diff --git a/.github/workflows/check-go-dependencies-task.yml b/.github/workflows/check-go-dependencies-task.yml index 4983e0db6..417c525e5 100644 --- a/.github/workflows/check-go-dependencies-task.yml +++ b/.github/workflows/check-go-dependencies-task.yml @@ -3,7 +3,7 @@ name: Check Go Dependencies env: # See: https://github.com/actions/setup-go/tree/v3#readme - GO_VERSION: "1.21" + GO_VERSION: "1.23" # See: https://docs.github.com/actions/using-workflows/events-that-trigger-workflows on: @@ -72,11 +72,17 @@ jobs: with: submodules: recursive + # This is required to allow licensee/setup-licensed to install Licensed via Ruby gem. + - name: Install Ruby + uses: ruby/setup-ruby@v1 + with: + ruby-version: ruby # Install latest version + - name: Install licensed - uses: jonabc/setup-licensed@v1 + uses: licensee/setup-licensed@v1.3.2 with: github_token: ${{ secrets.GITHUB_TOKEN }} - version: 3.x + version: 5.x - name: Install Go uses: actions/setup-go@v5 @@ -108,6 +114,7 @@ jobs: uses: actions/upload-artifact@v4 with: if-no-files-found: error + include-hidden-files: true name: dep-licenses-cache path: ${{ env.CACHE_PATH }} @@ -122,11 +129,17 @@ jobs: with: submodules: recursive + # This is required to allow licensee/setup-licensed to install Licensed via Ruby gem. + - name: Install Ruby + uses: ruby/setup-ruby@v1 + with: + ruby-version: ruby # Install latest version + - name: Install licensed - uses: jonabc/setup-licensed@v1 + uses: licensee/setup-licensed@v1.3.2 with: github_token: ${{ secrets.GITHUB_TOKEN }} - version: 3.x + version: 5.x - name: Install Go uses: actions/setup-go@v5 diff --git a/.github/workflows/check-go-task.yml b/.github/workflows/check-go-task.yml index 7ea76eb48..21478d23e 100644 --- a/.github/workflows/check-go-task.yml +++ b/.github/workflows/check-go-task.yml @@ -3,7 +3,7 @@ name: Check Go env: # See: https://github.com/actions/setup-go/tree/main#supported-version-syntax - GO_VERSION: "1.21" + GO_VERSION: "1.23" # See: https://docs.github.com/actions/using-workflows/events-that-trigger-workflows on: @@ -82,7 +82,7 @@ jobs: version: 3.x - name: Install Dependencies - run: sudo apt update && sudo apt install -y --no-install-recommends build-essential libgtk-3-dev libwebkit2gtk-4.0-dev libappindicator3-dev + run: sudo apt update && sudo apt install -y --no-install-recommends build-essential libgtk-3-dev libwebkit2gtk-4.1-0 libappindicator3-dev - name: Check for errors env: diff --git a/.github/workflows/publish-go-tester-task.yml b/.github/workflows/publish-go-tester-task.yml index aa2949e13..89d5c2b45 100644 --- a/.github/workflows/publish-go-tester-task.yml +++ b/.github/workflows/publish-go-tester-task.yml @@ -31,7 +31,7 @@ on: env: PROJECT_NAME: arduino-cloud-agent - GO_VERSION: "1.21" + GO_VERSION: "1.23" jobs: run-determination: @@ -65,7 +65,7 @@ jobs: #use the strategy instead because we still use the native build strategy: matrix: - os: [ubuntu-20.04, windows-2019, macos-12] + os: [ubuntu-22.04, windows-2019, macos-13] arch: [-amd64] include: - os: windows-2019 @@ -130,7 +130,7 @@ jobs: mv ${{ env.PROJECT_NAME }} ${{ env.PROJECT_NAME}}_amd64 if: runner.os == 'macOS' - - name: Build the Agent for macos amd 64 + - name: Build the Agent for macos arm 64 env: MACOSX_DEPLOYMENT_TARGET: 10.15 # minimum supported version for mac CGO_CFLAGS: -mmacosx-version-min=10.15 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index fe60ec8f8..12b3781ba 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -23,7 +23,7 @@ env: AC_PASSWORD: ${{ secrets.AC_PASSWORD }} # used by gon AC_PROVIDER: ${{ secrets.AC_PROVIDER }} # used by gon # See: https://github.com/actions/setup-go/tree/v3#readme - GO_VERSION: "1.21" + GO_VERSION: "1.23" jobs: # The build job is responsible for: configuring the environment, testing and compiling process @@ -32,7 +32,7 @@ jobs: prerelease: ${{ steps.prerelease.outputs.IS_PRE }} strategy: matrix: - os: [ubuntu-20.04, windows-2019, macos-12] + os: [ubuntu-22.04, windows-2019, macos-13] arch: [amd64] include: - os: windows-2019 @@ -88,7 +88,7 @@ jobs: - name: Build the Agent for linux run: task go:build - if: matrix.os == 'ubuntu-20.04' + if: matrix.os == 'ubuntu-22.04' # the manifest is required by windows GUI apps, otherwise the binary will crash with: "Unable to create main window: TTM_ADDTOOL failed" (for reference https://github.com/lxn/walk/issues/28) # rsrc will produce a *.syso file that should get automatically recognized by go build command and linked into an executable. @@ -116,7 +116,7 @@ jobs: run: | task go:build mv ${{ env.PROJECT_NAME }} ${{ env.PROJECT_NAME }}_amd64 - if: matrix.os == 'macos-12' + if: matrix.os == 'macos-13' - name: Build the Agent for macos arm64 env: @@ -128,13 +128,13 @@ jobs: run: | task go:build mv ${{ env.PROJECT_NAME }} ${{ env.PROJECT_NAME }}_arm64 - if: matrix.os == 'macos-12' + if: matrix.os == 'macos-13' - name: Create universal macos executable run: | lipo -create -output ${{ env.PROJECT_NAME }} ${{ env.PROJECT_NAME }}_amd64 ${{ env.PROJECT_NAME }}_arm64 rm ${{ env.PROJECT_NAME }}_amd64 ${{ env.PROJECT_NAME }}_arm64 - if: matrix.os == 'macos-12' + if: matrix.os == 'macos-13' # this will create `public/` dir with compressed full bin (/-.gz) and a json file - name: Create autoupdate files @@ -146,7 +146,7 @@ jobs: run: | cp darwin-amd64.json darwin-arm64.json cp ${TAG_VERSION}/darwin-amd64.gz ${TAG_VERSION}/darwin-arm64.gz - if: matrix.os == 'macos-12' && steps.prerelease.outputs.IS_PRE != 'true' + if: matrix.os == 'macos-13' && steps.prerelease.outputs.IS_PRE != 'true' - name: Create autoupdate files for win32 run: go-selfupdate -platform windows-${{ matrix.arch }} ${{ env.PROJECT_NAME }}${{ matrix.ext }} ${TAG_VERSION} @@ -181,7 +181,7 @@ jobs: matrix: arch: [amd64, arm64] - runs-on: macos-12 + runs-on: macos-13 env: EXE_PATH: "skel/ArduinoCloudAgent.app/Contents/MacOS/" @@ -195,7 +195,7 @@ jobs: - name: Download artifact uses: actions/download-artifact@v4 with: - name: ${{ env.PROJECT_NAME }}-macos-12-amd64 # if we want to support darwin-arm64 in the future for real this has to change. + name: ${{ env.PROJECT_NAME }}-macos-13-amd64 # if we want to support darwin-arm64 in the future for real this has to change. path: ${{ env.EXE_PATH }} - name: Remove placeholder file @@ -252,13 +252,18 @@ jobs: matrix: arch: [amd64, arm64] - runs-on: macos-12 + runs-on: macos-13 env: GON_PATH: ${{ github.workspace }}/gon needs: [build, create-macos-bundle] environment: production steps: + - name: Install Go + uses: actions/setup-go@v5 + with: + go-version: ${{ env.GO_VERSION }} + - name: Download artifact uses: actions/download-artifact@v4 with: @@ -385,7 +390,7 @@ jobs: # This job is responsible for generating the installers (using installbuilder) package: needs: build - runs-on: ubuntu-20.04 + runs-on: ubuntu-22.04 env: # vars used by installbuilder @@ -395,10 +400,10 @@ jobs: strategy: fail-fast: false # if one os is failing continue nonetheless matrix: # used to generate installers for different OS and not for runs-on - os: [ubuntu-20.04, windows-2019] + os: [ubuntu-22.04, windows-2019] arch: [amd64] include: - - os: ubuntu-20.04 + - os: ubuntu-22.04 platform-name: linux installbuilder-name: linux-x64 installer-extension: .run @@ -433,7 +438,7 @@ jobs: # zip artifacts do not mantain executable permission - name: Make executable run: chmod -v +x artifacts/${{ matrix.platform-name }}/${{ env.PROJECT_NAME }}* - if: matrix.os == 'ubuntu-20.04' + if: matrix.os == 'ubuntu-22.04' - name: Rename executable to Arduino_Cloud_Agent run: mv -v artifacts/${{ matrix.platform-name }}/${{ env.PROJECT_NAME }}${{ matrix.extension }} artifacts/${{ matrix.platform-name }}/Arduino_Cloud_Agent${{ matrix.extension }} @@ -446,7 +451,7 @@ jobs: - name: Generate archive run: tar -czvf ArduinoCloudAgent-${GITHUB_REF##*/}-${{ matrix.platform-name }}-${{ matrix.arch }}-installer.tar.gz ArduinoCloudAgent-${GITHUB_REF##*/}-${{ matrix.platform-name }}-${{ matrix.arch }}-installer${{matrix.installer-extension}} - if: matrix.os == 'ubuntu-20.04' + if: matrix.os == 'ubuntu-22.04' - name: Upload artifacts uses: actions/upload-artifact@v4 @@ -509,7 +514,7 @@ jobs: matrix: arch: [amd64] - runs-on: macos-12 + runs-on: macos-13 steps: - name: Checkout repo with icons/background uses: actions/checkout@v4 @@ -601,7 +606,7 @@ jobs: if-no-files-found: error create-release: - runs-on: ubuntu-20.04 + runs-on: ubuntu-22.04 environment: production needs: [build, generate-sign-dmg, sign-windows] diff --git a/.github/workflows/test-go-integration-task.yml b/.github/workflows/test-go-integration-task.yml index 79766b083..7eeb8e55f 100644 --- a/.github/workflows/test-go-integration-task.yml +++ b/.github/workflows/test-go-integration-task.yml @@ -3,7 +3,7 @@ name: Test Integration env: # See: https://github.com/actions/setup-go/tree/v2#readme - GO_VERSION: "1.21" + GO_VERSION: "1.23" # See: https://github.com/actions/setup-python/tree/v2#available-versions-of-python PYTHON_VERSION: "3.9" diff --git a/.github/workflows/test-go-task.yml b/.github/workflows/test-go-task.yml index 8a7c733ba..cbb95655f 100644 --- a/.github/workflows/test-go-task.yml +++ b/.github/workflows/test-go-task.yml @@ -3,7 +3,7 @@ name: Test Go env: # See: https://github.com/actions/setup-go/tree/v2#readme - GO_VERSION: "1.21" + GO_VERSION: "1.23" # See: https://docs.github.com/en/free-pro-team@latest/actions/reference/events-that-trigger-workflows on: diff --git a/.licensed.yml b/.licensed.yml index f0c02a90e..12e7395a3 100644 --- a/.licensed.yml +++ b/.licensed.yml @@ -10,6 +10,7 @@ reviewed: - golang.org/x/net/html - golang.org/x/net/html/atom - golang.org/x/crypto/curve25519 + - golang.org/x/sys/unix - github.com/ProtonMail/go-crypto/bitcurves - github.com/ProtonMail/go-crypto/brainpool - github.com/ProtonMail/go-crypto/eax @@ -27,9 +28,12 @@ reviewed: - github.com/ProtonMail/go-crypto/openpgp/errors - github.com/ProtonMail/go-crypto/openpgp/internal/algorithm - github.com/ProtonMail/go-crypto/openpgp/internal/ecc + - github.com/ProtonMail/go-crypto/openpgp/internal/ecc/curve25519 + - github.com/ProtonMail/go-crypto/openpgp/internal/ecc/curve25519/field - github.com/ProtonMail/go-crypto/openpgp/internal/encoding - github.com/ProtonMail/go-crypto/openpgp/packet - github.com/ProtonMail/go-crypto/openpgp/s2k + - github.com/ProtonMail/go-crypto/openpgp/symmetric - github.com/ProtonMail/go-crypto/openpgp/x25519 - github.com/ProtonMail/go-crypto/openpgp/x448 - github.com/cloudflare/circl/dh/x25519 diff --git a/.licenses/arduino-create-agent/go/github.com/ProtonMail/go-crypto/bitcurves.dep.yml b/.licenses/arduino-create-agent/go/github.com/ProtonMail/go-crypto/bitcurves.dep.yml index 08606aa3f..ff1d983d0 100644 --- a/.licenses/arduino-create-agent/go/github.com/ProtonMail/go-crypto/bitcurves.dep.yml +++ b/.licenses/arduino-create-agent/go/github.com/ProtonMail/go-crypto/bitcurves.dep.yml @@ -1,12 +1,12 @@ --- name: github.com/ProtonMail/go-crypto/bitcurves -version: v1.1.0-alpha.2 +version: v1.1.0-alpha.5-proton type: go summary: homepage: https://pkg.go.dev/github.com/ProtonMail/go-crypto/bitcurves license: other licenses: -- sources: go-crypto@v1.1.0-alpha.2/LICENSE +- sources: go-crypto@v1.1.0-alpha.5-proton/LICENSE text: | Copyright (c) 2009 The Go Authors. All rights reserved. @@ -35,7 +35,7 @@ licenses: THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -- sources: go-crypto@v1.1.0-alpha.2/PATENTS +- sources: go-crypto@v1.1.0-alpha.5-proton/PATENTS text: | Additional IP Rights Grant (Patents) diff --git a/.licenses/arduino-create-agent/go/github.com/ProtonMail/go-crypto/brainpool.dep.yml b/.licenses/arduino-create-agent/go/github.com/ProtonMail/go-crypto/brainpool.dep.yml index 5cc5c2938..9ec1b1cef 100644 --- a/.licenses/arduino-create-agent/go/github.com/ProtonMail/go-crypto/brainpool.dep.yml +++ b/.licenses/arduino-create-agent/go/github.com/ProtonMail/go-crypto/brainpool.dep.yml @@ -1,12 +1,12 @@ --- name: github.com/ProtonMail/go-crypto/brainpool -version: v1.1.0-alpha.2 +version: v1.1.0-alpha.5-proton type: go summary: Package brainpool implements Brainpool elliptic curves. homepage: https://pkg.go.dev/github.com/ProtonMail/go-crypto/brainpool license: other licenses: -- sources: go-crypto@v1.1.0-alpha.2/LICENSE +- sources: go-crypto@v1.1.0-alpha.5-proton/LICENSE text: | Copyright (c) 2009 The Go Authors. All rights reserved. @@ -35,7 +35,7 @@ licenses: THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -- sources: go-crypto@v1.1.0-alpha.2/PATENTS +- sources: go-crypto@v1.1.0-alpha.5-proton/PATENTS text: | Additional IP Rights Grant (Patents) diff --git a/.licenses/arduino-create-agent/go/github.com/ProtonMail/go-crypto/eax.dep.yml b/.licenses/arduino-create-agent/go/github.com/ProtonMail/go-crypto/eax.dep.yml index 24d186b3c..e086227d1 100644 --- a/.licenses/arduino-create-agent/go/github.com/ProtonMail/go-crypto/eax.dep.yml +++ b/.licenses/arduino-create-agent/go/github.com/ProtonMail/go-crypto/eax.dep.yml @@ -1,6 +1,6 @@ --- name: github.com/ProtonMail/go-crypto/eax -version: v1.1.0-alpha.2 +version: v1.1.0-alpha.5-proton type: go summary: 'Package eax provides an implementation of the EAX (encrypt-authenticate-translate) mode of operation, as described in Bellare, Rogaway, and Wagner "THE EAX MODE OF @@ -9,7 +9,7 @@ summary: 'Package eax provides an implementation of the EAX (encrypt-authenticat homepage: https://pkg.go.dev/github.com/ProtonMail/go-crypto/eax license: other licenses: -- sources: go-crypto@v1.1.0-alpha.2/LICENSE +- sources: go-crypto@v1.1.0-alpha.5-proton/LICENSE text: | Copyright (c) 2009 The Go Authors. All rights reserved. @@ -38,7 +38,7 @@ licenses: THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -- sources: go-crypto@v1.1.0-alpha.2/PATENTS +- sources: go-crypto@v1.1.0-alpha.5-proton/PATENTS text: | Additional IP Rights Grant (Patents) diff --git a/.licenses/arduino-create-agent/go/github.com/ProtonMail/go-crypto/internal/byteutil.dep.yml b/.licenses/arduino-create-agent/go/github.com/ProtonMail/go-crypto/internal/byteutil.dep.yml index a3835acbf..1d0b837c3 100644 --- a/.licenses/arduino-create-agent/go/github.com/ProtonMail/go-crypto/internal/byteutil.dep.yml +++ b/.licenses/arduino-create-agent/go/github.com/ProtonMail/go-crypto/internal/byteutil.dep.yml @@ -1,12 +1,12 @@ --- name: github.com/ProtonMail/go-crypto/internal/byteutil -version: v1.1.0-alpha.2 +version: v1.1.0-alpha.5-proton type: go summary: homepage: https://pkg.go.dev/github.com/ProtonMail/go-crypto/internal/byteutil license: other licenses: -- sources: go-crypto@v1.1.0-alpha.2/LICENSE +- sources: go-crypto@v1.1.0-alpha.5-proton/LICENSE text: | Copyright (c) 2009 The Go Authors. All rights reserved. @@ -35,7 +35,7 @@ licenses: THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -- sources: go-crypto@v1.1.0-alpha.2/PATENTS +- sources: go-crypto@v1.1.0-alpha.5-proton/PATENTS text: | Additional IP Rights Grant (Patents) diff --git a/.licenses/arduino-create-agent/go/github.com/ProtonMail/go-crypto/ocb.dep.yml b/.licenses/arduino-create-agent/go/github.com/ProtonMail/go-crypto/ocb.dep.yml index 4ca8e6a7f..f24f78fe7 100644 --- a/.licenses/arduino-create-agent/go/github.com/ProtonMail/go-crypto/ocb.dep.yml +++ b/.licenses/arduino-create-agent/go/github.com/ProtonMail/go-crypto/ocb.dep.yml @@ -1,6 +1,6 @@ --- name: github.com/ProtonMail/go-crypto/ocb -version: v1.1.0-alpha.2 +version: v1.1.0-alpha.5-proton type: go summary: 'Package ocb provides an implementation of the OCB (offset codebook) mode of operation, as described in RFC-7253 of the IRTF and in Rogaway, Bellare, Black @@ -9,7 +9,7 @@ summary: 'Package ocb provides an implementation of the OCB (offset codebook) mo homepage: https://pkg.go.dev/github.com/ProtonMail/go-crypto/ocb license: other licenses: -- sources: go-crypto@v1.1.0-alpha.2/LICENSE +- sources: go-crypto@v1.1.0-alpha.5-proton/LICENSE text: | Copyright (c) 2009 The Go Authors. All rights reserved. @@ -38,7 +38,7 @@ licenses: THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -- sources: go-crypto@v1.1.0-alpha.2/PATENTS +- sources: go-crypto@v1.1.0-alpha.5-proton/PATENTS text: | Additional IP Rights Grant (Patents) diff --git a/.licenses/arduino-create-agent/go/github.com/ProtonMail/go-crypto/openpgp.dep.yml b/.licenses/arduino-create-agent/go/github.com/ProtonMail/go-crypto/openpgp.dep.yml index b2cfe5b0e..af72530c0 100644 --- a/.licenses/arduino-create-agent/go/github.com/ProtonMail/go-crypto/openpgp.dep.yml +++ b/.licenses/arduino-create-agent/go/github.com/ProtonMail/go-crypto/openpgp.dep.yml @@ -1,12 +1,12 @@ --- name: github.com/ProtonMail/go-crypto/openpgp -version: v1.1.0-alpha.2 +version: v1.1.0-alpha.5-proton type: go summary: Package openpgp implements high level operations on OpenPGP messages. homepage: https://pkg.go.dev/github.com/ProtonMail/go-crypto/openpgp license: other licenses: -- sources: go-crypto@v1.1.0-alpha.2/LICENSE +- sources: go-crypto@v1.1.0-alpha.5-proton/LICENSE text: | Copyright (c) 2009 The Go Authors. All rights reserved. @@ -35,7 +35,7 @@ licenses: THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -- sources: go-crypto@v1.1.0-alpha.2/PATENTS +- sources: go-crypto@v1.1.0-alpha.5-proton/PATENTS text: | Additional IP Rights Grant (Patents) diff --git a/.licenses/arduino-create-agent/go/github.com/ProtonMail/go-crypto/openpgp/aes/keywrap.dep.yml b/.licenses/arduino-create-agent/go/github.com/ProtonMail/go-crypto/openpgp/aes/keywrap.dep.yml index c8b82bc49..7cc6fb0d4 100644 --- a/.licenses/arduino-create-agent/go/github.com/ProtonMail/go-crypto/openpgp/aes/keywrap.dep.yml +++ b/.licenses/arduino-create-agent/go/github.com/ProtonMail/go-crypto/openpgp/aes/keywrap.dep.yml @@ -1,12 +1,12 @@ --- name: github.com/ProtonMail/go-crypto/openpgp/aes/keywrap -version: v1.1.0-alpha.2 +version: v1.1.0-alpha.5-proton type: go summary: Package keywrap is an implementation of the RFC 3394 AES key wrapping algorithm. homepage: https://pkg.go.dev/github.com/ProtonMail/go-crypto/openpgp/aes/keywrap license: other licenses: -- sources: go-crypto@v1.1.0-alpha.2/LICENSE +- sources: go-crypto@v1.1.0-alpha.5-proton/LICENSE text: | Copyright (c) 2009 The Go Authors. All rights reserved. @@ -35,7 +35,7 @@ licenses: THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -- sources: go-crypto@v1.1.0-alpha.2/PATENTS +- sources: go-crypto@v1.1.0-alpha.5-proton/PATENTS text: | Additional IP Rights Grant (Patents) diff --git a/.licenses/arduino-create-agent/go/github.com/ProtonMail/go-crypto/openpgp/armor.dep.yml b/.licenses/arduino-create-agent/go/github.com/ProtonMail/go-crypto/openpgp/armor.dep.yml index 5d827c6f9..982a14505 100644 --- a/.licenses/arduino-create-agent/go/github.com/ProtonMail/go-crypto/openpgp/armor.dep.yml +++ b/.licenses/arduino-create-agent/go/github.com/ProtonMail/go-crypto/openpgp/armor.dep.yml @@ -1,12 +1,12 @@ --- name: github.com/ProtonMail/go-crypto/openpgp/armor -version: v1.1.0-alpha.2 +version: v1.1.0-alpha.5-proton type: go summary: Package armor implements OpenPGP ASCII Armor, see RFC 4880. homepage: https://pkg.go.dev/github.com/ProtonMail/go-crypto/openpgp/armor license: other licenses: -- sources: go-crypto@v1.1.0-alpha.2/LICENSE +- sources: go-crypto@v1.1.0-alpha.5-proton/LICENSE text: | Copyright (c) 2009 The Go Authors. All rights reserved. @@ -35,7 +35,7 @@ licenses: THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -- sources: go-crypto@v1.1.0-alpha.2/PATENTS +- sources: go-crypto@v1.1.0-alpha.5-proton/PATENTS text: | Additional IP Rights Grant (Patents) diff --git a/.licenses/arduino-create-agent/go/github.com/ProtonMail/go-crypto/openpgp/ecdh.dep.yml b/.licenses/arduino-create-agent/go/github.com/ProtonMail/go-crypto/openpgp/ecdh.dep.yml index 19bbd5b3c..9107dd71b 100644 --- a/.licenses/arduino-create-agent/go/github.com/ProtonMail/go-crypto/openpgp/ecdh.dep.yml +++ b/.licenses/arduino-create-agent/go/github.com/ProtonMail/go-crypto/openpgp/ecdh.dep.yml @@ -1,13 +1,13 @@ --- name: github.com/ProtonMail/go-crypto/openpgp/ecdh -version: v1.1.0-alpha.2 +version: v1.1.0-alpha.5-proton type: go summary: Package ecdh implements ECDH encryption, suitable for OpenPGP, as specified in RFC 6637, section 8. homepage: https://pkg.go.dev/github.com/ProtonMail/go-crypto/openpgp/ecdh license: other licenses: -- sources: go-crypto@v1.1.0-alpha.2/LICENSE +- sources: go-crypto@v1.1.0-alpha.5-proton/LICENSE text: | Copyright (c) 2009 The Go Authors. All rights reserved. @@ -36,7 +36,7 @@ licenses: THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -- sources: go-crypto@v1.1.0-alpha.2/PATENTS +- sources: go-crypto@v1.1.0-alpha.5-proton/PATENTS text: | Additional IP Rights Grant (Patents) diff --git a/.licenses/arduino-create-agent/go/github.com/ProtonMail/go-crypto/openpgp/ecdsa.dep.yml b/.licenses/arduino-create-agent/go/github.com/ProtonMail/go-crypto/openpgp/ecdsa.dep.yml index 6d4935361..26ae39b99 100644 --- a/.licenses/arduino-create-agent/go/github.com/ProtonMail/go-crypto/openpgp/ecdsa.dep.yml +++ b/.licenses/arduino-create-agent/go/github.com/ProtonMail/go-crypto/openpgp/ecdsa.dep.yml @@ -1,13 +1,13 @@ --- name: github.com/ProtonMail/go-crypto/openpgp/ecdsa -version: v1.1.0-alpha.2 +version: v1.1.0-alpha.5-proton type: go summary: Package ecdsa implements ECDSA signature, suitable for OpenPGP, as specified in RFC 6637, section 5. homepage: https://pkg.go.dev/github.com/ProtonMail/go-crypto/openpgp/ecdsa license: other licenses: -- sources: go-crypto@v1.1.0-alpha.2/LICENSE +- sources: go-crypto@v1.1.0-alpha.5-proton/LICENSE text: | Copyright (c) 2009 The Go Authors. All rights reserved. @@ -36,7 +36,7 @@ licenses: THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -- sources: go-crypto@v1.1.0-alpha.2/PATENTS +- sources: go-crypto@v1.1.0-alpha.5-proton/PATENTS text: | Additional IP Rights Grant (Patents) diff --git a/.licenses/arduino-create-agent/go/github.com/ProtonMail/go-crypto/openpgp/ed25519.dep.yml b/.licenses/arduino-create-agent/go/github.com/ProtonMail/go-crypto/openpgp/ed25519.dep.yml index 619142d7b..b98f3d6ff 100644 --- a/.licenses/arduino-create-agent/go/github.com/ProtonMail/go-crypto/openpgp/ed25519.dep.yml +++ b/.licenses/arduino-create-agent/go/github.com/ProtonMail/go-crypto/openpgp/ed25519.dep.yml @@ -1,13 +1,13 @@ --- name: github.com/ProtonMail/go-crypto/openpgp/ed25519 -version: v1.1.0-alpha.2 +version: v1.1.0-alpha.5-proton type: go summary: Package ed25519 implements the ed25519 signature algorithm for OpenPGP as defined in the Open PGP crypto refresh. homepage: https://pkg.go.dev/github.com/ProtonMail/go-crypto/openpgp/ed25519 license: other licenses: -- sources: go-crypto@v1.1.0-alpha.2/LICENSE +- sources: go-crypto@v1.1.0-alpha.5-proton/LICENSE text: | Copyright (c) 2009 The Go Authors. All rights reserved. @@ -36,7 +36,7 @@ licenses: THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -- sources: go-crypto@v1.1.0-alpha.2/PATENTS +- sources: go-crypto@v1.1.0-alpha.5-proton/PATENTS text: | Additional IP Rights Grant (Patents) diff --git a/.licenses/arduino-create-agent/go/github.com/ProtonMail/go-crypto/openpgp/ed448.dep.yml b/.licenses/arduino-create-agent/go/github.com/ProtonMail/go-crypto/openpgp/ed448.dep.yml index ba001ce30..a3ec2359a 100644 --- a/.licenses/arduino-create-agent/go/github.com/ProtonMail/go-crypto/openpgp/ed448.dep.yml +++ b/.licenses/arduino-create-agent/go/github.com/ProtonMail/go-crypto/openpgp/ed448.dep.yml @@ -1,13 +1,13 @@ --- name: github.com/ProtonMail/go-crypto/openpgp/ed448 -version: v1.1.0-alpha.2 +version: v1.1.0-alpha.5-proton type: go summary: Package ed448 implements the ed448 signature algorithm for OpenPGP as defined in the Open PGP crypto refresh. homepage: https://pkg.go.dev/github.com/ProtonMail/go-crypto/openpgp/ed448 license: other licenses: -- sources: go-crypto@v1.1.0-alpha.2/LICENSE +- sources: go-crypto@v1.1.0-alpha.5-proton/LICENSE text: | Copyright (c) 2009 The Go Authors. All rights reserved. @@ -36,7 +36,7 @@ licenses: THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -- sources: go-crypto@v1.1.0-alpha.2/PATENTS +- sources: go-crypto@v1.1.0-alpha.5-proton/PATENTS text: | Additional IP Rights Grant (Patents) diff --git a/.licenses/arduino-create-agent/go/github.com/ProtonMail/go-crypto/openpgp/eddsa.dep.yml b/.licenses/arduino-create-agent/go/github.com/ProtonMail/go-crypto/openpgp/eddsa.dep.yml index a197e12e7..77cb4464e 100644 --- a/.licenses/arduino-create-agent/go/github.com/ProtonMail/go-crypto/openpgp/eddsa.dep.yml +++ b/.licenses/arduino-create-agent/go/github.com/ProtonMail/go-crypto/openpgp/eddsa.dep.yml @@ -1,13 +1,13 @@ --- name: github.com/ProtonMail/go-crypto/openpgp/eddsa -version: v1.1.0-alpha.2 +version: v1.1.0-alpha.5-proton type: go summary: Package eddsa implements EdDSA signature, suitable for OpenPGP, as specified in https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh-06#section-13.7 homepage: https://pkg.go.dev/github.com/ProtonMail/go-crypto/openpgp/eddsa license: other licenses: -- sources: go-crypto@v1.1.0-alpha.2/LICENSE +- sources: go-crypto@v1.1.0-alpha.5-proton/LICENSE text: | Copyright (c) 2009 The Go Authors. All rights reserved. @@ -36,7 +36,7 @@ licenses: THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -- sources: go-crypto@v1.1.0-alpha.2/PATENTS +- sources: go-crypto@v1.1.0-alpha.5-proton/PATENTS text: | Additional IP Rights Grant (Patents) diff --git a/.licenses/arduino-create-agent/go/github.com/ProtonMail/go-crypto/openpgp/elgamal.dep.yml b/.licenses/arduino-create-agent/go/github.com/ProtonMail/go-crypto/openpgp/elgamal.dep.yml index 01278f3d4..30c4e4652 100644 --- a/.licenses/arduino-create-agent/go/github.com/ProtonMail/go-crypto/openpgp/elgamal.dep.yml +++ b/.licenses/arduino-create-agent/go/github.com/ProtonMail/go-crypto/openpgp/elgamal.dep.yml @@ -1,6 +1,6 @@ --- name: github.com/ProtonMail/go-crypto/openpgp/elgamal -version: v1.1.0-alpha.2 +version: v1.1.0-alpha.5-proton type: go summary: Package elgamal implements ElGamal encryption, suitable for OpenPGP, as specified in "A Public-Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms," @@ -8,7 +8,7 @@ summary: Package elgamal implements ElGamal encryption, suitable for OpenPGP, as homepage: https://pkg.go.dev/github.com/ProtonMail/go-crypto/openpgp/elgamal license: bsd-3-clause licenses: -- sources: go-crypto@v1.1.0-alpha.2/LICENSE +- sources: go-crypto@v1.1.0-alpha.5-proton/LICENSE text: | Copyright (c) 2009 The Go Authors. All rights reserved. @@ -37,7 +37,7 @@ licenses: THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -- sources: go-crypto@v1.1.0-alpha.2/PATENTS +- sources: go-crypto@v1.1.0-alpha.5-proton/PATENTS text: | Additional IP Rights Grant (Patents) diff --git a/.licenses/arduino-create-agent/go/github.com/ProtonMail/go-crypto/openpgp/errors.dep.yml b/.licenses/arduino-create-agent/go/github.com/ProtonMail/go-crypto/openpgp/errors.dep.yml index cb6ba9441..81688cd2f 100644 --- a/.licenses/arduino-create-agent/go/github.com/ProtonMail/go-crypto/openpgp/errors.dep.yml +++ b/.licenses/arduino-create-agent/go/github.com/ProtonMail/go-crypto/openpgp/errors.dep.yml @@ -1,12 +1,12 @@ --- name: github.com/ProtonMail/go-crypto/openpgp/errors -version: v1.1.0-alpha.2 +version: v1.1.0-alpha.5-proton type: go summary: Package errors contains common error types for the OpenPGP packages. homepage: https://pkg.go.dev/github.com/ProtonMail/go-crypto/openpgp/errors license: bsd-3-clause licenses: -- sources: go-crypto@v1.1.0-alpha.2/LICENSE +- sources: go-crypto@v1.1.0-alpha.5-proton/LICENSE text: | Copyright (c) 2009 The Go Authors. All rights reserved. @@ -35,7 +35,7 @@ licenses: THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -- sources: go-crypto@v1.1.0-alpha.2/PATENTS +- sources: go-crypto@v1.1.0-alpha.5-proton/PATENTS text: | Additional IP Rights Grant (Patents) diff --git a/.licenses/arduino-create-agent/go/github.com/ProtonMail/go-crypto/openpgp/internal/algorithm.dep.yml b/.licenses/arduino-create-agent/go/github.com/ProtonMail/go-crypto/openpgp/internal/algorithm.dep.yml index 9671f9971..6d96f4443 100644 --- a/.licenses/arduino-create-agent/go/github.com/ProtonMail/go-crypto/openpgp/internal/algorithm.dep.yml +++ b/.licenses/arduino-create-agent/go/github.com/ProtonMail/go-crypto/openpgp/internal/algorithm.dep.yml @@ -1,12 +1,12 @@ --- name: github.com/ProtonMail/go-crypto/openpgp/internal/algorithm -version: v1.1.0-alpha.2 +version: v1.1.0-alpha.5-proton type: go summary: homepage: https://pkg.go.dev/github.com/ProtonMail/go-crypto/openpgp/internal/algorithm license: other licenses: -- sources: go-crypto@v1.1.0-alpha.2/LICENSE +- sources: go-crypto@v1.1.0-alpha.5-proton/LICENSE text: | Copyright (c) 2009 The Go Authors. All rights reserved. @@ -35,7 +35,7 @@ licenses: THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -- sources: go-crypto@v1.1.0-alpha.2/PATENTS +- sources: go-crypto@v1.1.0-alpha.5-proton/PATENTS text: | Additional IP Rights Grant (Patents) diff --git a/.licenses/arduino-create-agent/go/github.com/ProtonMail/go-crypto/openpgp/internal/ecc.dep.yml b/.licenses/arduino-create-agent/go/github.com/ProtonMail/go-crypto/openpgp/internal/ecc.dep.yml index 080c67ae9..81e8f7cb5 100644 --- a/.licenses/arduino-create-agent/go/github.com/ProtonMail/go-crypto/openpgp/internal/ecc.dep.yml +++ b/.licenses/arduino-create-agent/go/github.com/ProtonMail/go-crypto/openpgp/internal/ecc.dep.yml @@ -1,12 +1,12 @@ --- name: github.com/ProtonMail/go-crypto/openpgp/internal/ecc -version: v1.1.0-alpha.2 +version: v1.1.0-alpha.5-proton type: go summary: Package ecc implements a generic interface for ECDH, ECDSA, and EdDSA. homepage: https://pkg.go.dev/github.com/ProtonMail/go-crypto/openpgp/internal/ecc license: other licenses: -- sources: go-crypto@v1.1.0-alpha.2/LICENSE +- sources: go-crypto@v1.1.0-alpha.5-proton/LICENSE text: | Copyright (c) 2009 The Go Authors. All rights reserved. @@ -35,7 +35,7 @@ licenses: THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -- sources: go-crypto@v1.1.0-alpha.2/PATENTS +- sources: go-crypto@v1.1.0-alpha.5-proton/PATENTS text: | Additional IP Rights Grant (Patents) diff --git a/.licenses/arduino-create-agent/go/github.com/ProtonMail/go-crypto/openpgp/internal/ecc/curve25519.dep.yml b/.licenses/arduino-create-agent/go/github.com/ProtonMail/go-crypto/openpgp/internal/ecc/curve25519.dep.yml new file mode 100644 index 000000000..ce6e3efe5 --- /dev/null +++ b/.licenses/arduino-create-agent/go/github.com/ProtonMail/go-crypto/openpgp/internal/ecc/curve25519.dep.yml @@ -0,0 +1,63 @@ +--- +name: github.com/ProtonMail/go-crypto/openpgp/internal/ecc/curve25519 +version: v1.1.0-alpha.5-proton +type: go +summary: Package curve25519 implements custom field operations without clamping for + forwarding. +homepage: