From fbb4c91285df80f7b1a2e219b5aabc8691a89358 Mon Sep 17 00:00:00 2001 From: Jacek Chmielewski Date: Fri, 26 Sep 2025 10:32:59 +0200 Subject: [PATCH 01/10] Create SBOM files (#593) * implement CI sbom * run sbom on self-hosted workers * use shogo82148/actions-upload-release-asset upload action --- .github/workflows/release.yaml | 6 +++++ .github/workflows/sbom.yml | 44 ++++++++++++++++++++++++++++++++++ 2 files changed, 50 insertions(+) create mode 100644 .github/workflows/sbom.yml diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index b04338aa..a9073548 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -52,6 +52,12 @@ jobs: draft: true generate_release_notes: true + create-sbom: + needs: [create-release] + uses: ./.github/workflows/sbom.yml + with: + upload_url: ${{ needs.create-release.outputs.upload_url }} + build-linux: needs: - create-release diff --git a/.github/workflows/sbom.yml b/.github/workflows/sbom.yml new file mode 100644 index 00000000..3806208e --- /dev/null +++ b/.github/workflows/sbom.yml @@ -0,0 +1,44 @@ +name: Create SBOM files + +on: + workflow_call: + inputs: + upload_url: + description: "Release assets upload URL" + required: true + type: string + +jobs: + create-sbom: + runs-on: self-hosted + + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + submodules: recursive + + # Store the version, stripping any v-prefix + - name: Write release version + run: | + VERSION=${GITHUB_REF_NAME#v} + echo Version: $VERSION + echo "VERSION=$VERSION" >> $GITHUB_ENV + + - name: Create SBOM with Trivy + uses: aquasecurity/trivy-action@0.33.1 + with: + scan-type: 'fs' + format: 'spdx-json' + output: "defguard-client-${{ env.VERSION }}.sbom.json" + scan-ref: '.' + severity: "CRITICAL,HIGH,MEDIUM" + + - name: Upload SBOM + uses: shogo82148/actions-upload-release-asset@v1 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + upload_url: ${{ inputs.upload_url }} + asset_path: "defguard-*.sbom.json" + asset_content_type: application/octet-stream From 7f2f5cf86ea71e021930d483e2b2859d9fb401a3 Mon Sep 17 00:00:00 2001 From: Jacek Chmielewski Date: Fri, 26 Sep 2025 14:17:57 +0200 Subject: [PATCH 02/10] CI: scan code with trivy (#594) * CI: scan code with trivy * cargo update * add trivyignore * include low severity vulns in sbom --- .github/workflows/sbom.yml | 3 +- .github/workflows/test.yml | 9 +++ .trivyignore | 2 + src-tauri/Cargo.lock | 134 ++++++++++++++++++------------------- 4 files changed, 77 insertions(+), 71 deletions(-) create mode 100644 .trivyignore diff --git a/.github/workflows/sbom.yml b/.github/workflows/sbom.yml index 3806208e..c470ea02 100644 --- a/.github/workflows/sbom.yml +++ b/.github/workflows/sbom.yml @@ -32,7 +32,8 @@ jobs: format: 'spdx-json' output: "defguard-client-${{ env.VERSION }}.sbom.json" scan-ref: '.' - severity: "CRITICAL,HIGH,MEDIUM" + severity: "CRITICAL,HIGH,MEDIUM,LOW" + scanners: "vuln" - name: Upload SBOM uses: shogo82148/actions-upload-release-asset@v1 diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 7a837db4..8cfbcf69 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -39,6 +39,15 @@ jobs: uses: actions/checkout@v5 with: submodules: recursive + - name: Scan code with Trivy + uses: aquasecurity/trivy-action@0.33.1 + with: + scan-type: 'fs' + scan-ref: '.' + exit-code: "1" + ignore-unfixed: true + severity: "CRITICAL,HIGH,MEDIUM" + scanners: "vuln" - name: Cache uses: Swatinem/rust-cache@v2 - name: Install required packages diff --git a/.trivyignore b/.trivyignore new file mode 100644 index 00000000..26c4b951 --- /dev/null +++ b/.trivyignore @@ -0,0 +1,2 @@ +# glib - transitive dependency +GHSA-wrw7-89jp-8q8g exp:2025-11-05 diff --git a/src-tauri/Cargo.lock b/src-tauri/Cargo.lock index e1062819..dd6fcaff 100644 --- a/src-tauri/Cargo.lock +++ b/src-tauri/Cargo.lock @@ -4,9 +4,9 @@ version = 3 [[package]] name = "addr2line" -version = "0.24.2" +version = "0.25.