external/secretive
1
0
Fork 0
mirror of https://github.com/maxgoedjen/secretive.git synced 2026-04-10 03:07:22 +02:00
Code Issues Projects Releases Wiki Activity

Compare commits

base: external:xcode_26_newsetup
Branches Tags
external:main external:sshextensions external:multipleauth external:cert_ui external:maxgoedjen-patch-2 external:maxg/disableicons external:maxgoedjen-patch-1 external:hardwaresec external:fixquote external:log_err external:crowdin_config external:loccredit external:menubar external:codeql_workflow_releaseconfig external:newsetup_loc external:update_localizations external:extensions external:packagesym external:stripenc external:xcode_26_newsetup external:xcode_26_copyableviews external:xcode_26_toolbar external:xcode_26_enhancedsec external:updateci external:completeconcurrency external:experimental_refresh external:RoboRich00A16_italian_loc external:homedir external:restartagent external:viewbuildercleanup external:automatic_signing external:socketportoverflow external:xcode_14 external:proxystore external:newcreation external:xpc external:async external:projected_xpc
external:v3.0.4 external:v3.0.3 external:v3.0.1-skipped external:v3.0.2 external:v3.0.0 external:v2.4.1 external:v0.0.0_test external:v2.4.0 external:v2.3.1 external:v2.3.0 external:v2.2.0 external:v0.0.0_beta1 external:v2.1.1 external:v2.1.0 external:v2.0.0 external:v1.0.3 external:v1.0.2 external:v1.0.1 external:v1.0.0 external:v0.5.1 external:v0.5.0 external:v0.4.2 external:v0.4.1 external:v0.4.0 external:v0.3.2 external:v0.3.1 external:v0.3.0 external:v0.2.0 external:v0.1.1
..
compare: external:xcode_26_toolbar
Branches Tags
external:sshextensions external:multipleauth external:main external:cert_ui external:maxgoedjen-patch-2 external:maxg/disableicons external:maxgoedjen-patch-1 external:hardwaresec external:fixquote external:log_err external:crowdin_config external:loccredit external:menubar external:codeql_workflow_releaseconfig external:newsetup_loc external:update_localizations external:extensions external:packagesym external:stripenc external:xcode_26_newsetup external:xcode_26_copyableviews external:xcode_26_toolbar external:xcode_26_enhancedsec external:updateci external:completeconcurrency external:experimental_refresh external:RoboRich00A16_italian_loc external:homedir external:restartagent external:viewbuildercleanup external:automatic_signing external:socketportoverflow external:xcode_14 external:proxystore external:newcreation external:xpc external:async external:projected_xpc
external:v3.0.4 external:v3.0.3 external:v3.0.1-skipped external:v3.0.2 external:v3.0.0 external:v2.4.1 external:v0.0.0_test external:v2.4.0 external:v2.3.1 external:v2.3.0 external:v2.2.0 external:v0.0.0_beta1 external:v2.1.1 external:v2.1.0 external:v2.0.0 external:v1.0.3 external:v1.0.2 external:v1.0.1 external:v1.0.0 external:v0.5.1 external:v0.5.0 external:v0.4.2 external:v0.4.1 external:v0.4.0 external:v0.3.2 external:v0.3.1 external:v0.3.0 external:v0.2.0 external:v0.1.1

1 Commits
xcode_26_n ... xcode_26_t

Author SHA1 Message Date
Max Goedjen
52a351d75e Fix toolbar appearance 2025-08-10 14:58:44 -07:00
18 changed files with 163 additions and 272 deletions
Expand all files Collapse all files

20
Sources/Packages/Package.swift
View File

@@ -6,7 +6,7 @@ import PackageDescription
let package = Package( let package = Package(
name: "SecretivePackages", name: "SecretivePackages",
platforms: [ platforms: [
.macOS(.v14) .macOS(.v15)
], ],
products: [ products: [
.library( .library(
@@ -27,16 +27,13 @@ let package = Package(
.library( .library(
name: "Brief", name: "Brief",
targets: ["Brief"]), targets: ["Brief"]),
.library(
name: "Common",
targets: ["Common"]),
], ],
dependencies: [ dependencies: [
], ],
targets: [ targets: [
.target( .target(
name: "SecretKit", name: "SecretKit",
dependencies: ["Common"], dependencies: [],
swiftSettings: swiftSettings swiftSettings: swiftSettings
), ),
.testTarget( .testTarget(
@@ -46,17 +43,17 @@ let package = Package(
), ),
.target( .target(
name: "SecureEnclaveSecretKit", name: "SecureEnclaveSecretKit",
dependencies: ["Common", "SecretKit"], dependencies: ["SecretKit"],
swiftSettings: swiftSettings swiftSettings: swiftSettings
), ),
.target( .target(
name: "SmartCardSecretKit", name: "SmartCardSecretKit",
dependencies: ["Common", "SecretKit"], dependencies: ["SecretKit"],
swiftSettings: swiftSettings swiftSettings: swiftSettings
), ),
.target( .target(
name: "SecretAgentKit", name: "SecretAgentKit",
dependencies: ["Common", "SecretKit", "SecretAgentKitHeaders"], dependencies: ["SecretKit", "SecretAgentKitHeaders"],
swiftSettings: swiftSettings swiftSettings: swiftSettings
), ),
.systemLibrary( .systemLibrary(
@@ -68,18 +65,13 @@ let package = Package(
, ,
.target( .target(
name: "Brief", name: "Brief",
dependencies: ["Common"], dependencies: [],
swiftSettings: swiftSettings swiftSettings: swiftSettings
), ),
.testTarget( .testTarget(
name: "BriefTests", name: "BriefTests",
dependencies: ["Brief"] dependencies: ["Brief"]
), ),
.target(
name: "Common",
dependencies: [],
swiftSettings: swiftSettings
),
] ]
) )

