diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index c52caa8c..333398e7 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -206,6 +206,42 @@ jobs:
asset_name: dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.rpm
asset_content_type: application/octet-stream
+ apt-sign:
+ needs: #Add needs: -ubuntu-22-04-build (on merge dev -> main)
+ - build-linux
+ runs-on:
+ - self-hosted
+ - Linux
+ - X64
+ strategy:
+ fail-fast: false
+ steps:
+ - name: Sign APT repository
+ run: |
+ export AWS_ACCESS_KEY_ID=${{ secrets.AWS_ACCESS_KEY_APT }}
+ export AWS_SECRET_ACCESS_KEY=${{ secrets.AWS_SECRET_KEY_APT }}
+ export AWS_REGION=eu-north-1
+ sudo apt update -y
+ sudo apt install -y awscli curl jq
+
+ for DIST in trixie bookworm; do
+ aws s3 cp s3://apt.defguard.net/dists/${DIST}/Release .
+
+ curl -X POST "${{ secrets.DEFGUARD_SIGNING_URL }}?signature_type=both" \
+ -H "Authorization: Bearer ${{ secrets.DEFGUARD_SIGNING_API_KEY }}" \
+ -F "file=@Release" \
+ -o response.json
+
+ cat response.json | jq -r '.files["Release.gpg"].content' | base64 --decode > Release.gpg
+ cat response.json | jq -r '.files.Release.content' | base64 --decode > InRelease
+
+ aws s3 cp Release.gpg s3://apt.defguard.net/dists/${DIST}/ --acl public-read
+ aws s3 cp InRelease s3://apt.defguard.net/dists/${DIST}/ --acl public-read
+
+ aws s3 ls s3://apt.defguard.net/dists/ --recursive | awk '{print ""$4"
"}' > index.html
+ aws s3 cp index.html s3://apt.defguard.net/ --acl public-read
+ done
+
update-aur:
needs:
- create-release
@@ -273,6 +309,7 @@ jobs:
sudo -u builduser git push
cat PKGBUILD
cat .SRCINFO
+
build-macos:
needs:
- create-release
@@ -350,13 +387,7 @@ jobs:
asset_name: defguard-${{ matrix.target }}-${{ env.VERSION }}.pkg
asset_content_type: application/octet-stream
- # Building signed Windows bundle involves a few steps as described here:
- # https://wixtoolset.org/docs/tools/signing/#signing-bundles-at-the-command-line
- # 1. Build Defguard and bundle the binaries (Defguard and WireGuard) using Wix (Windows)
- # 2. Detach the burn engine from the bundle so that it can be signed (also Windows)
- # 3. Sign the burn engine (Linux)
- # 4. Reattach the burn engine back to the bundle (Windows again)
- # 5. Sign the whole bundle (Linux)
+ # Builds Windows MSI and uploads it as artifact
build-windows:
needs:
- create-release
@@ -370,7 +401,7 @@ jobs:
$env:VERSION=echo ($env:GITHUB_REF_NAME.Substring(1) -Split "-")[0]
echo Version: $env:VERSION
echo "VERSION=$env:VERSION" >> $env:GITHUB_ENV
- - uses: actions/setup-node@v4
+ - uses: actions/setup-node@v6
with:
node-version: "22"
- uses: pnpm/action-setup@v4
@@ -391,7 +422,7 @@ jobs:
run: pnpm install --frozen-lockfile
- uses: dtolnay/rust-toolchain@stable
- name: Install Protoc
- uses: arduino/setup-protoc@v2
+ uses: arduino/setup-protoc@v3
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
- name: Remove "default-run" line from Cargo.toml
@@ -401,68 +432,17 @@ jobs:
uses: tauri-apps/tauri-action@v0
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- - name: Bundle application
- run: |
- dotnet tool install --global wix --version 4.0.5
- wix extension add WixToolset.Bal.wixext/4
- wix build .\src-tauri\resources-windows\defguard-client.wxs -ext .\.wix\extensions\WixToolset.Bal.wixext\4\wixext4\WixToolset.Bal.wixext.dll
- wix burn detach .\src-tauri\resources-windows\defguard-client.exe -engine .\src-tauri\resources-windows\burnengine.exe
- - name: Upload unsigned bundle and burn-engine
+ - name: Upload unsigned bundle
uses: actions/upload-artifact@v4
with:
- name: unsigned-bundle-and-burnengine
- path: |
- src-tauri/resources-windows/defguard-client.exe
- src-tauri/resources-windows/burnengine.exe
- sign-burn-engine:
- needs:
- - build-windows
- runs-on:
- - self-hosted
- - Linux
- - X64
- steps:
- - name: Write release version
- run: |
- VERSION=$(echo ${GITHUB_REF_NAME#v} | cut -d '-' -f1)
- echo Version: $VERSION
- echo "VERSION=$VERSION" >> ${GITHUB_ENV}
- - name: Download unsigned bundle & burn-engine
- uses: actions/download-artifact@v4
- with:
- name: unsigned-bundle-and-burnengine
- - name: Sign burn-engine
- run: osslsigncode sign -pkcs11module /srv/codesign/certum/sc30pkcs11-3.0.6.71-MS.so -pkcs11cert ${{ secrets.CODESIGN_KEYID }} -key ${{ secrets.CODESIGN_KEYID }} -pass ${{ secrets.CODESIGN_PIN }} -h sha256 -t http://time.certum.pl/ -in burnengine.exe -out burnengine-signed.exe
- - name: Upload bundle and burn-engine artifact
- uses: actions/upload-artifact@v4
- with:
- name: unsigned-bundle-and-signed-burnengine
- path: |
- defguard-client.exe
- burnengine-signed.exe
- reattach-burn-engine:
- needs:
- - sign-burn-engine
- runs-on: windows-latest
- steps:
- - name: Download unsigned bundle and signed burn-engine
- uses: actions/download-artifact@v4
- with:
- name: unsigned-bundle-and-signed-burnengine
- - name: Reattach burn-engine
- run: |
- dotnet tool install --global wix --version 4.0.5
- wix extension add WixToolset.Bal.wixext/4
- wix burn reattach defguard-client.exe -engine burnengine-signed.exe -o defguard-client-reattached.exe
- - name: Upload bundle with reattached burn-engine
- uses: actions/upload-artifact@v4
- with:
- name: unsigned-bundle-with-reattached-signed-burn-engine
- path: defguard-client-reattached.exe
+ name: unsigned-bundle
+ path: src-tauri/target/release/bundle/msi/defguard-client_${{ env.VERSION }}_x64_en-US.msi
+
+ # Signs the MSI and uploads it as release asset
sign-bundle:
needs:
- create-release
- - reattach-burn-engine
+ - build-windows
runs-on:
- self-hosted
- Linux
@@ -473,53 +453,19 @@ jobs:
VERSION=$(echo ${GITHUB_REF_NAME#v} | cut -d '-' -f1)
echo Version: $VERSION
echo "VERSION=$VERSION" >> ${GITHUB_ENV}
- - name: Download unsigned bundle & signed burn-engine
+ - name: Download unsigned bundle
uses: actions/download-artifact@v4
with:
- name: unsigned-bundle-with-reattached-signed-burn-engine
+ name: unsigned-bundle
- name: Sign bundle
- run: osslsigncode sign -pkcs11module /srv/codesign/certum/sc30pkcs11-3.0.6.71-MS.so -pkcs11cert ${{ secrets.CODESIGN_KEYID }} -key ${{ secrets.CODESIGN_KEYID }} -pass ${{ secrets.CODESIGN_PIN }} -h sha256 -t http://time.certum.pl/ -in defguard-client-reattached.exe -out defguard-client-signed.exe
+ run: osslsigncode sign -pkcs11module /srv/codesign/certum/sc30pkcs11-3.0.6.71-MS.so -pkcs11cert ${{ secrets.CODESIGN_KEYID }} -key ${{ secrets.CODESIGN_KEYID }} -pass ${{ secrets.CODESIGN_PIN }} -h sha256 -t http://time.certum.pl/ -in defguard-client_${{ env.VERSION }}_x64_en-US.msi -out defguard-client-signed.msi
- name: Upload installer asset
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ needs.create-release.outputs.upload_url }}
- asset_path: defguard-client-signed.exe
- asset_name: defguard-client_${{ env.VERSION }}_x64_en-US.exe
+ asset_path: defguard-client-signed.msi
+ asset_name: defguard-client_${{ env.VERSION }}_x64_en-US.msi
asset_content_type: application/octet-stream
- apt-sign:
- needs: #Add needs: -ubuntu-22-04-build (on merge dev -> main)
- - build-linux
- runs-on:
- - self-hosted
- - Linux
- - X64
- strategy:
- fail-fast: false
- steps:
- - name: Sign APT repository
- run: |
- export AWS_ACCESS_KEY_ID=${{ secrets.AWS_ACCESS_KEY_APT }}
- export AWS_SECRET_ACCESS_KEY=${{ secrets.AWS_SECRET_KEY_APT }}
- export AWS_REGION=eu-north-1
- sudo apt update -y
- sudo apt install -y awscli curl jq
-
- for DIST in trixie bookworm; do
- aws s3 cp s3://apt.defguard.net/dists/${DIST}/Release .