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dfbe277e56a376000877090da837660b4427aad530e3028d44e0bffe4f89a1c1" +checksum = "1b5d307320b3181d6d7954e663bd7c774a838b8220fe0593c86d9fb09f498b4b" dependencies = [ "gimli", ] @@ -296,7 +296,7 @@ dependencies = [ "polling", "rustix 1.1.2", "slab", - "windows-sys 0.61.0", + "windows-sys 0.61.1", ] [[package]] @@ -365,7 +365,7 @@ dependencies = [ "rustix 1.1.2", "signal-hook-registry", "slab", - "windows-sys 0.61.0", + "windows-sys 0.61.1", ] [[package]] @@ -502,9 +502,9 @@ dependencies = [ [[package]] name = "backtrace" -version = "0.3.75" +version = "0.3.76" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6806a6321ec58106fea15becdad98371e28d92ccbc7c8f1b3b6dd724fe8f1002" +checksum = "bb531853791a215d7c62a30daf0dde835f381ab5de4589cfe7c649d2cbe92bd6" dependencies = [ "addr2line", "cfg-if", @@ -512,7 +512,7 @@ dependencies = [ "miniz_oxide", "object", "rustc-demangle", - "windows-targets 0.52.6", + "windows-link 0.2.0", ] [[package]] @@ -779,9 +779,9 @@ dependencies = [ [[package]] name = "cc" -version = "1.2.38" +version = "1.2.39" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "80f41ae168f955c12fb8960b057d70d0ca153fb83182b57d86380443527be7e9" +checksum = "e1354349954c6fc9cb0deab020f27f783cf0b604e8bb754dc4658ecf0d29c35f" dependencies = [ "find-msvc-tools", "jobserver", @@ -1466,7 +1466,7 @@ dependencies = [ "libc", "option-ext", "redox_users 0.5.2", - "windows-sys 0.61.0", + "windows-sys 0.61.1", ] [[package]] @@ -1706,7 +1706,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "39cab71617ae0d63f51a36d69f866391735b51691dbda63cf6f96d042b63efeb" dependencies = [ "libc", - "windows-sys 0.61.0", + "windows-sys 0.61.1", ] [[package]] @@ -2196,9 +2196,9 @@ dependencies = [ [[package]] name = "gimli" -version = "0.31.1" +version = "0.32.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "07e28edb80900c19c28f1072f2e8aeca7fa06b23cd4169cefe1af5aa3260783f" +checksum = "e629b9b98ef3dd8afe6ca2bd0f89306cec16d43d907889945bc5d6687f2f13c7" [[package]] name = "gio" @@ -2428,12 +2428,6 @@ dependencies = [ "foldhash", ] -[[package]] -name = "hashbrown" -version = "0.16.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5419bdc4f6a9207fbeba6d11b604d481addf78ecd10c11ad51e76c2f6482748d" - [[package]] name = "hashlink" version = "0.10.0" @@ -2659,7 +2653,7 @@ dependencies = [ "js-sys", "log", "wasm-bindgen", - "windows-core 0.62.0", + "windows-core 0.62.1", ] [[package]] @@ -2826,7 +2820,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "4b0f83760fb341a774ed326568e19f5a863af4a952def8c39f9ab92fd95b88e5" dependencies = [ "equivalent", - "hashbrown 0.16.0", + "hashbrown 0.15.5", "serde", "serde_core", ] @@ -2964,9 +2958,9 @@ dependencies = [ [[package]] name = "js-sys" -version = "0.3.80" +version = "0.3.81" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "852f13bec5eba4ba9afbeb93fd7c13fe56147f055939ae21c43a29a0ecb2702e" +checksum = "ec48937a97411dcb524a265206ccd4c90bb711fca92b2792c407f268825b9305" dependencies = [ "once_cell", "wasm-bindgen", @@ -3263,9 +3257,9 @@ dependencies = [ [[package]] name = "memchr" -version = "2.7.5" +version = "2.7.