15
Sources/Packages/Sources/Brief/Updater.swift
View File

@@ -1,15 +1,14 @@
import Foundation import Foundation
import Observation import Observation
import os import Synchronization
import Common
/// A concrete implementation of ``UpdaterProtocol`` which considers the current release and OS version. /// A concrete implementation of ``UpdaterProtocol`` which considers the current release and OS version.
@Observable public final class Updater: UpdaterProtocol, ObservableObject, Sendable { @Observable public final class Updater: UpdaterProtocol, ObservableObject, Sendable {
public var update: Release? { public var update: Release? {
_update.lockedValue _update.withLock { $0 }
} }
private let _update: OSAllocatedUnfairLock<Release?> = .init(uncheckedState: nil) private let _update: Mutex<Release?> = .init(nil)
public let testBuild: Bool public let testBuild: Bool
/// The current OS version. /// The current OS version.
@@ -54,7 +53,9 @@ import Common
guard !release.critical else { return } guard !release.critical else { return }
defaults.set(true, forKey: release.name) defaults.set(true, forKey: release.name)
await MainActor.run { await MainActor.run {
_update.lockedValue = nil _update.withLock { value in
value = nil
}
} }
} }
@@ -75,7 +76,9 @@ extension Updater {
let latestVersion = SemVer(release.name) let latestVersion = SemVer(release.name)
if latestVersion > currentVersion { if latestVersion > currentVersion {
await MainActor.run { await MainActor.run {
_update.lockedValue = release _update.withLock { value in
value = release
}
} }
} }
} }

2
Sources/Packages/Sources/Brief/UpdaterProtocol.swift
View File

@@ -1,5 +1,5 @@
import Foundation import Foundation
import os import Synchronization
/// A protocol for retreiving the latest available version of an app. /// A protocol for retreiving the latest available version of an app.
public protocol UpdaterProtocol: Observable { public protocol UpdaterProtocol: Observable {

14
Sources/Packages/Sources/Common/Locks.swift
View File

@@ -1,14 +0,0 @@
import os
public extension OSAllocatedUnfairLock where State: Sendable {
var lockedValue: State {
get {
withLock { $0 }
}
nonmutating set {
withLock { $0 = newValue }
}
}
}

13
Sources/Packages/Sources/SecretKit/OpenSSH/OpenSSHCertificateHandler.swift
View File

@@ -1,6 +1,6 @@
import Foundation import Foundation
import OSLog import OSLog
import os import Synchronization
/// Manages storage and lookup for OpenSSH certificates. /// Manages storage and lookup for OpenSSH certificates.
public final class OpenSSHCertificateHandler: Sendable { public final class OpenSSHCertificateHandler: Sendable {
@@ -8,7 +8,7 @@ public final class OpenSSHCertificateHandler: Sendable {
private let publicKeyFileStoreController = PublicKeyFileStoreController(homeDirectory: NSHomeDirectory()) private let publicKeyFileStoreController = PublicKeyFileStoreController(homeDirectory: NSHomeDirectory())
private let logger = Logger(subsystem: "com.maxgoedjen.secretive.secretagent", category: "OpenSSHCertificateHandler") private let logger = Logger(subsystem: "com.maxgoedjen.secretive.secretagent", category: "OpenSSHCertificateHandler")
private let writer = OpenSSHKeyWriter() private let writer = OpenSSHKeyWriter()
private let keyBlobsAndNames: OSAllocatedUnfairLock<[AnySecret: (Data, Data)]> = .init(uncheckedState: [:]) private let keyBlobsAndNames: Mutex<[AnySecret: (Data, Data)]> = .init([:])
/// Initializes an OpenSSHCertificateHandler. /// Initializes an OpenSSHCertificateHandler.
public init() { public init() {
@@ -32,7 +32,10 @@ public final class OpenSSHCertificateHandler: Sendable {
/// - Parameter secret: The secret to check for a certificate. /// - Parameter secret: The secret to check for a certificate.
/// - Returns: A boolean describing whether or not the certificate handler has a certifiicate associated with a given secret /// - Returns: A boolean describing whether or not the certificate handler has a certifiicate associated with a given secret
public func hasCertificate<SecretType: Secret>(for secret: SecretType) -> Bool { public func hasCertificate<SecretType: Secret>(for secret: SecretType) -> Bool {
keyBlobsAndNames.lockedValue[AnySecret(secret)] != nil keyBlobsAndNames.withLock {
$0[AnySecret(secret)] != nil
}
} }
@@ -64,7 +67,9 @@ public final class OpenSSHCertificateHandler: Sendable {
/// - Parameter secret: The secret to search for a certificate with /// - Parameter secret: The secret to search for a certificate with
/// - Returns: A (``Data``, ``Data``) tuple containing the certificate and certificate name, respectively. /// - Returns: A (``Data``, ``Data``) tuple containing the certificate and certificate name, respectively.
public func keyBlobAndName<SecretType: Secret>(for secret: SecretType) throws -> (Data, Data)? { public func keyBlobAndName<SecretType: Secret>(for secret: SecretType) throws -> (Data, Data)? {
keyBlobsAndNames.lockedValue[AnySecret(secret)] keyBlobsAndNames.withLock {
$0[AnySecret(secret)]
}
} }
/// Attempts to find an OpenSSH Certificate that corresponds to a ``Secret`` /// Attempts to find an OpenSSH Certificate that corresponds to a ``Secret``