-
- curl -X POST "${{ secrets.DEFGUARD_SIGNING_URL }}?signature_type=both" \
- -H "Authorization: Bearer ${{ secrets.DEFGUARD_SIGNING_API_KEY }}" \
- -F "file=@Release" \
- -o response.json
-
- cat response.json | jq -r '.files["Release.gpg"].content' | base64 --decode > Release.gpg
- cat response.json | jq -r '.files.Release.content' | base64 --decode > InRelease
-
- aws s3 cp Release.gpg s3://apt.defguard.net/dists/${DIST}/ --acl public-read
- aws s3 cp InRelease s3://apt.defguard.net/dists/${DIST}/ --acl public-read
- aws s3 ls s3://apt.defguard.net/dists/ --recursive | awk '{print ""$4"
"}' > index.html
- aws s3 cp index.html s3://apt.defguard.net/ --acl public-read
- done
diff --git a/nix/package.nix b/nix/package.nix
index 814cb749..e974817e 100644
--- a/nix/package.nix
+++ b/nix/package.nix
@@ -8,7 +8,7 @@
makeDesktopItem,
}: let
pname = "defguard-client";
- version = "1.5.2"; # TODO: Get this from Cargo.toml or git
+ version = "1.6.0"; # TODO: Get this from Cargo.toml or git
desktopItem = makeDesktopItem {
name = pname;
diff --git a/package.json b/package.json
index 8d048ab7..ecc6c437 100644
--- a/package.json
+++ b/package.json
@@ -1,7 +1,7 @@
{
"name": "defguard-client",
"private": false,
- "version": "1.5.2",
+ "version": "1.6.0",
"type": "module",
"scripts": {
"dev": "npm-run-all --parallel vite typesafe-i18n",
diff --git a/src-tauri/Cargo.lock b/src-tauri/Cargo.lock
index 42417ff6..95bd80ca 100644
--- a/src-tauri/Cargo.lock
+++ b/src-tauri/Cargo.lock
@@ -948,9 +948,9 @@ dependencies = [
[[package]]
name = "clap"
-version = "4.5.49"
+version = "4.5.50"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f4512b90fa68d3a9932cea5184017c5d200f5921df706d45e853537dea51508f"
+checksum = "0c2cfd7bf8a6017ddaa4e32ffe7403d547790db06bd171c1c53926faab501623"
dependencies = [
"clap_builder",
"clap_derive",
@@ -958,9 +958,9 @@ dependencies = [
[[package]]
name = "clap_builder"
-version = "4.5.49"
+version = "4.5.50"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0025e98baa12e766c67ba13ff4695a887a1eba19569aad00a472546795bd6730"
+checksum = "0a4c05b9e80c5ccd3a7ef080ad7b6ba7d6fc00a985b8b157197075677c82c7a0"
dependencies = [
"anstream",
"anstyle",
@@ -1013,7 +1013,7 @@ dependencies = [
[[package]]
name = "common"
-version = "1.5.2"
+version = "1.6.0"
dependencies = [
"nix",
]
@@ -1368,7 +1368,7 @@ checksum = "be1e0bca6c3637f992fc1cc7cbc52a78c1ef6db076dbf1059c4323d6a2048376"
[[package]]
name = "defguard-client"
-version = "1.5.2"
+version = "1.6.0"
dependencies = [
"anyhow",
"base64 0.22.1",
@@ -1426,7 +1426,7 @@ dependencies = [
[[package]]
name = "defguard-dg"
-version = "1.5.2"
+version = "1.6.0"
dependencies = [
"clap",
"common",
@@ -4069,9 +4069,9 @@ checksum = "d05e27ee213611ffe7d6348b942e8f942b37114c00cc03cec254295a4a17852e"
[[package]]
name = "openssl-src"
-version = "300.5.3+3.5.4"
+version = "300.5.4+3.5.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "dc6bad8cd0233b63971e232cc9c5e83039375b8586d2312f31fda85db8f888c2"
+checksum = "a507b3792995dae9b0df8a1c1e3771e8418b7c2d9f0baeba32e6fe8b06c7cb72"
