More

FAQ.md

@@ -38,7 +38,7 @@ Awesome! Just bear in mind that because an app only has access to the keychain i
 
 ### What's this network request to GitHub?
 
-Secretive checks in with GitHub's releases API to check if there's a new version of Secretive available. You can audit the source code for this feature [here](https://github.com/maxgoedjen/secretive/blob/main/Brief/Updater.swift).
+Secretive checks in with GitHub's releases API to check if there's a new version of Secretive available. You can audit the source code for this feature [here](https://github.com/maxgoedjen/secretive/blob/main/Sources/Packages/Sources/Brief/Updater.swift).
 
 ### I have a security issue
 

Sources/Packages/Sources/Brief/Release.swift

@@ -1,7 +1,7 @@
 import Foundation
 
 /// A release is a representation of a downloadable update.
-public struct Release: Codable {
+public struct Release: Codable, Sendable {
 
     /// The user-facing name of the release. Typically "Secretive 1.2.3"
     public let name: String
@@ -30,6 +30,9 @@ public struct Release: Codable {
 
 }
 
+// TODO: REMOVE WHEN(?) URL GAINS NATIVE CONFORMANCE
+extension URL: @unchecked Sendable {}
+
 extension Release: Identifiable {
 
     public var id: String {

Sources/Packages/Sources/Brief/SemVer.swift

@@ -1,7 +1,7 @@
 import Foundation
 
 /// A representation of a Semantic Version.
-public struct SemVer {
+public struct SemVer: Sendable {
 
     /// The SemVer broken into an array of integers.
     let versionNumbers: [Int]

Sources/Packages/Sources/Brief/Updater.swift

@@ -2,53 +2,59 @@ import Foundation
 import Combine
 
 /// A concrete implementation of ``UpdaterProtocol`` which considers the current release and OS version.
-public class Updater: ObservableObject, UpdaterProtocol {
+public actor Updater: ObservableObject, UpdaterProtocol {
 
-    @Published public var update: Release?
+    @MainActor @Published public var update: Release?
     public let testBuild: Bool
 
     /// The current OS version.
     private let osVersion: SemVer
     /// The current version of the app that is running.
     private let currentVersion: SemVer
+    /// The timer responsible for checking for updates regularly.
+    private var timer: Timer? = nil
 
     /// Initializes an Updater.
     /// - Parameters:
-    ///   - checkOnLaunch: A boolean describing whether the Updater should check for available updates on launch.
-    ///   - checkFrequency: The interval at which the Updater should check for updates. Subject to a tolerance of 1 hour.
     ///   - osVersion: The current OS version.
     ///   - currentVersion: The current version of the app that is running.
-    public init(checkOnLaunch: Bool, checkFrequency: TimeInterval = Measurement(value: 24, unit: UnitDuration.hours).converted(to: .seconds).value, osVersion: SemVer = SemVer(ProcessInfo.processInfo.operatingSystemVersion), currentVersion: SemVer = SemVer(Bundle.main.infoDictionary?["CFBundleShortVersionString"] as? String ?? "0.0.0")) {
+    public init(osVersion: SemVer = SemVer(ProcessInfo.processInfo.operatingSystemVersion), currentVersion: SemVer = SemVer(Bundle.main.infoDictionary?["CFBundleShortVersionString"] as? String ?? "0.0.0")) {
         self.osVersion = osVersion
         self.currentVersion = currentVersion
         testBuild = currentVersion == SemVer("0.0.0")
-        if checkOnLaunch {
+    }
-            // Don't do a launch check if the user hasn't seen the setup prompt explaining updater yet.
+
-            checkForUpdates()
+    /// Begins checking for updates with the specified frequency.
+    /// - Parameter checkFrequency: The interval at which the Updater should check for updates. Subject to a tolerance of 1 hour.
+    public func beginChecking(checkFrequency: TimeInterval = Measurement(value: 24, unit: UnitDuration.hours).converted(to: .seconds).value) {
+        timer?.invalidate()
+        timer = Timer.scheduledTimer(withTimeInterval: checkFrequency, repeats: true) { _ in
+            Task {
+                await self.checkForUpdates()
+            }
         }
-        let timer = Timer.scheduledTimer(withTimeInterval: checkFrequency, repeats: true) { _ in
+        timer?.tolerance = 60*60
-            self.checkForUpdates()
+    }
-        }
+
-        timer.tolerance = 60*60
+    /// Ends checking for updates.
+    public func stopChecking() {
+        timer?.invalidate()
+        timer = nil
     }
 
