From 5b120203b27fa75d7e971a32a2c4626837fe962f Mon Sep 17 00:00:00 2001 From: Stephen Kirby <58410745+stirby@users.noreply.github.com> Date: Mon, 22 Jul 2024 16:22:01 -0500 Subject: [PATCH 1/5] chore: keep active users active in scim (#13955) (#13973) * chore: scim should keep active users active * chore: add a unit test to excercise dormancy bug * audit log should not be dropped when there is no change * add ability to cancel audit log (cherry picked from commit 03c5d42233c23cdf8ab85fce3e7c00f7cf4f4108) Co-authored-by: Steven Masley --- coderd/audit/request.go | 20 +++++++++ enterprise/coderd/scim.go | 45 +++++++++++++------ enterprise/coderd/scim_test.go | 79 ++++++++++++++++++++++++++++++++++ 3 files changed, 130 insertions(+), 14 deletions(-) diff --git a/coderd/audit/request.go b/coderd/audit/request.go index 1c027fc85527f..8801bdf9c998d 100644 --- a/coderd/audit/request.go +++ b/coderd/audit/request.go @@ -257,6 +257,26 @@ func requireOrgID[T Auditable](ctx context.Context, id uuid.UUID, log slog.Logge return id } +// InitRequestWithCancel returns a commit function with a boolean arg. +// If the arg is false, future calls to commit() will not create an audit log +// entry. +func InitRequestWithCancel[T Auditable](w http.ResponseWriter, p *RequestParams) (*Request[T], func(commit bool)) { + req, commitF := InitRequest[T](w, p) + cancelled := false + return req, func(commit bool) { + // Once 'commit=false' is called, block + // any future commit attempts. + if !commit { + cancelled = true + return + } + // If it was ever cancelled, block any commits + if !cancelled { + commitF() + } + } +} + // InitRequest initializes an audit log for a request. It returns a function // that should be deferred, causing the audit log to be committed when the // handler returns. diff --git a/enterprise/coderd/scim.go b/enterprise/coderd/scim.go index 2e638e667e9a1..b7f1bc8d106c4 100644 --- a/enterprise/coderd/scim.go +++ b/enterprise/coderd/scim.go @@ -272,13 +272,14 @@ func (api *API) scimPatchUser(rw http.ResponseWriter, r *http.Request) { } auditor := *api.AGPL.Auditor.Load() - aReq, commitAudit := audit.InitRequest[database.User](rw, &audit.RequestParams{ + aReq, commitAudit := audit.InitRequestWithCancel[database.User](rw, &audit.RequestParams{ Audit: auditor, Log: api.Logger, Request: r, Action: database.AuditActionWrite, }) - defer commitAudit() + + defer commitAudit(true) id := chi.URLParam(r, "id") @@ -307,23 +308,39 @@ func (api *API) scimPatchUser(rw http.ResponseWriter, r *http.Request) { var status database.UserStatus if sUser.Active { - // The user will get transitioned to Active after logging in. - status = database.UserStatusDormant + switch dbUser.Status { + case database.UserStatusActive: + // Keep the user active + status = database.UserStatusActive + case database.UserStatusDormant, database.UserStatusSuspended: + // Move (or keep) as dormant + status = database.UserStatusDormant + default: + // If the status is unknown, just move them to dormant. + // The user will get transitioned to Active after logging in. + status = database.UserStatusDormant + } } else { status = database.UserStatusSuspended } - //nolint:gocritic // needed for SCIM - userNew, err := api.Database.UpdateUserStatus(dbauthz.AsSystemRestricted(r.Context()), database.UpdateUserStatusParams{ - ID: dbUser.ID, - Status: status, - UpdatedAt: dbtime.Now(), - }) - if err != nil { - _ = handlerutil.WriteError(rw, err) - return + if dbUser.Status != status { + //nolint:gocritic // needed for SCIM + userNew, err := api.Database.UpdateUserStatus(dbauthz.AsSystemRestricted(r.Context()), database.UpdateUserStatusParams{ + ID: dbUser.ID, + Status: status, + UpdatedAt: dbtime.Now(), + }) + if err != nil { + _ = handlerutil.WriteError(rw, err) + return + } + dbUser = userNew + } else { + // Do not push an audit log if there is no change. + commitAudit(false) } - aReq.New = userNew + aReq.New = dbUser httpapi.Write(ctx, rw, http.StatusOK, sUser) } diff --git a/enterprise/coderd/scim_test.go b/enterprise/coderd/scim_test.go index 237d53983a1a3..9421c6cf5b785 100644 --- a/enterprise/coderd/scim_test.go +++ b/enterprise/coderd/scim_test.go @@ -8,11 +8,13 @@ import ( "net/http" "testing" + "github.com/golang-jwt/jwt/v4" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" "github.com/coder/coder/v2/coderd/audit" "github.com/coder/coder/v2/coderd/coderdtest" + "github.com/coder/coder/v2/coderd/coderdtest/oidctest" "github.com/coder/coder/v2/coderd/database" "github.com/coder/coder/v2/codersdk" "github.com/coder/coder/v2/cryptorand" @@ -364,5 +366,82 @@ func TestScim(t *testing.T) { require.Len(t, userRes.Users, 1) assert.Equal(t, codersdk.UserStatusSuspended, userRes.Users[0].Status) }) + + // Create a user via SCIM, which starts as dormant. + // Log in as the user, making them active. + // Then patch the user again and the user should still be active. + t.Run("ActiveIsActive", func(t *testing.T) { + t.Parallel() + + ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong) + defer cancel() + + scimAPIKey := []byte("hi") + + mockAudit := audit.NewMock() + fake := oidctest.NewFakeIDP(t, oidctest.WithServing()) + client, _ := coderdenttest.New(t, &coderdenttest.Options{ + Options: &coderdtest.Options{ + Auditor: mockAudit, + OIDCConfig: fake.OIDCConfig(t, []string{}), + }, + SCIMAPIKey: scimAPIKey, + AuditLogging: true, + LicenseOptions: &coderdenttest.LicenseOptions{ + AccountID: "coolin", + Features: license.Features{ + codersdk.FeatureSCIM: 1, + codersdk.FeatureAuditLog: 1, + }, + }, + }) + mockAudit.ResetLogs() + + // User is dormant on create + sUser := makeScimUser(t) + res, err := client.Request(ctx, "POST", "/scim/v2/Users", sUser, setScimAuth(scimAPIKey)) + require.NoError(t, err) + defer res.Body.Close() + assert.Equal(t, http.StatusOK, res.StatusCode) + + err = json.NewDecoder(res.Body).Decode(&sUser) + require.NoError(t, err) + + // Check the audit log + aLogs := mockAudit.AuditLogs() + require.Len(t, aLogs, 1) + assert.Equal(t, database.AuditActionCreate, aLogs[0].Action) + + // Verify the user is dormant + scimUser, err := client.User(ctx, sUser.UserName) + require.NoError(t, err) + require.Equal(t, codersdk.UserStatusDormant, scimUser.Status, "user starts as dormant") + + // Log in as the user, making them active + //nolint:bodyclose + scimUserClient, _ := fake.Login(t, client, jwt.MapClaims{ + "email": sUser.Emails[0].Value, + }) + scimUser, err = scimUserClient.User(ctx, codersdk.Me) + require.NoError(t, err) + require.Equal(t, codersdk.UserStatusActive, scimUser.Status, "user should now be active") + + // Patch the user + mockAudit.ResetLogs() + res, err = client.Request(ctx, "PATCH", "/scim/v2/Users/"+sUser.ID, sUser, setScimAuth(scimAPIKey)) + require.NoError(t, err) + _, _ = io.Copy(io.Discard, res.Body) + _ = res.Body.Close() + assert.Equal(t, http.StatusOK, res.StatusCode) + + // Should be no audit logs since there is no diff + aLogs = mockAudit.AuditLogs() + require.Len(t, aLogs, 0) + + // Verify the user is still active. + scimUser, err = client.User(ctx, sUser.UserName) + require.NoError(t, err) + require.Equal(t, codersdk.UserStatusActive, scimUser.Status, "user is still active") + }) }) } From 48c485994231e849e2d217152be47e200bd809ad Mon Sep 17 00:00:00 2001 From: Stephen Kirby <58410745+stirby@users.noreply.github.com> Date: Tue, 23 Jul 2024 15:08:32 -0500 Subject: [PATCH 2/5] chore(scripts): fix cherry-pick check in `check_commit_metadata.sh` (#13980) (#13994) (cherry picked from commit 5a4dbcfc02d7acc78be1e8e4312eec7b07808ba8) Co-authored-by: Mathias Fredriksson --- scripts/release/check_commit_metadata.sh | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/scripts/release/check_commit_metadata.sh b/scripts/release/check_commit_metadata.sh index 507e8d8d797a7..dff4cb1c738fc 100755 --- a/scripts/release/check_commit_metadata.sh +++ b/scripts/release/check_commit_metadata.sh @@ -126,6 +126,7 @@ main() { log "Found renamed cherry-pick commit ${commit1} -> ${renamed}" renamed_cherry_pick_commits[${commit1}]=${renamed} renamed_cherry_pick_commits[${renamed}]=${commit1} + i=$((i - 1)) continue fi @@ -147,6 +148,11 @@ main() { log "Found matching cherry-pick commit ${commit} -> ${renamed_cherry_pick_commits[${commit}]}" done + # Merge the two maps. + for commit in "${!renamed_cherry_pick_commits[@]}"; do + cherry_pick_commits[${commit}]=${renamed_cherry_pick_commits[${commit}]} + done + # Get abbreviated and full commit hashes and titles for each commit. git_log_out="$(git log --no-merges --left-right --pretty=format:"%m %h %H %s" "${range}")" if [[ -z ${git_log_out} ]]; then From d4f8a6481a87927e66becb51a79f170e1dc96449 Mon