Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

impl: add support for disabling CLI signature verification#166

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.

Already on GitHub?Sign in to your account

Merged
Merged
Show file tree
Hide file tree
Changes fromall commits
Commits
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletionsCHANGELOG.md
View file
Open in desktop
Original file line numberDiff line numberDiff line change
Expand Up@@ -2,6 +2,10 @@

## Unreleased

### Added

- support for skipping CLI signature verification

### Changed

- URL validation is stricter in the connection screen and URI protocol handler
Expand Down
4 changes: 0 additions & 4 deletionsJETBRAINS_COMPLIANCE.md
View file
Open in desktop
Original file line numberDiff line numberDiff line change
Expand Up@@ -39,8 +39,6 @@ This configuration includes JetBrains-specific rules that check for:
- **ForbiddenImport**: Detects potentially bundled libraries
- **Standard code quality rules**: Complexity, naming, performance, etc.



## CI/CD Integration

The GitHub Actions workflow `.github/workflows/jetbrains-compliance.yml` runs compliance checks on every PR and push.
Expand All@@ -55,8 +53,6 @@ The GitHub Actions workflow `.github/workflows/jetbrains-compliance.yml` runs co
open build/reports/detekt/detekt.html
```



## Understanding Results

### Compliance Check Results
Expand Down
63 changes: 63 additions & 0 deletionsREADME.md
View file
Open in desktop
Original file line numberDiff line numberDiff line change
Expand Up@@ -109,6 +109,69 @@ If `ide_product_code` and `ide_build_number` is missing, Toolbox will only open
page. Coder Toolbox will attempt to start the workspace if it’s not already running; however, for the most reliable
experience, it’s recommended to ensure the workspace is running prior to initiating the connection.

## GPG Signature Verification

The Coder Toolbox plugin starting with version *0.5.0* implements a comprehensive GPG signature verification system to
ensure the authenticity and integrity of downloaded Coder CLI binaries. This security feature helps protect users from
running potentially malicious or tampered binaries.

### How It Works

1. **Binary Download**: When connecting to a Coder deployment, the plugin downloads the appropriate Coder CLI binary for
the user's operating system and architecture from the deployment's `/bin/` endpoint.

2. **Signature Download**: After downloading the binary, the plugin attempts to download the corresponding `.asc`
signature file from the same location. The signature file is named according to the binary (e.g.,
`coder-linux-amd64.asc` for `coder-linux-amd64`).

3. **Fallback Signature Sources**: If the signature is not available from the deployment, the plugin can optionally fall
back to downloading signatures from `releases.coder.com`. This is controlled by the `fallbackOnCoderForSignatures`
setting.

4. **GPG Verification**: The plugin uses the BouncyCastle library to verify the detached GPG signature against the
downloaded binary using Coder's trusted public key.

5. **User Interaction**: If signature verification fails or signatures are unavailable, the plugin presents security
warnings to users, allowing them to accept the risk and continue or abort the operation.

### Verification Process

The verification process involves several components:

- **`GPGVerifier`**: Handles the core GPG signature verification logic using BouncyCastle
- **`VerificationResult`**: Represents the outcome of verification (Valid, Invalid, Failed, SignatureNotFound)
- **`CoderDownloadService`**: Manages downloading both binaries and their signatures
- **`CoderCLIManager`**: Orchestrates the download and verification workflow

### Configuration Options

Users can control signature verification behavior through plugin settings:

- **`disableSignatureVerification`**: When enabled, skips all signature verification. This is useful for clients running
custom CLI builds, or customers with old deployment versions that don't have a signature published on
`releases.coder.com`.
- **`fallbackOnCoderForSignatures`**: When enabled, allows downloading signatures from `releases.coder.com` if not
available from the deployment.

### Security Considerations

- The plugin embeds Coder's trusted public key in the plugin resources