21
Sources/Packages/Sources/SecretKit/SecretStoreList.swift
View File

@@ -1,22 +1,21 @@
import Foundation import Foundation
import Observation import Observation
import os import Synchronization
import Common
/// A "Store Store," which holds a list of type-erased stores. /// A "Store Store," which holds a list of type-erased stores.
@Observable public final class SecretStoreList: Sendable { @Observable public final class SecretStoreList: Sendable {
/// The Stores managed by the SecretStoreList. /// The Stores managed by the SecretStoreList.
public var stores: [AnySecretStore] { public var stores: [AnySecretStore] {
__stores.lockedValue __stores.withLock { $0 }
} }
private let __stores: OSAllocatedUnfairLock<[AnySecretStore]> = .init(uncheckedState: []) private let __stores: Mutex<[AnySecretStore]> = .init([])
/// A modifiable store, if one is available. /// A modifiable store, if one is available.
public var modifiableStore: AnySecretStoreModifiable? { public var modifiableStore: AnySecretStoreModifiable? {
__modifiableStore.withLock { $0 } __modifiableStore.withLock { $0 }
} }
private let __modifiableStore: OSAllocatedUnfairLock<AnySecretStoreModifiable?> = .init(uncheckedState: nil) private let __modifiableStore: Mutex<AnySecretStoreModifiable?> = .init(nil)
/// Initializes a SecretStoreList. /// Initializes a SecretStoreList.
public init() { public init() {
@@ -32,7 +31,9 @@ import Common
/// Adds a non-type-erased modifiable SecretStore. /// Adds a non-type-erased modifiable SecretStore.
public func add<SecretStoreType: SecretStoreModifiable>(store: SecretStoreType) { public func add<SecretStoreType: SecretStoreModifiable>(store: SecretStoreType) {
let modifiable = AnySecretStoreModifiable(modifiable: store) let modifiable = AnySecretStoreModifiable(modifiable: store)
__modifiableStore.lockedValue = modifiable __modifiableStore.withLock {
$0 = modifiable
}
__stores.withLock { __stores.withLock {
$0.append(modifiable) $0.append(modifiable)
} }
@@ -40,11 +41,15 @@ import Common
/// A boolean describing whether there are any Stores available. /// A boolean describing whether there are any Stores available.
public var anyAvailable: Bool { public var anyAvailable: Bool {
__stores.lockedValue.contains(where: \.isAvailable) __stores.withLock {
$0.reduce(false, { $0 || $1.isAvailable })
}
} }
public var allSecrets: [AnySecret] { public var allSecrets: [AnySecret] {
__stores.lockedValue.flatMap(\.secrets) __stores.withLock {
$0.flatMap(\.secrets)
}
} }
} }

4
Sources/Packages/Sources/SecretKit/Types/SigningRequestProvenance.swift
View File

@@ -2,7 +2,7 @@ import Foundation
import AppKit import AppKit
/// Describes the chain of applications that requested a signature operation. /// Describes the chain of applications that requested a signature operation.
public struct SigningRequestProvenance: Equatable, Sendable { public struct SigningRequestProvenance: Equatable {
/// A list of processes involved in the request. /// A list of processes involved in the request.
/// - Note: A chain will typically consist of many elements even for a simple request. For example, running `git fetch` in Terminal.app would generate a request chain of `ssh` -> `git` -> `zsh` -> `login` -> `Terminal.app` /// - Note: A chain will typically consist of many elements even for a simple request. For example, running `git fetch` in Terminal.app would generate a request chain of `ssh` -> `git` -> `zsh` -> `login` -> `Terminal.app`
@@ -30,7 +30,7 @@ extension SigningRequestProvenance {
extension SigningRequestProvenance { extension SigningRequestProvenance {
/// Describes a process in a `SigningRequestProvenance` chain. /// Describes a process in a `SigningRequestProvenance` chain.
public struct Process: Equatable, Sendable { public struct Process: Equatable {
/// The pid of the process. /// The pid of the process.
public let pid: Int32 public let pid: Int32