Sep 17 00:00:00 2001 From: Stephen Kirby <58410745+stirby@users.noreply.github.com> Date: Thu, 1 Aug 2024 12:34:10 -0500 Subject: [PATCH 3/5] fix: change time format string from 15:40 to 15:04 (#14033) (#14072) * Change string format to constant value (cherry picked from commit eacdfb9f9ce20528b2a6d0bb0a35f26a036354c5) Co-authored-by: Charlie Voiselle <464492+angrycub@users.noreply.github.com> --- enterprise/coderd/users.go | 6 ++++-- enterprise/coderd/users_test.go | 17 +++++++++++------ 2 files changed, 15 insertions(+), 8 deletions(-) diff --git a/enterprise/coderd/users.go b/enterprise/coderd/users.go index 935eeb8f6e689..07e66708b1713 100644 --- a/enterprise/coderd/users.go +++ b/enterprise/coderd/users.go @@ -14,6 +14,8 @@ import ( "github.com/coder/coder/v2/codersdk" ) +const TimeFormatHHMM = "15:04" + func (api *API) autostopRequirementEnabledMW(next http.Handler) http.Handler { return http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) { // Entitlement must be enabled. @@ -66,7 +68,7 @@ func (api *API) userQuietHoursSchedule(rw http.ResponseWriter, r *http.Request) RawSchedule: opts.Schedule.String(), UserSet: opts.UserSet, UserCanSet: opts.UserCanSet, - Time: opts.Schedule.TimeParsed().Format("15:40"), + Time: opts.Schedule.TimeParsed().Format(TimeFormatHHMM), Timezone: opts.Schedule.Location().String(), Next: opts.Schedule.Next(time.Now().In(opts.Schedule.Location())), }) @@ -118,7 +120,7 @@ func (api *API) putUserQuietHoursSchedule(rw http.ResponseWriter, r *http.Reques RawSchedule: opts.Schedule.String(), UserSet: opts.UserSet, UserCanSet: opts.UserCanSet, - Time: opts.Schedule.TimeParsed().Format("15:40"), + Time: opts.Schedule.TimeParsed().Format(TimeFormatHHMM), Timezone: opts.Schedule.Location().String(), Next: opts.Schedule.Next(time.Now().In(opts.Schedule.Location())), }) diff --git a/enterprise/coderd/users_test.go b/enterprise/coderd/users_test.go index 4f55859cd9e4d..00bb9e9d74240 100644 --- a/enterprise/coderd/users_test.go +++ b/enterprise/coderd/users_test.go @@ -12,11 +12,14 @@ import ( "github.com/coder/coder/v2/coderd/rbac" "github.com/coder/coder/v2/coderd/schedule/cron" "github.com/coder/coder/v2/codersdk" + "github.com/coder/coder/v2/enterprise/coderd" "github.com/coder/coder/v2/enterprise/coderd/coderdenttest" "github.com/coder/coder/v2/enterprise/coderd/license" "github.com/coder/coder/v2/testutil" ) +const TimeFormatHHMM = coderd.TimeFormatHHMM + func TestUserQuietHours(t *testing.T) { t.Parallel() @@ -42,15 +45,17 @@ func TestUserQuietHours(t *testing.T) { t.Run("OK", func(t *testing.T) { t.Parallel() - - defaultQuietHoursSchedule := "CRON_TZ=America/Chicago 0 1 * * *" + // Using 10 for minutes lets us test a format bug in which values greater + // than 5 were causing the API to explode because the time was returned + // incorrectly + defaultQuietHoursSchedule := "CRON_TZ=America/Chicago 10 1 * * *" defaultScheduleParsed, err := cron.Daily(defaultQuietHoursSchedule) require.NoError(t, err) nextTime := defaultScheduleParsed.Next(time.Now().In(defaultScheduleParsed.Location())) if time.Until(nextTime) < time.Hour { // Use a different default schedule instead, because we want to avoid // the schedule "ticking over" during this test run. - defaultQuietHoursSchedule = "CRON_TZ=America/Chicago 0 13 * * *" + defaultQuietHoursSchedule = "CRON_TZ=America/Chicago 10 13 * * *" defaultScheduleParsed, err = cron.Daily(defaultQuietHoursSchedule) require.NoError(t, err) } @@ -79,7 +84,7 @@ func TestUserQuietHours(t *testing.T) { require.NoError(t, err) require.Equal(t, defaultScheduleParsed.String(), sched1.RawSchedule) require.False(t, sched1.UserSet) - require.Equal(t, defaultScheduleParsed.TimeParsed().Format("15:40"), sched1.Time) + require.Equal(t, defaultScheduleParsed.TimeParsed().Format(TimeFormatHHMM), sched1.Time) require.Equal(t, defaultScheduleParsed.Location().String(), sched1.Timezone) require.WithinDuration(t, defaultScheduleParsed.Next(time.Now()), sched1.Next, 15*time.Second) @@ -102,7 +107,7 @@ func TestUserQuietHours(t *testing.T) { require.NoError(t, err) require.Equal(t, customScheduleParsed.String(), sched2.RawSchedule) require.True(t, sched2.UserSet) - require.Equal(t, customScheduleParsed.TimeParsed().Format("15:40"), sched2.Time) + require.Equal(t, customScheduleParsed.TimeParsed().Format(TimeFormatHHMM), sched2.Time) require.Equal(t, customScheduleParsed.Location().String(), sched2.Timezone) require.WithinDuration(t, customScheduleParsed.Next(time.Now()), sched2.Next, 