- output-suffix: x64
- xcode-path: '/Applications/Xcode_13.2.1.app'
- - os: [self-hosted, macOS, ARM64]
+ - os: macos-15
architecture: aarch64
output-suffix: arm64
- xcode-path: '/Applications/Xcode_13.2.1.app'
+ fuse-lib: FUSE-T
+ openjfx-url: 'https://download2.gluonhq.com/openjfx/23.0.2/openjfx-23.0.2_osx-aarch64_bin-jmods.zip'
+ openjfx-sha: 'c690cc642a3924cf56622951f478ba57aec9ce09063761f800c3319331bed3fc'
steps:
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
- name: Setup Java
- uses: actions/setup-java@v3
+ uses: actions/setup-java@v4
with:
- distribution: 'zulu'
+ distribution: ${{ env.JAVA_DIST }}
java-version: ${{ env.JAVA_VERSION }}
- java-package: 'jdk+fx'
architecture: ${{ matrix.architecture }}
+ check-latest: true
cache: 'maven'
- - name: Ensure major jfx version in pom equals in jdk
- if: ${{ !contains(matrix.os, 'self-hosted') }}
- shell: pwsh
+ - name: Download OpenJFX jmods
+ id: download-jmods
run: |
- $jfxPomVersion = (&mvn help:evaluate "-Dexpression=javafx.version" -q -DforceStdout) -split "\."
- $jfxJdkVersion = ((Get-Content -path "${env:JAVA_HOME}/lib/javafx.properties" | Where-Object {$_ -like 'javafx.version=*' }) -replace '.*=','') -split "\."
- if ($jfxPomVersion[0] -ne $jfxJdkVersion[0]) {
- Write-Error "Major part of JavaFX version in pom($($jfxPomVersion[0])) does not match the version in JDK($($jfxJdkVersion[0])) "
+ curl -L ${{ matrix.openjfx-url }} -o openjfx-jmods.zip
+ echo "${{ matrix.openjfx-sha }} *openjfx-jmods.zip" | shasum -a256 --check
+ mkdir -p openjfx-jmods/
+ unzip -jo openjfx-jmods.zip \*/javafx.base.jmod \*/javafx.controls.jmod \*/javafx.fxml.jmod \*/javafx.graphics.jmod -d openjfx-jmods
+ - name: Ensure major jfx version in pom and in jmods is the same
+ run: |
+ JMOD_VERSION=$(jmod describe openjfx-jmods/javafx.base.jmod | head -1)
+ JMOD_VERSION=${JMOD_VERSION#*@}
+ JMOD_VERSION=${JMOD_VERSION%%.*}
+ POM_JFX_VERSION=$(mvn help:evaluate "-Dexpression=javafx.version" -q -DforceStdout)
+ POM_JFX_VERSION=${POM_JFX_VERSION#*@}
+ POM_JFX_VERSION=${POM_JFX_VERSION%%.*}
+
+ if [ "${POM_JFX_VERSION}" -ne "${JMOD_VERSION}" ]; then
+ >&2 echo "Major JavaFX version in pom.xml (${POM_JFX_VERSION}) != jmod version (${JMOD_VERSION})"
exit 1
- }
+ fi
- name: Set version
run : mvn versions:set -DnewVersion=${{ needs.get-version.outputs.semVerStr }}
- name: Run maven
- run: mvn -B clean package -Pdependency-check,mac -DskipTests
+ run: mvn -B -Djavafx.platform=mac clean package -Pmac -DskipTests
- name: Patch target dir
run: |
cp LICENSE.txt target
cp target/cryptomator-*.jar target/mods
+ - name: Run jlink with help option
+ id: jep-493-check
+ run: |
+ JMOD_PATHS="openjfx-jmods"
+ if ! ${JAVA_HOME}/bin/jlink --help | grep -q "Linking from run-time image enabled"; then
+ JMOD_PATHS="${JAVA_HOME}/jmods:${JMOD_PATHS}"
+ fi
+ echo "jmod_paths=${JMOD_PATHS}" >> "$GITHUB_OUTPUT"
- name: Run jlink
+ #Remark: no compression is applied for improved build compression later (here dmg)
run: >
${JAVA_HOME}/bin/jlink
--verbose
--output runtime
- --module-path "${JAVA_HOME}/jmods"
- --add-modules java.base,java.desktop,java.instrument,java.logging,java.naming,java.net.http,java.scripting,java.sql,java.xml,javafx.base,javafx.graphics,javafx.controls,javafx.fxml,jdk.unsupported,jdk.crypto.ec,jdk.accessibility,jdk.management.jfr
+ --module-path "${{ steps.jep-493-check.outputs.jmod_paths }}"
+ --add-modules java.base,java.desktop,java.instrument,java.logging,java.naming,java.net.http,java.scripting,java.sql,java.xml,javafx.base,javafx.graphics,javafx.controls,javafx.fxml,jdk.unsupported,jdk.accessibility,jdk.management.jfr,java.compiler
--strip-native-commands
--no-header-files
--no-man-pages
--strip-debug
- --compress=1
+ --compress zip-0
- name: Run jpackage
run: >
${JAVA_HOME}/bin/jpackage
@@ -86,23 +109,24 @@ jobs:
--dest appdir
--name Cryptomator
--vendor "Skymatic GmbH"
- --copyright "(C) 2016 - 2023 Skymatic GmbH"
+ --copyright "(C) 2016 - 2025 Skymatic GmbH"
--app-version "${{ needs.get-version.outputs.semVerNum }}"
--java-options "--enable-preview"
--java-options "--enable-native-access=org.cryptomator.jfuse.mac"
--java-options "-Xss5m"
--java-options "-Xmx256m"
--java-options "-Dfile.encoding=\"utf-8\""
+ --java-options "-Djava.net.useSystemProxies=true"
--java-options "-Dapple.awt.enableTemplateImages=true"
--java-options "-Dsun.java2d.metal=true"
--java-options "-Dcryptomator.appVersion=\"${{ needs.get-version.outputs.semVerStr }}\""
- --java-options "-Dcryptomator.logDir=\"~/Library/Logs/Cryptomator\""
- --java-options "-Dcryptomator.pluginDir=\"~/Library/Application Support/Cryptomator/Plugins\""
- --java-options "-Dcryptomator.settingsPath=\"~/Library/Application Support/Cryptomator/settings.json\""
- --java-options "-Dcryptomator.p12Path=\"~/Library/Application Support/Cryptomator/key.p12\""
- --java-options "-Dcryptomator.ipcSocketPath=\"~/Library/Application Support/Cryptomator/ipc.socket\""
+ --java-options "-Dcryptomator.logDir=\"@{userhome}/Library/Logs/Cryptomator\""
+ --java-options "-Dcryptomator.pluginDir=\"@{userhome}/Library/Application Support/Cryptomator/Plugins\""
+ --java-options "-Dcryptomator.settingsPath=\"@{userhome}/Library/Application Support/Cryptomator/settings.json\""
+ --java-options "-Dcryptomator.p12Path=\"@{userhome}/Library/Application Support/Cryptomator/key.p12\""
+ --java-options "-Dcryptomator.ipcSocketPath=\"@{userhome}/Library/Application Support/Cryptomator/ipc.socket\""
--java-options "-Dcryptomator.integrationsMac.keychainServiceName=\"Cryptomator\""
- --java-options "-Dcryptomator.mountPointsDir=\"~/Cryptomator\""
+ --java-options "-Dcryptomator.mountPointsDir=\"@{userhome}/Library/Application Support/Cryptomator/mnt\""
--java-options "-Dcryptomator.showTrayIcon=true"
--java-options "-Dcryptomator.buildNumber=\"dmg-${{ needs.get-version.outputs.revNum }}\""
--mac-package-identifier org.cryptomator
@@ -113,12 +137,14 @@ jobs:
mv dist/mac/resources/Cryptomator-Vault.icns Cryptomator.app/Contents/Resources/
sed -i '' "s|###BUNDLE_SHORT_VERSION_STRING###|${VERSION_NO}|g" Cryptomator.app/Contents/Info.plist
sed -i '' "s|###BUNDLE_VERSION###|${REVISION_NO}|g" Cryptomator.app/Contents/Info.plist
+ echo -n "$PROVISIONING_PROFILE_BASE64" | base64 --decode --output Cryptomator.app/Contents/embedded.provisionprofile
env:
VERSION_NO: ${{ needs.get-version.outputs.semVerNum }}
REVISION_NO: ${{ needs.get-version.outputs.revNum }}
+ PROVISIONING_PROFILE_BASE64: ${{ secrets.MACOS_PROVISIONING_PROFILE_BASE64 }}
- name: Generate license for dmg
run: >
- mvn -B license:add-third-party
+ mvn -B -Djavafx.platform=mac license:add-third-party
-Dlicense.thirdPartyFilename=license.rtf
-Dlicense.outputDirectory=dist/mac/dmg/resources
-Dlicense.fileTemplate=dist/mac/dmg/resources/licenseTemplate.ftl
@@ -151,7 +177,7 @@ jobs:
run: |
echo "Codesigning jdk files..."
find Cryptomator.app/Contents/runtime/Contents/Home/lib/ -name '*.dylib' -exec codesign --force -s ${CODESIGN_IDENTITY} {} \;
- find Cryptomator.app/Contents/runtime/Contents/Home/lib/ -name 'jspawnhelper' -exec codesign --force -o runtime -s ${CODESIGN_IDENTITY} {} \;
+ find Cryptomator.app/Contents/runtime/Contents/Home/lib/ \( -name 'jspawnhelper' -o -name 'pauseengine' -o -name 'simengine' \) -exec codesign --force -o runtime -s ${CODESIGN_IDENTITY} {} \;
echo "Codesigning jar contents..."
find Cryptomator.app/Contents/runtime/Contents/MacOS -name '*.dylib' -exec codesign --force -s ${CODESIGN_IDENTITY} {} \;
for JAR_PATH in `find Cryptomator.app -name "*.jar"`; do
@@ -170,14 +196,17 @@ jobs:
fi
done
echo "Codesigning Cryptomator.app..."