75
Sources/Packages/Sources/SecureEnclaveSecretKit/SecureEnclaveStore.swift
View File

@@ -4,8 +4,7 @@ import Security
import CryptoKit import CryptoKit
@preconcurrency import LocalAuthentication @preconcurrency import LocalAuthentication
import SecretKit import SecretKit
import os import Synchronization
import Common
extension SecureEnclave { extension SecureEnclave {
@@ -18,11 +17,11 @@ extension SecureEnclave {
public let id = UUID() public let id = UUID()
public let name = String(localized: "secure_enclave") public let name = String(localized: "secure_enclave")
public var secrets: [Secret] { public var secrets: [Secret] {
_secrets.lockedValue _secrets.withLock { $0 }
} }
private let _secrets: OSAllocatedUnfairLock<[Secret]> = .init(uncheckedState: []) private let _secrets: Mutex<[Secret]> = .init([])
private let persistedAuthenticationContexts: OSAllocatedUnfairLock<[Secret: PersistentAuthenticationContext]> = .init(uncheckedState: [:]) private let persistedAuthenticationContexts: Mutex<[Secret: PersistentAuthenticationContext]> = .init([:])
/// Initializes a Store. /// Initializes a Store.
public init() { public init() {
@@ -106,40 +105,42 @@ extension SecureEnclave {
} }
public func sign(data: Data, with secret: Secret, for provenance: SigningRequestProvenance) throws -> Data { public func sign(data: Data, with secret: Secret, for provenance: SigningRequestProvenance) throws -> Data {
var context: LAContext let context: Mutex<LAContext>
if let existing = persistedAuthenticationContexts.lockedValue[secret], existing.valid { // if let existing = persistedAuthenticationContexts.withLock({ $0 })[secret], existing.valid {
context = existing.context // context = existing.context
} else { // } else {
let newContext = LAContext() let newContext = LAContext()
newContext.localizedCancelTitle = String(localized: "auth_context_request_deny_button") newContext.localizedCancelTitle = String(localized: "auth_context_request_deny_button")
context = newContext context = .init(newContext)
// }
return try context.withLock { context in
context.localizedReason = String(localized: "auth_context_request_signature_description_\(provenance.origin.displayName)_\(secret.name)")
let attributes = KeychainDictionary([
kSecClass: kSecClassKey,
kSecAttrKeyClass: kSecAttrKeyClassPrivate,
kSecAttrApplicationLabel: secret.id as CFData,
kSecAttrKeyType: Constants.keyType,
kSecAttrTokenID: kSecAttrTokenIDSecureEnclave,
kSecAttrApplicationTag: Constants.keyTag,
kSecUseAuthenticationContext: context,
kSecReturnRef: true
])
var untyped: CFTypeRef?
let status = SecItemCopyMatching(attributes, &untyped)
if status != errSecSuccess {
throw KeychainError(statusCode: status)
}
guard let untypedSafe = untyped else {
throw KeychainError(statusCode: errSecSuccess)
}
let key = untypedSafe as! SecKey
var signError: SecurityError?
guard let signature = SecKeyCreateSignature(key, .ecdsaSignatureMessageX962SHA256, data as CFData, &signError) else {
throw SigningError(error: signError)
}
return signature as Data
} }
context.localizedReason = String(localized: "auth_context_request_signature_description_\(provenance.origin.displayName)_\(secret.name)")
let attributes = KeychainDictionary([
kSecClass: kSecClassKey,
kSecAttrKeyClass: kSecAttrKeyClassPrivate,
kSecAttrApplicationLabel: secret.id as CFData,
kSecAttrKeyType: Constants.keyType,
kSecAttrTokenID: kSecAttrTokenIDSecureEnclave,
kSecAttrApplicationTag: Constants.keyTag,
kSecUseAuthenticationContext: context,
kSecReturnRef: true
])
var untyped: CFTypeRef?
let status = SecItemCopyMatching(attributes, &untyped)
if status != errSecSuccess {
throw KeychainError(statusCode: status)
}
guard let untypedSafe = untyped else {
throw KeychainError(statusCode: errSecSuccess)
}
let key = untypedSafe as! SecKey
var signError: SecurityError?
guard let signature = SecKeyCreateSignature(key, .ecdsaSignatureMessageX962SHA256, data as CFData, &signError) else {
throw SigningError(error: signError)
}
return signature as Data
} }
public func verify(signature: Data, for data: Data, with secret: Secret) throws -> Bool { public func verify(signature: Data, for data: Data, with secret: Secret) throws -> Bool {
@@ -178,7 +179,7 @@ extension SecureEnclave {
} }
public func existingPersistedAuthenticationContext(secret: Secret) -> PersistedAuthenticationContext? { public func existingPersistedAuthenticationContext(secret: Secret) -> PersistedAuthenticationContext? {
guard let persisted = persistedAuthenticationContexts.lockedValue[secret], persisted.valid else { return nil } guard let persisted = persistedAuthenticationContexts.withLock({ $0 })[secret], persisted.valid else { return nil }
return persisted return persisted
} }

4
Sources/Packages/Sources/SmartCardSecretKit/SmartCardStore.swift
View File

@@ -1,5 +1,5 @@
import Foundation import Foundation
import os import Synchronization
import Observation import Observation
import Security import Security
import CryptoTokenKit import CryptoTokenKit
@@ -19,7 +19,7 @@ extension SmartCard {
/// An implementation of Store backed by a Smart Card. /// An implementation of Store backed by a Smart Card.
@Observable public final class Store: SecretStore { @Observable public final class Store: SecretStore {
private let state: OSAllocatedUnfairLock<State> = .init(uncheckedState: .init()) private let state: Mutex<State> = .init(.init())
public var isAvailable: Bool { public var isAvailable: Bool {
state.withLock { $0.isAvailable } state.withLock { $0.isAvailable }
} }