     /// Manually trigger an update check.
-    public func checkForUpdates() {
+    public func checkForUpdates() async {
-        URLSession.shared.dataTask(with: Constants.updateURL) { data, _, _ in
+        guard let (data, _) = try? await URLSession.shared.data(from: Constants.updateURL),
-            guard let data = data else { return }
+              let releases = try? JSONDecoder().decode([Release].self, from: data) else { return }
-            guard let releases = try? JSONDecoder().decode([Release].self, from: data) else { return }
+        await evaluate(releases: releases)
-            self.evaluate(releases: releases)
-        }.resume()
     }
 
     /// Ignores a specified release. `update` will be nil if the user has ignored the latest available release.
     /// - Parameter release: The release to ignore.
-    public func ignore(release: Release) {
+    public func ignore(release: Release) async {
         guard !release.critical else { return }
         defaults.set(true, forKey: release.name)
-        DispatchQueue.main.async {
+        await setUpdate(update: update)
-            self.update = nil
-        }
     }
 
 }
@@ -57,7 +63,7 @@ extension Updater {
 
     /// Evaluates the available downloadable releases, and selects the newest non-prerelease release that the user is able to run.
     /// - Parameter releases: An array of ``Release`` objects.
-    func evaluate(releases: [Release]) {
+    func evaluate(releases: [Release]) async {
         guard let release = releases
                 .sorted()
                 .reversed()
@@ -67,12 +73,14 @@ extension Updater {
         guard !release.prerelease else { return }
         let latestVersion = SemVer(release.name)
         if latestVersion > currentVersion {
-            DispatchQueue.main.async {
+            await setUpdate(update: update)
-                self.update = release
-            }
         }
     }
 
+    @MainActor private func setUpdate(update: Release?) {
+        self.update = update
+    }
+
     /// Checks whether the user has ignored a release.
     /// - Parameter release: The release to check.
     /// - Returns: A boolean describing whether the user has ignored the release. Will always be false if the release is critical.
@@ -95,3 +103,21 @@ extension Updater {
     }
 
 }
+
+@available(macOS, deprecated: 12)
+ extension URLSession {
+
+     // Backport for macOS 11
+     func data(from url: URL) async throws -> (Data, URLResponse) {
+         try await withCheckedThrowingContinuation { continuation in
+             URLSession.shared.dataTask(with: url) { data, response, error in
+                 guard let data = data, let response = response else {
+                     continuation.resume(throwing: error ?? NSError(domain: NSURLErrorDomain, code: NSURLErrorUnknown, userInfo: nil))
+                     return
+                 }
+                 continuation.resume(returning: (data, response))
+             }
+         }
+     }
+
+ }

Sources/Packages/Sources/Brief/UpdaterProtocol.swift

@@ -4,9 +4,9 @@ import Foundation
 public protocol UpdaterProtocol: ObservableObject {
 
     /// The latest update
-    var update: Release? { get }
+    @MainActor var update: Release? { get }
     /// A boolean describing whether or not the current build of the app is a "test" build (ie, a debug build or otherwise special build)
-    var testBuild: Bool { get }
+    @MainActor var testBuild: Bool { get }
 
 }
 

Sources/Packages/Sources/SecretAgentKit/SocketController.swift

@@ -6,6 +6,8 @@ public class SocketController {
 
     /// The active FileHandle.
     private var fileHandle: FileHandle?
+    /// The active SocketPort.
+    private var port: SocketPort?
     /// A handler that will be notified when a new read/write handle is available.
     public var handler: ((FileHandleReader, FileHandleWriter) -> Void)?
 
@@ -19,6 +21,7 @@ public class SocketController {
         let exists = FileManager.default.fileExists(atPath: path)
         assert(!exists)
         Logger().debug("Socket controller path is clear")
+        port = socketPort(at: path)
         configureSocket(at: path)
         Logger().debug("Socket listening at \(path)")
     }
@@ -26,7 +29,7 @@ public class SocketController {
     /// Configures the socket and a corresponding FileHandle.
     /// - Parameter path: The path to use as a socket.
     func configureSocket(at path: String) {
-        let port = socketPort(at: path)
+        guard let port = port else { return }
         fileHandle = FileHandle(fileDescriptor: port.socket, closeOnDealloc: true)
         NotificationCenter.default.addObserver(self, selector: #selector(handleConnectionAccept(notification:)), name: .NSFileHandleConnectionAccepted, object: nil)
         NotificationCenter.default.addObserver(self, selector: #selector(handleConnectionDataAvailable(notification:)), name: .NSFileHandleDataAvailable, object: nil)