+ sed -i '' "s|###APP_IDENTIFIER_PREFIX###|${TEAM_IDENTIFIER}.|g" dist/mac/Cryptomator.entitlements
+ sed -i '' "s|###TEAM_IDENTIFIER###|${TEAM_IDENTIFIER}|g" dist/mac/Cryptomator.entitlements
codesign --force --deep --entitlements dist/mac/Cryptomator.entitlements -o runtime -s ${CODESIGN_IDENTITY} Cryptomator.app
env:
CODESIGN_IDENTITY: ${{ secrets.MACOS_CODESIGN_IDENTITY }}
+ TEAM_IDENTIFIER: ${{ secrets.MACOS_TEAM_IDENTIFIER }}
- name: Prepare .dmg contents
run: |
mkdir dmg
mv Cryptomator.app dmg
- cp dist/mac/dmg/resources/macFUSE.webloc dmg
+ cp dist/mac/dmg/resources/${{ matrix.fuse-lib }}.webloc dmg
ls -l dmg
- name: Install create-dmg
run: |
@@ -188,31 +217,30 @@ jobs:
create-dmg
--volname Cryptomator
--volicon "dist/mac/dmg/resources/Cryptomator-Volume.icns"
- --background "dist/mac/dmg/resources/Cryptomator-background.tiff"
+ --background "dist/mac/dmg/resources/Cryptomator-${{ matrix.fuse-lib }}-background.tiff"
--window-pos 400 100
--window-size 640 694
--icon-size 128
--icon "Cryptomator.app" 128 245
--hide-extension "Cryptomator.app"
- --icon "macFUSE.webloc" 320 501
- --hide-extension "macFUSE.webloc"
+ --icon "${{ matrix.fuse-lib }}.webloc" 320 501
+ --hide-extension "${{ matrix.fuse-lib }}.webloc"
--app-drop-link 512 245
--eula "dist/mac/dmg/resources/license.rtf"
--icon ".background" 128 758
- --icon ".fseventsd" 320 758
--icon ".VolumeIcon.icns" 512 758
Cryptomator-${VERSION_NO}-${{ matrix.output-suffix }}.dmg dmg
env:
VERSION_NO: ${{ needs.get-version.outputs.semVerNum }}
- name: Notarize .dmg
- if: startsWith(github.ref, 'refs/tags/')
+ if: startsWith(github.ref, 'refs/tags/') || inputs.notarize
uses: cocoalibs/xcode-notarization-action@v1
with:
app-path: 'Cryptomator-*.dmg'
apple-id: ${{ secrets.MACOS_NOTARIZATION_APPLE_ID }}
password: ${{ secrets.MACOS_NOTARIZATION_PW }}
team-id: ${{ secrets.MACOS_NOTARIZATION_TEAM_ID }}
- xcode-path: ${{ matrix.xcode-path }}
+ xcode-path: '/Applications/Xcode_16.app'
- name: Add possible alpha/beta tags to installer name
run: mv Cryptomator-*.dmg Cryptomator-${{ needs.get-version.outputs.semVerStr }}-${{ matrix.output-suffix }}.dmg
- name: Create detached GPG signature with key 615D449FE6E6A235
@@ -227,14 +255,16 @@ jobs:
run: security delete-keychain $RUNNER_TEMP/codesign.keychain-db
continue-on-error: true
- name: Upload artifacts
- uses: actions/upload-artifact@v3
+ uses: actions/upload-artifact@v4
with:
name: dmg-${{ matrix.output-suffix }}
- path: Cryptomator-*.dmg
+ path: |
+ Cryptomator-*.dmg
+ Cryptomator-*.asc
if-no-files-found: error
- name: Publish dmg on GitHub Releases
- if: startsWith(github.ref, 'refs/tags/')
- uses: softprops/action-gh-release@v1
+ if: startsWith(github.ref, 'refs/tags/') && github.event.action == 'published'
+ uses: softprops/action-gh-release@v2
with:
fail_on_unmatched_files: true
token: ${{ secrets.CRYPTOBOT_RELEASE_TOKEN }}
diff --git a/.github/workflows/no-response.yml b/.github/workflows/no-response.yml
new file mode 100644
index 000000000..43c634e20
--- /dev/null
+++ b/.github/workflows/no-response.yml
@@ -0,0 +1,22 @@
+# Configuration for close-stale-issues - https://github.com/marketplace/actions/close-stale-issues
+
+name: 'Close awaiting response issues'
+on:
+ schedule:
+ - cron: '00 09 * * *'
+
+jobs:
+ no-response:
+ runs-on: ubuntu-latest
+ permissions:
+ issues: write
+ pull-requests: write
+ steps:
+ - uses: actions/stale@v9
+ with:
+ days-before-stale: 14
+ days-before-close: 0
+ days-before-pr-close: -1
+ stale-issue-label: 'state:stale'
+ close-issue-message: "This issue has been automatically closed because there has been no response to our request for more information from the original author. With only the information that is currently in the issue, we don't have enough information to take action. Please reach out if you have or find the answers we need so that we can investigate further."
+ only-labels: 'state:awaiting-response'
diff --git a/.github/workflows/post-publish.yml b/.github/workflows/post-publish.yml
index 121cfd599..eaa6fb3f4 100644
--- a/.github/workflows/post-publish.yml
+++ b/.github/workflows/post-publish.yml
@@ -10,7 +10,7 @@ jobs:
steps:
- name: Download source tarball
run: |
- curl -L -H "Accept: application/vnd.github+json" ${{ github.event.release.tarball_url }} --output cryptomator-${{ github.event.release.tag_name }}.tar.gz
+ curl -L -H "Accept: application/vnd.github+json" https://github.com/cryptomator/cryptomator/archive/refs/tags/${{ github.event.release.tag_name }}.tar.gz --output cryptomator-${{ github.event.release.tag_name }}.tar.gz
- name: Sign source tarball with key 615D449FE6E6A235
run: |
echo "${GPG_PRIVATE_KEY}" | gpg --batch --quiet --import
@@ -19,7 +19,7 @@ jobs:
GPG_PRIVATE_KEY: ${{ secrets.RELEASES_GPG_PRIVATE_KEY }}
GPG_PASSPHRASE: ${{ secrets.RELEASES_GPG_PASSPHRASE }}
- name: Publish asc on GitHub Releases
- uses: softprops/action-gh-release@v1
+ uses: softprops/action-gh-release@v2
with:
fail_on_unmatched_files: true
token: ${{ secrets.CRYPTOBOT_RELEASE_TOKEN }}
diff --git a/.github/workflows/pullrequest.yml b/.github/workflows/pullrequest.yml
index 48f7bd185..28ab593cd 100644
--- a/.github/workflows/pullrequest.yml
+++ b/.github/workflows/pullrequest.yml
@@ -4,7 +4,8 @@ on:
pull_request:
env:
- JAVA_VERSION: 19
+ JAVA_DIST: 'temurin'
+ JAVA_VERSION: 24
defaults:
run:
@@ -14,13 +15,12 @@ jobs:
test:
name: Compile and Test
runs-on: ubuntu-latest
- if: "!contains(github.event.head_commit.message, '[ci skip]') && !contains(github.event.head_commit.message, '[skip ci]')"
steps:
- - uses: actions/checkout@v3
- - uses: actions/setup-java@v3
+ - uses: actions/checkout@v4
+ - uses: actions/setup-java@v4
with:
- distribution: 'zulu'
+ distribution: ${{ env.JAVA_DIST }}
java-version: ${{ env.JAVA_VERSION }}
cache: 'maven'
- name: Build and Test
- run: xvfb-run mvn -B clean install jacoco:report -Pcoverage,dependency-check
\ No newline at end of file
+ run: xvfb-run mvn -B clean install jacoco:report -Pcoverage -Djavafx.platform=linux
\ No newline at end of file
diff --git a/.github/workflows/release-check.yml b/.github/workflows/release-check.yml
index 7309cb852..448d9a5a4 100644
--- a/.github/workflows/release-check.yml
+++ b/.github/workflows/release-check.yml
@@ -6,19 +6,26 @@ on:
- 'release/**'
- 'hotfix/**'
-env:
- JAVA_VERSION: 19
-
defaults:
run:
shell: bash
+env:
+ JAVA_DIST: 'temurin'
+ JAVA_VERSION: 23
+
jobs:
- release-check-precondition:
+ check-preconditions:
name: Validate commits pushed to release/hotfix branch to fulfill release requirements
runs-on: ubuntu-latest
steps:
- - uses: actions/checkout@v2
+ - uses: actions/checkout@v4
+ - name: Setup Java
+ uses: actions/setup-java@v4
+ with:
+ distribution: ${{ env.JAVA_DIST }}
+ java-version: ${{ env.JAVA_VERSION }}
+ cache: 'maven'
- id: validate-pom-version
name: Validate POM version
run: |
@@ -37,7 +44,22 @@ jobs:
fi
- name: Validate release in org.cryptomator.Cryptomator.metainfo.xml file
run: |
- if ! grep -q "" dist/linux/common/org.cryptomator.Cryptomator.metainfo.xml; then