1
Sources/Packages/Tests/BriefTests/ReleaseParsingTests.swift
View File

@@ -2,6 +2,7 @@ import Testing
import Foundation import Foundation
@testable import Brief @testable import Brief
@Suite struct ReleaseParsingTests { @Suite struct ReleaseParsingTests {
@Test @Test

25
Sources/Packages/Tests/SecretAgentKitTests/AgentTests.swift
View File

@@ -1,10 +1,8 @@
import Foundation import Foundation
import os
import Testing import Testing
import CryptoKit import CryptoKit
@testable import SecretKit @testable import SecretKit
@testable import SecretAgentKit @testable import SecretAgentKit
import Common
@Suite struct AgentTests { @Suite struct AgentTests {
@@ -92,35 +90,34 @@ import Common
@Test func witnessSignature() async { @Test func witnessSignature() async {
let stubReader = StubFileHandleReader(availableData: Constants.Requests.requestSignature) let stubReader = StubFileHandleReader(availableData: Constants.Requests.requestSignature)
let list = storeList(with: [Constants.Secrets.ecdsa256Secret]) let list = storeList(with: [Constants.Secrets.ecdsa256Secret])
let witnessed: OSAllocatedUnfairLock<Bool> = .init(uncheckedState: false) var witnessed = false
let witness = StubWitness(speakNow: { _, trace in let witness = StubWitness(speakNow: { _, trace in
return false return false
}, witness: { _, trace in }, witness: { _, trace in
witnessed.lockedValue = true witnessed = true
}) })
let agent = Agent(storeList: list, witness: witness) let agent = Agent(storeList: list, witness: witness)
await agent.handle(reader: stubReader, writer: stubWriter) await agent.handle(reader: stubReader, writer: stubWriter)
let value = witnessed.lockedValue #expect(witnessed)
#expect(value)
} }
@Test func requestTracing() async { @Test func requestTracing() async {
let stubReader = StubFileHandleReader(availableData: Constants.Requests.requestSignature) let stubReader = StubFileHandleReader(availableData: Constants.Requests.requestSignature)
let list = storeList(with: [Constants.Secrets.ecdsa256Secret]) let list = storeList(with: [Constants.Secrets.ecdsa256Secret])
let speakNowTrace: OSAllocatedUnfairLock<SigningRequestProvenance?> = .init(uncheckedState: nil) var speakNowTrace: SigningRequestProvenance! = nil
let witnessTrace: OSAllocatedUnfairLock<SigningRequestProvenance?> = .init(uncheckedState: nil) var witnessTrace: SigningRequestProvenance! = nil
let witness = StubWitness(speakNow: { _, trace in let witness = StubWitness(speakNow: { _, trace in
speakNowTrace.lockedValue = trace speakNowTrace = trace
return false return false
}, witness: { _, trace in }, witness: { _, trace in
witnessTrace.lockedValue = trace witnessTrace = trace
}) })
let agent = Agent(storeList: list, witness: witness) let agent = Agent(storeList: list, witness: witness)
await agent.handle(reader: stubReader, writer: stubWriter) await agent.handle(reader: stubReader, writer: stubWriter)
#expect(witnessTrace.lockedValue == speakNowTrace.lockedValue) #expect(witnessTrace == speakNowTrace)
#expect(witnessTrace.lockedValue?.origin.displayName == "Finder") #expect(witnessTrace.origin.displayName == "Finder")
#expect(witnessTrace.lockedValue?.origin.validSignature == true) #expect(witnessTrace.origin.validSignature == true)
#expect(witnessTrace.lockedValue?.origin.parentPID == 1) #expect(witnessTrace.origin.parentPID == 1)
} }
// MARK: Exception Handling // MARK: Exception Handling

4
Sources/Packages/Tests/SecretAgentKitTests/StubWitness.swift
View File

@@ -3,8 +3,8 @@ import SecretAgentKit
struct StubWitness { struct StubWitness {
let speakNow: @Sendable (AnySecret, SigningRequestProvenance) -> Bool let speakNow: (AnySecret, SigningRequestProvenance) -> Bool
let witness: @Sendable (AnySecret, SigningRequestProvenance) -> () let witness: (AnySecret, SigningRequestProvenance) -> ()
} }