15*time.Second) @@ -111,7 +116,7 @@ func TestUserQuietHours(t *testing.T) { require.NoError(t, err) require.Equal(t, customScheduleParsed.String(), sched3.RawSchedule) require.True(t, sched3.UserSet) - require.Equal(t, customScheduleParsed.TimeParsed().Format("15:40"), sched3.Time) + require.Equal(t, customScheduleParsed.TimeParsed().Format(TimeFormatHHMM), sched3.Time) require.Equal(t, customScheduleParsed.Location().String(), sched3.Timezone) require.WithinDuration(t, customScheduleParsed.Next(time.Now()), sched3.Next, 15*time.Second) From bddf0bf85a9d95725f5c95da308fff40592f5a02 Mon Sep 17 00:00:00 2001 From: Stephen Kirby <58410745+stirby@users.noreply.github.com> Date: Tue, 6 Aug 2024 11:58:37 -0500 Subject: [PATCH 4/5] chore: update emoji-mart data (#13746) (#14189) (cherry picked from commit 4a0fd7466c88f0c5eae88dd06fb50c91d2271f51) Co-authored-by: Kayla Washburn-Love --- site/package.json | 2 +- site/pnpm-lock.yaml | 8 +- site/static/emojis/LICENSE-GRAPHICS | 393 ++++++++++++++++++++++++++++ 3 files changed, 398 insertions(+), 5 deletions(-) create mode 100644 site/static/emojis/LICENSE-GRAPHICS diff --git a/site/package.json b/site/package.json index 27a12d56b32d7..9f228df04abed 100644 --- a/site/package.json +++ b/site/package.json @@ -30,7 +30,7 @@ "deadcode": "ts-prune | grep -v \".stories\\|.config\\|e2e\\|__mocks__\\|used in module\\|testHelpers\\|typesGenerated\" || echo \"No deadcode found.\"" }, "dependencies": { - "@emoji-mart/data": "1.1.2", + "@emoji-mart/data": "1.2.1", "@emoji-mart/react": "1.1.1", "@emotion/css": "11.11.2", "@emotion/react": "11.11.1", diff --git a/site/pnpm-lock.yaml b/site/pnpm-lock.yaml index 287960052dfbe..c9245710c9920 100644 --- a/site/pnpm-lock.yaml +++ b/site/pnpm-lock.yaml @@ -10,8 +10,8 @@ overrides: dependencies: '@emoji-mart/data': - specifier: 1.1.2 - version: 1.1.2 + specifier: 1.2.1 + version: 1.2.1 '@emoji-mart/react': specifier: 1.1.1 version: 1.1.1(emoji-mart@5.6.0)(react@18.2.0) @@ -2130,8 +2130,8 @@ packages: engines: {node: '>=10.0.0'} dev: true - /@emoji-mart/data@1.1.2: - resolution: {integrity: sha512-1HP8BxD2azjqWJvxIaWAMyTySeZY0Osr83ukYjltPVkNXeJvTz7yDrPLBtnrD5uqJ3tg4CcLuuBW09wahqL/fg==} + /@emoji-mart/data@1.2.1: + resolution: {integrity: sha512-no2pQMWiBy6gpBEiqGeU77/bFejDqUTRY7KX+0+iur13op3bqUsXdnwoZs6Xb1zbv0gAj5VvS1PWoUUckSr5Dw==} dev: false /@emoji-mart/react@1.1.1(emoji-mart@5.6.0)(react@18.2.0): diff --git a/site/static/emojis/LICENSE-GRAPHICS b/site/static/emojis/LICENSE-GRAPHICS new file mode 100644 index 0000000000000..230507dedabfb --- /dev/null +++ b/site/static/emojis/LICENSE-GRAPHICS @@ -0,0 +1,393 @@ +Attribution 4.0 International + +======================================================================= + +Creative Commons Corporation ("Creative Commons") is not a law firm and +does not provide legal services or legal advice. Distribution of +Creative Commons public licenses does not create a lawyer-client or +other relationship. Creative Commons makes its licenses and related +information available on an "as-is" basis. Creative Commons gives no +warranties regarding its licenses, any material licensed under their +terms and conditions, or any related information. Creative Commons +disclaims all liability for damages resulting from their use to the +fullest extent possible. + +Using Creative Commons Public Licenses + +Creative Commons public licenses provide a standard set of terms and +conditions that creators and other rights holders may use to share +original works of authorship and other material subject to copyright +and certain other rights specified in the public license below. The +following considerations are for informational purposes only, are not +exhaustive, and do not form part of our licenses. + + Considerations for licensors: Our public licenses are + intended for use by those authorized to give the public + permission to use material in ways otherwise restricted by + copyright and certain other rights. Our licenses are + irrevocable. Licensors should read and understand the terms + and conditions of the license they choose before applying it. + Licensors should also secure all rights