dependencies = [
"cc",
]
@@ -6229,9 +6229,9 @@ dependencies = [
[[package]]
name = "tao"
-version = "0.34.4"
+version = "0.34.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6121216ff67fe4bcfe64508ea1700bc15f74937d835a07b4a209cc00a8926a84"
+checksum = "f3a753bdc39c07b192151523a3f77cd0394aa75413802c883a0f6f6a0e5ee2e7"
dependencies = [
"bitflags 2.10.0",
"block2 0.6.2",
@@ -6292,9 +6292,9 @@ checksum = "61c41af27dd6d1e27b1b16b489db798443478cef1f06a660c96db617ba5de3b1"
[[package]]
name = "tauri"
-version = "2.8.5"
+version = "2.9.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d4d1d3b3dc4c101ac989fd7db77e045cc6d91a25349cd410455cb5c57d510c1c"
+checksum = "7f07c6590706b2fc0ab287b041cf5ce9c435b3850bdae5571e19d9d27584e89d"
dependencies = [
"anyhow",
"bytes",
@@ -6345,9 +6345,9 @@ dependencies = [
[[package]]
name = "tauri-build"
-version = "2.4.1"
+version = "2.5.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9c432ccc9ff661803dab74c6cd78de11026a578a9307610bbc39d3c55be7943f"
+checksum = "f71be1f494b683ac439e6d61c16ab5c472c6f9c6ee78995b29556d9067c021a1"
dependencies = [
"anyhow",
"cargo_toml",
@@ -6367,9 +6367,9 @@ dependencies = [
[[package]]
name = "tauri-codegen"
-version = "2.4.0"
+version = "2.5.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1ab3a62cf2e6253936a8b267c2e95839674e7439f104fa96ad0025e149d54d8a"
+checksum = "6c1fe64c74cc40f90848281a90058a6db931eb400b60205840e09801ee30f190"
dependencies = [
"base64 0.22.1",
"brotli",
@@ -6394,9 +6394,9 @@ dependencies = [
[[package]]
name = "tauri-macros"
-version = "2.4.0"
+version = "2.5.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4368ea8094e7045217edb690f493b55b30caf9f3e61f79b4c24b6db91f07995e"
+checksum = "260c5d2eb036b76206b9fca20b7be3614cfd21046c5396f7959e0e64a4b07f2f"
dependencies = [
"heck 0.5.0",
"proc-macro2",
@@ -6408,9 +6408,9 @@ dependencies = [
[[package]]
name = "tauri-plugin"
-version = "2.4.0"
+version = "2.5.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9946a3cede302eac0c6eb6c6070ac47b1768e326092d32efbb91f21ed58d978f"
+checksum = "3d7ce9aab979296b2f91e6fbf154207c2e3512b12ddca0b24bfa0e0cde6b2976"
dependencies = [
"anyhow",
"glob",
@@ -6637,9 +6637,9 @@ dependencies = [
[[package]]
name = "tauri-runtime"
-version = "2.8.0"
+version = "2.9.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d4cfc9ad45b487d3fded5a4731a567872a4812e9552e3964161b08edabf93846"
+checksum = "3367f0b47df90e9195cd9f04a56b0055a2cba45aa11923c6c253d748778176fc"
dependencies = [
"cookie",
"dpi",
@@ -6662,9 +6662,9 @@ dependencies = [
[[package]]
name = "tauri-runtime-wry"
-version = "2.8.1"
+version = "2.9.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c1fe9d48bd122ff002064e88cfcd7027090d789c4302714e68fcccba0f4b7807"
+checksum = "80d91d29ca680c545364cf75ba2f2e3c7ea2ab6376bfa3be26b56fa2463a5b5e"
dependencies = [
"gtk",
"http",
@@ -6689,9 +6689,9 @@ dependencies = [
[[package]]
name = "tauri-utils"
-version = "2.7.0"
+version = "2.8.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "41a3852fdf9a4f8fbeaa63dc3e9a85284dd6ef7200751f0bd66ceee30c93f212"