37
Sources/SecretAgent/Notifier.swift
View File

@@ -4,7 +4,7 @@ import AppKit
import SecretKit import SecretKit
import SecretAgentKit import SecretAgentKit
import Brief import Brief
import os import Synchronization
final class Notifier: Sendable { final class Notifier: Sendable {
@@ -84,10 +84,10 @@ final class Notifier: Sendable {
try? await notificationCenter.add(request) try? await notificationCenter.add(request)
} }
func notify(update: Release, ignore: (@Sendable (Release) -> Void)?) { func notify(update: Release, ignore: ((Release) -> Void)?) {
notificationDelegate.state.withLock { [update] state in notificationDelegate.state.withLock { [update] state in
state.release = update state.release = update
state.ignore = ignore // state.ignore = ignore
} }
let notificationCenter = UNUserNotificationCenter.current() let notificationCenter = UNUserNotificationCenter.current()
let notificationContent = UNMutableNotificationContent() let notificationContent = UNMutableNotificationContent()
@@ -141,7 +141,7 @@ extension Notifier {
final class NotificationDelegate: NSObject, UNUserNotificationCenterDelegate, Sendable { final class NotificationDelegate: NSObject, UNUserNotificationCenterDelegate, Sendable {
struct State { struct State {
typealias PersistAuthentication = (@Sendable (AnySecret, AnySecretStore, TimeInterval?) async -> Void) typealias PersistAuthentication = ((AnySecret, AnySecretStore, TimeInterval?) async -> Void)
typealias Ignore = ((Release) -> Void) typealias Ignore = ((Release) -> Void)
fileprivate var release: Release? fileprivate var release: Release?
fileprivate var ignore: Ignore? fileprivate var ignore: Ignore?
@@ -151,7 +151,7 @@ final class NotificationDelegate: NSObject, UNUserNotificationCenterDelegate, Se
fileprivate var pendingPersistableSecrets: [String: AnySecret] = [:] fileprivate var pendingPersistableSecrets: [String: AnySecret] = [:]
} }
fileprivate let state: OSAllocatedUnfairLock<State> = .init(uncheckedState: .init()) fileprivate let state: Mutex<State> = .init(.init())
func userNotificationCenter(_ center: UNUserNotificationCenter, openSettingsFor notification: UNNotification?) { func userNotificationCenter(_ center: UNUserNotificationCenter, openSettingsFor notification: UNNotification?) {
@@ -170,10 +170,9 @@ final class NotificationDelegate: NSObject, UNUserNotificationCenterDelegate, Se
} }
func handleUpdateResponse(response: UNNotificationResponse) { func handleUpdateResponse(response: UNNotificationResponse) {
let id = response.actionIdentifier
state.withLock { state in state.withLock { state in
guard let update = state.release else { return } guard let update = state.release else { return }
switch id { switch response.actionIdentifier {
case Notifier.Constants.updateActionIdentitifier, UNNotificationDefaultActionIdentifier: case Notifier.Constants.updateActionIdentitifier, UNNotificationDefaultActionIdentifier:
NSWorkspace.shared.open(update.html_url) NSWorkspace.shared.open(update.html_url)
case Notifier.Constants.ignoreActionIdentitifier: case Notifier.Constants.ignoreActionIdentitifier:
@@ -185,21 +184,15 @@ final class NotificationDelegate: NSObject, UNUserNotificationCenterDelegate, Se
} }
func handlePersistAuthenticationResponse(response: UNNotificationResponse) async { func handlePersistAuthenticationResponse(response: UNNotificationResponse) async {
guard let secretID = response.notification.request.content.userInfo[Notifier.Constants.persistSecretIDKey] as? String, // let (secret, store, persistOptions, callback): (AnySecret?, AnySecretStore?, TimeInterval?, State.PersistAuthentication?) = state.withLock { state in
let storeID = response.notification.request.content.userInfo[Notifier.Constants.persistStoreIDKey] as? String else { // guard let secretID = response.notification.request.content.userInfo[Notifier.Constants.persistSecretIDKey] as? String, let secret = state.pendingPersistableSecrets[secretID],
return // let storeID = response.notification.request.content.userInfo[Notifier.Constants.persistStoreIDKey] as? String, let store = state.pendingPersistableStores[storeID]
} // else { return (nil, nil, nil, nil) }
let id = response.actionIdentifier // state.pendingPersistableSecrets[secretID] = nil
// return (secret, store, state.persistOptions[response.actionIdentifier], state.persistAuthentication)
let (secret, store, persistOptions, callback): (AnySecret?, AnySecretStore?, TimeInterval?, State.PersistAuthentication?) = state.withLock { state in // }
guard let secret = state.pendingPersistableSecrets[secretID], // guard let secret, let store, let persistOptions else { return }
let store = state.pendingPersistableStores[storeID] // await callback?(secret, store, persistOptions)
else { return (nil, nil, nil, nil) }
state.pendingPersistableSecrets[secretID] = nil
return (secret, store, state.persistOptions[id], state.persistAuthentication)
}
guard let secret, let store, let persistOptions else { return }
await callback?(secret, store, persistOptions)
} }

