Added verify checks at startup and encrypted config and more security…

… improvements. E-Mail notifications with beautiful html message also working. Features need integration into app still. Fixed macOS dark mode issues. Reduced file size.
Lennolium · Nov 2, 2023 · 337d943 · 337d943
1 parent f04757f
commit 337d943
Show file tree

Hide file tree

Showing 413 changed files with 61,252 additions and 3,438 deletions.
diff --git a/ACKNOWLEDGMENTS b/ACKNOWLEDGMENTS
diff --git a/INSTALL.md b/INSTALL.md
@@ -0,0 +1,29 @@
+# How to Install (macOS)
+
+## Prerequisites
+Before installing swiftGuard, ensure that FileVault is enabled on your Mac. This step is crucial as swiftGuard's security measures are most effective when FileVault is activated. To enable FileVault:
+1. Open "System Preferences" from the Apple menu.
+2. Navigate to "Security & Privacy" and select the "FileVault" tab.
+3. Click on the lock icon and enter your password to make changes.
+4. Enable FileVault but ensure that iCloud recovery is **not** activated (note your recovery key!).
+
+## Installation
+Follow the steps below to install swiftGuard on your macOS:
+
+1. Obtain the most recent version of swiftGuard by downloading it from the [Releases](https://github.com/Lennolium/swiftGuard/releases/latest) page.
+2. Open the downloaded `swiftGuard.dmg` file.
+3. Drag the swiftGuard application into the Applications folder.
+4. Open the swiftGuard application from the Applications folder by right-clicking and selecting "Open". If you encounter a warning that the application is from an unidentified developer, follow the steps below:
+   - Open "System Preferences" from the Apple menu.
+   - Navigate to "Security & Privacy" and click on "Open Anyway" to allow the application to run.
+
+swiftGuard should now appear in the macOS system tray. Test the shutdown or hibernation feature to ensure it executes correctly. You may be prompted to grant necessary permissions by macOS during the first run.
+
+## Upgrade from an Older Version
+To upgrade swiftGuard to a newer version, follow the steps below:
+
+1. Close the currently running swiftGuard application. You can do this by accessing the tray menu and clicking on the application icon, then selecting "Exit".
+2. Open the newly downloaded `swiftGuard.dmg` file.
+3. Drag the swiftGuard application from the new package into the Applications folder, replacing the old version when prompted.
+
+After completing these steps, you should have successfully installed or updated swiftGuard on your macOS device. If you encounter any issues during the installation or upgrade process, refer to the documentation or [reach out to me](mailto:[email protected]?subject=swiftGuard%20Assistance&body=Dear%20Lennart%2C%0A%0AI'm%20trying%20to%20install%2Fupgrade%20swiftGuard%2C%20but%20did%20run%20into%20some%20problems%3A) for assistance.
diff --git a/README.md b/README.md
@@ -142,7 +142,7 @@ regulations. swiftGuard helps maintain compliance by preventing unauthorized dat
 
 ## Installation
 
-1. Obtain the most recent version by downloading it from [Releases](https://github.com/Lennolium/swiftGuard/releases).
+1. Obtain the most recent version by downloading it from [Releases](https://github.com/Lennolium/swiftGuard/releases/latest).
 2. Open the downloaded `swiftGuard.dmg` file.
 3. Drag the swiftGuard application into the Applications folder.
 4. Open the swiftGuard application from the Applications folder (by right-clicking and selecting `Open`, see Note below)
@@ -152,14 +152,15 @@ permissions by macOS.
 7. Automatic startup at login can be enabled in the app's settings menu.
 
 &nbsp;
-> **Important**: Make sure you use FileVault, macOS's built-in disk encryption feature, encrypt your entire disk, 
+> **Important**: Make sure you use FileVault, macOS's built-in disk encryption feature, to encrypt your entire disk, 
 > ensuring that your data remains secure even if your device falls into the wrong hands. 
 > Otherwise, unauthorized users may gain access to your data easily: `System Preferences > Security & Privacy > Security > FileVault` > Do NOT enable iCloud Recovery!
 
 >__Note:__ If you get a warning that the application is from an _unidentified developer_, you have to open
 >`System Preferences > Security & Privacy > Security` and click `Open Anyway`
->to allow the application to run. 
+>to allow the application to run.
 