+checksum = "f6b8bbe426abdbf52d050e52ed693130dbd68375b9ad82a3fb17efb4c8d85673"
dependencies = [
"anyhow",
"brotli",
@@ -7297,9 +7297,9 @@ dependencies = [
[[package]]
name = "tray-icon"
-version = "0.21.1"
+version = "0.21.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a0d92153331e7d02ec09137538996a7786fe679c629c279e82a6be762b7e6fe2"
+checksum = "e3d5572781bee8e3f994d7467084e1b1fd7a93ce66bd480f8156ba89dee55a2b"
dependencies = [
"crossbeam-channel",
"dirs",
@@ -7314,7 +7314,7 @@ dependencies = [
"png 0.17.16",
"serde",
"thiserror 2.0.17",
- "windows-sys 0.59.0",
+ "windows-sys 0.60.2",
]
[[package]]
@@ -7419,9 +7419,9 @@ checksum = "5c1cb5db39152898a79168971543b1cb5020dff7fe43c8dc468b0885f5e29df5"
[[package]]
name = "unicode-ident"
-version = "1.0.19"
+version = "1.0.20"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f63a545481291138910575129486daeaf8ac54aee4387fe7906919f7830c7d9d"
+checksum = "462eeb75aeb73aea900253ce739c8e18a67423fadf006037cd3ff27e82748a06"
[[package]]
name = "unicode-normalization"
diff --git a/src-tauri/Cargo.toml b/src-tauri/Cargo.toml
index 78b66bc4..e2d361c6 100644
--- a/src-tauri/Cargo.toml
+++ b/src-tauri/Cargo.toml
@@ -31,7 +31,7 @@ edition = "2021"
homepage = "https://github.com/DefGuard/client"
license-file = "../LICENSE.md"
rust-version = "1.80"
-version = "1.5.2"
+version = "1.6.0"
[package]
name = "defguard-client"
diff --git a/src-tauri/deny.toml b/src-tauri/deny.toml
index 9e62bad1..b6298cda 100644
--- a/src-tauri/deny.toml
+++ b/src-tauri/deny.toml
@@ -87,6 +87,11 @@ ignore = [
{ id = "RUSTSEC-2024-0420", reason = "Tauri v2 GTK3 dependency (unmaintained)" },
{ id = "RUSTSEC-2025-0052", reason = "Discontinued, but dark-light v2.0.0 needs it" },
{ id = "RUSTSEC-2025-0057", reason = "Tauri needs it" },
+ { id = "RUSTSEC-2025-0075", reason = "Tauri v2 GTK3 dependency (unmaintained)" },
+ { id = "RUSTSEC-2025-0080", reason = "Tauri v2 GTK3 dependency (unmaintained)" },
+ { id = "RUSTSEC-2025-0081", reason = "Tauri v2 GTK3 dependency (unmaintained)" },
+ { id = "RUSTSEC-2025-0098", reason = "Tauri v2 GTK3 dependency (unmaintained)" },
+ { id = "RUSTSEC-2025-0100", reason = "Tauri v2 GTK3 dependency (unmaintained)" },
]
# If this is true, then cargo deny will use the git executable to fetch advisory database.
# If this is false, then it uses a built-in git library.
diff --git a/src-tauri/resources-windows/defguard-client.wxs b/src-tauri/resources-windows/defguard-client.wxs
deleted file mode 100644
index a045af0a..00000000
--- a/src-tauri/resources-windows/defguard-client.wxs
+++ /dev/null
@@ -1,42 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/src-tauri/tauri.conf.json b/src-tauri/tauri.conf.json
index 9d071f3a..fc4470f0 100644
--- a/src-tauri/tauri.conf.json
+++ b/src-tauri/tauri.conf.json
@@ -72,7 +72,7 @@
"productName": "defguard-client",
"mainBinaryName": "defguard-client",
"identifier": "net.defguard",
- "version": "1.5.2",
+ "version": "1.6.0",
"app": {
"security": {
"capabilities": [