6
Sources/Secretive.xcodeproj/project.pbxproj
View File

@@ -646,7 +646,6 @@
"$(inherited)", "$(inherited)",
"@executable_path/../Frameworks", "@executable_path/../Frameworks",
); );
MACOSX_DEPLOYMENT_TARGET = 14.0;
MARKETING_VERSION = 1; MARKETING_VERSION = 1;
PRODUCT_BUNDLE_IDENTIFIER = com.maxgoedjen.Secretive.Host; PRODUCT_BUNDLE_IDENTIFIER = com.maxgoedjen.Secretive.Host;
PRODUCT_NAME = "$(TARGET_NAME)"; PRODUCT_NAME = "$(TARGET_NAME)";
@@ -676,7 +675,6 @@
"$(inherited)", "$(inherited)",
"@executable_path/../Frameworks", "@executable_path/../Frameworks",
); );
MACOSX_DEPLOYMENT_TARGET = 14.0;
MARKETING_VERSION = 1; MARKETING_VERSION = 1;
PRODUCT_BUNDLE_IDENTIFIER = com.maxgoedjen.Secretive.Host; PRODUCT_BUNDLE_IDENTIFIER = com.maxgoedjen.Secretive.Host;
PRODUCT_NAME = "$(TARGET_NAME)"; PRODUCT_NAME = "$(TARGET_NAME)";
@@ -775,7 +773,6 @@
"$(inherited)", "$(inherited)",
"@executable_path/../Frameworks", "@executable_path/../Frameworks",
); );
MACOSX_DEPLOYMENT_TARGET = 14.0;
MARKETING_VERSION = 1; MARKETING_VERSION = 1;
PRODUCT_BUNDLE_IDENTIFIER = com.maxgoedjen.Secretive.Host; PRODUCT_BUNDLE_IDENTIFIER = com.maxgoedjen.Secretive.Host;
PRODUCT_NAME = "$(TARGET_NAME)"; PRODUCT_NAME = "$(TARGET_NAME)";
@@ -799,7 +796,6 @@
"$(inherited)", "$(inherited)",
"@executable_path/../Frameworks", "@executable_path/../Frameworks",
); );
MACOSX_DEPLOYMENT_TARGET = 14.0;
MARKETING_VERSION = 1; MARKETING_VERSION = 1;
PRODUCT_BUNDLE_IDENTIFIER = com.maxgoedjen.Secretive.SecretAgent; PRODUCT_BUNDLE_IDENTIFIER = com.maxgoedjen.Secretive.SecretAgent;
PRODUCT_NAME = "$(TARGET_NAME)"; PRODUCT_NAME = "$(TARGET_NAME)";
@@ -825,7 +821,6 @@
"$(inherited)", "$(inherited)",
"@executable_path/../Frameworks", "@executable_path/../Frameworks",
); );
MACOSX_DEPLOYMENT_TARGET = 14.0;
MARKETING_VERSION = 1; MARKETING_VERSION = 1;
PRODUCT_BUNDLE_IDENTIFIER = com.maxgoedjen.Secretive.SecretAgent; PRODUCT_BUNDLE_IDENTIFIER = com.maxgoedjen.Secretive.SecretAgent;
PRODUCT_NAME = "$(TARGET_NAME)"; PRODUCT_NAME = "$(TARGET_NAME)";
@@ -852,7 +847,6 @@
"$(inherited)", "$(inherited)",
"@executable_path/../Frameworks", "@executable_path/../Frameworks",
); );
MACOSX_DEPLOYMENT_TARGET = 14.0;
MARKETING_VERSION = 1; MARKETING_VERSION = 1;
PRODUCT_BUNDLE_IDENTIFIER = com.maxgoedjen.Secretive.SecretAgent; PRODUCT_BUNDLE_IDENTIFIER = com.maxgoedjen.Secretive.SecretAgent;
PRODUCT_NAME = "$(TARGET_NAME)"; PRODUCT_NAME = "$(TARGET_NAME)";

19
Sources/Secretive/Preview Content/PreviewUpdater.swift
View File

@@ -1,25 +1,32 @@
import Foundation import Foundation
import os import Synchronization
import Observation import Observation
import Brief import Brief
@Observable class PreviewUpdater: UpdaterProtocol { @Observable class PreviewUpdater: UpdaterProtocol {
var update: Release? { var update: Release? {
_update.lockedValue _update.withLock { $0 }
} }
let _update: OSAllocatedUnfairLock<Release?> = .init(uncheckedState: nil) let _update: Mutex<Release?> = .init(nil)
let testBuild = false let testBuild = false
init(update: Update = .none) { init(update: Update = .none) {
switch update { switch update {
case .none: case .none:
_update.lockedValue = nil _update.withLock {
$0 = nil
}
case .advisory: case .advisory:
_update.lockedValue = Release(name: "10.10.10", prerelease: false, html_url: URL(string: "https://example.com")!, body: "Some regular update") _update.withLock {
$0 = Release(name: "10.10.10", prerelease: false, html_url: URL(string: "https://example.com")!, body: "Some regular update")
}
case .critical: case .critical:
_update.lockedValue = Release(name: "10.10.10", prerelease: false, html_url: URL(string: "https://example.com")!, body: "Critical Security Update") _update.withLock {
$0 = Release(name: "10.10.10", prerelease: false, html_url: URL(string: "https://example.com")!, body: "Critical Security Update")
}
} }
} }

11
Sources/Secretive/Views/ContentView.swift
View File

@@ -44,9 +44,14 @@ struct ContentView: View {
extension ContentView { extension ContentView {
@ToolbarContentBuilder
func toolbarItem(_ view: some View, id: String) -> ToolbarItem<String, some View> { func toolbarItem(_ view: some View, id: String) -> some ToolbarContent {
ToolbarItem(id: id) { view } if #available(macOS 26.0, *) {
ToolbarItem(id: id) { view }
.sharedBackgroundVisibility(.hidden)
} else {
ToolbarItem(id: id) { view }
}
} }
var needsSetup: Bool { var needsSetup: Bool {