Sources/Packages/Sources/SecretKit/PublicKeyStandinFileController.swift

@@ -0,0 +1,41 @@
+import Foundation
+import OSLog
+
+/// Controller responsible for writing public keys to disk, so that they're easily accessible by scripts.
+public class PublicKeyFileStoreController {
+
+    private let logger = Logger()
+    private let directory: String
+
+    /// Initializes a PublicKeyFileStoreController.
+    public init(homeDirectory: String) {
+        directory = homeDirectory.appending("/PublicKeys")
+    }
+
+    /// Writes out the keys specified to disk.
+    /// - Parameter secrets: The Secrets to generate keys for.
+    /// - Parameter clear: Whether or not the directory should be erased before writing keys.
+    public func generatePublicKeys(for secrets: [AnySecret], clear: Bool = false) throws {
+        logger.log("Writing public keys to disk")
+        if clear {
+            try? FileManager.default.removeItem(at: URL(fileURLWithPath: directory))
+        }
+        try? FileManager.default.createDirectory(at: URL(fileURLWithPath: directory), withIntermediateDirectories: false, attributes: nil)
+        let keyWriter = OpenSSHKeyWriter()
+        for secret in secrets {
+            let path = path(for: secret)
+            guard let data = keyWriter.openSSHString(secret: secret).data(using: .utf8) else { continue }
+            FileManager.default.createFile(atPath: path, contents: data, attributes: nil)
+        }
+        logger.log("Finished writing public keys")
+    }
+
+    /// The path for a Secret's public key.
+    /// - Parameter secret: The Secret to return the path for.
+    /// - Returns: The path to the Secret's public key.
+    /// - Warning: This method returning a path does not imply that a key has been written to disk already. This method only describes where it will be written to.
+    public func path<SecretType: Secret>(for secret: SecretType) -> String {
+        directory.appending("/").appending("\(secret.name.replacingOccurrences(of: " ", with: "-")).pub")
+    }
+
+}

Sources/Packages/Sources/SmartCardSecretKit/SmartCardStore.swift

@@ -4,8 +4,6 @@ import CryptoTokenKit
 import LocalAuthentication
 import SecretKit
 
-// TODO: Might need to split this up into "sub-stores?"
-// ie, each token has its own Store.
 extension SmartCard {
 
     /// An implementation of Store backed by a Smart Card.

Sources/SecretAgent/AppDelegate.swift

@@ -16,8 +16,9 @@ class AppDelegate: NSObject, NSApplicationDelegate {
         list.add(store: SmartCard.Store())
         return list
     }()
-    private let updater = Updater(checkOnLaunch: false)
+    private let updater = Updater()
     private let notifier = Notifier()
+    private let publicKeyFileStoreController = PublicKeyFileStoreController(homeDirectory: NSHomeDirectory())
     private lazy var agent: Agent = {
         Agent(storeList: storeList, witness: notifier)
     }()
@@ -32,13 +33,16 @@ class AppDelegate: NSObject, NSApplicationDelegate {
         DispatchQueue.main.async {
             self.socketController.handler = self.agent.handle(reader:writer:)
         }
-        notifier.prompt()
+        DistributedNotificationCenter.default().addObserver(forName: .secretStoreUpdated, object: nil, queue: .main) { [self] _ in
-        updateSink = updater.$update.sink { update in
+            try? publicKeyFileStoreController.generatePublicKeys(for: storeList.stores.flatMap({ $0.secrets }), clear: true)
-            guard let update = update else { return }
-            self.notifier.notify(update: update, ignore: self.updater.ignore(release:))
         }
+        try? publicKeyFileStoreController.generatePublicKeys(for: storeList.stores.flatMap({ $0.secrets }), clear: true)
+        notifier.prompt()
+//        updateSink = updater.$update.sink { update in
+//            guard let update = update else { return }
+//            self.notifier.notify(update: update, ignore: self.updater.ignore(release:))
+//        }
     }
 
-
 }
 

Sources/Secretive/App.swift

@@ -16,6 +16,7 @@ struct Secretive: App {
     }()
     private let agentStatusChecker = AgentStatusChecker()
     private let justUpdatedChecker = JustUpdatedChecker()
+    private let updater = Updater()
 