https://pkg.go.dev/github.com/ProtonMail/go-crypto/openpgp/internal/ecc/curve25519 +license: other +licenses: +- sources: go-crypto@v1.1.0-alpha.5-proton/LICENSE + text: | + Copyright (c) 2009 The Go Authors. All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are + met: + + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above + copyright notice, this list of conditions and the following disclaimer + in the documentation and/or other materials provided with the + distribution. + * Neither the name of Google Inc. nor the names of its + contributors may be used to endorse or promote products derived from + this software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +- sources: go-crypto@v1.1.0-alpha.5-proton/PATENTS + text: | + Additional IP Rights Grant (Patents) + + "This implementation" means the copyrightable works distributed by + Google as part of the Go project. + + Google hereby grants to You a perpetual, worldwide, non-exclusive, + no-charge, royalty-free, irrevocable (except as stated in this section) + patent license to make, have made, use, offer to sell, sell, import, + transfer and otherwise run, modify and propagate the contents of this + implementation of Go, where such license applies only to those patent + claims, both currently owned or controlled by Google and acquired in + the future, licensable by Google that are necessarily infringed by this + implementation of Go. This grant does not include claims that would be + infringed only as a consequence of further modification of this + implementation. If you or your agent or exclusive licensee institute or + order or agree to the institution of patent litigation against any + entity (including a cross-claim or counterclaim in a lawsuit) alleging + that this implementation of Go or any code incorporated within this + implementation of Go constitutes direct or contributory patent + infringement, or inducement of patent infringement, then any patent + rights granted to you under this License for this implementation of Go + shall terminate as of the date such litigation is filed. +notices: [] diff --git a/.licenses/arduino-create-agent/go/github.com/ProtonMail/go-crypto/openpgp/internal/ecc/curve25519/field.dep.yml b/.licenses/arduino-create-agent/go/github.com/ProtonMail/go-crypto/openpgp/internal/ecc/curve25519/field.dep.yml new file mode 100644 index 000000000..8df0ed080 --- /dev/null +++ b/.licenses/arduino-create-agent/go/github.com/ProtonMail/go-crypto/openpgp/internal/ecc/curve25519/field.dep.yml @@ -0,0 +1,62 @@ +--- +name: github.com/ProtonMail/go-crypto/openpgp/internal/ecc/curve25519/field +version: v1.1.0-alpha.5-proton +type: go +summary: Package field implements fast arithmetic modulo 2^255-19. +homepage: https://pkg.go.dev/github.com/ProtonMail/go-crypto/openpgp/internal/ecc/curve25519/field +license: other +licenses: +- sources: go-crypto@v1.1.0-alpha.5-proton/LICENSE + text: | + Copyright (c) 2009 The Go Authors. All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are + met: + + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above + copyright notice, this list of conditions and the following disclaimer + in the documentation and/or other materials provided with the + distribution. + * Neither the name of Google Inc. nor the names of its + contributors may be used to endorse or promote products derived from + this software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +- sources: go-crypto@v1.1.0-alpha.5-proton/PATENTS + text: | + Additional IP Rights Grant (Patents) + + "This implementation" means the copyrightable works distributed by + Google as part of the Go project. + + Google hereby grants to You a perpetual, worldwide, non-exclusive, + no-charge, royalty-free, irrevocable (except as stated in this section) + patent license to make, have made, use, offer to sell, sell, import, + transfer and otherwise run, modify and propagate the contents of this + implementation of Go, where such license applies only to those patent + claims, both currently owned or controlled by Google and acquired in + the future, licensable by Google that are necessarily infringed by this + implementation of Go. This grant does not include claims that would be + infringed only as a consequence of further modification of this + implementation. If you or your agent or exclusive licensee institute or + order or agree to the institution of patent litigation against any + entity (including a cross-claim or counterclaim in a lawsuit) alleging + that this implementation of Go or any code incorporated within this + implementation of Go constitutes direct or contributory patent + infringement, or inducement of patent infringement, then any patent + rights granted to you under this License for this implementation of Go + shall terminate as of the date such litigation is filed. +notices: [] diff --git a/.licenses/arduino-create-agent/go/github.com/ProtonMail/go-crypto/openpgp/internal/encoding.dep.yml b/.licenses/arduino-create-agent/go/github.com/ProtonMail/go-crypto/openpgp/internal/encoding.dep.yml index 871478bef..990da1aa3 100644 --- a/.licenses/arduino-create-agent/go/github.com/ProtonMail/go-crypto/openpgp/internal/encoding.dep.yml +++ b/.licenses/arduino-create-agent/go/github.com/ProtonMail/go-crypto/openpgp/internal/encoding.dep.yml @@ -1,13 +1,13 @@ --- name: github.com/ProtonMail/go-crypto/openpgp/internal/encoding -version: v1.1.0-alpha.2 +version: v1.1.0-alpha.5-proton type: go summary: Package encoding implements openpgp packet field encodings as specified in RFC 4880 and 6637. homepage: https://pkg.go.dev/github.com/ProtonMail/go-crypto/openpgp/internal/encoding license: other licenses: -- sources: go-crypto@v1.1.0-alpha.2/LICENSE +- sources: go-crypto@v1.1.0-alpha.5-proton/LICENSE text: | Copyright (c) 2009 The Go Authors. All rights reserved. @@ -36,7 +36,7 @@ licenses: THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -- sources: go-crypto@v1.1.0-alpha.2/PATENTS +- sources: go-crypto@v1.1.0-alpha.5-proton/PATENTS text: | Additional IP Rights Grant (Patents) diff --git a/.licenses/arduino-create-agent/go/github.com/ProtonMail/go-crypto/openpgp/packet.dep.yml b/.licenses/arduino-create-agent/go/github.com/ProtonMail/go-crypto/openpgp/packet.dep.yml index 990c817b3..c470a9e2b 100644 --- a/.licenses/arduino-create-agent/go/github.com/ProtonMail/go-crypto/openpgp/packet.dep.yml +++ b/.licenses/arduino-create-agent/go/github.com/ProtonMail/go-crypto/openpgp/packet.dep.yml @@ -1,13 +1,13 @@ --- name: github.com/ProtonMail/go-crypto/openpgp/packet -version: v1.1.0-alpha.2 +version: v1.1.0-alpha.5-proton type: go summary: Package packet implements parsing and serialization of OpenPGP packets, as specified in RFC 4880. homepage: https://pkg.go.dev/github.com/ProtonMail/go-crypto/openpgp/packet license: bsd-3-clause licenses: -- sources: go-crypto@v1.1.0-alpha.2/LICENSE +- sources: go-crypto@v1.1.0-alpha.5-proton/LICENSE text: | Copyright (c) 2009 The Go Authors. All rights reserved. @@ -36,7 +36,7 @@ licenses: THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -- sources: go-crypto@v1.1.0-alpha.2/PATENTS +- sources: go-crypto@v1.1.0-alpha.5-proton/PATENTS text: | Additional IP Rights Grant (Patents) diff --git a/.licenses/arduino-create-agent/go/github.com/ProtonMail/go-crypto/openpgp/s2k.dep.yml b/.licenses/arduino-create-agent/go/github.com/ProtonMail/go-crypto/openpgp/s2k.dep.yml index 3ec86e4b8..a1a554e68 100644 --- a/.licenses/arduino-create-agent/go/github.com/ProtonMail/go-crypto/openpgp/s2k.dep.yml +++ b/.licenses/arduino-create-agent/go/github.com/ProtonMail/go-crypto/openpgp/s2k.dep.yml @@ -1,6 +1,6 @@ --- name: github.com/ProtonMail/go-crypto/openpgp/s2k -version: v1.1.0-alpha.2 +version: v1.1.0-alpha.5-proton type: go summary: Package s2k implements the various OpenPGP string-to-key transforms as specified in RFC 4800 section 3.7.1, and Argon2 specified in draft-ietf-openpgp-crypto-refresh-08 @@ -8,7 +8,7 @@ summary: Package s2k implements the various OpenPGP string-to-key transforms as homepage: https://pkg.go.dev/github.com/ProtonMail/go-crypto/openpgp/s2k license: bsd-3-clause licenses: -- sources: go-crypto@v1.1.0-alpha.2/LICENSE +- sources: go-crypto@v1.1.0-alpha.5-proton/LICENSE text: | Copyright (c) 2009 The Go Authors. All rights reserved. @@ -37,7 +37,7 @@ licenses: THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -- sources: go-crypto@v1.1.0-alpha.2/PATENTS +- sources: go-crypto@v1.1.0-alpha.5-proton/PATENTS text: | Additional IP Rights Grant (Patents) diff --git a/.licenses/arduino-create-agent/go/golang.org/x/crypto/sha3.dep.yml b/.licenses/arduino-create-agent/go/github.com/ProtonMail/go-crypto/openpgp/symmetric.dep.yml similarity index 89% rename from .licenses/arduino-create-agent/go/golang.org/x/crypto/sha3.dep.yml rename to .licenses/arduino-create-agent/go/github.com/ProtonMail/go-crypto/openpgp/symmetric.dep.yml index 1ef1c7c9f..581db5cbd 100644 --- a/.licenses/arduino-create-agent/go/golang.org/x/crypto/sha3.dep.yml +++ b/.licenses/arduino-create-agent/go/github.com/ProtonMail/go-crypto/openpgp/symmetric.dep.yml @@ -1,13 +1,12 @@ --- -name: golang.org/x/crypto/sha3 -version: v0.23.0 +name: github.com/ProtonMail/go-crypto/openpgp/symmetric +version: v1.1.0-alpha.5-proton type: go -summary: Package sha3 implements the SHA-3 fixed-output-length hash functions and - the SHAKE variable-output-length hash functions defined by FIPS-202. -homepage: https://pkg.go.dev/golang.org/x/crypto/sha3 -license: bsd-3-clause +summary: +homepage: https://pkg.go.dev/github.com/ProtonMail/go-crypto/openpgp/symmetric +license: other licenses: -- sources: crypto@v0.23.0/LICENSE +- sources: go-crypto@v1.1.0-alpha.5-proton/LICENSE text: | Copyright (c) 2009 The Go Authors. All rights reserved. @@ -36,7 +35,7 @@ licenses: THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -- sources: crypto@v0.23.0/PATENTS +- sources: go-crypto@v1.1.0-alpha.5-proton/PATENTS text: | Additional IP Rights Grant (Patents) diff --git a/.licenses/arduino-create-agent/go/github.com/ProtonMail/go-crypto/openpgp/x25519.dep.yml b/.licenses/arduino-create-agent/go/github.com/ProtonMail/go-crypto/openpgp/x25519.dep.yml index 79e3c7c83..16798ee8e 100644 --- a/.licenses/arduino-create-agent/go/github.com/ProtonMail/go-crypto/openpgp/x25519.dep.yml +++ b/.licenses/arduino-create-agent/go/github.com/ProtonMail/go-crypto/openpgp/x25519.dep.yml @@ -1,12 +1,12 @@ --- name: github.com/ProtonMail/go-crypto/openpgp/x25519 -version: v1.1.0-alpha.2 +version: v1.1.0-alpha.5-proton type: go summary: homepage: https://pkg.go.dev/github.com/ProtonMail/go-crypto/openpgp/x25519 license: other licenses: -- sources: go-crypto@v1.1.0-alpha.2/LICENSE +- sources: go-crypto@v1.1.0-alpha.5-proton/LICENSE text: | Copyright (c) 2009 The Go Authors. All rights reserved. @@ -35,7 +35,7 @@ licenses: THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -- sources: go-crypto@v1.1.0-alpha.2/PATENTS +- sources: go-crypto@v1.1.0-alpha.5-proton/PATENTS text: | Additional IP Rights Grant (Patents) diff --git a/.licenses/arduino-create-agent/go/github.com/ProtonMail/go-crypto/openpgp/x448.dep.yml b/.licenses/arduino-create-agent/go/github.com/ProtonMail/go-crypto/openpgp/x448.dep.yml index 21d2d9e9c..27acdb02c 100644 --- a/.licenses/arduino-create-agent/go/github.com/ProtonMail/go-crypto/openpgp/x448.dep.yml +++ b/.licenses/arduino-create-agent/go/github.com/ProtonMail/go-crypto/openpgp/x448.dep.yml @@ -1,12 +1,12 @@ --- name: github.com/ProtonMail/go-crypto/openpgp/x448 -version: v1.1.0-alpha.2 +version: v1.1.0-alpha.5-proton type: go summary: homepage: https://pkg.go.dev/github.com/ProtonMail/go-crypto/openpgp/x448 license: other licenses: -- sources: go-crypto@v1.1.0-alpha.2/LICENSE +- sources: go-crypto@v1.1.0-alpha.5-proton/LICENSE text: | Copyright (c) 2009 The Go Authors. All rights reserved. @@ -35,7 +35,7 @@ licenses: THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -- sources: go-crypto@v1.1.0-alpha.2/PATENTS +- sources: go-crypto@v1.1.0-alpha.5-proton/PATENTS text: | Additional IP Rights Grant (Patents) diff --git a/.licenses/arduino-create-agent/go/github.com/arduino/go-paths-helper.dep.yml b/.licenses/arduino-create-agent/go/github.com/arduino/go-paths-helper.dep.yml index 1de189b7f..21d102e90 100644 --- a/.licenses/arduino-create-agent/go/github.com/arduino/go-paths-helper.dep.yml +++ b/.licenses/arduino-create-agent/go/github.com/arduino/go-paths-helper.dep.yml @@ -1,6 +1,6 @@ --- name: github.com/arduino/go-paths-helper -version: v1.12.0 +version: v1.12.1 type: go summary: homepage: https://pkg.go.dev/github.com/arduino/go-paths-helper diff --git a/.licenses/arduino-create-agent/go/github.com/arduino/go-serial-utils.dep.yml b/.licenses/arduino-create-agent/go/github.com/arduino/go-serial-utils.dep.yml index d80310c77..fb7fa6ea5 100644 --- a/.licenses/arduino-create-agent/go/github.com/arduino/go-serial-utils.dep.yml +++ b/.licenses/arduino-create-agent/go/github.com/arduino/go-serial-utils.dep.yml @@ -2,7 +2,7 @@ name: github.com/arduino/go-serial-utils version: v0.1.2 type: go -summary: +summary: homepage: https://pkg.go.dev/github.com/arduino/go-serial-utils license: gpl-3.0 licenses: diff --git a/.licenses/arduino-create-agent/go/github.com/arduino/pluggable-discovery-protocol-handler/v2.dep.yml b/.licenses/arduino-create-agent/go/github.com/arduino/pluggable-discovery-protocol-handler/v2.dep.yml index 2fdbca217..0825582ba 100644 --- a/.licenses/arduino-create-agent/go/github.com/arduino/pluggable-discovery-protocol-handler/v2.dep.yml +++ b/.licenses/arduino-create-agent/go/github.com/arduino/pluggable-discovery-protocol-handler/v2.dep.yml @@ -1,6 +1,6 @@ --- name: github.com/arduino/pluggable-discovery-protocol-handler/v2 -version: v2.2.0 +version: v2.2.1 type: go summary: Package discovery is a library for handling the Arduino Pluggable-Discovery protocol (https://github.com/arduino/tooling-rfcs/blob/main/RFCs/0002-pluggable-discovery.md#pluggable-discovery-api-via-stdinstdout) diff --git a/.licenses/arduino-create-agent/go/github.com/blang/semver.dep.yml b/.licenses/arduino-create-agent/go/github.com/blang/semver.dep.yml index 3ef4e43fa..39cce428f 100644 --- a/.licenses/arduino-create-agent/go/github.com/blang/semver.dep.yml +++ b/.licenses/arduino-create-agent/go/github.com/blang/semver.dep.yml @@ -2,7 +2,7 @@ name: github.com/blang/semver version: v3.5.1+incompatible type: go -summary: +summary: homepage: https://pkg.go.dev/github.com/blang/semver license: mit licenses: @@ -33,3 +33,4 @@ licenses: - sources: README.md text: See [LICENSE](LICENSE) file. notices: [] +... diff --git a/.licenses/arduino-create-agent/go/github.com/codeclysm/extract/v3.dep.yml b/.licenses/arduino-create-agent/go/github.com/codeclysm/extract/v4.dep.yml similarity index 91% rename from .licenses/arduino-create-agent/go/github.com/codeclysm/extract/v3.dep.yml rename to .licenses/arduino-create-agent/go/github.com/codeclysm/extract/v4.dep.yml index 0c6f99746..9defe5f88 100644 --- a/.licenses/arduino-create-agent/go/github.com/codeclysm/extract/v3.dep.yml +++ b/.licenses/arduino-create-agent/go/github.com/codeclysm/extract/v4.dep.yml @@ -1,10 +1,10 @@ --- -name: github.com/codeclysm/extract/v3 -version: v3.1.1 +name: github.com/codeclysm/extract/v4 +version: v4.0.0 type: go summary: Package extract allows to extract archives in zip, tar.gz or tar.bz2 