necessary before + applying our licenses so that the public can reuse the + material as expected. Licensors should clearly mark any + material not subject to the license. This includes other CC- + licensed material, or material used under an exception or + limitation to copyright. More considerations for licensors: + wiki.creativecommons.org/Considerations_for_licensors + + Considerations for the public: By using one of our public + licenses, a licensor grants the public permission to use the + licensed material under specified terms and conditions. If + the licensor's permission is not necessary for any reason--for + example, because of any applicable exception or limitation to + copyright--then that use is not regulated by the license. Our + licenses grant only permissions under copyright and certain + other rights that a licensor has authority to grant. Use of + the licensed material may still be restricted for other + reasons, including because others have copyright or other + rights in the material. A licensor may make special requests, + such as asking that all changes be marked or described. + Although not required by our licenses, you are encouraged to + respect those requests where reasonable. More_considerations + for the public: + wiki.creativecommons.org/Considerations_for_licensees + +======================================================================= + +Creative Commons Attribution 4.0 International Public License + +By exercising the Licensed Rights (defined below), You accept and agree +to be bound by the terms and conditions of this Creative Commons +Attribution 4.0 International Public License ("Public License"). To the +extent this Public License may be interpreted as a contract, You are +granted the Licensed Rights in consideration of Your acceptance of +these terms and conditions, and the Licensor grants You such rights in +consideration of benefits the Licensor receives from making the +Licensed Material available under these terms and conditions. + + +Section 1 -- Definitions. + + a. Adapted Material means material subject to Copyright and Similar + Rights that is derived from or based upon the Licensed Material + and in which the Licensed Material is translated, altered, + arranged, transformed, or otherwise modified in a manner requiring + permission under the Copyright and Similar Rights held by the + Licensor. For purposes of this Public License, where the Licensed + Material is a musical work, performance, or sound recording, + Adapted Material is always produced where the Licensed Material is + synched in timed relation with a moving image. + + b. Adapter's License means the license You apply to Your Copyright + and Similar Rights in Your contributions to Adapted Material in + accordance with the terms and conditions of this Public License. + + c. Copyright and Similar Rights means copyright and/or similar rights + closely related to copyright including, without limitation, + performance, broadcast, sound recording, and Sui Generis Database + Rights, without regard to how the rights are labeled or + categorized. For purposes of this Public License, the rights + specified in Section 2(b)(1)-(2) are not Copyright and Similar + Rights. + + d. Effective Technological Measures means those measures that, in the + absence of proper authority, may not be circumvented under laws + fulfilling obligations under Article 11 of the WIPO Copyright + Treaty adopted on December 20, 1996, and/or similar international + agreements. + + e. Exceptions and Limitations means fair use, fair dealing, and/or + any other exception or limitation to Copyright and Similar Rights + that applies to Your use of the Licensed Material. + + f. Licensed Material means the artistic or literary work, database, + or other material to which the Licensor applied this Public + License. + + g. Licensed Rights means the rights granted to You subject to the + terms and conditions of this Public License, which are limited to + all Copyright and Similar Rights that apply to Your use of the + Licensed Material and that the Licensor has authority to license. + + h. Licensor means the individual(s) or entity(ies) granting rights + under this Public License. + + i. Share means to provide material to the public by any means or + process that requires permission under the