     @AppStorage("defaultsHasRunSetup") var hasRunSetup = false
     @State private var showingSetup = false
@@ -25,11 +26,15 @@ struct Secretive: App {
         WindowGroup {
             ContentView<Updater, AgentStatusChecker>(showingCreation: $showingCreation, runningSetup: $showingSetup, hasRunSetup: $hasRunSetup)
                 .environmentObject(storeList)
-                .environmentObject(Updater(checkOnLaunch: hasRunSetup))
+                .environmentObject(updater)
                 .environmentObject(agentStatusChecker)
                 .onAppear {
                     if !hasRunSetup {
                         showingSetup = true
+                    } else {
+                        Task { [updater] in
+                            await updater.checkForUpdates()
+                        }
                     }
                 }
                 .onReceive(NotificationCenter.default.publisher(for: NSApplication.didBecomeActiveNotification)) { _ in

Sources/Secretive/Views/SecretDetailView.swift

@@ -6,6 +6,7 @@ struct SecretDetailView<SecretType: Secret>: View {
     @State var secret: SecretType
 
     private let keyWriter = OpenSSHKeyWriter()
+    private let publicKeyFileStoreController = PublicKeyFileStoreController(homeDirectory: NSHomeDirectory().replacingOccurrences(of: Bundle.main.hostBundleID, with: Bundle.main.agentBundleID))
     
     var body: some View {
         ScrollView {
@@ -18,6 +19,9 @@ struct SecretDetailView<SecretType: Secret>: View {
                     Spacer()
                         .frame(height: 20)
                     CopyableView(title: "Public Key", image: Image(systemName: "key"), text: keyString)
+                    Spacer()
+                        .frame(height: 20)
+                    CopyableView(title: "Public Key Path", image: Image(systemName: "lock.doc"), text: publicKeyFileStoreController.path(for: secret))
                     Spacer()
                 }
             }
@@ -41,11 +45,6 @@ struct SecretDetailView<SecretType: Secret>: View {
         keyWriter.openSSHString(secret: secret, comment: "\(dashedKeyName)@\(dashedHostName)")
     }
 
-    func copy() {
-        NSPasteboard.general.declareTypes([.string], owner: nil)
-        NSPasteboard.general.setString(keyString, forType: .string)
-    }
-    
 }
 
 #if DEBUG

Sources/Secretive/Views/SetupView.swift

@@ -22,7 +22,7 @@ struct SetupView: View {
                         }
                         .frame(width: proxy.size.width)
                     }
-                    .offset(x: -proxy.size.width * CGFloat(stepIndex), y: 0)
+                    .offset(x: -proxy.size.width * Double(stepIndex), y: 0)
                 }
             }
         }
@@ -44,7 +44,7 @@ struct StepView: View {
     let currentStep: Int
 
     // Ideally we'd have a geometry reader inside this view doing this for us, but that crashes on 11.0b7
-    let width: CGFloat
+    let width: Double
 
     var body: some View {
         ZStack(alignment: .leading) {
@@ -53,7 +53,7 @@ struct StepView: View {
                 .frame(height: 5)
             Rectangle()
                 .foregroundColor(.green)
-                .frame(width: max(0, ((width - (Constants.padding * 2)) / CGFloat(numberOfSteps - 1)) * CGFloat(currentStep) - (Constants.circleWidth / 2)), height: 5)
+                .frame(width: max(0, ((width - (Constants.padding * 2)) / Double(numberOfSteps - 1)) * Double(currentStep) - (Constants.circleWidth / 2)), height: 5)
             HStack {
                 ForEach(0..<numberOfSteps) { index in
                     ZStack {
@@ -92,8 +92,8 @@ extension StepView {
 
     enum Constants {
 
-        static let padding: CGFloat = 15
+        static let padding: Double = 15
-        static let circleWidth: CGFloat = 30
+        static let circleWidth: Double = 30
 
     }
 

Sources/Secretive/Views/UpdateView.swift

@@ -18,7 +18,9 @@ struct UpdateDetailView<UpdaterType: Updater>: View {
             HStack {
                 if !update.critical {
                     Button("Ignore") {
-                        updater.ignore(release: update)
+                        Task { [updater, update] in
+                            await updater.ignore(release: update)
+                        }
                     }
                     Spacer()
                 }