+ if ! grep -q "" dist/linux/common/org.cryptomator.Cryptomator.metainfo.xml; then
echo "Release not set in dist/linux/common/org.cryptomator.Cryptomator.metainfo.xml"
exit 1
- fi
\ No newline at end of file
+ fi
+ - name: Cache NVD DB
+ uses: actions/cache@v4
+ with:
+ path: ~/.m2/repository/org/owasp/dependency-check-data/
+ key: dependency-check-${{ github.run_id }}
+ restore-keys: |
+ dependency-check
+ env:
+ SEGMENT_DOWNLOAD_TIMEOUT_MINS: 5
+ - name: Run org.owasp:dependency-check plugin
+ id: dependency-check
+ continue-on-error: true
+ run: mvn -B verify -Pdependency-check -DskipTests -Djavafx.platform=linux
+ env:
+ NVD_API_KEY: ${{ secrets.NVD_API_KEY }}
\ No newline at end of file
diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml
new file mode 100644
index 000000000..9a14cbe23
--- /dev/null
+++ b/.github/workflows/stale.yml
@@ -0,0 +1,24 @@
+# Configuration for close-stale-issues - https://github.com/marketplace/actions/close-stale-issues
+
+name: 'Close stale issues'
+on:
+ schedule:
+ - cron: '00 09 * * *'
+
+jobs:
+ stale:
+ runs-on: ubuntu-latest
+ permissions:
+ issues: write
+ pull-requests: write
+ steps:
+ - uses: actions/stale@v9
+ with:
+ days-before-stale: 365
+ days-before-close: 90
+ exempt-issue-labels: 'type:security-issue,type:feature-request,type:enhancement,type:upstream-bug,state:awaiting-response,state:blocked,state:confirmed'
+ exempt-all-milestones: true
+ stale-issue-label: 'state:stale'
+ stale-pr-label: 'state:stale'
+ stale-issue-message: 'This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.'
+ stale-pr-message: 'This PR has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.'
diff --git a/.github/workflows/win-exe.yml b/.github/workflows/win-exe.yml
index 73ccb10c6..d70b7ddeb 100644
--- a/.github/workflows/win-exe.yml
+++ b/.github/workflows/win-exe.yml
@@ -8,11 +8,19 @@ on:
version:
description: 'Version'
required: false
+ isDebug:
+ description: 'Build debug version with console output'
+ type: boolean
+ default: false
+
env:
- JAVA_VERSION: 19
JAVA_DIST: 'zulu'
- JAVA_CACHE: 'maven'
+ JAVA_VERSION: '24.0.1+9'
+ OPENJFX_JMODS_AMD64: 'https://download2.gluonhq.com/openjfx/23.0.1/openjfx-23.0.1_windows-x64_bin-jmods.zip'
+ OPENJFX_JMODS_AMD64_HASH: 'ee176dcee3bd78bde7910735bd67f67c792882f5b89626796ae06f7a1c0119d3'
+ WINFSP_MSI: 'https://github.com/winfsp/winfsp/releases/download/v2.0/winfsp-2.0.23075.msi'
+ WINFSP_UNINSTALLER: 'https://github.com/cryptomator/winfsp-uninstaller/releases/latest/download/winfsp-uninstaller.exe'
defaults:
run:
@@ -30,44 +38,73 @@ jobs:
needs: [get-version]
env:
LOOPBACK_ALIAS: 'cryptomator-vault'
+ WIN_CONSOLE_FLAG: ''
steps:
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
- name: Setup Java
- uses: actions/setup-java@v3
+ uses: actions/setup-java@v4
with:
distribution: ${{ env.JAVA_DIST }}
java-version: ${{ env.JAVA_VERSION }}
- java-package: 'jdk+fx'
- cache: ${{ env.JAVA_CACHE }}
- - name: Ensure major jfx version in pom equals in jdk
- shell: pwsh
+ check-latest: true
+ cache: 'maven'
+ - name: Install wix and extensions
run: |
- $jfxPomVersion = (&mvn help:evaluate "-Dexpression=javafx.version" -q -DforceStdout) -split "\."
- $jfxJdkVersion = ((Get-Content -path "${env:JAVA_HOME}/lib/javafx.properties" | Where-Object {$_ -like 'javafx.version=*' }) -replace '.*=','') -split "\."
- if ($jfxPomVersion[0] -ne $jfxJdkVersion[0]) {
- Write-Error "Major part of JavaFX version in pom($($jfxPomVersion[0])) does not match the version in JDK($($jfxJdkVersion[0])) "
- exit 1
+ dotnet tool install --global wix --version 6.0.0
+ wix.exe extension add WixToolset.UI.wixext/6.0.0 --global
+ wix.exe extension add WixToolset.Util.wixext/6.0.0 --global
+ - name: Download and extract JavaFX jmods from Gluon
+ #In the last step we move all jmods files a dir level up because jmods are placed inside a directory in the zip
+ run: |
+ curl --output openjfx-jmods.zip -L "${{ env.OPENJFX_JMODS_AMD64 }}"
+ if(!(Get-FileHash -Path openjfx-jmods.zip -Algorithm SHA256).Hash.ToLower().equals("${{ env.OPENJFX_JMODS_AMD64_HASH }}")) {
+ throw "Wrong checksum of JMOD archive downloaded from ${{ env.OPENJFX_JMODS_AMD64 }}.";
}
+ Expand-Archive -Path openjfx-jmods.zip -DestinationPath openjfx-jmods
+ Get-ChildItem -Path openjfx-jmods -Recurse -Filter "*.jmod" | ForEach-Object { Move-Item -Path $_ -Destination $_.Directory.Parent}
+ shell: pwsh
+ - name: Ensure major jfx version in pom and in jmods is the same
+ run: |
+ JMOD_VERSION_AMD64=$(jmod describe openjfx-jmods/javafx.base.jmod | head -1)
+ JMOD_VERSION_AMD64=${JMOD_VERSION_AMD64#*@}
+ JMOD_VERSION_AMD64=${JMOD_VERSION_AMD64%%.*}
+ POM_JFX_VERSION=$(mvn help:evaluate "-Dexpression=javafx.version" -q -DforceStdout)
+ POM_JFX_VERSION=${POM_JFX_VERSION#*@}
+ POM_JFX_VERSION=${POM_JFX_VERSION%%.*}
+
+ if [ $POM_JFX_VERSION -ne $JMOD_VERSION_AMD64 ]; then
+ >&2 echo "Major JavaFX version in pom.xml (${POM_JFX_VERSION}) != amd64 jmod version (${JMOD_VERSION_AMD64})"
+ exit 1
+ fi
- name: Set version
run : mvn versions:set -DnewVersion=${{ needs.get-version.outputs.semVerStr }}
- name: Run maven
- run: mvn -B clean package -Pdependency-check,win -DskipTests
+ run: mvn -B clean package -Pwin -DskipTests -Djavafx.platform=win
- name: Patch target dir
run: |
cp LICENSE.txt target
cp target/cryptomator-*.jar target/mods
+ - name: Run jlink with help option
+ id: jep-493-check
+ run: |
+ JMOD_PATHS="openjfx-jmods"
+ if ! $(${JAVA_HOME}/bin/jlink --help | grep -q "Linking from run-time image enabled"); then
+ JMOD_PATHS="${JAVA_HOME}/jmods;${JMOD_PATHS}"
+ fi
+ echo "jmod_paths=${JMOD_PATHS}" >> "$GITHUB_OUTPUT"
- name: Run jlink
+ #Remark: no compression is applied for improved build compression later (here msi)
run: >
${JAVA_HOME}/bin/jlink
--verbose
--output runtime
- --module-path "${JAVA_HOME}/jmods"
- --add-modules java.base,java.desktop,java.instrument,java.logging,java.naming,java.net.http,java.scripting,java.sql,java.xml,javafx.base,javafx.graphics,javafx.controls,javafx.fxml,jdk.unsupported,jdk.crypto.ec,jdk.accessibility,jdk.management.jfr
+ --module-path "${{ steps.jep-493-check.outputs.jmod_paths }}"
+ --add-modules java.base,java.desktop,java.instrument,java.logging,java.naming,java.net.http,java.scripting,java.sql,java.xml,javafx.base,javafx.graphics,javafx.controls,javafx.fxml,jdk.crypto.mscapi,jdk.unsupported,jdk.accessibility,jdk.management.jfr,java.compiler
--strip-native-commands
--no-header-files
--no-man-pages
--strip-debug
- --compress=1
+ --compress zip-0
- name: Prepare debug launcher config
shell: bash
run: envsubst '${SEMVER_STR} ${REVISION_NUM} ${APP_NAME} ${LOOPBACK_ALIAS}' < dist/win/resources/debug-launcher.properties > dist/win/resources/CryptomatorDebug.properties
@@ -87,25 +124,27 @@ jobs:
--dest appdir
--name Cryptomator
--vendor "Skymatic GmbH"
- --copyright "(C) 2016 - 2023 Skymatic GmbH"
+ --copyright "(C) 2016 - 2025 Skymatic GmbH"
--app-version "${{ needs.get-version.outputs.semVerNum }}.${{ needs.get-version.outputs.revNum }}"
--java-options "--enable-preview"