+See [INSTALL.md](https://github.com/Lennolium/swiftGuard/blob/main/INSTALL.md) for further details and instructions if you are upgrading from an older version.
 &nbsp;
 
 <!--- Usage -->

diff --git a/build-app.sh b/build-app.sh
@@ -66,6 +66,60 @@ else
     _error "Using old pre-compiled resource file."
 fi
 
+# Generate sha256 hash file of installer and check it.
+_info "Generating SHA256SUMS file for in-app integrity check ..."
+cd src/swiftguard
+sha256sum "install/dev.lennolium.swiftguard.plist" > install/SHA256SUMS
+sha256sum "install/RELEASE_KEY.asc" >> install/SHA256SUMS
+sha256sum "install/swiftguard.ini" >> install/SHA256SUMS
+sha256sum "install/swiftguard.service" >> install/SHA256SUMS
+sha256sum "resources/ACKNOWLEDGMENTS" >> install/SHA256SUMS
+sha256sum "resources/mail-template.txt" >> install/SHA256SUMS
+sha256sum "resources/mail-template.html" >> install/SHA256SUMS
+sha256sum "resources/resources_rc.py" >> install/SHA256SUMS
+sha256sum "utils/__init__.py" >> install/SHA256SUMS
+sha256sum "utils/autostart.py" >> install/SHA256SUMS
+sha256sum "utils/conf.py" >> install/SHA256SUMS
+sha256sum "utils/enc.py" >> install/SHA256SUMS
+sha256sum "utils/hash.py" >> install/SHA256SUMS
+sha256sum "utils/helpers.py" >> install/SHA256SUMS
+sha256sum "utils/listeners.py" >> install/SHA256SUMS
+sha256sum "utils/log.py" >> install/SHA256SUMS
+sha256sum "utils/notif.py" >> install/SHA256SUMS
+sha256sum "utils/upgrade.py" >> install/SHA256SUMS
+sha256sum "utils/workers.py" >> install/SHA256SUMS
+sha256sum "__init__.py" >> install/SHA256SUMS
+sha256sum "__main__.py" >> install/SHA256SUMS
+sha256sum "const.py" >> install/SHA256SUMS
+if sha256sum -c install/SHA256SUMS
+then
+    _ok "SHA256SUMS file successfully generated and checked."
+else
+    _error "SHA256SUMS file check failed!"
+    exit 1
+fi
+
+_info "Generating PGP detached signature for SHA256SUMS file ..."
+release_key=$(grep "GPG_RELEASE_FP = .*" < const.py | sed 's/^.*GPG_RELEASE_FP *= *"\(.*\)"$/\1/')
+# echo "$release_key" | gpg --import
+if gpg --default-key $release_key --armor --yes --detach-sign install/SHA256SUMS
+then
+    _ok "PGP signature successfully generated."
+else
+    _error "PGP signature generation failed!"
+    exit 1
+fi
+if gpg --verify install/SHA256SUMS.asc install/SHA256SUMS
+then
+    _ok "Verified generated signature."
+else
+    _error "PGP signature check failed!"
+    exit 1
+fi
+
+# Back to project root dir.
+cd ../..
+
 # Creating dist folder.
 mkdir -p dist/
 
@@ -90,12 +144,13 @@ fi
 
 # Activate venv and install requirements.
 source venv/bin/activate
+pip install --upgrade pip
 pip install -r requirements.txt
 pip install --upgrade PyInstaller pyinstaller-hooks-contrib
 
 # Build the app.
 _info "Building the .app file. This can take a while ..."
-if pyinstaller "pyinstaller.spec"
+if pyinstaller --noconfirm "pyinstaller.spec"
 then
     _ok "PyInstaller successfully created build."
     _ok "Find swiftGuard.app in /dist folder."

diff --git a/build-dmg.sh b/build-dmg.sh
@@ -71,7 +71,7 @@ rm -R dmg/*
 _info ".dmg building started. This can take a while ..."
 if create-dmg \
   --volname "swiftGuard" \
-  --volicon "img/dmg-icon/dmg-icon-macos@2x.icns" \
+  --volicon "img/dmg-icon/dmg-icon-macos.icns" \
   --background "img/dmg-bg/[email protected]" \
   --window-pos 200 120 \
   --window-size 660 400 \