formats easily. -homepage: https://pkg.go.dev/github.com/codeclysm/extract/v3 +homepage: https://pkg.go.dev/github.com/codeclysm/extract/v4 license: mit licenses: - sources: LICENSE diff --git a/.licenses/arduino-create-agent/go/github.com/creack/goselect.dep.yml b/.licenses/arduino-create-agent/go/github.com/creack/goselect.dep.yml index 2ebe18293..0785cd02c 100644 --- a/.licenses/arduino-create-agent/go/github.com/creack/goselect.dep.yml +++ b/.licenses/arduino-create-agent/go/github.com/creack/goselect.dep.yml @@ -2,7 +2,7 @@ name: github.com/creack/goselect version: v0.1.2 type: go -summary: +summary: homepage: https://pkg.go.dev/github.com/creack/goselect license: mit licenses: @@ -33,3 +33,4 @@ licenses: - sources: README.md text: Released under the [MIT license](LICENSE). notices: [] +... diff --git a/.licenses/arduino-create-agent/go/github.com/gin-contrib/sse.dep.yml b/.licenses/arduino-create-agent/go/github.com/gin-contrib/sse.dep.yml index 4895be7a5..c888d59ab 100644 --- a/.licenses/arduino-create-agent/go/github.com/gin-contrib/sse.dep.yml +++ b/.licenses/arduino-create-agent/go/github.com/gin-contrib/sse.dep.yml @@ -2,7 +2,7 @@ name: github.com/gin-contrib/sse version: v0.1.0 type: go -summary: +summary: homepage: https://pkg.go.dev/github.com/gin-contrib/sse license: mit licenses: diff --git a/.licenses/arduino-create-agent/go/github.com/gin-gonic/gin/binding.dep.yml b/.licenses/arduino-create-agent/go/github.com/gin-gonic/gin/binding.dep.yml index 6801615fa..a99238ac3 100644 --- a/.licenses/arduino-create-agent/go/github.com/gin-gonic/gin/binding.dep.yml +++ b/.licenses/arduino-create-agent/go/github.com/gin-gonic/gin/binding.dep.yml @@ -2,7 +2,7 @@ name: github.com/gin-gonic/gin/binding version: v1.10.0 type: go -summary: +summary: homepage: https://pkg.go.dev/github.com/gin-gonic/gin/binding license: mit licenses: diff --git a/.licenses/arduino-create-agent/go/github.com/gin-gonic/gin/internal/bytesconv.dep.yml b/.licenses/arduino-create-agent/go/github.com/gin-gonic/gin/internal/bytesconv.dep.yml index c9d7afd9a..97e8d6cb9 100644 --- a/.licenses/arduino-create-agent/go/github.com/gin-gonic/gin/internal/bytesconv.dep.yml +++ b/.licenses/arduino-create-agent/go/github.com/gin-gonic/gin/internal/bytesconv.dep.yml @@ -2,7 +2,7 @@ name: github.com/gin-gonic/gin/internal/bytesconv version: v1.10.0 type: go -summary: +summary: homepage: https://pkg.go.dev/github.com/gin-gonic/gin/internal/bytesconv license: mit licenses: diff --git a/.licenses/arduino-create-agent/go/github.com/gin-gonic/gin/internal/json.dep.yml b/.licenses/arduino-create-agent/go/github.com/gin-gonic/gin/internal/json.dep.yml index 57739599b..2551fb8d9 100644 --- a/.licenses/arduino-create-agent/go/github.com/gin-gonic/gin/internal/json.dep.yml +++ b/.licenses/arduino-create-agent/go/github.com/gin-gonic/gin/internal/json.dep.yml @@ -2,7 +2,7 @@ name: github.com/gin-gonic/gin/internal/json version: v1.10.0 type: go -summary: +summary: homepage: https://pkg.go.dev/github.com/gin-gonic/gin/internal/json license: mit licenses: diff --git a/.licenses/arduino-create-agent/go/github.com/gin-gonic/gin/render.dep.yml b/.licenses/arduino-create-agent/go/github.com/gin-gonic/gin/render.dep.yml index 5b0dc5bbb..deb06fb36 100644 --- a/.licenses/arduino-create-agent/go/github.com/gin-gonic/gin/render.dep.yml +++ b/.licenses/arduino-create-agent/go/github.com/gin-gonic/gin/render.dep.yml @@ -2,7 +2,7 @@ name: github.com/gin-gonic/gin/render version: v1.10.0 type: go -summary: +summary: homepage: https://pkg.go.dev/github.com/gin-gonic/gin/render license: mit licenses: diff --git a/.licenses/arduino-create-agent/go/github.com/googollee/go-engine.io.dep.yml b/.licenses/arduino-create-agent/go/github.com/googollee/go-engine.io.dep.yml index a798ca46f..3d65daba3 100644 --- a/.licenses/arduino-create-agent/go/github.com/googollee/go-engine.io.dep.yml +++ b/.licenses/arduino-create-agent/go/github.com/googollee/go-engine.io.dep.yml @@ -2,7 +2,7 @@ name: github.com/googollee/go-engine.io version: v0.0.0-20180829091931-e2f255711dcb type: go -summary: +summary: homepage: https://pkg.go.dev/github.com/googollee/go-engine.io license: bsd-3-clause licenses: diff --git a/.licenses/arduino-create-agent/go/github.com/googollee/go-engine.io/message.dep.yml b/.licenses/arduino-create-agent/go/github.com/googollee/go-engine.io/message.dep.yml index ccf2355f5..55490cf08 100644 --- a/.licenses/arduino-create-agent/go/github.com/googollee/go-engine.io/message.dep.yml +++ b/.licenses/arduino-create-agent/go/github.com/googollee/go-engine.io/message.dep.yml @@ -2,7 +2,7 @@ name: github.com/googollee/go-engine.io/message version: v0.0.0-20180829091931-e2f255711dcb type: go -summary: +summary: homepage: https://pkg.go.dev/github.com/googollee/go-engine.io/message license: bsd-3-clause licenses: diff --git a/.licenses/arduino-create-agent/go/github.com/googollee/go-engine.io/parser.dep.yml b/.licenses/arduino-create-agent/go/github.com/googollee/go-engine.io/parser.dep.yml index 0a08396a0..718fadade 100644 --- a/.licenses/arduino-create-agent/go/github.com/googollee/go-engine.io/parser.dep.yml +++ b/.licenses/arduino-create-agent/go/github.com/googollee/go-engine.io/parser.dep.yml @@ -2,7 +2,7 @@ name: github.com/googollee/go-engine.io/parser version: v0.0.0-20180829091931-e2f255711dcb type: go -summary: +summary: homepage: https://pkg.go.dev/github.com/googollee/go-engine.io/parser license: bsd-3-clause licenses: diff --git a/.licenses/arduino-create-agent/go/github.com/googollee/go-engine.io/polling.dep.yml b/.licenses/arduino-create-agent/go/github.com/googollee/go-engine.io/polling.dep.yml index ccc32fe6e..5692db014 100644 --- a/.licenses/arduino-create-agent/go/github.com/googollee/go-engine.io/polling.dep.yml +++ b/.licenses/arduino-create-agent/go/github.com/googollee/go-engine.io/polling.dep.yml @@ -2,7 +2,7 @@ name: github.com/googollee/go-engine.io/polling version: v0.0.0-20180829091931-e2f255711dcb type: go -summary: +summary: homepage: https://pkg.go.dev/github.com/googollee/go-engine.io/polling license: bsd-3-clause licenses: diff --git a/.licenses/arduino-create-agent/go/github.com/googollee/go-engine.io/transport.dep.yml b/.licenses/arduino-create-agent/go/github.com/googollee/go-engine.io/transport.dep.yml index d48516a8a..430ab5ad5 100644 --- a/.licenses/arduino-create-agent/go/github.com/googollee/go-engine.io/transport.dep.yml +++ b/.licenses/arduino-create-agent/go/github.com/googollee/go-engine.io/transport.dep.yml @@ -2,7 +2,7 @@ name: github.com/googollee/go-engine.io/transport version: v0.0.0-20180829091931-e2f255711dcb type: go -summary: +summary: homepage: https://pkg.go.dev/github.com/googollee/go-engine.io/transport license: bsd-3-clause licenses: diff --git a/.licenses/arduino-create-agent/go/github.com/googollee/go-engine.io/websocket.dep.yml b/.licenses/arduino-create-agent/go/github.com/googollee/go-engine.io/websocket.dep.yml index 9eb8de2c2..3718a69b2 100644 --- a/.licenses/arduino-create-agent/go/github.com/googollee/go-engine.io/websocket.dep.yml +++ b/.licenses/arduino-create-agent/go/github.com/googollee/go-engine.io/websocket.dep.yml @@ -2,7 +2,7 @@ name: github.com/googollee/go-engine.io/websocket version: v0.0.0-20180829091931-e2f255711dcb type: go -summary: +summary: homepage: https://pkg.go.dev/github.com/googollee/go-engine.io/websocket license: bsd-3-clause licenses: diff --git a/.licenses/arduino-create-agent/go/github.com/h2non/filetype.dep.yml b/.licenses/arduino-create-agent/go/github.com/h2non/filetype.dep.yml index 02102b9ee..ce88ad732 100644 --- a/.licenses/arduino-create-agent/go/github.com/h2non/filetype.dep.yml +++ b/.licenses/arduino-create-agent/go/github.com/h2non/filetype.dep.yml @@ -2,7 +2,7 @@ name: github.com/h2non/filetype version: v1.1.3 type: go -summary: +summary: homepage: https://pkg.go.dev/github.com/h2non/filetype license: mit licenses: diff --git a/.licenses/arduino-create-agent/go/github.com/h2non/filetype/matchers.dep.yml b/.licenses/arduino-create-agent/go/github.com/h2non/filetype/matchers.dep.yml index e9421e1f8..e441102a1 100644 --- a/.licenses/arduino-create-agent/go/github.com/h2non/filetype/matchers.dep.yml +++ b/.licenses/arduino-create-agent/go/github.com/h2non/filetype/matchers.dep.yml @@ -2,7 +2,7 @@ name: github.com/h2non/filetype/matchers version: v1.1.3 type: go -summary: +summary: homepage: https://pkg.go.dev/github.com/h2non/filetype/matchers license: mit licenses: diff --git a/.licenses/arduino-create-agent/go/github.com/h2non/filetype/matchers/isobmff.dep.yml b/.licenses/arduino-create-agent/go/github.com/h2non/filetype/matchers/isobmff.dep.yml index 0a3984965..d18a56f5a 100644 --- a/.licenses/arduino-create-agent/go/github.com/h2non/filetype/matchers/isobmff.dep.yml +++ b/.licenses/arduino-create-agent/go/github.com/h2non/filetype/matchers/isobmff.dep.yml @@ -2,7 +2,7 @@ name: github.com/h2non/filetype/matchers/isobmff version: v1.1.3 type: go -summary: +summary: homepage: https://pkg.go.dev/github.com/h2non/filetype/matchers/isobmff license: mit licenses: diff --git a/.licenses/arduino-create-agent/go/github.com/h2non/filetype/types.dep.yml b/.licenses/arduino-create-agent/go/github.com/h2non/filetype/types.dep.yml index f8fe41654..6a3e9ff8c 100644 --- a/.licenses/arduino-create-agent/go/github.com/h2non/filetype/types.dep.yml +++ b/.licenses/arduino-create-agent/go/github.com/h2non/filetype/types.dep.yml @@ -2,7 +2,7 @@ name: github.com/h2non/filetype/types version: v1.1.3 type: go -summary: +summary: homepage: https://pkg.go.dev/github.com/h2non/filetype/types license: mit licenses: diff --git a/.licenses/arduino-create-agent/go/github.com/mattn/go-shellwords.dep.yml b/.licenses/arduino-create-agent/go/github.com/mattn/go-shellwords.dep.yml index afff99822..742e6604f 100644 --- a/.licenses/arduino-create-agent/go/github.com/mattn/go-shellwords.dep.yml +++ b/.licenses/arduino-create-agent/go/github.com/mattn/go-shellwords.dep.yml @@ -2,7 +2,7 @@ name: github.com/mattn/go-shellwords version: v1.0.12 type: go -summary: +summary: homepage: https://pkg.go.dev/github.com/mattn/go-shellwords license: mit licenses: diff --git a/.licenses/arduino-create-agent/go/github.com/pelletier/go-toml/v2/internal/characters.dep.yml b/.licenses/arduino-create-agent/go/github.com/pelletier/go-toml/v2/internal/characters.dep.yml index afddf80f5..59a3269ba 100644 --- a/.licenses/arduino-create-agent/go/github.com/pelletier/go-toml/v2/internal/characters.dep.yml +++ b/.licenses/arduino-create-agent/go/github.com/pelletier/go-toml/v2/internal/characters.dep.yml @@ -2,7 +2,7 @@ name: github.com/pelletier/go-toml/v2/internal/characters version: v2.2.2 type: go -summary: +summary: homepage: https://pkg.go.dev/github.com/pelletier/go-toml/v2/internal/characters license: other licenses: diff --git a/.licenses/arduino-create-agent/go/github.com/pelletier/go-toml/v2/internal/danger.dep.yml b/.licenses/arduino-create-agent/go/github.com/pelletier/go-toml/v2/internal/danger.dep.yml index 5fe64d014..36075df83 100644 --- a/.licenses/arduino-create-agent/go/github.com/pelletier/go-toml/v2/internal/danger.dep.yml +++ b/.licenses/arduino-create-agent/go/github.com/pelletier/go-toml/v2/internal/danger.dep.yml @@ -2,7 +2,7 @@ name: github.com/pelletier/go-toml/v2/internal/danger version: v2.2.2 type: go -summary: +summary: homepage: https://pkg.go.dev/github.com/pelletier/go-toml/v2/internal/danger license: other licenses: diff --git a/.licenses/arduino-create-agent/go/github.com/pelletier/go-toml/v2/internal/tracker.dep.yml b/.licenses/arduino-create-agent/go/github.com/pelletier/go-toml/v2/internal/tracker.dep.yml index 6b73e51e6..954011183 100644 --- a/.licenses/arduino-create-agent/go/github.com/pelletier/go-toml/v2/internal/tracker.dep.yml +++ b/.licenses/arduino-create-agent/go/github.com/pelletier/go-toml/v2/internal/tracker.dep.yml @@ -2,7 +2,7 @@ name: github.com/pelletier/go-toml/v2/internal/tracker version: v2.2.2 type: go -summary: +summary: homepage: https://pkg.go.dev/github.com/pelletier/go-toml/v2/internal/tracker license: other licenses: diff --git a/.licenses/arduino-create-agent/go/github.com/ulikunitz/xz.dep.yml b/.licenses/arduino-create-agent/go/github.com/ulikunitz/xz.dep.yml index 0b3c4e2b2..b02e158ff 100644 --- a/.licenses/arduino-create-agent/go/github.com/ulikunitz/xz.dep.yml +++ b/.licenses/arduino-create-agent/go/github.com/ulikunitz/xz.dep.yml @@ -1,6 +1,6 @@ --- name: github.com/ulikunitz/xz -version: v0.5.11 +version: v0.5.12 type: go summary: Package xz supports the compression and decompression of xz files. homepage: https://pkg.go.dev/github.com/ulikunitz/xz diff --git a/.licenses/arduino-create-agent/go/github.com/ulikunitz/xz/internal/hash.dep.yml b/.licenses/arduino-create-agent/go/github.com/ulikunitz/xz/internal/hash.dep.yml index 470737fb6..c9a34e7af 100644 --- a/.licenses/arduino-create-agent/go/github.com/ulikunitz/xz/internal/hash.dep.yml +++ b/.licenses/arduino-create-agent/go/github.com/ulikunitz/xz/internal/hash.dep.yml @@ -1,12 +1,12 @@ --- name: github.com/ulikunitz/xz/internal/hash -version: v0.5.11 +version: v0.5.12 type: go summary: Package hash provides rolling hashes. homepage: https://pkg.go.dev/github.com/ulikunitz/xz/internal/hash license: bsd-3-clause licenses: -- sources: xz@v0.5.11/LICENSE +- sources: xz@v0.5.12/LICENSE text: | Copyright (c) 2014-2022 Ulrich Kunitz All rights reserved. diff --git a/.licenses/arduino-create-agent/go/github.com/ulikunitz/xz/internal/xlog.dep.yml b/.licenses/arduino-create-agent/go/github.com/ulikunitz/xz/internal/xlog.dep.yml index 5fc1e57f7..a5ec30088 100644 --- a/.licenses/arduino-create-agent/go/github.com/ulikunitz/xz/internal/xlog.dep.yml +++ b/.licenses/arduino-create-agent/go/github.com/ulikunitz/xz/internal/xlog.dep.yml @@ -1,13 +1,13 @@ --- name: github.com/ulikunitz/xz/internal/xlog -version: v0.5.11 +version: v0.5.12 type: go summary: Package xlog provides a simple logging package that allows to disable certain message categories. homepage: https://pkg.go.dev/github.com/ulikunitz/xz/internal/xlog license: bsd-3-clause licenses: -- sources: xz@v0.5.11/LICENSE +- sources: xz@v0.5.12/LICENSE text: | Copyright (c) 2014-2022 Ulrich Kunitz All rights reserved. diff --git a/.licenses/arduino-create-agent/go/github.com/ulikunitz/xz/lzma.dep.yml b/.licenses/arduino-create-agent/go/github.com/ulikunitz/xz/lzma.dep.yml index b30f1859d..66a937e5e 100644 --- a/.licenses/arduino-create-agent/go/github.com/ulikunitz/xz/lzma.dep.yml +++ b/.licenses/arduino-create-agent/go/github.com/ulikunitz/xz/lzma.dep.yml @@ -1,12 +1,12 @@ --- name: github.com/ulikunitz/xz/lzma -version: v0.5.11 +version: v0.5.12 type: go summary: Package lzma supports the decoding and encoding of LZMA streams. homepage: https://pkg.go.dev/github.com/ulikunitz/xz/lzma license: bsd-3-clause licenses: -- sources: xz@v0.5.11/LICENSE +- sources: xz@v0.5.12/LICENSE text: | Copyright (c) 2014-2022 Ulrich Kunitz All rights reserved. diff --git a/.licenses/arduino-create-agent/go/github.com/xrash/smetrics.dep.yml b/.licenses/arduino-create-agent/go/github.com/xrash/smetrics.dep.yml index f2795524e..cbd322a2e 100644 --- a/.licenses/arduino-create-agent/go/github.com/xrash/smetrics.dep.yml +++ b/.licenses/arduino-create-agent/go/github.com/xrash/smetrics.dep.yml @@ -2,7 +2,7 @@ name: github.com/xrash/smetrics version: v0.0.0-20170218160415-a3153f7040e9 type: go -summary: +summary: homepage: https://pkg.go.dev/github.com/xrash/smetrics license: mit licenses: diff --git a/.licenses/arduino-create-agent/go/go.bug.st/serial.dep.yml b/.licenses/arduino-create-agent/go/go.bug.st/serial.dep.yml index c55d351d0..73d434109 100644 --- a/.licenses/arduino-create-agent/go/go.bug.st/serial.dep.yml +++ b/.licenses/arduino-create-agent/go/go.bug.st/serial.dep.yml @@ -1,6 +1,6 @@ --- name: go.bug.st/serial -version: v1.6.1 +version: v1.6.4 type: go summary: Package serial is a cross-platform serial library for the go language. homepage: https://pkg.go.dev/go.bug.st/serial @@ -9,7 +9,7 @@ licenses: - sources: LICENSE text: |2+ - Copyright (c) 2014-2023, Cristian Maglie. + Copyright (c) 2014-2024, Cristian Maglie. All rights reserved. Redistribution and use in source and binary forms, with or without @@ -43,7 +43,7 @@ licenses: - sources: README.md text: |- - The software is release under a [BSD 3-clause license] + This software is released under the [BSD 3-clause license]. [contributors]: https://github.com/bugst/go-serial/graphs/contributors [BSD 3-clause license]: https://github.com/bugst/go-serial/blob/master/LICENSE diff --git a/.licenses/arduino-create-agent/go/go.bug.st/serial/enumerator.dep.yml b/.licenses/arduino-create-agent/go/go.bug.st/serial/enumerator.dep.yml index 7743f09d9..d7b0b63e1 100644 --- a/.licenses/arduino-create-agent/go/go.bug.st/serial/enumerator.dep.yml +++ b/.licenses/arduino-create-agent/go/go.bug.st/serial/enumerator.dep.yml @@ -1,16 +1,16 @@ --- name: go.bug.st/serial/enumerator -version: v1.6.1 +version: v1.6.4 type: go summary: Package enumerator is a golang cross-platform library for USB serial port discovery. homepage: https://pkg.go.dev/go.bug.st/serial/enumerator license: bsd-3-clause licenses: -- sources: serial@v1.6.1/LICENSE +- sources: serial@v1.6.4/LICENSE text: |2+ - Copyright (c) 2014-2023, Cristian Maglie. + Copyright (c) 2014-2024, Cristian Maglie. All rights reserved. Redistribution and use in source and binary forms, with or without @@ -42,9 +42,9 @@ licenses: ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -- sources: serial@v1.6.1/README.md +- sources: serial@v1.6.4/README.md text: |- - The software is release under a [BSD 3-clause license] + This software is released under the [BSD 3-clause license]. [contributors]: https://github.com/bugst/go-serial/graphs/contributors [BSD 3-clause license]: https://github.com/bugst/go-serial/blob/master/LICENSE diff --git a/.licenses/arduino-create-agent/go/go.bug.st/serial/unixutils.dep.yml b/.licenses/arduino-create-agent/go/go.bug.st/serial/unixutils.dep.yml index b744d2524..ac5bb6bb1 100644 --- a/.licenses/arduino-create-agent/go/go.bug.st/serial/unixutils.dep.yml +++ b/.licenses/arduino-create-agent/go/go.bug.st/serial/unixutils.dep.yml @@ -1,15 +1,15 @@ --- name: go.bug.st/serial/unixutils -version: v1.6.1 +version: v1.6.4 type: go summary: homepage: https://pkg.go.dev/go.bug.st/serial/unixutils license: bsd-3-clause licenses: -- sources: serial@v1.6.1/LICENSE +- sources: serial@v1.6.4/LICENSE text: |2+ - Copyright (c) 2014-2023, Cristian Maglie. + Copyright (c) 2014-2024, Cristian Maglie. All rights reserved. Redistribution and use in source and binary forms, with or without @@ -41,9 +41,9 @@ licenses: ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -- sources: serial@v1.6.1/README.md +- sources: serial@v1.6.4/README.md text: |- - The software is release under a [BSD 3-clause license] + This software is released under the [BSD 3-clause license]. [contributors]: https://github.com/bugst/go-serial/graphs/contributors [BSD 3-clause license]: https://github.com/bugst/go-serial/blob/master/LICENSE diff --git a/.licenses/arduino-create-agent/go/golang.org/x/sys/unix.dep.yml b/.licenses/arduino-create-agent/go/golang.org/x/sys/unix.dep.yml index 8c6dd955b..5c4780a8d 100644 --- a/.licenses/arduino-create-agent/go/golang.org/x/sys/unix.dep.yml +++ b/.licenses/arduino-create-agent/go/golang.org/x/sys/unix.dep.yml @@ -1,14 +1,14 @@ --- name: golang.org/x/sys/unix -version: v0.20.0 +version: v0.23.0 type: go summary: Package unix contains an interface to the low-level operating system primitives. homepage: https://pkg.go.dev/golang.org/x/sys/unix -license: bsd-3-clause +license: other licenses: -- sources: sys@v0.20.0/LICENSE +- sources: sys@v0.23.0/LICENSE text: | - Copyright (c) 2009 The Go Authors. All rights reserved. + Copyright 2009 The Go Authors. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are @@ -20,7 +20,7 @@ licenses: copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. - * Neither the name of Google Inc. nor the names of its + * Neither the name of Google LLC nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. @@ -35,7 +35,7 @@ licenses: THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -- sources: sys@v0.20.0/PATENTS +- sources: sys@v0.23.0/PATENTS text: | Additional IP Rights Grant (Patents) diff --git a/.licenses/arduino-create-agent/go/golang.org/x/text/internal/language.dep.yml b/.licenses/arduino-create-agent/go/golang.org/x/text/internal/language.dep.yml index 988bad3c9..4a392d8cf 100644 --- a/.licenses/arduino-create-agent/go/golang.org/x/text/internal/language.dep.yml +++ b/.licenses/arduino-create-agent/go/golang.org/x/text/internal/language.dep.yml @@ -2,7 +2,7 @@ name: golang.org/x/text/internal/language version: v0.15.0 type: go -summary: +summary: homepage: https://pkg.go.dev/golang.org/x/text/internal/language license: bsd-3-clause licenses: diff --git a/.licenses/arduino-create-agent/go/gopkg.in/inconshreveable/go-update.v0/download.dep.yml b/.licenses/arduino-create-agent/go/gopkg.in/inconshreveable/go-update.v0/download.dep.yml index 5894a7618..12e0b1dcf 100644 --- a/.licenses/arduino-create-agent/go/gopkg.in/inconshreveable/go-update.v0/download.dep.yml +++ b/.licenses/arduino-create-agent/go/gopkg.in/inconshreveable/go-update.v0/download.dep.yml @@ -2,7 +2,7 @@ name: gopkg.in/inconshreveable/go-update.v0/download version: v0.0.0-20150814200126-d8b0b1d421aa type: go -summary: +summary: homepage: https://pkg.go.dev/gopkg.in/inconshreveable/go-update.v0/download license: apache-2.0 licenses: diff --git a/README.md b/README.md index fc88205a2..db5e92c65 100644 --- a/README.md +++ b/README.md @@ -8,7 +8,7 @@ [![Check Go Dependencies status](https://github.com/arduino/arduino-create-agent/actions/workflows/check-go-dependencies-task.yml/badge.svg)](https://github.com/arduino/arduino-create-agent/actions/workflows/check-go-dependencies-task.yml) [![Check Go status](https://github.com/arduino/arduino-create-agent/actions/workflows/check-go-task.yml/badge.svg)](https://github.com/arduino/arduino-create-agent/actions/workflows/check-go-task.yml) -The Arduino Cloud Agent is a single binary that will sit on the traybar and work in the background. It allows you to use the [Arduino Create applications](https://create.arduino.cc) to seamlessly upload code to any USB connected Arduino board (or Yún in LAN) directly from the browser. +The Arduino Cloud Agent is a single binary that will sit on the traybar and work in the background. It allows you to use the [Arduino Cloud](https://app.arduino.cc/) to seamlessly upload code to any USB connected Arduino board (or Yún in LAN) directly from the browser. ## Architecture @@ -18,8 +18,8 @@ The Arduino Cloud Agent is a single binary that will sit on the traybar and work | Browser | | | Web socket +----------------------+ flashes +---------------+ | +---------------------------+ |<-------------->| +------------>| | -| | | | | Arduino Cloud Agent | | Arduino Board | -| | Arduino Create Web Editor | +--------------->| |<------------+ | +| | | | | Arduino Cloud Agent | | Arduino Board | +| | Arduino Cloud | +--------------->| |<------------+ | | | | | REST API +----------------------+ serial +---------------+ | +---------------------------+ | +-------------------------------+ @@ -27,11 +27,11 @@ The Arduino Cloud Agent is a single binary that will sit on the traybar and work ## Installation -Get the [latest version](https://github.com/arduino/arduino-create-agent/releases) of the Agent for all supported platforms or complete the [Getting Started](https://create.arduino.cc/getting-started/plugin/welcome). +Get the [latest version](https://github.com/arduino/arduino-create-agent/releases) of the Agent for all supported platforms or complete the [Getting Started](https://cloud.arduino.cc/download-agent/). ## Apple silicon support -The Arduino Agent is supported both on Intel and Apple silicon computers. This includes devices with the M1, M2 and M3 processors. +The Arduino Agent is supported both on Intel and Apple silicon computers. This includes devices with the M1, M2 and M3 processors. The Arduino Agent is built both for Intel architectures and Apple silicon devices, but distributed as a single universal executable for macOS. ## Documentation diff --git a/Taskfile.yml b/Taskfile.yml index b64b12bb5..681c8274d 100644 --- a/Taskfile.yml +++ b/Taskfile.yml @@ -1,6 +1,17 @@ version: "3" tasks: + + install: + desc: Install dependencies for local development + cmds: + - go install github.com/githubnemo/CompileDaemon@v1.4.0 + + run: + desc: Run the project locally with auto-reload and data race detector + cmds: + - CompileDaemon -build="go build -race" -command="./arduino-create-agent" -graceful-kill=true + # Source: https://github.com/arduino/tooling-project-assets/blob/main/workflow-templates/assets/check-dependencies-task/Taskfile.yml general:cache-dep-licenses: desc: Cache dependency license metadata @@ -138,6 +149,20 @@ tasks: - task: go:vet - task: go:lint + autoupdate:demo: + desc: Demo the local auto-update workflow for the Agent (for linux and mac user) + prompt: Before continuing, please make sure you’ve opened the "Open Configuration" option from the Agent menu and set the updateUrl=http://127.0.0.1:3000/ + cmds: + - task: go:build + - go install github.com/sanbornm/go-selfupdate/...@latest + # NOTE: the path 'CreateAgent/Stable' is important to keep as is + # because agent searches the update files into "CreateAgent/Stable/{platform}.json" and "https://downloads.arduino.cc/CreateAgent/Stable/{version}/{platform}.gz" + - go-selfupdate -o public/CreateAgent/Stable ./arduino-cloud-agent {{.VERSION}} + - docker rm -f agent-static-server + - docker run --rm -d -v "$PWD/public:/usr/share/nginx/html:ro" -p 3000:80 --name agent-static-server nginx:alpine + - sleep 5 # wait the server is up before starting the update + - curl -X POST http://127.0.0.1:8991/update + vars: # Source: https://github.com/arduino/tooling-project-assets/blob/main/workflow-templates/assets/release-go-task/Taskfile.yml PROJECT_NAME: arduino-cloud-agent diff --git a/conn.go b/conn.go index 727a5cadb..8c71c54c4 100644 --- a/conn.go +++ b/conn.go @@ -19,6 +19,7 @@ package main import ( "bytes" + "crypto/rsa" "encoding/json" "errors" "fmt" @@ -79,109 +80,114 @@ type Upload struct { var uploadStatusStr = "ProgrammerStatus" -func uploadHandler(c *gin.Context) { - - data := new(Upload) - c.BindJSON(data) - - log.Printf("%+v %+v %+v %+v %+v %+v", data.Port, data.Board, data.Rewrite, data.Commandline, data.Extra, data.Filename) - - if data.Port == "" { - c.String(http.StatusBadRequest, "port is required") - return - } - - if data.Board == "" { - c.String(http.StatusBadRequest, "board is required") - log.Error("board is required") - return - } - - if !data.Extra.Network { - if data.Signature == "" { - c.String(http.StatusBadRequest, "signature is required") +func uploadHandler(pubKey *rsa.PublicKey) func(*gin.Context) { + return func(c *gin.Context) { + data := new(Upload) + if err := c.BindJSON(data); err != nil { + c.String(http.StatusBadRequest, fmt.Sprintf("err with the payload. %v", err.Error())) return } - if data.Commandline == "" { - c.String(http.StatusBadRequest, "commandline is required for local board") + log.Printf("%+v %+v %+v %+v %+v %+v", data.Port, data.Board, data.Rewrite, data.Commandline, data.Extra, data.Filename) + + if data.Port == "" { + c.String(http.StatusBadRequest, "port is required") return } - err := utilities.VerifyInput(data.Commandline, data.Signature) - - if err != nil { - c.String(http.StatusBadRequest, "signature is invalid") + if data.Board == "" { + c.String(http.StatusBadRequest, "board is required") + log.Error("board is required") return } - } - buffer := bytes.NewBuffer(data.Hex) + if !data.Extra.Network { + if data.Signature == "" { + c.String(http.StatusBadRequest, "signature is required") + return + } - filePath, err := utilities.SaveFileonTempDir(data.Filename, buffer) - if err != nil { - c.String(http.StatusBadRequest, err.Error()) - return - } + if data.Commandline == "" { + c.String(http.StatusBadRequest, "commandline is required for local board") + return + } - tmpdir, err := os.MkdirTemp("", "extrafiles") - if err != nil { - c.String(http.StatusBadRequest, err.Error()) - return - } + err := utilities.VerifyInput(data.Commandline, data.Signature, pubKey) - for _, extraFile := range data.ExtraFiles { - path, err := utilities.SafeJoin(tmpdir, extraFile.Filename) - if err != nil { - c.String(http.StatusBadRequest, err.Error()) - return + if err != nil { + log.WithField("err", err).Error("Error verifying the command") + c.String(http.StatusBadRequest, "signature is invalid") + return + } } - log.Printf("Saving %s on %s", extraFile.Filename, path) - err = os.MkdirAll(filepath.Dir(path), 0744) - if err != nil { - c.String(http.StatusBadRequest, err.Error()) - return - } + buffer := bytes.NewBuffer(data.Hex) - err = os.WriteFile(path, extraFile.Hex, 0644) + filePath, err := utilities.SaveFileonTempDir(data.Filename, buffer) if err != nil { c.String(http.StatusBadRequest, err.Error()) return } - } - if data.Rewrite != "" { - data.Board = data.Rewrite - } - - go func() { - // Resolve commandline - commandline, err := upload.PartiallyResolve(data.Board, filePath, tmpdir, data.Commandline, data.Extra, Tools) + tmpdir, err := os.MkdirTemp("", "extrafiles") if err != nil { - send(map[string]string{uploadStatusStr: "Error", "Msg": err.Error()}) + c.String(http.StatusBadRequest, err.Error()) return } - l := PLogger{Verbose: true} - - // Upload - if data.Extra.Network { - err = errors.New("network upload is not supported anymore, pease use OTA instead") - } else { - send(map[string]string{uploadStatusStr: "Starting", "Cmd": "Serial"}) - err = upload.Serial(data.Port, commandline, data.Extra, l) + for _, extraFile := range data.ExtraFiles { + path, err := utilities.SafeJoin(tmpdir, extraFile.Filename) + if err != nil { + c.String(http.StatusBadRequest, err.Error()) + return + } + log.Printf("Saving %s on %s", extraFile.Filename, path) + + err = os.MkdirAll(filepath.Dir(path), 0744) + if err != nil { + c.String(http.StatusBadRequest, err.Error()) + return + } + + err = os.WriteFile(path, extraFile.Hex, 0644) + if err != nil { + c.String(http.StatusBadRequest, err.Error()) + return + } } - // Handle result - if err != nil { - send(map[string]string{uploadStatusStr: "Error", "Msg": err.Error()}) - return + if data.Rewrite != "" { + data.Board = data.Rewrite } - send(map[string]string{uploadStatusStr: "Done", "Flash": "Ok"}) - }() - c.String(http.StatusAccepted, "") + go func() { + // Resolve commandline + commandline, err := upload.PartiallyResolve(data.Board, filePath, tmpdir, data.Commandline, data.Extra, Tools) + if err != nil { + send(map[string]string{uploadStatusStr: "Error", "Msg": err.Error()}) + return + } + + l := PLogger{Verbose: true} + + // Upload + if data.Extra.Network { + err = errors.New("network upload is not supported anymore, pease use OTA instead") + } else { + send(map[string]string{uploadStatusStr: "Starting", "Cmd": "Serial"}) + err = upload.Serial(data.Port, commandline, data.Extra, l) + } + + // Handle result + if err != nil { + send(map[string]string{uploadStatusStr: "Error", "Msg": err.Error()}) + return + } + send(map[string]string{uploadStatusStr: "Done", "Flash": "Ok"}) + }() + + c.String(http.StatusAccepted, "") + } } // PLogger sends the info from the upload to the websocket diff --git a/globals/globals.go b/globals/globals.go index d7cb09a17..ac4c14666 100644 --- a/globals/globals.go +++ b/globals/globals.go @@ -15,8 +15,15 @@ package globals -// DefaultIndexURL is the default index url var ( - // SignatureKey is the public key used to verify commands and url sent by the builder - SignatureKey = "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvc0yZr1yUSen7qmE3cxF\nIE12rCksDnqR+Hp7o0nGi9123eCSFcJ7CkIRC8F+8JMhgI3zNqn4cUEn47I3RKD1\nZChPUCMiJCvbLbloxfdJrUi7gcSgUXrlKQStOKF5Iz7xv1M4XOP3JtjXLGo3EnJ1\npFgdWTOyoSrA8/w1rck4c/ISXZSinVAggPxmLwVEAAln6Itj6giIZHKvA2fL2o8z\nCeK057Lu8X6u2CG8tRWSQzVoKIQw/PKK6CNXCAy8vo4EkXudRutnEYHEJlPkVgPn\n2qP06GI+I+9zKE37iqj0k1/wFaCVXHXIvn06YrmjQw6I0dDj/60Wvi500FuRVpn9\ntwIDAQAB\n-----END PUBLIC KEY-----" + // ArduinoSignaturePubKey is the public key used to verify commands and url sent by the builder + ArduinoSignaturePubKey = `-----BEGIN PUBLIC KEY----- +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvc0yZr1yUSen7qmE3cxF +IE12rCksDnqR+Hp7o0nGi9123eCSFcJ7CkIRC8F+8JMhgI3zNqn4cUEn47I3RKD1 +ZChPUCMiJCvbLbloxfdJrUi7gcSgUXrlKQStOKF5Iz7xv1M4XOP3JtjXLGo3EnJ1 +pFgdWTOyoSrA8/w1rck4c/ISXZSinVAggPxmLwVEAAln6Itj6giIZHKvA2fL2o8z +CeK057Lu8X6u2CG8tRWSQzVoKIQw/PKK6CNXCAy8vo4EkXudRutnEYHEJlPkVgPn +2qP06GI+I+9zKE37iqj0k1/wFaCVXHXIvn06YrmjQw6I0dDj/60Wvi500FuRVpn9 +twIDAQAB +-----END PUBLIC KEY-----` ) diff --git a/go.mod b/go.mod index b1f0f8fda..3bffc09ed 100644 --- a/go.mod +++ b/go.mod @@ -1,15 +1,15 @@ module github.com/arduino/arduino-create-agent -go 1.21 +go 1.23.0 require ( fyne.io/systray v1.10.0 - github.com/ProtonMail/go-crypto v1.1.0-alpha.2 - github.com/arduino/go-paths-helper v1.12.0 + github.com/ProtonMail/go-crypto v1.1.0-alpha.5-proton + github.com/arduino/go-paths-helper v1.12.1 github.com/arduino/go-serial-utils v0.1.2 - github.com/arduino/pluggable-discovery-protocol-handler/v2 v2.2.0 + github.com/arduino/pluggable-discovery-protocol-handler/v2 v2.2.1 github.com/blang/semver v3.5.1+incompatible - github.com/codeclysm/extract/v3 v3.1.1 + github.com/codeclysm/extract/v4 v4.0.0 github.com/gin-contrib/cors v1.7.2 github.com/gin-gonic/gin v1.10.0 github.com/go-ini/ini v1.62.0 @@ -21,9 +21,9 @@ require ( github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966 github.com/stretchr/testify v1.9.0 github.com/xrash/smetrics v0.0.0-20170218160415-a3153f7040e9 - go.bug.st/serial v1.6.1 + go.bug.st/serial v1.6.4 goa.design/goa/v3 v3.16.1 - golang.org/x/sys v0.20.0 + golang.org/x/sys v0.23.0 gopkg.in/inconshreveable/go-update.v0 v0.0.0-20150814200126-d8b0b1d421aa ) @@ -71,7 +71,7 @@ require ( github.com/tevino/abool v1.2.0 // indirect github.com/twitchyliquid64/golang-asm v0.15.1 // indirect github.com/ugorji/go v1.1.6 // indirect - github.com/ulikunitz/xz v0.5.11 // indirect + github.com/ulikunitz/xz v0.5.12 // indirect golang.org/x/arch v0.8.0 // indirect golang.org/x/crypto v0.23.0 // indirect golang.org/x/mod v0.17.0 // indirect diff --git a/go.sum b/go.sum index 278446a66..676649d56 100644 --- a/go.sum +++ b/go.sum @@ -2,17 +2,17 @@ fyne.io/systray v1.10.0 h1:Yr1D9Lxeiw3+vSuZWPlaHC8BMjIHZXJKkek706AfYQk= fyne.io/systray v1.10.0/go.mod h1:oM2AQqGJ1AMo4nNqZFYU8xYygSBZkW2hmdJ7n4yjedE= github.com/AnatolyRugalev/goregen v0.1.0 h1:xrdXkLaskMnbxW0x4FWNj2yoednv0X2bcTBWpuJGYfE= github.com/AnatolyRugalev/goregen v0.1.0/go.mod h1:sVlY1tjcirqLBRZnCcIq1+7/Lwmqz5g7IK8AStjOVzI= -github.com/ProtonMail/go-crypto v1.1.0-alpha.2 h1:bkyFVUP+ROOARdgCiJzNQo2V2kiB97LyUpzH9P6Hrlg= -github.com/ProtonMail/go-crypto v1.1.0-alpha.2/go.mod h1:rA3QumHc/FZ8pAHreoekgiAbzpNsfQAosU5td4SnOrE= +github.com/ProtonMail/go-crypto v1.1.0-alpha.5-proton h1:KVBEgU3CJpmzLChnLiSuEyCuhGhcMt3eOST+7A+ckto= +github.com/ProtonMail/go-crypto v1.1.0-alpha.5-proton/go.mod h1:rA3QumHc/FZ8pAHreoekgiAbzpNsfQAosU5td4SnOrE= github.com/arduino/go-paths-helper v1.0.1/go.mod h1:HpxtKph+g238EJHq4geEPv9p+gl3v5YYu35Yb+w31Ck= -github.com/arduino/go-paths-helper v1.12.0 h1:xizOQtI9iHdl19qXd1EmWg5i9W//2bOCOYwlNv8F61E= -github.com/arduino/go-paths-helper v1.12.0/go.mod h1:jcpW4wr0u69GlXhTYydsdsqAjLaYK5n7oWHfKqOG6LM= +github.com/arduino/go-paths-helper v1.12.1 h1:WkxiVUxBjKWlLMiMuYy8DcmVrkxdP7aKxQOAq7r2lVM= +github.com/arduino/go-paths-helper v1.12.1/go.mod h1:jcpW4wr0u69GlXhTYydsdsqAjLaYK5n7oWHfKqOG6LM= github.com/arduino/go-properties-orderedmap v1.8.0 h1:wEfa6hHdpezrVOh787OmClsf/Kd8qB+zE3P2Xbrn0CQ= github.com/arduino/go-properties-orderedmap v1.8.0/go.mod h1:DKjD2VXY/NZmlingh4lSFMEYCVubfeArCsGPGDwb2yk= github.com/arduino/go-serial-utils v0.1.2 h1:MRFwME4w/uaVkJ1R+wzz4KSbI9cF9IDVrYorazvjpTk= github.com/arduino/go-serial-utils v0.1.2/go.mod h1:kzIsNPgz8DFAd1sAFKve4ubxrdGcwQ4XzvRLlztsgnE= -github.com/arduino/pluggable-discovery-protocol-handler/v2 v2.2.0 h1:v7og6LpskewFabmaShKVzWXl5MXbmsxaRP3yo4dJta8= -github.com/arduino/pluggable-discovery-protocol-handler/v2 v2.2.0/go.mod h1:1dgblsmK2iBx3L5iNTyRIokeaxbTLUrYiUbHBK6yC3Y= +github.com/arduino/pluggable-discovery-protocol-handler/v2 v2.2.1 h1:Fw8zKj1b/FkcQrWgN7aBw3ubSxpKIUtdANLXvd1Qdzw= +github.com/arduino/pluggable-discovery-protocol-handler/v2 v2.2.1/go.mod h1:1dgblsmK2iBx3L5iNTyRIokeaxbTLUrYiUbHBK6yC3Y= github.com/blang/semver v3.5.1+incompatible h1:cQNTCjp13qL8KC3Nbxr/y2Bqb63oX6wdnnjpJbkM4JQ= github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk= github.com/bytedance/sonic v1.11.6 h1:oUp34TzMlL+OY1OUWxHqsdkgC/Zfc85zGqw9siXjrc0= @@ -25,8 +25,8 @@ github.com/cloudwego/base64x v0.1.4 h1:jwCgWpFanWmN8xoIUHa2rtzmkd5J2plF/dnLS6Xd/ github.com/cloudwego/base64x v0.1.4/go.mod h1:0zlkT4Wn5C6NdauXdJRhSKRlJvmclQ1hhJgA0rcu/8w= github.com/cloudwego/iasm v0.2.0 h1:1KNIy1I1H9hNNFEEH3DVnI4UujN+1zjpuk6gwHLTssg= github.com/cloudwego/iasm v0.2.0/go.mod h1:8rXZaNYT2n95jn+zTI1sDr+IgcD2GVs0nlbbQPiEFhY= -github.com/codeclysm/extract/v3 v3.1.1 h1:iHZtdEAwSTqPrd+1n4jfhr1qBhUWtHlMTjT90+fJVXg= -github.com/codeclysm/extract/v3 v3.1.1/go.mod h1:ZJi80UG2JtfHqJI+lgJSCACttZi++dHxfWuPaMhlOfQ= +github.com/codeclysm/extract/v4 v4.0.0 h1:H87LFsUNaJTu2e/8p/oiuiUsOK/TaPQ5wxsjPnwPEIY= +github.com/codeclysm/extract/v4 v4.0.0/go.mod h1:SFju1lj6as7FvUgalpSct7torJE0zttbJUWtryPRG6s= github.com/creack/goselect v0.1.2 h1:2DNy14+JPjRBgPzAd1thbQp4BSIihxcBf0IXhQXDRa0= github.com/creack/goselect v0.1.2/go.mod h1:a/NhLweNvqIYMuxcMOuWY516Cimucms3DglDzQP3hKY= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= @@ -155,12 +155,12 @@ github.com/twitchyliquid64/golang-asm v0.15.1 h1:SU5vSMR7hnwNxj24w34ZyCi/FmDZTkS github.com/twitchyliquid64/golang-asm v0.15.1/go.mod h1:a1lVb/DtPvCB8fslRZhAngC2+aY1QWCk3Cedj/Gdt08= github.com/ugorji/go v1.1.6 h1:zoJUBK8kLIUDNJ9LGB04qOQRfoDRoWBBpl0X7pZyi5I= github.com/ugorji/go v1.1.6/go.mod h1:RaaajvHwnCbhlqWLTIB78hyPWp24YUXhQ3YXM7Hg7os= -github.com/ulikunitz/xz v0.5.11 h1:kpFauv27b6ynzBNT/Xy+1k+fK4WswhN/6PN5WhFAGw8= -github.com/ulikunitz/xz v0.5.11/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14= +github.com/ulikunitz/xz v0.5.12 h1:37Nm15o69RwBkXM0J6A5OlE67RZTfzUxTj8fB3dfcsc= +github.com/ulikunitz/xz v0.5.12/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14= github.com/xrash/smetrics v0.0.0-20170218160415-a3153f7040e9 h1:w8V9v0qVympSF6GjdjIyeqR7+EVhAF9CBQmkmW7Zw0w= github.com/xrash/smetrics v0.0.0-20170218160415-a3153f7040e9/go.mod h1:N3UwUGtsrSj3ccvlPHLoLsHnpR27oXr4ZE984MbSER8= -go.bug.st/serial v1.6.1 h1:VSSWmUxlj1T/YlRo2J104Zv3wJFrjHIl/T3NeruWAHY= -go.bug.st/serial v1.6.1/go.mod h1:UABfsluHAiaNI+La2iESysd9Vetq7VRdpxvjx7CmmOE= +go.bug.st/serial v1.6.4 h1:7FmqNPgVp3pu2Jz5PoPtbZ9jJO5gnEnZIvnI1lzve8A= +go.bug.st/serial v1.6.4/go.mod h1:nofMJxTeNVny/m6+KaafC6vJGj3miwQZ6vW4BZUGJPI= goa.design/goa/v3 v3.16.1 h1:yZwbKrfMpE8+sz0uf+n+BtArVOFQ0kNSC0twQKwQb04= goa.design/goa/v3 v3.16.1/go.mod h1:Yd42LR0PYDbHSbsbF3vNd4YY/O+LG20Jb7+IyNdkQic= golang.org/x/arch v0.0.0-20210923205945-b76863e36670/go.mod h1:5om86z9Hs0C8fWVUuoMHwpExlXzs5Tkyp9hOrfG7pp8= @@ -181,8 +181,8 @@ golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.20.0 h1:Od9JTbYCk261bKm4M/mw7AklTlFYIa0bIp9BgSm1S8Y= -golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.23.0 h1:YfKFowiIMvtgl1UERQoTPPToxltDeZfbj4H7dVUCwmM= +golang.org/x/sys v0.23.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.15.0 h1:h1V/4gjBv8v9cjcR6+AR5+/cIYK5N/WAgiv4xlsEtAk= golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= diff --git a/main.go b/main.go index 1ca857b02..41f824b1b 100755 --- a/main.go +++ b/main.go @@ -81,7 +81,7 @@ var ( logDump = iniConf.String("log", "off", "off = (default)") origins = iniConf.String("origins", "", "Allowed origin list for CORS") portsFilterRegexp = iniConf.String("regex", "usb|acm|com", "Regular expression to filter serial port list") - signatureKey = iniConf.String("signatureKey", globals.SignatureKey, "Pem-encoded public key to verify signed commandlines") + signatureKey = iniConf.String("signatureKey", globals.ArduinoSignaturePubKey, "Pem-encoded public key to verify signed commandlines") updateURL = iniConf.String("updateUrl", "", "") verbose = iniConf.Bool("v", true, "show debug logging") crashreport = iniConf.Bool("crashreport", false, "enable crashreport logging") @@ -278,9 +278,17 @@ func loop() { } } + if signatureKey == nil || len(*signatureKey) == 0 { + log.Panicf("signature public key should be set") + } + signaturePubKey, err := utilities.ParseRsaPublicKey([]byte(*signatureKey)) + if err != nil { + log.Panicf("cannot parse signature key '%s'. %s", *signatureKey, err) + } + // Instantiate Index and Tools Index = index.Init(*indexURL, config.GetDataDir()) - Tools = tools.New(config.GetDataDir(), Index, logger) + Tools = tools.New(config.GetDataDir(), Index, logger, signaturePubKey) // see if we are supposed to wait 5 seconds if *isLaunchSelf { @@ -454,7 +462,7 @@ func loop() { r.LoadHTMLFiles("templates/nofirefox.html") r.GET("/", homeHandler) - r.POST("/upload", uploadHandler) + r.POST("/upload", uploadHandler(signaturePubKey)) r.GET("/socket.io/", socketHandler) r.POST("/socket.io/", socketHandler) r.Handle("WS", "/socket.io/", socketHandler) @@ -464,7 +472,7 @@ func loop() { r.POST("/update", updateHandler) // Mount goa handlers - goa := v2.Server(config.GetDataDir().String(), Index) + goa := v2.Server(config.GetDataDir().String(), Index, signaturePubKey) r.Any("/v2/*path", gin.WrapH(goa)) go func() { diff --git a/main_test.go b/main_test.go index c8276bba8..1387fd221 100644 --- a/main_test.go +++ b/main_test.go @@ -18,6 +18,7 @@ package main import ( "bytes" "crypto/x509" + "encoding/base64" "encoding/json" "encoding/pem" "fmt" @@ -29,8 +30,10 @@ import ( "github.com/arduino/arduino-create-agent/config" "github.com/arduino/arduino-create-agent/gen/tools" + "github.com/arduino/arduino-create-agent/globals" "github.com/arduino/arduino-create-agent/index" "github.com/arduino/arduino-create-agent/upload" + "github.com/arduino/arduino-create-agent/utilities" v2 "github.com/arduino/arduino-create-agent/v2" "github.com/gin-gonic/gin" "github.com/stretchr/testify/require" @@ -53,7 +56,7 @@ func TestValidSignatureKey(t *testing.T) { func TestUploadHandlerAgainstEvilFileNames(t *testing.T) { r := gin.New() - r.POST("/", uploadHandler) + r.POST("/", uploadHandler(utilities.MustParseRsaPublicKey([]byte(globals.ArduinoSignaturePubKey)))) ts := httptest.NewServer(r) uploadEvilFileName := Upload{ @@ -87,6 +90,30 @@ func TestUploadHandlerAgainstEvilFileNames(t *testing.T) { } } +func TestUploadHandlerAgainstBase64WithoutPaddingMustFail(t *testing.T) { + r := gin.New() + r.POST("/", uploadHandler(utilities.MustParseRsaPublicKey([]byte(globals.ArduinoSignaturePubKey)))) + ts := httptest.NewServer(r) + defer ts.Close() + + // When calling the `BindJSON` func, when a json field will be Unmarshaled + // in a []byte type, we expect to receive a base64 padded string in input. + // In case we receive a base64 unpadded string BindJSON fails. + // The expectation here is that the upload handler won't continue with the + // upload operation. + base64ContentWithoutPadding := base64.RawStdEncoding.EncodeToString([]byte("test")) + payload := fmt.Sprintf(`{"hex": "%s"}`, base64ContentWithoutPadding) + + resp, err := http.Post(ts.URL, "encoding/json", bytes.NewBufferString(payload)) + require.NoError(t, err) + require.Equal(t, http.StatusBadRequest, resp.StatusCode) + + defer resp.Body.Close() + body, err := io.ReadAll(resp.Body) + require.NoError(t, err) + require.Contains(t, string(body), "err with the payload. illegal base64 data at input") +} + func TestInstallToolV2(t *testing.T) { indexURL := "https://downloads.arduino.cc/packages/package_index.json" @@ -94,7 +121,7 @@ func TestInstallToolV2(t *testing.T) { Index := index.Init(indexURL, config.GetDataDir()) r := gin.New() - goa := v2.Server(config.GetDataDir().String(), Index) + goa := v2.Server(config.GetDataDir().String(), Index, utilities.MustParseRsaPublicKey([]byte(globals.ArduinoSignaturePubKey))) r.Any("/v2/*path", gin.WrapH(goa)) ts := httptest.NewServer(r) @@ -116,6 +143,18 @@ func TestInstallToolV2(t *testing.T) { Signature: &bossacSignature, } + esptoolURL := "https://github.com/earlephilhower/esp-quick-toolchain/releases/download/2.5.0-3/x86_64-linux-gnu.esptool-f80ae31.tar.gz" + esptoolChecksum := "SHA-256:bded1dca953377838b6086a9bcd40a1dc5286ba5f69f2372c22a1d1819baad24" + esptoolSignature := "852b58871419ce5e5633ecfaa72c0f0fa890ceb51164b362b8133bc0e3e003a21cec48935b8cdc078f4031219cbf17fb7edd9d7c9ca8ed85492911c9ca6353c9aa4691eb91fda99563a6bd49aeca0d9981fb05ec76e45c6024f8a6822862ad1e34ddc652fbbf4fa909887a255d4f087398ec386577efcec523c21203be3d10fc9e9b0f990a7536875a77dc2bc5cbffea7734b62238e31719111b718bacccebffc9be689545540e81d23b81caa66214376f58a0d6a45cf7efc5d3af62ab932b371628162fffe403906f41d5534921e5be081c5ac2ecc9db5caec03a105cc44b00ce19a95ad079843501eb8182e0717ce327867380c0e39d2b48698547fc1d0d66" + esptoolInstallURLOK := tools.ToolPayload{ + Name: "esptool", + Version: "2.5.0-3-20ed2b9", + Packager: "esp8266", + URL: &esptoolURL, + Checksum: &esptoolChecksum, + Signature: &esptoolSignature, + } + wrongSignature := "wr0ngs1gn4tur3" bossacInstallWrongSig := tools.ToolPayload{ Name: "bossac", @@ -147,6 +186,7 @@ func TestInstallToolV2(t *testing.T) { {bossacInstallWrongSig, http.StatusInternalServerError, "verification error"}, {bossacInstallWrongCheck, http.StatusInternalServerError, "checksum of downloaded file doesn't match"}, {bossacInstallNoURL, http.StatusOK, "ok"}, + {esptoolInstallURLOK, http.StatusOK, "ok"}, } for _, test := range tests { @@ -175,7 +215,7 @@ func TestInstalledHead(t *testing.T) { Index := index.Init(indexURL, config.GetDataDir()) r := gin.New() - goa := v2.Server(config.GetDataDir().String(), Index) + goa := v2.Server(config.GetDataDir().String(), Index, utilities.MustParseRsaPublicKey([]byte(globals.ArduinoSignaturePubKey))) r.Any("/v2/*path", gin.WrapH(goa)) ts := httptest.NewServer(r) diff --git a/serial.go b/serial.go index 64e5b8f7f..1a43f3644 100755 --- a/serial.go +++ b/serial.go @@ -31,7 +31,7 @@ import ( type serialhub struct { // Opened serial ports. - ports map[*serport]bool + ports map[string]*serport mu sync.Mutex } @@ -60,7 +60,7 @@ type SpPortItem struct { var serialPorts SerialPortList var sh = serialhub{ - ports: make(map[*serport]bool), + ports: make(map[string]*serport), } // Register serial ports from the connections. @@ -68,7 +68,7 @@ func (sh *serialhub) Register(port *serport) { sh.mu.Lock() //log.Print("Registering a port: ", p.portConf.Name) h.broadcastSys <- []byte("{\"Cmd\":\"Open\",\"Desc\":\"Got register/open on port.