- --java-options "--enable-native-access=org.cryptomator.jfuse.win"
+ --java-options "--enable-native-access=org.cryptomator.jfuse.win,org.cryptomator.integrations.win"
--java-options "-Xss5m"
--java-options "-Xmx256m"
--java-options "-Dcryptomator.appVersion=\"${{ needs.get-version.outputs.semVerStr }}\""
--java-options "-Dfile.encoding=\"utf-8\""
- --java-options "-Dcryptomator.logDir=\"~/AppData/Roaming/Cryptomator\""
- --java-options "-Dcryptomator.pluginDir=\"~/AppData/Roaming/Cryptomator/Plugins\""
- --java-options "-Dcryptomator.settingsPath=\"~/AppData/Roaming/Cryptomator/settings.json\""
- --java-options "-Dcryptomator.p12Path=\"~/AppData/Roaming/Cryptomator/key.p12\""
- --java-options "-Dcryptomator.ipcSocketPath=\"~/AppData/Roaming/Cryptomator/ipc.socket\""
- --java-options "-Dcryptomator.mountPointsDir=\"~/Cryptomator\""
+ --java-options "-Djava.net.useSystemProxies=true"
+ --java-options "-Dcryptomator.logDir=\"@{localappdata}/Cryptomator\""
+ --java-options "-Dcryptomator.pluginDir=\"@{appdata}/Cryptomator/Plugins\""
+ --java-options "-Dcryptomator.settingsPath=\"@{appdata}/Cryptomator/settings.json;@{userhome}/AppData/Roaming/Cryptomator/settings.json\""
+ --java-options "-Dcryptomator.p12Path=\"@{appdata}/Cryptomator/key.p12;@{userhome}/AppData/Roaming/Cryptomator/key.p12\""
+ --java-options "-Dcryptomator.ipcSocketPath=\"@{localappdata}/Cryptomator/ipc.socket\""
+ --java-options "-Dcryptomator.mountPointsDir=\"@{userhome}/Cryptomator\""
--java-options "-Dcryptomator.loopbackAlias=\"${{ env.LOOPBACK_ALIAS }}\""
--java-options "-Dcryptomator.showTrayIcon=true"
--java-options "-Dcryptomator.buildNumber=\"msi-${{ needs.get-version.outputs.revNum }}\""
--java-options "-Dcryptomator.integrationsWin.autoStartShellLinkName=\"Cryptomator\""
- --java-options "-Dcryptomator.integrationsWin.keychainPaths=\"~/AppData/Roaming/Cryptomator/keychain.json\""
+ --java-options "-Dcryptomator.integrationsWin.keychainPaths=\"@{appdata}/Cryptomator/keychain.json;@{userhome}/AppData/Roaming/Cryptomator/keychain.json\""
+ --java-options "-Djavafx.verbose=${{ inputs.isDebug }}"
--resource-dir dist/win/resources
--icon dist/win/resources/Cryptomator.ico
--add-launcher "CryptomatorDebug=CryptomatorDebug.properties"
@@ -127,26 +166,56 @@ jobs:
attrib -r appdir/Cryptomator/Cryptomator.exe
attrib -r appdir/Cryptomator/CryptomatorDebug.exe
shell: pwsh
- - name: Extract integrations DLL for code signing
+ - name: Extract jars with DLLs for Codesigning
shell: pwsh
- run: gci ./appdir/Cryptomator/app/mods/ -File integrations-win-*.jar | ForEach-Object {Set-Location -Path $_.Directory; jar --file=$($_.FullName) --extract integrations.dll }
+ run: |
+ Add-Type -AssemblyName "System.io.compression.filesystem"
+ $jarFolder = Resolve-Path ".\appdir\Cryptomator\app\mods"
+ $jarExtractDir = New-Item -Path ".\appdir\jar-extract" -ItemType Directory
+
+ #for all jars inspect
+ Get-ChildItem -Path $jarFolder -Filter "*.jar" | ForEach-Object {
+ $jar = [Io.compression.zipfile]::OpenRead($_.FullName)
+ if (@($jar.Entries | Where-Object {$_.Name.ToString().EndsWith(".dll")} | Select-Object -First 1).Count -gt 0) {
+ #jars containing dlls extract
+ Set-Location $jarExtractDir
+ Expand-Archive -Path $_.FullName
+ }
+ $jar.Dispose()
+ }
+ - name: Extract wixhelper.dll for Codesigning #see https://github.com/cryptomator/cryptomator/issues/3130
+ shell: pwsh
+ run: |
+ New-Item -Path appdir/jpackage-jmod -ItemType Directory
+ & $env:JAVA_HOME\bin\jmod.exe extract --dir jpackage-jmod "${env:JAVA_HOME}\jmods\jdk.jpackage.jmod"
+ Get-ChildItem -Recurse -Path "jpackage-jmod" -File wixhelper.dll | Select-Object -Last 1 | Copy-Item -Destination "appdir"
- name: Codesign
- uses: skymatic/code-sign-action@v2
+ uses: skymatic/code-sign-action@v3
with:
certificate: ${{ secrets.WIN_CODESIGN_P12_BASE64 }}
password: ${{ secrets.WIN_CODESIGN_P12_PW }}
certificatesha1: 5FC94CE149E5B511E621F53A060AC67CBD446B3A
description: Cryptomator
timestampUrl: 'http://timestamp.digicert.com'
- folder: appdir/Cryptomator
+ folder: appdir
recursive: true
- - name: Repack signed DLL into jar
+ - name: Replace DLLs inside jars with signed ones
shell: pwsh
run: |
- gci ./appdir/Cryptomator/app/mods/ -File integrations-win-*.jar | ForEach-Object {Set-Location -Path $_.Directory; jar --file=$($_.FullName) --update integrations.dll; Remove-Item integrations.dll}
+ $jarExtractDir = Resolve-Path ".\appdir\jar-extract"
+ $jarFolder = Resolve-Path ".\appdir\Cryptomator\app\mods"
+ Get-ChildItem -Path $jarExtractDir | ForEach-Object {
+ $jarName = $_.Name
+ $jarFile = "${jarFolder}\${jarName}.jar"
+ Set-Location $_
+ Get-ChildItem -Path $_ -Recurse -File "*.dll" | ForEach-Object {
+ # update jar with signed dll
+ jar --file="$jarFile" --update $(Resolve-Path -Relative -Path $_)
+ }
+ }
- name: Generate license for MSI
run: >
- mvn -B license:add-third-party
+ mvn -B license:add-third-party "-Djavafx.platform=win"
"-Dlicense.thirdPartyFilename=license.rtf"
"-Dlicense.outputDirectory=dist/win/resources"
"-Dlicense.fileTemplate=dist/win/resources/licenseTemplate.ftl"
@@ -165,20 +234,21 @@ jobs:
--dest installer
--name Cryptomator
--vendor "Skymatic GmbH"
- --copyright "(C) 2016 - 2023 Skymatic GmbH"
- --app-version "${{ needs.get-version.outputs.semVerNum }}"
+ --copyright "(C) 2016 - 2025 Skymatic GmbH"
+ --app-version "${{ needs.get-version.outputs.semVerNum }}.${{ needs.get-version.outputs.revNum}}"
--win-menu
--win-dir-chooser
--win-shortcut-prompt
- --win-update-url "https:\\cryptomator.org"
+ --win-update-url "https:\\cryptomator.org\downloads"
--win-menu-group Cryptomator
--resource-dir dist/win/resources
--license-file dist/win/resources/license.rtf
--file-associations dist/win/resources/FAvaultFile.properties
env:
JP_WIXWIZARD_RESOURCES: ${{ github.workspace }}/dist/win/resources # requires abs path, used in resources/main.wxs
+ JP_WIXHELPER_DIR: ${{ github.workspace }}\appdir
- name: Codesign MSI
- uses: skymatic/code-sign-action@v2
+ uses: skymatic/code-sign-action@v3
with:
certificate: ${{ secrets.WIN_CODESIGN_P12_BASE64 }}
password: ${{ secrets.WIN_CODESIGN_P12_PW }}
@@ -196,53 +266,41 @@ jobs:
GPG_PRIVATE_KEY: ${{ secrets.RELEASES_GPG_PRIVATE_KEY }}
GPG_PASSPHRASE: ${{ secrets.RELEASES_GPG_PASSPHRASE }}
- name: Upload artifacts
- uses: actions/upload-artifact@v3
+ uses: actions/upload-artifact@v4
with:
name: msi
path: |
Cryptomator-*.msi
Cryptomator-*.asc
if-no-files-found: error
- - name: Publish .msi on GitHub Releases
- if: startsWith(github.ref, 'refs/tags/')
- uses: softprops/action-gh-release@v1
- with:
- fail_on_unmatched_files: true
- token: ${{ secrets.CRYPTOBOT_RELEASE_TOKEN }}
- files: |
- *.msi
- *.asc
-
- call-winget-flow:
- needs: [get-version, build-msi]
- if: github.event.action == 'published' && needs.get-version.outputs.versionType == 'stable'
- uses: ./.github/workflows/winget.yml
- with:
- releaseTag: ${{ github.event.release.tag_name }}
- secrets: inherit
-
build-exe:
name: Build .exe installer
runs-on: windows-latest
needs: [get-version, build-msi]