- Verification uses detached signatures, which are more secure than attached signatures
- Users are warned about security risks when verification fails
- The system gracefully handles cases where signatures are unavailable
- All verification failures are logged for debugging purposes

### Error Handling

The system handles various failure scenarios:

- **Missing signatures**: Prompts user to accept risk or abort
- **Invalid signatures**: Warns user about potential tampering and prompts user to accept risk or abort
- **Verification failures**: Prompts user to accept risk or abort

This signature verification system ensures that users can trust the Coder CLI binaries they download through the plugin,
protecting against supply chain attacks and ensuring binary integrity.

## Configuring and Testing workspace polling with HTTP & SOCKS5 Proxy

This section explains how to set up a local proxy and verify that
Expand Down
2 changes: 1 addition & 1 deletiongradle.properties
View file
Open in desktop
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,3 @@
version=0.6.0
version=0.6.1
group=com.coder.toolbox
name=coder-toolbox
6 changes: 6 additions & 0 deletionssrc/main/kotlin/com/coder/toolbox/cli/CoderCLIManager.kt
View file
Open in desktop
Original file line numberDiff line numberDiff line change
Expand Up@@ -181,6 +181,12 @@ class CoderCLIManager(
}
}

if (context.settingsStore.disableSignatureVerification) {
downloader.commit()
context.logger.info("Skipping over CLI signature verification, it is disabled by the user")
return true
}

var signatureResult = withContext(Dispatchers.IO) {
downloader.downloadSignature(showTextProgress)
}
Expand Down
View file
Open in desktop
Original file line numberDiff line numberDiff line change
Expand Up@@ -29,7 +29,12 @@ interface ReadOnlyCoderSettings {
val binaryDirectory: String?

/**
* Controls whether we fall back release.coder.com
* Controls whether we verify the cli signature
*/
val disableSignatureVerification: Boolean

/**
* Controls whether we fall back on release.coder.com for signatures if signature validation is enabled
*/
val fallbackOnCoderForSignatures: SignatureFallbackStrategy

Expand Down
View file
Open in desktop
Original file line numberDiff line numberDiff line change
Expand Up@@ -38,6 +38,8 @@ class CoderSettingsStore(
override val defaultURL: String get() = store[DEFAULT_URL] ?: "https://dev.coder.com"
override val binarySource: String? get() = store[BINARY_SOURCE]
override val binaryDirectory: String? get() = store[BINARY_DIRECTORY]
override val disableSignatureVerification: Boolean
get() = store[DISABLE_SIGNATURE_VALIDATION]?.toBooleanStrictOrNull() ?: false
override val fallbackOnCoderForSignatures: SignatureFallbackStrategy
get() = SignatureFallbackStrategy.fromValue(store[FALLBACK_ON_CODER_FOR_SIGNATURES])
override val defaultCliBinaryNameByOsAndArch: String get() = getCoderCLIForOS(getOS(), getArch())
Expand DownExpand Up@@ -166,6 +168,10 @@ class CoderSettingsStore(
store[ENABLE_DOWNLOADS] = shouldEnableDownloads.toString()
}

fun updateDisableSignatureVerification(shouldDisableSignatureVerification: Boolean) {
store[DISABLE_SIGNATURE_VALIDATION] = shouldDisableSignatureVerification.toString()
}

fun updateSignatureFallbackStrategy(fallback: Boolean) {
store[FALLBACK_ON_CODER_FOR_SIGNATURES] = when (fallback) {
true -> SignatureFallbackStrategy.ALLOW.toString()
Expand Down
2 changes: 2 additions & 0 deletionssrc/main/kotlin/com/coder/toolbox/store/StoreKeys.kt
View file
Open in desktop
Original file line numberDiff line numberDiff line change
Expand Up@@ -10,6 +10,8 @@ internal const val BINARY_SOURCE = "binarySource"

internal const val BINARY_DIRECTORY = "binaryDirectory"

internal const val DISABLE_SIGNATURE_VALIDATION = "disableSignatureValidation"

internal const val FALLBACK_ON_CODER_FOR_SIGNATURES = "signatureFallbackStrategy"

internal const val BINARY_NAME = "binaryName"
Expand Down
26 changes: 24 additions & 2 deletionssrc/main/kotlin/com/coder/toolbox/views/CoderSettingsPage.kt
View file
Open in desktop
Original file line numberDiff line numberDiff line change
Expand Up@@ -6,6 +6,7 @@ import com.jetbrains.toolbox.api.ui.components.CheckboxField
import com.jetbrains.toolbox.api.ui.components.TextField
import com.jetbrains.toolbox.api.ui.components.TextType