\",\"Port\":\"" + port.portConf.Name + "\",\"Baud\":" + strconv.Itoa(port.portConf.Baud) + ",\"BufferType\":\"" + port.BufferType + "\"}") - sh.ports[port] = true + sh.ports[port.portName] = port sh.mu.Unlock() } @@ -77,7 +77,7 @@ func (sh *serialhub) Unregister(port *serport) { sh.mu.Lock() //log.Print("Unregistering a port: ", p.portConf.Name) h.broadcastSys <- []byte("{\"Cmd\":\"Close\",\"Desc\":\"Got unregister/close on port.\",\"Port\":\"" + port.portConf.Name + "\",\"Baud\":" + strconv.Itoa(port.portConf.Baud) + "}") - delete(sh.ports, port) + delete(sh.ports, port.portName) close(port.sendBuffered) close(port.sendNoBuf) sh.mu.Unlock() @@ -86,15 +86,8 @@ func (sh *serialhub) Unregister(port *serport) { func (sh *serialhub) FindPortByName(portname string) (*serport, bool) { sh.mu.Lock() defer sh.mu.Unlock() - - for port := range sh.ports { - if strings.EqualFold(port.portConf.Name, portname) { - // we found our port - //spHandlerClose(port) - return port, true - } - } - return nil, false + port, ok := sh.ports[portname] + return port, ok } // List broadcasts a Json representation of the ports found diff --git a/serialport.go b/serialport.go index a11483f63..b3418fe5d 100755 --- a/serialport.go +++ b/serialport.go @@ -20,6 +20,8 @@ import ( "encoding/base64" "io" "strconv" + "sync" + "sync/atomic" "time" "unicode/utf8" @@ -43,7 +45,7 @@ type serport struct { // Keep track of whether we're being actively closed // just so we don't show scary error messages - isClosing bool + isClosing atomic.Bool isClosingDueToError bool @@ -85,7 +87,7 @@ func (p *serport) reader(buftype string) { bufferPart := serialBuffer[:n] //if we detect that port is closing, break out of this for{} loop. - if p.isClosing { + if p.isClosing.Load() { strmsg := "Shutting down reader on " + p.portConf.Name log.Println(strmsg) h.broadcastSys <- []byte(strmsg) @@ -272,7 +274,13 @@ func (p *serport) writerRaw() { h.broadcastSys <- []byte(msgstr) } +// This lock is used to prevent multiple threads from trying to open the same port at the same time. +// It presents issues with the serial port driver on some OS's: https://github.com/arduino/arduino-create-agent/issues/1031 +var spHandlerOpenLock sync.Mutex + func spHandlerOpen(portname string, baud int, buftype string) { + spHandlerOpenLock.Lock() + defer spHandlerOpenLock.Unlock() log.Print("Inside spHandler") @@ -294,11 +302,14 @@ func spHandlerOpen(portname string, baud int, buftype string) { sp, err := serial.Open(portname, mode) log.Print("Just tried to open port") if err != nil { - //log.Fatal(err) - log.Print("Error opening port " + err.Error()) - //h.broadcastSys <- []byte("Error opening port. " + err.Error()) - h.broadcastSys <- []byte("{\"Cmd\":\"OpenFail\",\"Desc\":\"Error opening port. " + err.Error() + "\",\"Port\":\"" + conf.Name + "\",\"Baud\":" + strconv.Itoa(conf.Baud) + "}") - + existingPort, ok := sh.FindPortByName(portname) + if ok && existingPort.portConf.Baud == baud && existingPort.BufferType == buftype { + log.Print("Port already opened") + h.broadcastSys <- []byte("{\"Cmd\":\"Open\",\"Desc\":\"Port already opened.\",\"Port\":\"" + existingPort.portConf.Name + "\",\"Baud\":" + strconv.Itoa(existingPort.portConf.Baud) + ",\"BufferType\":\"" + existingPort.BufferType + "\"}") + } else { + log.Print("Error opening port " + err.Error()) + h.broadcastSys <- []byte("{\"Cmd\":\"OpenFail\",\"Desc\":\"Error opening port. " + err.Error() + "\",\"Port\":\"" + conf.Name + "\",\"Baud\":" + strconv.Itoa(conf.Baud) + "}") + } return } log.Print("Opened port successfully") @@ -330,7 +341,6 @@ func spHandlerOpen(portname string, baud int, buftype string) { p.bufferwatcher = bw sh.Register(p) - defer sh.Unregister(p) serialPorts.MarkPortAsOpened(portname) serialPorts.List() @@ -341,14 +351,17 @@ func spHandlerOpen(portname string, baud int, buftype string) { go p.writerNoBuf() // this is thread to send to serial port but with base64 decoding go p.writerRaw() - - p.reader(buftype) - - serialPorts.List() + // this is the thread that reads from the serial port + go func() { + p.reader(buftype) + serialPorts.List() + sh.Unregister(p) + }() } func (p *serport) Close() { - p.isClosing = true + p.isClosing.Store(true) + p.bufferwatcher.Close() p.portIo.Close() serialPorts.MarkPortAsClosed(p.portName) diff --git a/tools/download.go b/tools/download.go index 6e5fa8b7f..8c4a37a6c 100644 --- a/tools/download.go +++ b/tools/download.go @@ -25,7 +25,6 @@ import ( "github.com/arduino/arduino-create-agent/gen/tools" "github.com/arduino/arduino-create-agent/utilities" - "github.com/arduino/arduino-create-agent/v2/pkgs" ) // Download will parse the index at the indexURL for the tool to download. @@ -45,8 +44,8 @@ import ( // if it already exists. func (t *Tools) Download(pack, name, version, behaviour string) error { - tool := pkgs.New(t.index, t.directory.String(), behaviour) - _, err := tool.Install(context.Background(), &tools.ToolPayload{Name: name, Version: version, Packager: pack}) + t.tools.SetBehaviour(behaviour) + _, err := t.tools.Install(context.Background(), &tools.ToolPayload{Name: name, Version: version, Packager: pack}) if err != nil { return err } diff --git a/tools/download_test.go b/tools/download_test.go index 1e958de91..96a105fd7 100644 --- a/tools/download_test.go +++ b/tools/download_test.go @@ -21,7 +21,9 @@ import ( "testing" "time" + "github.com/arduino/arduino-create-agent/globals" "github.com/arduino/arduino-create-agent/index" + "github.com/arduino/arduino-create-agent/utilities" "github.com/arduino/arduino-create-agent/v2/pkgs" "github.com/arduino/go-paths-helper" "github.com/stretchr/testify/require" @@ -120,7 +122,6 @@ func TestDownload(t *testing.T) { {"rp2040tools", "1.0.6", []string{"elf2uf2", "picotool", "pioasm", "rp2040load"}}, {"esptool_py", "4.5.1", []string{"esptool"}}, {"arduino-fwuploader", "2.2.2", []string{"arduino-fwuploader"}}, - {"fwupdater", "0.1.12", []string{"firmwares", "FirmwareUploader"}}, // old legacy tool } // prepare the test environment tempDir := t.TempDir() @@ -129,7 +130,7 @@ func TestDownload(t *testing.T) { IndexFile: *paths.New("testdata", "test_tool_index.json"), LastRefresh: time.Now(), } - testTools := New(tempDirPath, &testIndex, func(msg string) { t.Log(msg) }) + testTools := New(tempDirPath, &testIndex, func(msg string) { t.Log(msg) }, utilities.MustParseRsaPublicKey([]byte(globals.ArduinoSignaturePubKey))) for _, tc := range testCases { t.Run(tc.name+"-"+tc.version, func(t *testing.T) { @@ -161,3 +162,23 @@ func TestDownload(t *testing.T) { }) } } + +func TestCorruptedInstalled(t *testing.T) { + // prepare the test environment + tempDir := t.TempDir() + tempDirPath := paths.New(tempDir) + testIndex := index.Resource{ + IndexFile: *paths.New("testdata", "test_tool_index.json"), + LastRefresh: time.Now(), + } + corruptedJSON := tempDirPath.Join("installed.json") + fileJSON, err := corruptedJSON.Create() + require.NoError(t, err) + defer fileJSON.Close() + _, err = fileJSON.Write([]byte("Hello")) + require.NoError(t, err) + testTools := New(tempDirPath, &testIndex, func(msg string) { t.Log(msg) }, utilities.MustParseRsaPublicKey([]byte(globals.ArduinoSignaturePubKey))) + // Download the tool + err = testTools.Download("arduino-test", "avrdude", "6.3.0-arduino17", "keep") + require.NoError(t, err) +} diff --git a/tools/testdata/test_tool_index.json b/tools/testdata/test_tool_index.json index fdee1cc9d..b7f8b87d2 100644 --- a/tools/testdata/test_tool_index.json +++ b/tools/testdata/test_tool_index.json @@ -514,61 +514,6 @@ "size": "6829396" } ] - }, - { - "name": "fwupdater", - "version": "0.1.12", - "systems": [ - { - "host": "i686-linux-gnu", - "url": "http://downloads.arduino.cc/tools/FirmwareUploader_0.1.12_Linux_32bit.tar.bz2", - "archiveFileName": "FirmwareUploader_0.1.12_Linux_32bit.tar.bz2", - "checksum": "SHA-256:2fec2bdfd20ad4950bc9ba37108dc2a7c152f569174279c0697efe1f5a0db781", - "size": "26097546" - }, - { - "host": "x86_64-pc-linux-gnu", - "url": "http://downloads.arduino.cc/tools/FirmwareUploader_0.1.12_Linux_64bit.tar.bz2", - "archiveFileName": "FirmwareUploader_0.1.12_Linux_64bit.tar.bz2", - "checksum": "SHA-256:ce57d0afef30cb7d3513f5da326346c99d6bf4923bbc2200634086811f3fb31e", - "size": "26073327" - }, - { - "host": "i686-mingw32", - "url": "http://downloads.arduino.cc/tools/FirmwareUploader_0.1.12_Windows_32bit.zip", - "archiveFileName": "FirmwareUploader_0.1.12_Windows_32bit.zip", - "checksum": "SHA-256:558568b453caa1c821def8cc6d34555d0c910eb7e7e871de3ae1c39ae6f01bdd", - "size": "25743641" - }, - { - "host": "x86_64-mingw32", - "url": "http://downloads.arduino.cc/tools/FirmwareUploader_0.1.12_Windows_64bit.zip", - "archiveFileName": "FirmwareUploader_0.1.12_Windows_64bit.zip", - "checksum": "SHA-256:ec16de33620985434280c92c3c322257b89bb67adf8fd4d5dd5f9467ea1e9e40", - "size": "25851428" - }, - { - "host": "i386-apple-darwin11", - "url": "http://downloads.arduino.cc/tools/FirmwareUploader_0.1.12_macOS_64bit.tar.bz2", - "archiveFileName": "FirmwareUploader_0.1.12_macOS_64bit.tar.bz2", - "checksum": "SHA-256:a470361b57f86ddfcaecd274d844af51ee1d23a71cd6c26e30fcef2152d1a03f", - "size": "25792860" - }, - { - "host": "arm-linux-gnueabihf", - "url": "http://downloads.arduino.cc/tools/FirmwareUploader_0.1.12_Linux_ARM.tar.bz2", - "archiveFileName": "FirmwareUploader_0.1.12_Linux_ARM.tar.bz2", - "checksum": "SHA-256:855fa0a9b942c3ee18906efc510bdfe30bf3334ff28ffbb476e648ff30033847", - "size": "25936245" - }, - { - "host": "aarch64-linux-gnu", - "url": "http://downloads.arduino.cc/tools/FirmwareUploader_0.1.12_Linux_ARM64.tar.bz2", - "archiveFileName": "FirmwareUploader_0.1.12_Linux_ARM64.tar.bz2", - "checksum": "SHA-256:691461e64fe075e9a79801347c2bd895fb72f8f2c45a7cd49056c6ad9efe8fc4", - "size": "25967430" - } - ] } ] } diff --git a/tools/tools.go b/tools/tools.go index cb9efc787..f371126b5 100644 --- a/tools/tools.go +++ b/tools/tools.go @@ -16,12 +16,14 @@ package tools import ( + "crypto/rsa" "encoding/json" "path/filepath" "strings" "sync" "github.com/arduino/arduino-create-agent/index" + "github.com/arduino/arduino-create-agent/v2/pkgs" "github.com/arduino/go-paths-helper" "github.com/xrash/smetrics" ) @@ -47,19 +49,21 @@ type Tools struct { logger func(msg string) installed map[string]string mutex sync.RWMutex + tools *pkgs.Tools } // New will return a Tool object, allowing the caller to execute operations on it. // The New functions accept the directory to use to host the tools, // an index (used to download the tools), // and a logger to log the operations -func New(directory *paths.Path, index *index.Resource, logger func(msg string)) *Tools { +func New(directory *paths.Path, index *index.Resource, logger func(msg string), signPubKey *rsa.PublicKey) *Tools { t := &Tools{ directory: directory, index: index, logger: logger, installed: map[string]string{}, mutex: sync.RWMutex{}, + tools: pkgs.New(index, directory.String(), "replace", signPubKey), } _ = t.readMap() return t diff --git a/updater/updater_darwin.go b/updater/updater_darwin.go index c4eb5070d..829466352 100644 --- a/updater/updater_darwin.go +++ b/updater/updater_darwin.go @@ -26,7 +26,7 @@ import ( "strings" "github.com/arduino/go-paths-helper" - "github.com/codeclysm/extract/v3" + "github.com/codeclysm/extract/v4" "github.com/sirupsen/logrus" log "github.com/sirupsen/logrus" ) diff --git a/utilities/utilities.go b/utilities/utilities.go index 5979732d4..662672da7 100644 --- a/utilities/utilities.go +++ b/utilities/utilities.go @@ -30,8 +30,6 @@ import ( "os/exec" "path/filepath" "strings" - - "github.com/arduino/arduino-create-agent/globals" ) // SaveFileonTempDir creates a temp directory and saves the file data as the @@ -131,23 +129,44 @@ func SafeJoin(parent, subdir string) (string, error) { return res, nil } -// VerifyInput will verify an input against a signature +// VerifyInput will verify an input against a signature using the public key. // A valid signature is indicated by returning a nil error. -func VerifyInput(input string, signature string) error { +func VerifyInput(input string, signature string, pubKey *rsa.PublicKey) error { sign, _ := hex.DecodeString(signature) - block, _ := pem.Decode([]byte(globals.SignatureKey)) + h := sha256.New() + h.Write([]byte(input)) + d := h.Sum(nil) + return rsa.VerifyPKCS1v15(pubKey, crypto.SHA256, d, sign) +} + +// ParseRsaPublicKey parses a public key in PEM format and returns the rsa.PublicKey object. +// Returns an error if the key is invalid. +func ParseRsaPublicKey(key []byte) (*rsa.PublicKey, error) { + block, _ := pem.Decode(key) if block == nil { - return errors.New("invalid key") + return nil, errors.New("invalid key") } - key, err := x509.ParsePKIXPublicKey(block.Bytes) + + parsedKey, err := x509.ParsePKIXPublicKey(block.Bytes) if err != nil { - return err + return nil, err } - rsaKey := key.(*rsa.PublicKey) - h := sha256.New() - h.Write([]byte(input)) - d := h.Sum(nil) - return rsa.VerifyPKCS1v15(rsaKey, crypto.SHA256, d, sign) + + publicKey, ok := parsedKey.(*rsa.PublicKey) + if !ok { + return nil, fmt.Errorf("not an rsa key") + } + return publicKey, nil +} + +// MustParseRsaPublicKey parses a public key in PEM format and returns the rsa.PublicKey object. +// Panics if the key is invalid. +func MustParseRsaPublicKey(key []byte) *rsa.PublicKey { + parsedKey, err := ParseRsaPublicKey(key) + if err != nil { + panic(err) + } + return parsedKey } // UserPrompt executes an osascript and returns the pressed button diff --git a/v2/http.go b/v2/http.go index 390ec3989..2b47b93a8 100644 --- a/v2/http.go +++ b/v2/http.go @@ -17,6 +17,7 @@ package v2 import ( "context" + "crypto/rsa" "encoding/json" "net/http" @@ -31,7 +32,7 @@ import ( ) // Server is the actual server -func Server(directory string, index *index.Resource) http.Handler { +func Server(directory string, index *index.Resource, pubKey *rsa.PublicKey) http.Handler { mux := goahttp.NewMuxer() // Instantiate logger @@ -40,7 +41,7 @@ func Server(directory string, index *index.Resource) http.Handler { logAdapter := LogAdapter{Logger: logger} // Mount tools - toolsSvc := pkgs.New(index, directory, "replace") + toolsSvc := pkgs.New(index, directory, "replace", pubKey) toolsEndpoints := toolssvc.NewEndpoints(toolsSvc) toolsServer := toolssvr.New(toolsEndpoints, mux, CustomRequestDecoder, goahttp.ResponseEncoder, errorHandler(logger), nil) toolssvr.Mount(mux, toolsServer) diff --git a/v2/pkgs/pkgs.go b/v2/pkgs/pkgs.go index f4965117c..07e392b2f 100644 --- a/v2/pkgs/pkgs.go +++ b/v2/pkgs/pkgs.go @@ -50,7 +50,7 @@ type System struct { Checksum string `json:"checksum"` } -// Source: https://github.com/arduino/arduino-cli/blob/master/arduino/cores/tools.go#L129-L142 +// Source: https://github.com/arduino/arduino-cli/blob/master/internal/arduino/cores/tools.go#L129-L142 var ( regexpLinuxArm = regexp.MustCompile("arm.