steps:
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
+ - name: Install wix and extensions
+ run: |
+ dotnet tool install --global wix --version 6.0.0
+ wix.exe extension add WixToolset.BootstrapperApplications.wixext/6.0.0 --global
+ wix.exe extension add WixToolset.Util.wixext/6.0.0 --global
- name: Download .msi
- uses: actions/download-artifact@v3
+ uses: actions/download-artifact@v4
with:
name: msi
path: dist/win/bundle/resources
- name: Strip version info from msi file name
run: mv dist/win/bundle/resources/Cryptomator*.msi dist/win/bundle/resources/Cryptomator.msi
- - uses: actions/setup-java@v3
+ - uses: actions/setup-java@v4
with:
distribution: ${{ env.JAVA_DIST }}
java-version: ${{ env.JAVA_VERSION }}
- cache: ${{ env.JAVA_CACHE }}
+ check-latest: true
+ cache: 'maven'
- name: Generate license for exe
run: >
- mvn -B license:add-third-party
+ mvn -B license:add-third-party "-Djavafx.platform=win"
"-Dlicense.thirdPartyFilename=license.rtf"
"-Dlicense.fileTemplate=dist/win/bundle/resources/licenseTemplate.ftl"
"-Dlicense.outputDirectory=dist/win/bundle/resources"
@@ -253,32 +311,32 @@ jobs:
shell: pwsh
- name: Download WinFsp
run: |
- $winfspUrl= (Select-String -Path ".\dist\win\bundle\resources\winfsp-download.url" -Pattern 'https:.*').Matches.Value
- curl --output dist/win/bundle/resources/winfsp.msi -L $winfspUrl
+ curl --output dist/win/bundle/resources/winfsp.msi -L ${{ env.WINFSP_MSI }}
shell: pwsh
- - name: Compile to wixObj file
+ - name: Download Legacy-WinFsp uninstaller
+ run: |
+ curl --output dist/win/bundle/resources/winfsp-uninstaller.exe -L ${{ env.WINFSP_UNINSTALLER }}
+ shell: pwsh
+ - name: Create Wix Burn bundle
+ working-directory: dist/win
run: >
- "${WIX}/bin/candle.exe" dist/win/bundle/bundleWithWinfsp.wxs
- -ext WixBalExtension
- -out dist/win/bundle/
- -dBundleVersion="${{ needs.get-version.outputs.semVerNum }}.${{ needs.get-version.outputs.revNum }}"
- -dBundleVendor="Skymatic GmbH"
- -dBundleCopyright="(C) 2016 - 2023 Skymatic GmbH"
- -dAboutUrl="https://cryptomator.org"
- -dHelpUrl="https://cryptomator.org/contact"
- -dUpdateUrl="https://cryptomator.org/downloads/"
- - name: Create executable with linker
- run: >
- "${WIX}/bin/light.exe" -b dist/win/ dist/win/bundle/bundleWithWinfsp.wixobj
- -ext WixBalExtension
- -out installer/unsigned/Cryptomator-Installer.exe
+ wix build
+ -define BundleName="Cryptomator"
+ -define BundleVersion="${{ needs.get-version.outputs.semVerNum }}.${{ needs.get-version.outputs.revNum}}"
+ -define BundleVendor="Skymatic GmbH"
+ -define BundleCopyright="(C) 2016 - 2025 Skymatic GmbH"
+ -define AboutUrl="https://cryptomator.org"
+ -define HelpUrl="https://cryptomator.org/contact"
+ -define UpdateUrl="https://cryptomator.org/downloads/"
+ -ext "WixToolset.Util.wixext"
+ -ext "WixToolset.BootstrapperApplications.wixext"
+ ./bundle/bundleWithWinfsp.wxs
+ -out "../../installer/unsigned/Cryptomator-Installer.exe"
- name: Detach burn engine in preparation to sign
run: >
- "${WIX}/bin/insignia.exe"
- -ib installer/unsigned/Cryptomator-Installer.exe
- -o tmp/engine.exe
+ wix burn detach installer/unsigned/Cryptomator-Installer.exe -engine tmp/engine.exe
- name: Codesign burn engine
- uses: skymatic/code-sign-action@v2
+ uses: skymatic/code-sign-action@v3
with:
certificate: ${{ secrets.WIN_CODESIGN_P12_BASE64 }}
password: ${{ secrets.WIN_CODESIGN_P12_PW }}
@@ -287,12 +345,10 @@ jobs:
timestampUrl: 'http://timestamp.digicert.com'
folder: tmp
- name: Reattach signed burn engine to installer
- run : >
- "${WIX}/bin/insignia.exe"
- -ab tmp/engine.exe installer/unsigned/Cryptomator-Installer.exe
- -o installer/Cryptomator-Installer.exe
+ run: >
+ wix burn reattach installer/unsigned/Cryptomator-Installer.exe -engine tmp/engine.exe -o installer/Cryptomator-Installer.exe
- name: Codesign EXE
- uses: skymatic/code-sign-action@v2
+ uses: skymatic/code-sign-action@v3
with:
certificate: ${{ secrets.WIN_CODESIGN_P12_BASE64 }}
password: ${{ secrets.WIN_CODESIGN_P12_PW }}
@@ -310,59 +366,68 @@ jobs:
GPG_PRIVATE_KEY: ${{ secrets.RELEASES_GPG_PRIVATE_KEY }}
GPG_PASSPHRASE: ${{ secrets.RELEASES_GPG_PASSPHRASE }}
- name: Upload artifacts
- uses: actions/upload-artifact@v3
+ uses: actions/upload-artifact@v4
with:
name: exe
path: |
Cryptomator-*.exe
Cryptomator-*.asc
if-no-files-found: error
+
+ publish:
+ name: Publish installers to the github release
+ if: startsWith(github.ref, 'refs/tags/') && github.event.action == 'published'
+ runs-on: ubuntu-latest
+ needs: [build-msi, build-exe]
+ outputs:
+ download-url-msi: ${{ fromJSON(steps.publish.outputs.assets)[0].browser_download_url }}
+ download-url-exe: ${{ fromJSON(steps.publish.outputs.assets)[1].browser_download_url }}
+ steps:
+ - name: Download installers
+ uses: actions/download-artifact@v4
+ with:
+ merge-multiple: true
- name: Publish .msi on GitHub Releases
- if: startsWith(github.ref, 'refs/tags/')
- uses: softprops/action-gh-release@v1
+ id: publish
+ uses: softprops/action-gh-release@v2
with:
fail_on_unmatched_files: true
token: ${{ secrets.CRYPTOBOT_RELEASE_TOKEN }}
+ # do not change ordering of filelist, required for correct job output
files: |
- Cryptomator-*.exe
- Cryptomator-*.asc
+ *.msi
+ *.exe
+ *.asc
- allowlist:
- name: Anti Virus Allowlisting
- if: startsWith(github.ref, 'refs/tags/')
+ allowlist-msi:
+ uses: ./.github/workflows/av-whitelist.yml
+ needs: [publish]
+ with:
+ url: ${{ needs.publish.outputs.download-url-msi }}
+ secrets: inherit
+
+ allowlist-exe:
+ uses: ./.github/workflows/av-whitelist.yml
+ needs: [publish, allowlist-msi]
+ with:
+ url: ${{ needs.publish.outputs.download-url-exe }}
+ secrets: inherit
+
+ notify-winget:
+ name: Notify for winget-release
+ if: needs.get-version.outputs.versionType == 'stable'
+ needs: [publish, get-version]
runs-on: ubuntu-latest
- needs: [build-msi, build-exe]
steps:
- - name: Download .msi
- uses: actions/download-artifact@v3
- with:
- name: msi
- path: msi
- - name: Download .exe
- uses: actions/download-artifact@v3
- with:
- name: exe
- path: exe
- - name: Collect files
- run: |
- mkdir files
- cp msi/*.msi files
- cp exe/*.exe files
- - name: Upload to Kaspersky
- uses: SamKirkland/FTP-Deploy-Action@4.3.3
- with:
- protocol: ftps
- server: allowlist.kaspersky-labs.com
- port: 990
- username: ${{ secrets.ALLOWLIST_KASPERSKY_USERNAME }}
- password: ${{ secrets.ALLOWLIST_KASPERSKY_PASSWORD }}
- local-dir: files/
- - name: Upload to Avast
- uses: SamKirkland/FTP-Deploy-Action@4.3.0
- with:
- protocol: ftp
- server: whitelisting.avast.com
- port: 21
- username: ${{ secrets.ALLOWLIST_AVAST_USERNAME }}
- password: ${{ secrets.ALLOWLIST_AVAST_PASSWORD }}
- local-dir: files/
+ - name: Slack Notification
+ uses: rtCamp/action-slack-notify@v2
+ env:
+ SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_URL }}
+ SLACK_USERNAME: 'Cryptobot'
+ SLACK_ICON: false
+ SLACK_ICON_EMOJI: ':bot:'
+ SLACK_CHANNEL: 'cryptomator-desktop'
+ SLACK_TITLE: "MSI of ${{ github.event.repository.name }} ${{ github.event.release.tag_name }} published."