import com.jetbrains.toolbox.api.ui.components.UiField
import kotlinx.coroutines.Job
import kotlinx.coroutines.channels.Channel
import kotlinx.coroutines.channels.ClosedSendChannelException
import kotlinx.coroutines.flow.MutableStateFlow
Expand All@@ -20,7 +21,7 @@ import kotlinx.coroutines.launch
* TODO@JB: There is no scroll, and our settings do not fit. As a consequence,
* I have not been able to test this page.
*/
class CoderSettingsPage(context: CoderToolboxContext, triggerSshConfig: Channel<Boolean>) :
class CoderSettingsPage(private valcontext: CoderToolboxContext, triggerSshConfig: Channel<Boolean>) :
CoderPage(MutableStateFlow(context.i18n.ptrl("Coder Settings")), false) {
private val settings = context.settingsStore.readOnly()

Expand All@@ -33,6 +34,11 @@ class CoderSettingsPage(context: CoderToolboxContext, triggerSshConfig: Channel<
TextField(context.i18n.ptrl("Data directory"), settings.dataDirectory ?: "", TextType.General)
private val enableDownloadsField =
CheckboxField(settings.enableDownloads, context.i18n.ptrl("Enable downloads"))

private val disableSignatureVerificationField = CheckboxField(
settings.disableSignatureVerification,
context.i18n.ptrl("Disable Coder CLI signature verification")
)
private val signatureFallbackStrategyField =
CheckboxField(
settings.fallbackOnCoderForSignatures.isAllowed(),
Expand DownExpand Up@@ -65,13 +71,14 @@ class CoderSettingsPage(context: CoderToolboxContext, triggerSshConfig: Channel<
private val networkInfoDirField =
TextField(context.i18n.ptrl("SSH network metrics directory"), settings.networkInfoDir, TextType.General)


private lateinit var visibilityUpdateJob: Job
override val fields: StateFlow<List<UiField>> = MutableStateFlow(
listOf(
binarySourceField,
enableDownloadsField,
binaryDirectoryField,
enableBinaryDirectoryFallbackField,
disableSignatureVerificationField,
signatureFallbackStrategyField,
dataDirectoryField,
headerCommandField,
Expand All@@ -94,6 +101,7 @@ class CoderSettingsPage(context: CoderToolboxContext, triggerSshConfig: Channel<
context.settingsStore.updateBinaryDirectory(binaryDirectoryField.contentState.value)
context.settingsStore.updateDataDirectory(dataDirectoryField.contentState.value)
context.settingsStore.updateEnableDownloads(enableDownloadsField.checkedState.value)
context.settingsStore.updateDisableSignatureVerification(disableSignatureVerificationField.checkedState.value)
context.settingsStore.updateSignatureFallbackStrategy(signatureFallbackStrategyField.checkedState.value)
context.settingsStore.updateBinaryDirectoryFallback(enableBinaryDirectoryFallbackField.checkedState.value)
context.settingsStore.updateHeaderCommand(headerCommandField.contentState.value)
Expand DownExpand Up@@ -182,5 +190,19 @@ class CoderSettingsPage(context: CoderToolboxContext, triggerSshConfig: Channel<
networkInfoDirField.contentState.update {
settings.networkInfoDir
}

visibilityUpdateJob = context.cs.launch {
disableSignatureVerificationField.checkedState.collect { state ->
signatureFallbackStrategyField.visibility.update {
// the fallback checkbox should not be visible
// if signature verification is disabled
!state
}
}
}
}

override fun afterHide() {
visibilityUpdateJob.cancel()
}
}
View file
Open in desktop
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,6 @@
package com.coder.toolbox.views

import com.coder.toolbox.CoderToolboxContext
import com.coder.toolbox.settings.SignatureFallbackStrategy
import com.coder.toolbox.util.WebUrlValidationResult.Invalid
import com.coder.toolbox.util.toURL
import com.coder.toolbox.util.validateStrictWebUrl
Expand DownExpand Up@@ -41,7 +40,7 @@ class DeploymentUrlStep(

override val panel: RowGroup
get() {
if (context.settingsStore.fallbackOnCoderForSignatures == SignatureFallbackStrategy.NOT_CONFIGURED) {
if (!context.settingsStore.disableSignatureVerification) {
return RowGroup(
RowGroup.RowField(urlField),
RowGroup.RowField(emptyLine),
Expand Down
3 changes: 3 additions & 0 deletionssrc/main/resources/localization/defaultMessages.po
View file
Open in desktop
Original file line numberDiff line numberDiff line change
Expand Up@@ -164,4 +164,7 @@ msgid "Abort"
msgstr ""

msgid "Run anyway"
msgstr ""

msgid "Disable Coder CLI signature verification"
msgstr ""
Loading
[8]ページ先頭
©2009-2025 Movatter.jp