Skip to content

impl: verify cli signature #148

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 11 commits into
base: main
Choose a base branch
from
Draft

impl: verify cli signature #148

wants to merge 11 commits into from

Conversation

fioan89
Copy link
Collaborator

@fioan89 fioan89 commented Jul 9, 2025

No description provided.

fioan89 added 2 commits July 8, 2025 23:25
@fioan89
impl: new UI setting for running unsigned binary execution
4227ebd 
A new UI setting was introduced to allow users to run unsigned binaries
without any input from the user. Defaults to false which means if a binary
is unsigned we will ask the user what to do next.
@fioan89
chore: refactor CLI downloading logic
021e53a 
I moved and modified the logic from CliManager.download to a separate
http client based on okhttp and retrofit. The refactor will allow us
to easily add new steps in the main download method, and also to easily
download new resources. Long term we could also re-use the okhttp client
to avoid setting twice the same boilerplate (proxy which is missing from CLIManager,
hostname verification and other tls settings) between cli downloader and the rest client
fioan89 added 9 commits July 10, 2025 01:51
@fioan89
impl: support for downloading the cli signature
fb6e784 
From the same source where the cli binary was downloaded.
Some of the previous classes like download result were updated to incorporate
details like where the file was saved or whether a file was found on the remote
@fioan89
impl: support for downloading the releases.coder.com signature
dbf8560
@fioan89
fix: read fresh values from the config store
6754300 
`allowUnsignedBinaryWithoutPrompt` was caching the initial value read from the
store, which required a restart of Toolbox for the real value to reflect.
@fioan89
impl: prompt user when running unsigned binaries
8d768ee 
A pop-up dialog is displayed asking the user if he wants to run an unsigned
cli version. The pop-up can be skipped if the user configures the `Allow unsigned binary execution without prompt`
@fioan89
fix: used proper result to verify if signature is downloaded
ea3e379
@fioan89
chore: compact code and run signature download on the IO thread
3668d46
@fioan89
chore: add support for bouncycastle
a476364
@fioan89
chore: update i18n bundle with new strings related to signature verif…
45a72fb 
…ication
@fioan89
impl: verify gpg signed cli binaries
ad44346 
Adds logic to verify the CLI against a detached GPG signature with the help of bouncycastle library
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@matifali matifali Awaiting requested review from matifali

@f0ssel f0ssel Awaiting requested review from f0ssel

@code-asher code-asher Awaiting requested review from code-asher

@jdomeracki-coder jdomeracki-coder Awaiting requested review from jdomeracki-coder

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@fioan89