+ SLACK_MESSAGE: "Ready to ."
+ SLACK_FOOTER: false
+ MSG_MINIMAL: true
\ No newline at end of file
diff --git a/.github/workflows/winget.yml b/.github/workflows/winget.yml
index 632b02de5..6d5a9c57d 100644
--- a/.github/workflows/winget.yml
+++ b/.github/workflows/winget.yml
@@ -1,49 +1,27 @@
-name: Release to Winget
+name: Publish MSI to winget-pkgs
on:
- workflow_call:
- inputs:
- releaseTag:
- required: true
- type: string
workflow_dispatch:
inputs:
- releaseTag:
- description: 'Release tag name'
+ tag:
+ description: 'Release tag'
required: true
- type: string
jobs:
- publish-winget:
- name: Publish on winget repo
+ winget:
+ name: Publish winget package
runs-on: windows-latest
steps:
- - name: Get download url for release assets
- id: get-release-assets
- uses: actions/github-script@v6
- with:
- script: |
- const query =`query($tag:String!) {
- repository(owner:"cryptomator", name:"cryptomator"){
- release(tagName: $tag) {
- releaseAssets(first:20) {
- nodes {
- name
- downloadUrl
- }
- }
- }
- }
- }`;
- const variables = {
- tag: "${{ inputs.releaseTag }}"
- }
- return await github.graphql(query, variables)
- - name: Submit package to Windows Package Manager Community Repository
- id: submit-winget
+ - name: Sync winget-pkgs fork
run: |
- iwr https://aka.ms/wingetcreate/latest -OutFile wingetcreate.exe
- $releaseAssets = (ConvertFrom-Json '${{ steps.get-release-assets.outputs.result }}').repository.release.releaseAssets.nodes
- $installerUrl = $releaseAssets | Where-Object -Property name -match '^Cryptomator-.*\.msi$' | Select -ExpandProperty downloadUrl -First 1
- .\wingetcreate.exe update Cryptomator.Cryptomator -s -v "${{ inputs.releaseTag }}" -u "$installerUrl" -t ${{ secrets.CRYPTOBOT_WINGET_TOKEN }}
- shell: pwsh
+ gh repo sync cryptomator/winget-pkgs -b master --force
+ env:
+ GH_TOKEN: ${{ secrets.CRYPTOBOT_WINGET_TOKEN }}
+ - name: Submit package
+ uses: vedantmgoyal2009/winget-releaser@main
+ with:
+ identifier: Cryptomator.Cryptomator
+ version: ${{ inputs.tag }}
+ release-tag: ${{ inputs.tag }}
+ installers-regex: '\.msi$'
+ token: ${{ secrets.CRYPTOBOT_WINGET_TOKEN }}
\ No newline at end of file
diff --git a/.idea/codeStyles/Project.xml b/.idea/codeStyles/Project.xml
index d361191e8..dd49b35b0 100644
--- a/.idea/codeStyles/Project.xml
+++ b/.idea/codeStyles/Project.xml
@@ -53,9 +53,10 @@
-
+
+
diff --git a/.idea/compiler.xml b/.idea/compiler.xml
index e9c70c10f..1256745d3 100644
--- a/.idea/compiler.xml
+++ b/.idea/compiler.xml
@@ -14,30 +14,31 @@
-
-
+
+
+
-
-
-
-
+
+
-
-
-
-
-
-
-
-
+
+
+
+
+
+
+
+
-
-
+
+
+
+
-
+
@@ -45,7 +46,7 @@
\ No newline at end of file
diff --git a/.idea/misc.xml b/.idea/misc.xml
index e5d629592..cbe05c79b 100644
--- a/.idea/misc.xml
+++ b/.idea/misc.xml
@@ -8,7 +8,7 @@
-
+
\ No newline at end of file
diff --git a/.idea/runConfigurations/Cryptomator_Linux.xml b/.idea/runConfigurations/Cryptomator_Linux.xml
index 887a5044e..1a1b394b5 100644
--- a/.idea/runConfigurations/Cryptomator_Linux.xml
+++ b/.idea/runConfigurations/Cryptomator_Linux.xml
@@ -2,7 +2,7 @@
-
+
diff --git a/.idea/runConfigurations/Cryptomator_Linux_Dev.xml b/.idea/runConfigurations/Cryptomator_Linux_Dev.xml
index 1bcd27ff3..ac4df5630 100644
--- a/.idea/runConfigurations/Cryptomator_Linux_Dev.xml
+++ b/.idea/runConfigurations/Cryptomator_Linux_Dev.xml
@@ -2,7 +2,7 @@
-
+
diff --git a/.idea/runConfigurations/Cryptomator_Windows.xml b/.idea/runConfigurations/Cryptomator_Windows.xml
index 3c4ecc4a3..2e9fdb785 100644
--- a/.idea/runConfigurations/Cryptomator_Windows.xml
+++ b/.idea/runConfigurations/Cryptomator_Windows.xml
@@ -2,7 +2,7 @@
-
+
diff --git a/.idea/runConfigurations/Cryptomator_Windows_Dev.xml b/.idea/runConfigurations/Cryptomator_Windows_Dev.xml
index 2093aee5e..50a07c3cb 100644
--- a/.idea/runConfigurations/Cryptomator_Windows_Dev.xml
+++ b/.idea/runConfigurations/Cryptomator_Windows_Dev.xml
@@ -2,7 +2,7 @@
-
+
diff --git a/.idea/runConfigurations/Cryptomator_macOS.xml b/.idea/runConfigurations/Cryptomator_macOS.xml
index 03e231c77..006986c2c 100644
--- a/.idea/runConfigurations/Cryptomator_macOS.xml
+++ b/.idea/runConfigurations/Cryptomator_macOS.xml
@@ -5,7 +5,7 @@
-
+
diff --git a/.idea/runConfigurations/Cryptomator_macOS_Dev.xml b/.idea/runConfigurations/Cryptomator_macOS_Dev.xml
index 4aed7aed5..d1534d9ed 100644
--- a/.idea/runConfigurations/Cryptomator_macOS_Dev.xml
+++ b/.idea/runConfigurations/Cryptomator_macOS_Dev.xml
@@ -5,7 +5,7 @@
-
+
diff --git a/README.md b/README.md
index b742846c2..d2bf39f29 100644
--- a/README.md
+++ b/README.md
@@ -1,9 +1,9 @@
[](https://cryptomator.org/)
-[](https://github.com/cryptomator/cryptomator/actions?query=workflow%3ABuild)
+[](https://github.com/cryptomator/cryptomator/actions/workflows/build.yml?query=branch%3Adevelop)
[](https://snyk.io/test/github/cryptomator/cryptomator)
[](https://sonarcloud.io/dashboard?id=cryptomator_cryptomator)
-[](http://twitter.com/Cryptomator)
+[](https://mastodon.online/@cryptomator)
[](https://translate.cryptomator.org/)
[](https://github.com/cryptomator/cryptomator/releases/latest)
[](https://community.cryptomator.org)
@@ -17,32 +17,24 @@ Cryptomator is provided free of charge as an open-source project despite the hig
### Gold Sponsors
-
-
-
-
-
-
-
-
+Become our Gold Sponsor and showcase your brand to a targeted audience! Please contact us if you are interested.