Licensed Rights, such + as reproduction, public display, public performance, distribution, + dissemination, communication, or importation, and to make material + available to the public including in ways that members of the + public may access the material from a place and at a time + individually chosen by them. + + j. Sui Generis Database Rights means rights other than copyright + resulting from Directive 96/9/EC of the European Parliament and of + the Council of 11 March 1996 on the legal protection of databases, + as amended and/or succeeded, as well as other essentially + equivalent rights anywhere in the world. + + k. You means the individual or entity exercising the Licensed Rights + under this Public License. Your has a corresponding meaning. + + +Section 2 -- Scope. + + a. License grant. + + 1. Subject to the terms and conditions of this Public License, + the Licensor hereby grants You a worldwide, royalty-free, + non-sublicensable, non-exclusive, irrevocable license to + exercise the Licensed Rights in the Licensed Material to: + + a. reproduce and Share the Licensed Material, in whole or + in part; and + + b. produce, reproduce, and Share Adapted Material. + + 2. Exceptions and Limitations. For the avoidance of doubt, where + Exceptions and Limitations apply to Your use, this Public + License does not apply, and You do not need to comply with + its terms and conditions. + + 3. Term. The term of this Public License is specified in Section + 6(a). + + 4. Media and formats; technical modifications allowed. The + Licensor authorizes You to exercise the Licensed Rights in + all media and formats whether now known or hereafter created, + and to make technical modifications necessary to do so. The + Licensor waives and/or agrees not to assert any right or + authority to forbid You from making technical modifications + necessary to exercise the Licensed Rights, including + technical modifications necessary to circumvent Effective + Technological Measures. For purposes of this Public License, + simply making modifications authorized by this Section 2(a) + (4) never produces Adapted Material. + + 5. Downstream recipients. + + a. Offer from the Licensor -- Licensed Material. Every + recipient of the Licensed Material automatically + receives an offer from the Licensor to exercise the + Licensed Rights under the terms and conditions of this + Public License. + + b. No downstream restrictions. You may not offer or impose + any additional or different terms or conditions on, or + apply any Effective Technological Measures to, the + Licensed Material if doing so restricts exercise of the + Licensed Rights by any recipient of the Licensed + Material. + + 6. No endorsement. Nothing in this Public License constitutes or + may be construed as permission to assert or imply that You + are, or that Your use of the Licensed Material is, connected + with, or sponsored, endorsed, or granted official status by, + the Licensor or others designated to receive attribution as + provided in Section 3(a)(1)(A)(i). + + b. Other rights. + + 1. Moral rights, such as the right of integrity, are not + licensed under this Public License, nor are publicity, + privacy, and/or other similar personality rights; however, to + the extent possible, the Licensor waives and/or agrees not to + assert any such rights held by the Licensor to the limited + extent necessary to allow You to exercise the Licensed + Rights, but not otherwise. + + 2. Patent and trademark rights are not licensed under this + Public License. + + 3. To the extent possible, the Licensor waives any right to + collect royalties from You for the exercise of the Licensed + Rights, whether directly or through a collecting society + under any voluntary or waivable statutory or compulsory + licensing scheme. In all other cases the Licensor expressly + reserves any right to collect such royalties. + + +Section 3 -- License Conditions. + +Your exercise of the Licensed Rights is expressly made subject to the +following conditions. + + a. Attribution. + + 1. If You Share the Licensed Material (including in modified + form), You must: + + a. retain the following if it is supplied by the Licensor + with the Licensed Material: + + i. identification of the creator(s) of the Licensed + Material and any others designated to receive + attribution, in any reasonable manner requested by + the Licensor (including by pseudonym if + designated); + + ii. a copyright notice; + + iii. a notice that refers to this Public License; + + iv. a notice that refers to the disclaimer of + warranties; + + v. a URI or hyperlink to the Licensed Material to the + extent reasonably practicable; + + b. indicate if You modified the Licensed Material and + retain an indication of any previous modifications; and + + c. indicate the Licensed Material is licensed under this + Public License, and include the text of, or the URI or + hyperlink to, this Public License. + + 2. You may satisfy the conditions in Section 3(a)(1) in any + reasonable manner based on the medium, means, and context in + which You Share the Licensed Material. For example, it may be + reasonable to satisfy the conditions by providing a URI or + hyperlink to a resource that includes the required + information. + + 3. If requested by the Licensor, You must remove any of the + information required by Section 3(a)(1)(A) to the extent + reasonably practicable. + + 4. If You Share Adapted Material You produce, the Adapter's + License You apply must not prevent recipients of the Adapted + Material from complying with this Public License. + + +Section 4 -- Sui Generis Database Rights. + +Where the Licensed Rights include Sui Generis Database Rights that +apply to Your use of the Licensed Material: + + a. for the avoidance of doubt, Section 2(a)(1) grants You the right + to extract, reuse, reproduce, and Share all or a substantial + portion of the contents of the database; + + b. if You include all or a substantial portion of the database + contents in a database in which You have Sui Generis Database + Rights, then the database in which You have Sui Generis Database + Rights (but not its individual contents) is Adapted Material; and + + c. You must comply with the conditions in Section 3(a) if You Share + all or a substantial portion of the contents of the database. + +For the avoidance of doubt, this Section 4 supplements and does not +replace Your obligations under this Public License where the Licensed +Rights include other Copyright and Similar Rights. + + +Section 5 -- Disclaimer of Warranties and Limitation of Liability. + + a. UNLESS OTHERWISE SEPARATELY UNDERTAKEN BY THE LICENSOR, TO THE + EXTENT POSSIBLE, THE LICENSOR OFFERS THE LICENSED MATERIAL AS-IS + AND AS-AVAILABLE, AND MAKES NO REPRESENTATIONS OR WARRANTIES OF + ANY KIND CONCERNING THE LICENSED MATERIAL, WHETHER EXPRESS, + IMPLIED, STATUTORY, OR OTHER. THIS INCLUDES, WITHOUT LIMITATION, + WARRANTIES OF TITLE, MERCHANTABILITY, FITNESS FOR A PARTICULAR + PURPOSE, NON-INFRINGEMENT, ABSENCE OF LATENT OR OTHER DEFECTS, + ACCURACY, OR THE PRESENCE OR ABSENCE OF ERRORS, WHETHER OR NOT + KNOWN OR DISCOVERABLE. WHERE DISCLAIMERS OF WARRANTIES ARE NOT + ALLOWED IN FULL OR IN PART, THIS DISCLAIMER MAY NOT APPLY TO YOU. + + b. TO THE EXTENT POSSIBLE, IN NO EVENT WILL THE LICENSOR BE LIABLE + TO YOU ON ANY LEGAL THEORY (INCLUDING, WITHOUT LIMITATION, + NEGLIGENCE) OR OTHERWISE FOR ANY DIRECT, SPECIAL, INDIRECT, + INCIDENTAL, CONSEQUENTIAL, PUNITIVE, EXEMPLARY, OR OTHER LOSSES, + COSTS, EXPENSES, OR DAMAGES ARISING OUT OF THIS PUBLIC LICENSE OR + USE OF THE LICENSED MATERIAL, EVEN IF THE LICENSOR HAS BEEN + ADVISED OF THE POSSIBILITY OF SUCH LOSSES, COSTS, EXPENSES, OR + DAMAGES. WHERE A LIMITATION OF LIABILITY IS NOT ALLOWED IN FULL OR + IN PART, THIS LIMITATION MAY NOT APPLY TO YOU. + + c. The disclaimer of warranties and limitation of liability provided + above shall be interpreted in a manner that, to the extent + possible, most closely approximates an absolute disclaimer and + waiver of all liability. + + +Section 6 -- Term and Termination. + + a. This Public License applies for the term of the Copyright and + Similar Rights licensed here. However, if You fail to comply with + this Public License, then Your rights under this Public License + terminate automatically. + + b. Where Your right to use the Licensed Material has terminated under + Section 6(a), it reinstates: + + 1. automatically as of the date the violation is cured, provided + it is cured within 30 days of Your discovery of the + violation; or + + 2. upon express reinstatement by the Licensor. + + For the avoidance of doubt, this