118
Sources/Secretive/Views/SetupView.swift
View File

@@ -2,124 +2,6 @@ import SwiftUI
struct SetupView: View { struct SetupView: View {
@Binding var visible: Bool
@Binding var setupComplete: Bool
@State var installed = false
@State var updates = false
@State var sshConfig = false
var body: some View {
VStack(spacing: 0) {
NewStepView(title: "setup_agent_title", description: "setup_agent_description") {
OnboardingButton("setup_agent_install_button", installed) {
Task {
await LaunchAgentController().install()
installed = true
}
}
}
Divider()
NewStepView(title: "setup_updates_title", description: "setup_updates_description") {
OnboardingButton("setup_updates_ok", false) {
Task {
updates = true
}
}
}
Divider()
NewStepView(title: "setup_ssh_title", description: "setup_ssh_description") {
HStack {
OnboardingButton("setup_ssh_added_manually_button", false) {
sshConfig = true
}
OnboardingButton("Add Automatically", false) {
// let controller = ShellConfigurationController()
// if controller.addToShell(shellInstructions: selectedShellInstruction) {
// }
sshConfig = true
}
}
}
}
.background(.white.opacity(0.1), in: RoundedRectangle(cornerRadius: 10))
.frame(minWidth: 500, idealWidth: 500, minHeight: 500, idealHeight: 500)
.padding()
}
}
struct OnboardingButton: View {
let label: LocalizedStringResource
let complete: Bool
let action: () -> Void
init(_ label: LocalizedStringResource, _ complete: Bool, action: @escaping () -> Void) {
self.label = label
self.complete = complete
self.action = action
}
var body: some View {
Button(action: action) {
HStack(spacing: 6) {
Text(label)
if complete {
Image(systemName: "checkmark.circle.fill")
}
}
.padding(.vertical, 2)
}
.disabled(complete)
.styled
}
}
extension View {
@ViewBuilder
var styled: some View {
if #available(macOS 26.0, *) {
buttonStyle(.glassProminent)
} else {
buttonStyle(.borderedProminent)
}
}
}
struct NewStepView<Content: View>: View {
let title: LocalizedStringResource
let description: LocalizedStringResource
let actions: Content
init(title: LocalizedStringResource, description: LocalizedStringResource, actions: () -> Content) {
self.title = title
self.description = description
self.actions = actions()
}
var body: some View {
HStack {
VStack(alignment: .leading, spacing: 6) {
Text(title)
.bold()
Text(description)
}
Spacer(minLength: 20)
actions
}
.padding(20)
}
}
struct OldSetupView: View {
@State var stepIndex = 0 @State var stepIndex = 0
@Binding var visible: Bool @Binding var visible: Bool
@Binding var setupComplete: Bool @Binding var setupComplete: Bool

46
Sources/Secretive/Views/ToolbarButtonStyle.swift
View File

@@ -16,22 +16,42 @@ struct ToolbarButtonStyle: ButtonStyle {
self.lightColor = lightColor self.lightColor = lightColor
self.darkColor = darkColor self.darkColor = darkColor
} }
@available(macOS 26.0, *)
private var glassTint: Color {
if !hovering {
colorScheme == .light ? lightColor : darkColor
} else {
colorScheme == .light ? lightColor.exposureAdjust(1) : darkColor.exposureAdjust(1)
}
}
func makeBody(configuration: Configuration) -> some View { func makeBody(configuration: Configuration) -> some View {
configuration.label if #available(macOS 26.0, *) {
.padding(EdgeInsets(top: 6, leading: 8, bottom: 6, trailing: 8)) configuration
.background(colorScheme == .light ? lightColor : darkColor) .label
.foregroundColor(.white) .foregroundColor(.white)
.clipShape(RoundedRectangle(cornerRadius: 5)) .padding(EdgeInsets(top: 6, leading: 8, bottom: 6, trailing: 8))
.overlay( .glassEffect(.regular.tint(glassTint), in: .capsule)
RoundedRectangle(cornerRadius: 5) .onHover { hovering in
.stroke(colorScheme == .light ? .black.opacity(0.15) : .white.opacity(0.15), lineWidth: 1)
.background(hovering ? (colorScheme == .light ? .black.opacity(0.1) : .white.opacity(0.05)) : Color.clear)
)
.onHover { hovering in
withAnimation {
self.hovering = hovering self.hovering = hovering
} }
} } else {
configuration
.label
.background(colorScheme == .light ? lightColor : darkColor)
.foregroundColor(.white)
.clipShape(RoundedRectangle(cornerRadius: 5))
.overlay(
RoundedRectangle(cornerRadius: 5)
.stroke(colorScheme == .light ? .black.opacity(0.15) : .white.opacity(0.15), lineWidth: 1)
.background(hovering ? (colorScheme == .light ? .black.opacity(0.1) : .white.opacity(0.05)) : Color.clear)
)
.onHover { hovering in
withAnimation {
self.hovering = hovering
}
}
}
} }
} }