### Silver Sponsors
-
-
-
+
+
### Special Shoutout
-Continuous integration hosting for ARM64 builds is provided by [MacStadium](https://www.macstadium.com/opensource).
+Continuous integration hosting for ARM64 builds is provided by [MacStadium](https://www.macstadium.com/company/opensource).
-
+
---
@@ -62,7 +54,7 @@ Download native binaries of Cryptomator on [cryptomator.org](https://cryptomator
- File names get encrypted
- Folder structure gets obfuscated
- Use as many vaults in your Dropbox as you want, each having individual passwords
-- Four thousand commits for the security of your data!! :tada:
+- More than Five thousand commits for the security of your data!! :tada:
### Privacy
@@ -74,19 +66,19 @@ Download native binaries of Cryptomator on [cryptomator.org](https://cryptomator
### Consistency
-- HMAC over file contents to recognize changed ciphertext before decryption
+- Authenticated encryption is used for file content to recognize changed ciphertext before decryption
- I/O operations are transactional and atomic, if the filesystems support it
- Each file contains all information needed for decryption (except for the key of course), no common metadata means no [SPOF](http://en.wikipedia.org/wiki/Single_point_of_failure)
### Security Architecture
-For more information on the security details visit [cryptomator.org](https://docs.cryptomator.org/en/latest/security/architecture/).
+For more information on the security details visit [cryptomator.org](https://docs.cryptomator.org/security/architecture/).
## Building
### Dependencies
-* JDK 19 (e.g. temurin)
+* JDK 23 (e.g. temurin, zulu)
* Maven 3
### Run Maven
diff --git a/dist/linux/appimage/.gitignore b/dist/linux/appimage/.gitignore
index 1ed40c771..3e0cd2a39 100644
--- a/dist/linux/appimage/.gitignore
+++ b/dist/linux/appimage/.gitignore
@@ -1,4 +1,6 @@
-# created during build
+# downloaded/created during build
+openjfx-jmods.zip
+*.jmod
Cryptomator.AppDir
*.AppImage
*.AppImage.zsync
\ No newline at end of file
diff --git a/dist/linux/appimage/build.sh b/dist/linux/appimage/build.sh
index 487a1fee0..952c3bcd1 100755
--- a/dist/linux/appimage/build.sh
+++ b/dist/linux/appimage/build.sh
@@ -1,4 +1,5 @@
#!/bin/bash
+set -e
cd $(dirname $0)
REVISION_NO=`git rev-list --count HEAD`
@@ -7,32 +8,68 @@ REVISION_NO=`git rev-list --count HEAD`
if [ -z "${JAVA_HOME}" ]; then echo "JAVA_HOME not set. Run using JAVA_HOME=/path/to/jdk ./build.sh"; exit 1; fi
command -v mvn >/dev/null 2>&1 || { echo >&2 "mvn not found."; exit 1; }
command -v curl >/dev/null 2>&1 || { echo >&2 "curl not found."; exit 1; }
+command -v unzip >/dev/null 2>&1 || { echo >&2 "unzip not found."; exit 1; }
VERSION=$(mvn -f ../../../pom.xml help:evaluate -Dexpression=project.version -q -DforceStdout)
SEMVER_STR=${VERSION}
+CPU_ARCH=$(uname -p)
+
+if [[ ! "${CPU_ARCH}" =~ x86_64|aarch64 ]]; then echo "Platform ${CPU_ARCH} not supported"; exit 1; fi
mvn -f ../../../pom.xml versions:set -DnewVersion=${SEMVER_STR}
# compile
-mvn -B -f ../../../pom.xml clean package -Plinux -DskipTests
+mvn -B -f ../../../pom.xml clean package -Plinux -DskipTests -Djavafx.platform=linux
cp ../../../LICENSE.txt ../../../target
-cp ../launcher.sh ../../../target
cp ../../../target/cryptomator-*.jar ../../../target/mods
-# add runtime
+JAVAFX_VERSION=23.0.2
+JAVAFX_ARCH="x64"
+JAVAFX_JMODS_SHA256='063baebc6922e4a89c94b9dfb7a4f53e59e8d6fec400d4e670b31bc2ab324dec'
+if [ "${CPU_ARCH}" = "aarch64" ]; then
+ JAVAFX_ARCH="aarch64"
+ JAVAFX_JMODS_SHA256='9bbedaeae1590b69e2b22237bda310936df33e344dbc243bea2e86acaab3a0d8'
+fi
+
+# download javaFX jmods
+JAVAFX_JMODS_URL="https://download2.gluonhq.com/openjfx/${JAVAFX_VERSION}/openjfx-${JAVAFX_VERSION}_linux-${JAVAFX_ARCH}_bin-jmods.zip"
+
+
+curl -L ${JAVAFX_JMODS_URL} -o openjfx-jmods.zip
+echo "${JAVAFX_JMODS_SHA256} openjfx-jmods.zip" | shasum -a256 --check
+mkdir -p openjfx-jmods
+unzip -o -j openjfx-jmods.zip \*/javafx.base.jmod \*/javafx.controls.jmod \*/javafx.fxml.jmod \*/javafx.graphics.jmod -d openjfx-jmods
+JMOD_VERSION=$(jmod describe ./openjfx-jmods/javafx.base.jmod | head -1)
+JMOD_VERSION=${JMOD_VERSION#*@}
+JMOD_VERSION=${JMOD_VERSION%%.*}
+POM_JFX_VERSION=$(mvn help:evaluate "-Dexpression=javafx.version" -q -DforceStdout -B -f ../../../pom.xml)
+POM_JFX_VERSION=${POM_JFX_VERSION#*@}
+POM_JFX_VERSION=${POM_JFX_VERSION%%.*}
+if [ $POM_JFX_VERSION -ne $JMOD_VERSION ]; then
+ >&2 echo "Major JavaFX version in pom.xml (${POM_JFX_VERSION}) != amd64 jmod version (${JMOD_VERSION})"
+ exit 1
+fi
+
+
+# create runtime
+## check for JEP 493
+JMOD_PATHS="openjfx-jmods"
+if ! ${JAVA_HOME}/bin/jlink --help | grep -q "Linking from run-time image enabled"; then
+ JMOD_PATHS="${JAVA_HOME}/jmods:${JMOD_PATHS}"
+fi
+## create runtime image
${JAVA_HOME}/bin/jlink \
--verbose \
--output runtime \
- --module-path "${JAVA_HOME}/jmods" \
- --add-modules java.base,java.desktop,java.instrument,java.logging,java.naming,java.net.http,java.scripting,java.sql,java.xml,javafx.base,javafx.graphics,javafx.controls,javafx.fxml,jdk.unsupported,jdk.crypto.ec,jdk.security.auth,jdk.accessibility,jdk.management.jfr \
+ --module-path "${JMOD_PATHS}" \
+ --add-modules java.base,java.desktop,java.instrument,java.logging,java.naming,java.net.http,java.scripting,java.sql,java.xml,javafx.base,javafx.graphics,javafx.controls,javafx.fxml,jdk.unsupported,jdk.security.auth,jdk.accessibility,jdk.management.jfr,jdk.net,java.compiler \
--strip-native-commands \
--no-header-files \
--no-man-pages \
--strip-debug \
- --compress=1
+ --compress zip-0
# create app dir
-envsubst '${SEMVER_STR} ${REVISION_NUM}' < ../launcher-gtk2.properties > launcher-gtk2.properties
${JAVA_HOME}/bin/jpackage \
--verbose \
--type app-image \
@@ -44,21 +81,23 @@ ${JAVA_HOME}/bin/jpackage \
--name Cryptomator \
--vendor "Skymatic GmbH" \
--java-options "--enable-preview" \
- --java-options "--enable-native-access=org.cryptomator.jfuse.linux.amd64,org.cryptomator.jfuse.linux.aarch64" \
- --copyright "(C) 2016 - 2023 Skymatic GmbH" \
+ --java-options "--enable-native-access=org.cryptomator.jfuse.linux.amd64,org.cryptomator.jfuse.linux.aarch64,org.purejava.appindicator" \
+ --copyright "(C) 2016 - 2025 Skymatic GmbH" \
--java-options "-Xss5m" \
--java-options "-Xmx256m" \
--app-version "${VERSION}.${REVISION_NO}" \
--java-options "-Dfile.encoding=\"utf-8\"" \
- --java-options "-Dcryptomator.logDir=\"~/.local/share/Cryptomator/logs\"" \
- --java-options "-Dcryptomator.pluginDir=\"~/.local/share/Cryptomator/plugins\"" \
- --java-options "-Dcryptomator.settingsPath=\"~/.config/Cryptomator/settings.json:~/.Cryptomator/settings.json\"" \
- --java-options "-Dcryptomator.p12Path=\"~/.config/Cryptomator/key.p12\"" \
- --java-options "-Dcryptomator.ipcSocketPath=\"~/.config/Cryptomator/ipc.socket\"" \
- --java-options "-Dcryptomator.mountPointsDir=\"~/.local/share/Cryptomator/mnt\"" \
- --java-options "-Dcryptomator.showTrayIcon=false" \
+ --java-options "-Djava.net.useSystemProxies=true" \
+ --java-options "-Dcryptomator.logDir=\"@{userhome}/.local/share/Cryptomator/logs\"" \
+ --java-options "-Dcryptomator.pluginDir=\"@{userhome}/.local/share/Cryptomator/plugins\"" \
+ --java-options "-Dcryptomator.settingsPath=\"@{userhome}/.config/Cryptomator/settings.json:@{userhome}/.Cryptomator/settings.json\"" \