Section 6(b) does not affect any + right the Licensor may have to seek remedies for Your violations + of this Public License. + + c. For the avoidance of doubt, the Licensor may also offer the + Licensed Material under separate terms or conditions or stop + distributing the Licensed Material at any time; however, doing so + will not terminate this Public License. + + d. Sections 1, 5, 6, 7, and 8 survive termination of this Public + License. + + +Section 7 -- Other Terms and Conditions. + + a. The Licensor shall not be bound by any additional or different + terms or conditions communicated by You unless expressly agreed. + + b. Any arrangements, understandings, or agreements regarding the + Licensed Material not stated herein are separate from and + independent of the terms and conditions of this Public License. + + +Section 8 -- Interpretation. + + a. For the avoidance of doubt, this Public License does not, and + shall not be interpreted to, reduce, limit, restrict, or impose + conditions on any use of the Licensed Material that could lawfully + be made without permission under this Public License. + + b. To the extent possible, if any provision of this Public License is + deemed unenforceable, it shall be automatically reformed to the + minimum extent necessary to make it enforceable. If the provision + cannot be reformed, it shall be severed from this Public License + without affecting the enforceability of the remaining terms and + conditions. + + c. No term or condition of this Public License will be waived and no + failure to comply consented to unless expressly agreed to by the + Licensor. + + d. Nothing in this Public License constitutes or may be interpreted + as a limitation upon, or waiver of, any privileges and immunities + that apply to the Licensor or You, including from the legal + processes of any jurisdiction or authority. + + +======================================================================= + +Creative Commons is not a party to its public licenses. +Notwithstanding, Creative Commons may elect to apply one of its public +licenses to material it publishes and in those instances will be +considered the "Licensor." Except for the limited purpose of indicating +that material is shared under a Creative Commons public license or as +otherwise permitted by the Creative Commons policies published at +creativecommons.org/policies, Creative Commons does not authorize the +use of the trademark "Creative Commons" or any other trademark or logo +of Creative Commons without its prior written consent including, +without limitation, in connection with any unauthorized modifications +to any of its public licenses or any other arrangements, +understandings, or agreements concerning use of licensed material. For +the avoidance of doubt, this paragraph does not form part of the public +licenses. + +Creative Commons may be contacted at creativecommons.org. From 1a027b07746dadb2c23d01d6d7a0607bb2b5a1a3 Mon Sep 17 00:00:00 2001 From: Stephen Kirby <58410745+stirby@users.noreply.github.com> Date: Tue, 20 Aug 2024 13:20:54 -0500 Subject: [PATCH 5/5] chore: sign the windows installer (#14353) (#14368) (cherry picked from commit 6f9b3c1592bca6412ef01fb98758c068902757b8) Co-authored-by: Kyle Carberry --- scripts/build_windows_installer.sh | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/scripts/build_windows_installer.sh b/scripts/build_windows_installer.sh index 3b4d15a3cee9c..1a20a2cca3fb3 100755 --- a/scripts/build_windows_installer.sh +++ b/scripts/build_windows_installer.sh @@ -19,6 +19,7 @@ source "$(dirname "${BASH_SOURCE[0]}")/lib.sh" agpl="${CODER_BUILD_AGPL:-0}" output_path="" version="" +sign_windows="${CODER_SIGN_WINDOWS:-0}" args="$(getopt -o "" -l agpl,output:,version: -- "$@")" eval set -- "$args" @@ -51,6 +52,11 @@ if [[ "$output_path" == "" ]]; then error "--output is a required parameter" fi +if [[ "$sign_windows" == 1 ]]; then + dependencies java + requiredenvs JSIGN_PATH EV_KEYSTORE EV_KEY EV_CERTIFICATE_PATH EV_TSA_URL GCLOUD_ACCESS_TOKEN +fi + if [[ "$#" != 1 ]]; then error "Exactly one argument must be provided to this script, $# were supplied" fi @@ -125,3 +131,7 @@ popd cp "$temp_dir/installer.exe" "$output_path" rm -rf "$temp_dir" + +if [[ "$sign_windows" == 1 ]]; then + execrelative ./sign_windows.sh "$output_path" 1>&2 +fi