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "32a282da65faaf38286cf3be983213fcf1d2e2a58700e808f83f4ea9a4804bc0" +checksum = "f52b00d39961fc5b2736ea853c9cc86238e165017a493d1d5c8eac6bdc4cc273" [[package]] name = "memoffset" @@ -3838,9 +3832,9 @@ dependencies = [ [[package]] name = "object" -version = "0.36.7" +version = "0.37.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "62948e14d923ea95ea2c7c86c71013138b66525b86bdc08d2dcc262bdb497b87" +checksum = "ff76201f031d8863c38aa7f905eca4f53abbfa15f609db4277d44cd8938f33fe" dependencies = [ "memchr", ] @@ -4332,7 +4326,7 @@ dependencies = [ "hermit-abi", "pin-project-lite", "rustix 1.1.2", - "windows-sys 0.61.0", + "windows-sys 0.61.1", ] [[package]] @@ -4831,9 +4825,9 @@ dependencies = [ [[package]] name = "regex" -version = "1.11.2" +version = "1.11.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "23d7fd106d8c02486a8d64e778353d1cffe08ce79ac2e82f540c86d0facf6912" +checksum = "8b5288124840bee7b386bc413c487869b360b2b4ec421ea56425128692f2a82c" dependencies = [ "aho-corasick", "memchr", @@ -4843,9 +4837,9 @@ dependencies = [ [[package]] name = "regex-automata" -version = "0.4.10" +version = "0.4.11" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6b9458fa0bfeeac22b5ca447c63aaf45f28439a709ccd244698632f9aa6394d6" +checksum = "833eb9ce86d40ef33cb1306d8accf7bc8ec2bfea4355cbdebb3df68b40925cad" dependencies = [ "aho-corasick", "memchr", @@ -5075,7 +5069,7 @@ dependencies = [ "errno", "libc", "linux-raw-sys 0.11.0", - "windows-sys 0.61.0", + "windows-sys 0.61.1", ] [[package]] @@ -5153,7 +5147,7 @@ version = "0.1.28" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "891d81b926048e76efe18581bf793546b4c0eaf8448d72be8de2bbee5fd166e1" dependencies = [ - "windows-sys 0.61.0", + "windows-sys 0.61.1", ] [[package]] @@ -5291,9 +5285,9 @@ dependencies = [ [[package]] name = "serde" -version = "1.0.226" +version = "1.0.227" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0dca6411025b24b60bfa7ec1fe1f8e710ac09782dca409ee8237ba74b51295fd" +checksum = "80ece43fc6fbed4eb5392ab50c07334d3e577cbf40997ee896fe7af40bba4245" dependencies = [ "serde_core", "serde_derive", @@ -5313,18 +5307,18 @@ dependencies = [ [[package]] name = "serde_core" -version = "1.0.226" +version = "1.0.227" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ba2ba63999edb9dac981fb34b3e5c0d111a69b0924e253ed29d83f7c99e966a4" +checksum = "7a576275b607a2c86ea29e410193df32bc680303c82f31e275bbfcafe8b33be5" dependencies = [ "serde_derive", ] [[package]] name = "serde_derive" -version = "1.0.226" +version = "1.0.227" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8db53ae22f34573731bafa1db20f04027b2d25e02d8205921b569171699cdb33" +checksum = "51e694923b8824cf0e9b382adf0f60d4e05f348f357b38833a3fa5ed7c2ede04" dependencies = [ "proc-macro2", "quote", @@ -6555,7 +6549,7 @@ dependencies = [ "getrandom 0.3.3", "once_cell", "rustix 1.1.2", - "windows-sys 0.61.0", + "windows-sys 0.61.1", ] [[package]] @@ -7439,9 +7433,9 @@ checksum = "b8dad83b4f25e74f184f64c43b150b91efe7647395b42289f38e50566d82855b" [[package]] name = "wasm-bindgen" -version = "0.2.103" +version = "0.2.104" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ab10a69fbd0a177f5f649ad4d8d3305499c42bab9aef2f7ff592d0ec8f833819" +checksum = "c1da10c01ae9f1ae40cbfac0bac3b1e724b320abfcf52229f80b547c0d250e2d" dependencies = [ "cfg-if", "once_cell", @@ -7452,9 +7446,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-backend" -version = "0.2.103" +version = "0.2.104" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0bb702423545a6007bbc368fde243ba47ca275e549c8a28617f56f6ba53b1d1c" +checksum = "671c9a5a66f49d8a47345ab942e2cb93c7d1d0339065d4f8139c486121b43b19" dependencies = [ "bumpalo", "log", @@ -7466,9 +7460,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-futures" -version = "0.4.53" +version = "0.4.54" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a0b221ff421256839509adbb55998214a70d829d3a28c69b4a6672e9d2a42f67" +checksum = "7e038d41e478cc73bae0ff9b36c60cff1c98b8f38f8d7e8061e79ee63608ac5c" dependencies = [ "cfg-if", "js-sys", @@ -7479,9 +7473,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-macro" -version = "0.2.103" +version = "0.2.104" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fc65f4f411d91494355917b605e1480033152658d71f722a90647f56a70c88a0" +checksum = "7ca60477e4c59f5f2986c50191cd972e3a50d8a95603bc9434501cf156a9a119" dependencies = [ "quote", "wasm-bindgen-macro-support", @@ -7489,9 +7483,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-macro-support" -version = "0.2.103" +version = "0.2.104" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ffc003a991398a8ee604a401e194b6b3a39677b3173d6e74495eb51b82e99a32" +checksum = "9f07d2f20d4da7b26400c9f4a0511e6e0345b040694e8a75bd41d578fa4421d7" dependencies = [ "proc-macro2", "quote", @@ -7502,9 +7496,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-shared" -version = "0.2.103" +version = "0.2.104" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "293c37f4efa430ca14db3721dfbe48d8c33308096bd44d80ebaa775ab71ba1cf" +checksum = "bad67dc8b2a1a6e5448428adec4c3e84c43e561d8c9ee8a9e5aabeb193ec41d1" dependencies = [ "unicode-ident", ] @@ -7597,9 +7591,9 @@ dependencies = [ [[package]] name = "web-sys" -version = "0.3.80" +version = "0.3.81" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fbe734895e869dc429d78c4b433f8d17d95f8d05317440b4fad5ab2d33e596dc" +checksum = "9367c417a924a74cae129e6a2ae3b47fabb1f8995595ab474029da749a8be120" dependencies = [ "js-sys", "wasm-bindgen", @@ -7764,7 +7758,7 @@ version = "0.1.11" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c2a7b1c03c876122aa43f3020e6c3c3ee5c05081c9a00739faf7503aeba10d22" dependencies = [ - "windows-sys 0.61.0", + "windows-sys 0.61.1", ] [[package]] @@ -7825,9 +7819,9 @@ dependencies = [ [[package]] name = "windows-core" -version = "0.62.0" +version = "0.62.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "57fe7168f7de578d2d8a05b07fd61870d2e73b4020e9f49aa00da8471723497c" +checksum = "6844ee5416b285084d3d3fffd743b925a6c9385455f64f6d4fa3031c4c2749a9" dependencies = [ "windows-implement", "windows-interface", @@ -7849,9 +7843,9 @@ dependencies = [ [[package]] name = "windows-implement" -version = "0.60.0" +version = "0.60.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a47fddd13af08290e67f4acabf4b459f647552718f683a7b415d290ac744a836" +checksum = "edb307e42a74fb6de9bf3a02d9712678b22399c87e6fa869d6dfcd8c1b7754e0" dependencies = [ "proc-macro2", "quote", @@ -7860,9 +7854,9 @@ dependencies = [ [[package]] name = "windows-interface" -version = "0.59.1" +version = "0.59.