+ --java-options "-Dcryptomator.p12Path=\"@{userhome}/.config/Cryptomator/key.p12\"" \
+ --java-options "-Dcryptomator.ipcSocketPath=\"@{userhome}/.config/Cryptomator/ipc.socket\"" \
+ --java-options "-Dcryptomator.mountPointsDir=\"@{userhome}/.local/share/Cryptomator/mnt\"" \
+ --java-options "-Dcryptomator.showTrayIcon=true" \
+ --java-options "-Dcryptomator.integrationsLinux.trayIconsDir=\"@{appdir}/usr/share/icons/hicolor/symbolic/apps\"" \
--java-options "-Dcryptomator.buildNumber=\"appimage-${REVISION_NO}\"" \
- --add-launcher cryptomator-gtk2=launcher-gtk2.properties \
+ --java-options "-Dcryptomator.networking.truststore.p12Path=\"/etc/cryptomator/certs.p12\"" \
--resource-dir ../resources
# transform AppDir
@@ -68,27 +107,31 @@ envsubst '${REVISION_NO}' < resources/AppDir/bin/cryptomator.sh > Cryptomator.Ap
cp ../common/org.cryptomator.Cryptomator256.png Cryptomator.AppDir/usr/share/icons/hicolor/256x256/apps/org.cryptomator.Cryptomator.png
cp ../common/org.cryptomator.Cryptomator512.png Cryptomator.AppDir/usr/share/icons/hicolor/512x512/apps/org.cryptomator.Cryptomator.png
cp ../common/org.cryptomator.Cryptomator.svg Cryptomator.AppDir/usr/share/icons/hicolor/scalable/apps/org.cryptomator.Cryptomator.svg
+cp ../common/org.cryptomator.Cryptomator.tray.svg Cryptomator.AppDir/usr/share/icons/hicolor/scalable/apps/org.cryptomator.Cryptomator.tray.svg
+cp ../common/org.cryptomator.Cryptomator.tray-unlocked.svg Cryptomator.AppDir/usr/share/icons/hicolor/scalable/apps/org.cryptomator.Cryptomator.tray-unlocked.svg
+cp ../common/org.cryptomator.Cryptomator.tray.svg Cryptomator.AppDir/usr/share/icons/hicolor/symbolic/apps/org.cryptomator.Cryptomator.tray-symbolic.svg
+cp ../common/org.cryptomator.Cryptomator.tray-unlocked.svg Cryptomator.AppDir/usr/share/icons/hicolor/symbolic/apps/org.cryptomator.Cryptomator.tray-unlocked-symbolic.svg
cp ../common/org.cryptomator.Cryptomator.desktop Cryptomator.AppDir/usr/share/applications/org.cryptomator.Cryptomator.desktop
cp ../common/org.cryptomator.Cryptomator.metainfo.xml Cryptomator.AppDir/usr/share/metainfo/org.cryptomator.Cryptomator.metainfo.xml
cp ../common/application-vnd.cryptomator.vault.xml Cryptomator.AppDir/usr/share/mime/packages/application-vnd.cryptomator.vault.xml
ln -s usr/share/icons/hicolor/scalable/apps/org.cryptomator.Cryptomator.svg Cryptomator.AppDir/org.cryptomator.Cryptomator.svg
-ln -s usr/share/icons/hicolor/scalable/apps/org.cryptomator.Cryptomator.svg Cryptomator.AppDir/Cryptomator.svg
ln -s usr/share/icons/hicolor/scalable/apps/org.cryptomator.Cryptomator.svg Cryptomator.AppDir/.DirIcon
-ln -s usr/share/applications/org.cryptomator.Cryptomator.desktop Cryptomator.AppDir/Cryptomator.desktop
+ln -s usr/share/applications/org.cryptomator.Cryptomator.desktop Cryptomator.AppDir/org.cryptomator.Cryptomator.desktop
+ln -s org.cryptomator.Cryptomator.metainfo.xml Cryptomator.AppDir/usr/share/metainfo/org.cryptomator.Cryptomator.appdata.xml
ln -s bin/cryptomator.sh Cryptomator.AppDir/AppRun
# load AppImageTool
-curl -L https://github.com/AppImage/AppImageKit/releases/download/13/appimagetool-x86_64.AppImage -o /tmp/appimagetool.AppImage
+curl -L https://github.com/AppImage/appimagetool/releases/download/continuous/appimagetool-${CPU_ARCH}.AppImage -o /tmp/appimagetool.AppImage
chmod +x /tmp/appimagetool.AppImage
# create AppImage
/tmp/appimagetool.AppImage \
Cryptomator.AppDir \
- cryptomator-${SEMVER_STR}-x86_64.AppImage \
- -u 'gh-releases-zsync|cryptomator|cryptomator|latest|cryptomator-*-x86_64.AppImage.zsync'
+ cryptomator-${SEMVER_STR}-${CPU_ARCH}.AppImage \
+ -u 'gh-releases-zsync|cryptomator|cryptomator|latest|cryptomator-*-${CPU_ARCH}.AppImage.zsync'
echo ""
-echo "Done. AppImage successfully created: cryptomator-${SEMVER_STR}-x86_64.AppImage"
+echo "Done. AppImage successfully created: cryptomator-${SEMVER_STR}-${CPU_ARCH}.AppImage"
+echo ""
+echo >&2 "To clean up, run: rm -rf Cryptomator.AppDir appdir runtime squashfs-root openjfx-jmods; rm /tmp/appimagetool.AppImage openjfx-jmods.zip"
echo ""
-echo >&2 "To clean up, run: rm -rf Cryptomator.AppDir appdir jni runtime squashfs-root; rm launcher-gtk2.properties /tmp/appimagetool.AppImage"
-echo ""
\ No newline at end of file
diff --git a/dist/linux/appimage/resources/AppDir/usr/share/icons/hicolor/symbolic/apps/.gitkeep b/dist/linux/appimage/resources/AppDir/usr/share/icons/hicolor/symbolic/apps/.gitkeep
new file mode 100644
index 000000000..e69de29bb
diff --git a/dist/linux/common/org.cryptomator.Cryptomator.metainfo.xml b/dist/linux/common/org.cryptomator.Cryptomator.metainfo.xml
index 9797dd6a7..16e2ba876 100644
--- a/dist/linux/common/org.cryptomator.Cryptomator.metainfo.xml
+++ b/dist/linux/common/org.cryptomator.Cryptomator.metainfo.xml
@@ -1,30 +1,36 @@
-
org.cryptomator.CryptomatorFSFAPGPL-3.0-or-laterCryptomator
- Multi-platform client-side encryption tool optimized for cloud storages
+ Encryption for your cloud made easy
+
+
+ encryption
+ security
+ privacy
+
- Cryptomator provides transparent, client-side encryption for your cloud. Protect your documents from unauthorized
- access. Cryptomator is free and open source software, so you can rest assured there are no backdoors.
+ Cryptomator provides easy-to-use, transparent, client-side encryption for your cloud.
+ It protects your documents from unauthorized access and prying eyes, while you will still be able to view and edit your documents locally.
+ By not requiring any registration or account and performing all encryption locally, it gives you back control over your data and ensures your privacy.
+ Cryptomator is offered for all major platforms (including Android and iOS).
- Cryptomator encrypts file contents and names using AES. Your passphrase is protected against bruteforcing attempts
- using scrypt. Directory structures get obfuscated. The only thing which cannot be encrypted without breaking your
- cloud synchronization is the modification date of your files.
+ Cryptomator encrypts file contents and names using the widespread industry standard AES.
+ Your passphrase is protected against brute forcing attempts using scrypt.
+ Additionally, directory structures get obfuscated.
+ For more info about the Cryptomator encryption scheme, check out the online documentation.
- Cryptomator is a free and open source software licensed under the GPLv3. This allows anyone to check our code. It
- is impossible to introduce backdoors for third parties. Also we cannot hide vulnerabilities. And the best thing
- is: There is no need to trust us, as you can control us!
-
-
- Vendor lock-ins are impossible. Even if we decided to stop development: The source code is already cloned by
- hundreds of other developers. As you don't need an account, you will never stand in front of locked doors.
+ Cryptomator is a free and open-source software licensed under the GPLv3.
+ This allows anyone to check our code.
+ Thus, it is impossible to introduce backdoors for third parties or to hide vulnerabilities, so you do not need to trust Cryptomator.
+ Also, vendor lock-ins are impossible.
+ Even if we decided to stop development: The source code is already cloned by hundreds of other developers and development can be picked up by others.
+