*-linux-gnueabihf") regexpLinuxArm64 = regexp.MustCompile("(aarch64|arm64)-linux-gnu") @@ -66,7 +66,7 @@ var ( regexpFreeBSD64 = regexp.MustCompile("amd64-freebsd[0-9]*") ) -// Source: https://github.com/arduino/arduino-cli/blob/master/arduino/cores/tools.go#L144-L176 +// Source: https://github.com/arduino/arduino-cli/blob/master/internal/arduino/cores/tools.go#L144-L176 func (s *System) isExactMatchWith(osName, osArch string) bool { if s.Host == "all" { return true @@ -101,7 +101,7 @@ func (s *System) isExactMatchWith(osName, osArch string) bool { return false } -// Source: https://github.com/arduino/arduino-cli/blob/master/arduino/cores/tools.go#L178-L198 +// Source: https://github.com/arduino/arduino-cli/blob/master/internal/arduino/cores/tools.go#L178-L198 func (s *System) isCompatibleWith(osName, osArch string) (bool, int) { if s.isExactMatchWith(osName, osArch) { return true, 1000 @@ -125,7 +125,7 @@ func (s *System) isCompatibleWith(osName, osArch string) (bool, int) { } // GetFlavourCompatibleWith returns the downloadable resource (System) compatible with the specified OS/Arch -// Source: https://github.com/arduino/arduino-cli/blob/master/arduino/cores/tools.go#L206-L216 +// Source: https://github.com/arduino/arduino-cli/blob/master/internal/arduino/cores/tools.go#L206-L216 func (t *Tool) GetFlavourCompatibleWith(osName, osArch string) System { var correctSystem System maxSimilarity := -1 diff --git a/v2/pkgs/testdata/test_tool_index.json b/v2/pkgs/testdata/test_tool_index.json index fdee1cc9d..b7f8b87d2 100644 --- a/v2/pkgs/testdata/test_tool_index.json +++ b/v2/pkgs/testdata/test_tool_index.json @@ -514,61 +514,6 @@ "size": "6829396" } ] - }, - { - "name": "fwupdater", - "version": "0.1.12", - "systems": [ - { - "host": "i686-linux-gnu", - "url": "http://downloads.arduino.cc/tools/FirmwareUploader_0.1.12_Linux_32bit.tar.bz2", - "archiveFileName": "FirmwareUploader_0.1.12_Linux_32bit.tar.bz2", - "checksum": "SHA-256:2fec2bdfd20ad4950bc9ba37108dc2a7c152f569174279c0697efe1f5a0db781", - "size": "26097546" - }, - { - "host": "x86_64-pc-linux-gnu", - "url": "http://downloads.arduino.cc/tools/FirmwareUploader_0.1.12_Linux_64bit.tar.bz2", - "archiveFileName": "FirmwareUploader_0.1.12_Linux_64bit.tar.bz2", - "checksum": "SHA-256:ce57d0afef30cb7d3513f5da326346c99d6bf4923bbc2200634086811f3fb31e", - "size": "26073327" - }, - { - "host": "i686-mingw32", - "url": "http://downloads.arduino.cc/tools/FirmwareUploader_0.1.12_Windows_32bit.zip", - "archiveFileName": "FirmwareUploader_0.1.12_Windows_32bit.zip", - "checksum": "SHA-256:558568b453caa1c821def8cc6d34555d0c910eb7e7e871de3ae1c39ae6f01bdd", - "size": "25743641" - }, - { - "host": "x86_64-mingw32", - "url": "http://downloads.arduino.cc/tools/FirmwareUploader_0.1.12_Windows_64bit.zip", - "archiveFileName": "FirmwareUploader_0.1.12_Windows_64bit.zip", - "checksum": "SHA-256:ec16de33620985434280c92c3c322257b89bb67adf8fd4d5dd5f9467ea1e9e40", - "size": "25851428" - }, - { - "host": "i386-apple-darwin11", - "url": "http://downloads.arduino.cc/tools/FirmwareUploader_0.1.12_macOS_64bit.tar.bz2", - "archiveFileName": "FirmwareUploader_0.1.12_macOS_64bit.tar.bz2", - "checksum": "SHA-256:a470361b57f86ddfcaecd274d844af51ee1d23a71cd6c26e30fcef2152d1a03f", - "size": "25792860" - }, - { - "host": "arm-linux-gnueabihf", - "url": "http://downloads.arduino.cc/tools/FirmwareUploader_0.1.12_Linux_ARM.tar.bz2", - "archiveFileName": "FirmwareUploader_0.1.12_Linux_ARM.tar.bz2", - "checksum": "SHA-256:855fa0a9b942c3ee18906efc510bdfe30bf3334ff28ffbb476e648ff30033847", - "size": "25936245" - }, - { - "host": "aarch64-linux-gnu", - "url": "http://downloads.arduino.cc/tools/FirmwareUploader_0.1.12_Linux_ARM64.tar.bz2", - "archiveFileName": "FirmwareUploader_0.1.12_Linux_ARM64.tar.bz2", - "checksum": "SHA-256:691461e64fe075e9a79801347c2bd895fb72f8f2c45a7cd49056c6ad9efe8fc4", - "size": "25967430" - } - ] } ] } diff --git a/v2/pkgs/tools.go b/v2/pkgs/tools.go index b0daaaaef..7f34e3d08 100644 --- a/v2/pkgs/tools.go +++ b/v2/pkgs/tools.go @@ -18,6 +18,7 @@ package pkgs import ( "bytes" "context" + "crypto/rsa" "crypto/sha256" "encoding/hex" "encoding/json" @@ -29,12 +30,13 @@ import ( "path/filepath" "runtime" "strings" + "sync" "github.com/arduino/arduino-create-agent/gen/tools" "github.com/arduino/arduino-create-agent/index" "github.com/arduino/arduino-create-agent/utilities" "github.com/blang/semver" - "github.com/codeclysm/extract/v3" + "github.com/codeclysm/extract/v4" ) // public vars to allow override in the tests @@ -57,20 +59,28 @@ var ( // // It requires an Index Resource to search for tools type Tools struct { - index *index.Resource - folder string - behaviour string + index *index.Resource + folder string + behaviour string + installed map[string]string + mutex sync.RWMutex + verifySignaturePubKey *rsa.PublicKey // public key used to verify the signature of a command sent to the boards } // New will return a Tool object, allowing the caller to execute operations on it. // The New function will accept an index as parameter (used to download the indexes) // and a folder used to download the indexes -func New(index *index.Resource, folder, behaviour string) *Tools { - return &Tools{ - index: index, - folder: folder, - behaviour: behaviour, +func New(index *index.Resource, folder, behaviour string, verifySignaturePubKey *rsa.PublicKey) *Tools { + t := &Tools{ + index: index, + folder: folder, + behaviour: behaviour, + installed: map[string]string{}, + mutex: sync.RWMutex{}, + verifySignaturePubKey: verifySignaturePubKey, } + t.readInstalled() + return t } // Installedhead is here only because it was required by the front-end. @@ -159,7 +169,7 @@ func (t *Tools) Install(ctx context.Context, payload *tools.ToolPayload) (*tools //if URL is defined and is signed we verify the signature and override the name, payload, version parameters if payload.URL != nil && payload.Signature != nil && payload.Checksum != nil { - err := utilities.VerifyInput(*payload.URL, *payload.Signature) + err := utilities.VerifyInput(*payload.URL, *payload.Signature, t.verifySignaturePubKey) if err != nil { return nil, err } @@ -181,13 +191,10 @@ func (t *Tools) Install(ctx context.Context, payload *tools.ToolPayload) (*tools key := correctTool.Name + "-" + correctTool.Version // Check if it already exists if t.behaviour == "keep" && pathExists(t.folder) { - location, ok, err := checkInstalled(t.folder, key) - if err != nil { - return nil, err - } + location, ok := t.getInstalledValue(key) if ok && pathExists(location) { // overwrite the default tool with this one - err := writeInstalled(t.folder, path) + err := t.writeInstalled(path) if err != nil { return nil, err } @@ -245,7 +252,7 @@ func (t *Tools) install(ctx context.Context, path, url, checksum string) (*tools } // Write installed.json for retrocompatibility with v1 - err = writeInstalled(t.folder, path) + err = t.writeInstalled(path) if err != nil { return nil, err } @@ -269,66 +276,57 @@ func (t *Tools) Remove(ctx context.Context, payload *tools.ToolPayload) (*tools. return &tools.Operation{Status: "ok"}, nil } +// rename function is used to rename the path of the extracted files func rename(base string) extract.Renamer { + // "Rename" the given path adding the "base" and removing the root folder in "path" (if present). return func(path string) string { parts := strings.Split(filepath.ToSlash(path), "/") - newPath := strings.Join(parts[1:], "/") - if newPath == "" { - newPath = filepath.Join(newPath, path) + if len(parts) <= 1 { + // The path does not contain a root folder. This might happen for tool packages (zip files) + // that have an invalid structure. Do not try to remove the root folder in these cases. + return filepath.Join(base, path) } - path = filepath.Join(base, newPath) - return path + // Removes the first part of the path (the root folder). + path = strings.Join(parts[1:], "/") + return filepath.Join(base, path) } } -func readInstalled(installedFile string) (map[string]string, error) { +func (t *Tools) readInstalled() error { + t.mutex.RLock() + defer t.mutex.RUnlock() // read installed.json - installed := map[string]string{} - data, err := os.ReadFile(installedFile) - if err == nil { - err = json.Unmarshal(data, &installed) - if err != nil { - return nil, err - } - } - return installed, nil -} - -func checkInstalled(folder, key string) (string, bool, error) { - installedFile, err := utilities.SafeJoin(folder, "installed.json") - if err != nil { - return "", false, err - } - installed, err := readInstalled(installedFile) - if err != nil { - return "", false, err - } - location, ok := installed[key] - return location, ok, err -} - -func writeInstalled(folder, path string) error { - // read installed.json - installedFile, err := utilities.SafeJoin(folder, "installed.json") + installedFile, err := utilities.SafeJoin(t.folder, "installed.json") if err != nil { return err } - installed, err := readInstalled(installedFile) + data, err := os.ReadFile(installedFile) if err != nil { return err } + return json.Unmarshal(data, &t.installed) +} + +func (t *Tools) writeInstalled(path string) error { + t.mutex.Lock() + defer t.mutex.Unlock() parts := strings.Split(path, string(filepath.Separator)) tool := parts[len(parts)-2] toolWithVersion := fmt.Sprint(tool, "-", parts[len(parts)-1]) - toolFile, err := utilities.SafeJoin(folder, path) + toolFile, err := utilities.SafeJoin(t.folder, path) + if err != nil { + return err + } + t.installed[tool] = toolFile + t.installed[toolWithVersion] = toolFile + + data, err := json.Marshal(t.installed) if err != nil { return err } - installed[tool] = toolFile - installed[toolWithVersion] = toolFile - data, err := json.Marshal(installed) + installedFile, err := utilities.SafeJoin(t.folder, "installed.json") if err != nil { return err } @@ -336,6 +334,18 @@ func writeInstalled(folder, path string) error { return os.WriteFile(installedFile, data, 0644) } +// SetBehaviour sets the download behaviour to either keep or replace +func (t *Tools) SetBehaviour(behaviour string) { + t.behaviour = behaviour +} + +func (t *Tools) getInstalledValue(key string) (string, bool) { + t.mutex.RLock() + defer t.mutex.RUnlock() + location, ok := t.installed[key] + return location, ok +} + func pathExists(path string) bool { _, err := os.Stat(path) if err == nil { diff --git a/v2/pkgs/tools_test.go b/v2/pkgs/tools_test.go index be4d5e4d1..7bf0ff0e3 100644 --- a/v2/pkgs/tools_test.go +++ b/v2/pkgs/tools_test.go @@ -25,7 +25,9 @@ import ( "github.com/arduino/arduino-create-agent/config" "github.com/arduino/arduino-create-agent/gen/tools" + "github.com/arduino/arduino-create-agent/globals" "github.com/arduino/arduino-create-agent/index" + "github.com/arduino/arduino-create-agent/utilities" "github.com/arduino/arduino-create-agent/v2/pkgs" "github.com/arduino/go-paths-helper" "github.com/stretchr/testify/require" @@ -45,7 +47,7 @@ func TestTools(t *testing.T) { // Instantiate Index Index := index.Init(indexURL, config.GetDataDir()) - service := pkgs.New(Index, tmp, "replace") + service := pkgs.New(Index, tmp, "replace", utilities.MustParseRsaPublicKey([]byte(globals.ArduinoSignaturePubKey))) ctx := context.Background() @@ -126,7 +128,7 @@ func TestEvilFilename(t *testing.T) { // Instantiate Index Index := index.Init(indexURL, config.GetDataDir()) - service := pkgs.New(Index, tmp, "replace") + service := pkgs.New(Index, tmp, "replace", utilities.MustParseRsaPublicKey([]byte(globals.ArduinoSignaturePubKey))) ctx := context.Background() @@ -195,7 +197,7 @@ func TestInstalledHead(t *testing.T) { // Instantiate Index Index := index.Init(indexURL, config.GetDataDir()) - service := pkgs.New(Index, tmp, "replace") + service := pkgs.New(Index, tmp, "replace", utilities.MustParseRsaPublicKey([]byte(globals.ArduinoSignaturePubKey))) ctx := context.Background() @@ -216,7 +218,7 @@ func TestInstall(t *testing.T) { LastRefresh: time.Now(), } - tool := pkgs.New(testIndex, tmp, "replace") + tool := pkgs.New(testIndex, tmp, "replace", utilities.MustParseRsaPublicKey([]byte(globals.ArduinoSignaturePubKey))) ctx := context.Background() @@ -230,9 +232,9 @@ func TestInstall(t *testing.T) { {Name: "dfu-util", Version: "0.10.0-arduino1", Packager: "arduino-test", URL: nil, Checksum: nil, Signature: nil}, {Name: "rp2040tools", Version: "1.0.6", Packager: "arduino-test", URL: nil, Checksum: nil, Signature: nil}, {Name: "esptool_py", Version: "4.5.1", Packager: "arduino-test", URL: nil, Checksum: nil, Signature: nil}, - // At the moment we don't install these ones because they are packaged in a different way: they do not have a top level dir, causing the rename funcion to behave incorrectly - // {Name: "fwupdater", Version: "0.1.12", Packager: "arduino-test", URL: nil, Checksum: nil, Signature: nil}, - // {Name: "arduino-fwuploader", Version: "2.2.2", Packager: "arduino-test", URL: nil, Checksum: nil, Signature: nil}, + {Name: "arduino-fwuploader", Version: "2.2.2", Packager: "arduino-test", URL: nil, Checksum: nil, Signature: nil}, + // test download of a tool not present in index. the same archive is downloaded on linux/win/mac See https://github.com/arduino/arduino-create-agent/issues/980 + {Name: "esptool", Version: "2.5.0-3-20ed2b9", Packager: "esp8266", URL: strpoint("https://github.com/earlephilhower/esp-quick-toolchain/releases/download/2.5.0-3/x86_64-linux-gnu.esptool-f80ae31.tar.gz"), Checksum: strpoint("SHA-256:bded1dca953377838b6086a9bcd40a1dc5286ba5f69f2372c22a1d1819baad24"), Signature: strpoint("852b58871419ce5e5633ecfaa72c0f0fa890ceb51164b362b8133bc0e3e003a21cec48935b8cdc078f4031219cbf17fb7edd9d7c9ca8ed85492911c9ca6353c9aa4691eb91fda99563a6bd49aeca0d9981fb05ec76e45c6024f8a6822862ad1e34ddc652fbbf4fa909887a255d4f087398ec386577efcec523c21203be3d10fc9e9b0f990a7536875a77dc2bc5cbffea7734b62238e31719111b718bacccebffc9be689545540e81d23b81caa66214376f58a0d6a45cf7efc5d3af62ab932b371628162fffe403906f41d5534921e5be081c5ac2ecc9db5caec03a105cc44b00ce19a95ad079843501eb8182e0717ce327867380c0e39d2b48698547fc1d0d66")}, } expectedFiles := map[string][]string{ @@ -244,8 +246,8 @@ func TestInstall(t *testing.T) { "dfu-util-0.10.0-arduino1": {"dfu-prefix", "dfu-suffix", "dfu-util"}, "rp2040tools-1.0.6": {"elf2uf2", "picotool", "pioasm", "rp2040load"}, "esptool_py-4.5.1": {"esptool"}, - // "fwupdater-0.1.12": {"firmwares", "FirmwareUploader"}, // old legacy tool - // "arduino-fwuploader-2.2.2": {"arduino-fwuploader"}, + "arduino-fwuploader-2.2.2": {"arduino-fwuploader"}, + // "esptool-2.5.0-3-20ed2b9": {"esptool"}, // we don't check if there is esptool in the archive because it's the same archive even on windows (no extension) } for _, tc := range testCases { t.Run(tc.Name+"-"+tc.Version, func(t *testing.T) { @@ -254,7 +256,7 @@ func TestInstall(t *testing.T) { require.NoError(t, err) // Check that the tool has been downloaded - toolDir := paths.New(tmp).Join("arduino-test", tc.Name, tc.Version) + toolDir := paths.New(tmp).Join(tc.Packager, tc.Name, tc.Version) require.DirExists(t, toolDir.String()) // Check that the files have been created