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bd9211b69f8dcdfa817bfd14bf1c97c9188afa36f4750130fcdf3f400eca9fa8" +checksum = "c0abd1ddbc6964ac14db11c7213d6532ef34bd9aa042c2e5935f59d7908b46a5" dependencies = [ "proc-macro2", "quote", @@ -7991,14 +7985,14 @@ version = "0.60.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f2f500e4d28234f72040990ec9d39e3a6b950f9f22d3dba18416c35882612bcb" dependencies = [ - "windows-targets 0.53.3", + "windows-targets 0.53.4", ] [[package]] name = "windows-sys" -version = "0.61.0" +version = "0.61.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e201184e40b2ede64bc2ea34968b28e33622acdbbf37104f0e4a33f7abe657aa" +checksum = "6f109e41dd4a3c848907eb83d5a42ea98b3769495597450cf6d153507b166f0f" dependencies = [ "windows-link 0.2.0", ] @@ -8051,11 +8045,11 @@ dependencies = [ [[package]] name = "windows-targets" -version = "0.53.3" +version = "0.53.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d5fe6031c4041849d7c496a8ded650796e7b6ecc19df1a431c1a363342e5dc91" +checksum = "2d42b7b7f66d2a06854650af09cfdf8713e427a439c97ad65a6375318033ac4b" dependencies = [ - "windows-link 0.1.3", + "windows-link 0.2.0", "windows_aarch64_gnullvm 0.53.0", "windows_aarch64_msvc 0.53.0", "windows_i686_gnu 0.53.0", @@ -8077,9 +8071,9 @@ dependencies = [ [[package]] name = "windows-version" -version = "0.1.5" +version = "0.1.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "69e061eb0a22b4a1d778ad70f7575ec7845490abb35b08fa320df7895882cacb" +checksum = "700dad7c058606087f6fdc1f88da5841e06da40334413c6cd4367b25ef26d24e" dependencies = [ "windows-link 0.2.0", ] From bead78839728c0d34df332137c200285dc0ce37c Mon Sep 17 00:00:00 2001 From: Jacek Chmielewski Date: Mon, 29 Sep 2025 15:47:33 +0200 Subject: [PATCH 03/10] Periodic sbom regeneration (#599) * regenerate sboms and advisories periodically * remove branch push trigger --- .github/workflows/sbom-regenerate.yml | 35 ++++++++++++++++++++++++ .github/workflows/sbom.yml | 39 +++++++++++++++++++-------- 2 files changed, 63 insertions(+), 11 deletions(-) create mode 100644 .github/workflows/sbom-regenerate.yml diff --git a/.github/workflows/sbom-regenerate.yml b/.github/workflows/sbom-regenerate.yml new file mode 100644 index 00000000..d3c7522c --- /dev/null +++ b/.github/workflows/sbom-regenerate.yml @@ -0,0 +1,35 @@ +name: Periodic SBOM Regeneration + +on: + schedule: + - cron: '30 2 * * *' # 2:30 AM UTC + +jobs: + list-releases: + name: List releases + runs-on: ubuntu-latest + outputs: + releases: ${{ steps.get-releases.outputs.releases }} + steps: + - name: Get list of releases + id: get-releases + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + RELEASES_JSON=$(gh api repos/${{ github.repository }}/releases \ + --jq '[.[] | select(.draft == false) | {tagName: .tag_name, uploadUrl: .upload_url}][:1]') + echo "releases=$RELEASES_JSON" >> $GITHUB_OUTPUT + regenerate-for-release: + name: Regenerate SBOM for release + needs: list-releases + # Don't run if no releases were found. + if: needs.list-releases.outputs.releases != '[]' + strategy: + fail-fast: false + matrix: + release: ${{ fromJson(needs.list-releases.outputs.releases) }} + uses: ./.github/workflows/sbom.yml + with: + upload_url: ${{ matrix.release.uploadUrl }} + tag: ${{ matrix.release.tagName }} + secrets: inherit diff --git a/.github/workflows/sbom.yml b/.github/workflows/sbom.yml index c470ea02..e7f357ec 100644 --- a/.github/workflows/sbom.yml +++ b/.github/workflows/sbom.yml @@ -7,39 +7,56 @@ on: description: "Release assets upload URL" required: true type: string + tag: + description: "The git tag to generate SBOM for - used in scheduled runs" + required: false + type: string jobs: create-sbom: - runs-on: self-hosted + runs-on: [self-hosted, Linux, X64] steps: + - name: Determine release tag and version + id: vars + # Uses inputs.tag for scheduled runs, otherwise github.ref_name. + run: | + TAG_NAME=${{ inputs.tag || github.ref_name }} + VERSION=${TAG_NAME#v} + echo "TAG_NAME=$TAG_NAME" >> $GITHUB_OUTPUT + echo "VERSION=$VERSION" >> $GITHUB_OUTPUT + - name: Checkout uses: actions/checkout@v4 with: submodules: recursive - # Store the version, stripping any v-prefix - - name: Write release version - run: | - VERSION=${GITHUB_REF_NAME#v} - echo Version: $VERSION - echo "VERSION=$VERSION" >> $GITHUB_ENV - - name: Create SBOM with Trivy uses: aquasecurity/trivy-action@0.33.1 with: scan-type: 'fs' format: 'spdx-json' - output: "defguard-client-${{ env.VERSION }}.sbom.json" + output: "defguard-client-${{ steps.vars.outputs.VERSION }}.sbom.json" + scan-ref: '.' + severity: "CRITICAL,HIGH,MEDIUM,LOW" + scanners: "vuln" + + - name: Create security advisory file with Trivy + uses: aquasecurity/trivy-action@0.33.1 + with: + scan-type: 'fs' + format: 'json' + output: "defguard-client-${{ steps.vars.outputs.VERSION }}.advisories.json" scan-ref: '.' severity: "CRITICAL,HIGH,MEDIUM,LOW" scanners: "vuln" - - name: Upload SBOM + - name: Upload SBOMs and advisories uses: shogo82148/actions-upload-release-asset@v1 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: upload_url: ${{ inputs.upload_url }} - asset_path: "defguard-*.sbom.json" + asset_path: "defguard-*.json" asset_content_type: application/octet-stream + overwrite: true From 338e83b0bc2f63a4197284a0a888a9c99cdfc72d Mon Sep 17 00:00:00 2001 From: Jacek Chmielewski Date: Tue, 30 Sep 2025 09:49:33 +0200 Subject: [PATCH 04/10] only generate sbom for full releases --- .github/workflows/sbom-regenerate.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/sbom-regenerate.yml b/.github/workflows/sbom-regenerate.yml index d3c7522c..3ecb2e6e 100644 --- a/.github/workflows/sbom-regenerate.yml +++ b/.github/workflows/sbom-regenerate.yml @@ -17,7 +17,9 @@ jobs: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | RELEASES_JSON=$(gh api repos/${{ github.repository }}/releases \ - --jq '[.[] | select(.draft == false) | {tagName: .tag_name, uploadUrl: .upload_url}][:1]') + --jq '[.[] + | select(.draft == false and (.tag_name | test("^v[0-9]+\\.[0-9]+\\.[0-9]+$"))) + | {tagName: .tag_name, uploadUrl: .upload_url}][:1]') echo "releases=$RELEASES_JSON" >> $GITHUB_OUTPUT regenerate-for-release: name: Regenerate SBOM for release From 218135d0ba05b13f5f5c4a0a936b6f411a480803 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maciej=20W=C3=B3jcik?= Date: Fri, 3 Oct 2025 08:01:28 +0200 Subject: [PATCH 05/10] bump version to 1.5.2 --- nix/package.nix | 2 +- package.json | 4 ++-- src-tauri/Cargo.lock | 6 +++--- src-tauri/Cargo.toml | 2 +- src-tauri/tauri.conf.json | 4 ++-- 5 files changed, 9 insertions(+), 9 deletions(-) diff --git a/nix/package.nix b/nix/package.nix index cad9c48b..0ec4456a 100644 --- a/nix/package.nix +++ b/nix/package.nix @@ -6,7 +6,7 @@ makeDesktopItem, }: let pname = "defguard-client"; - version = "1.5.1"; # TODO: Get this from Cargo.toml or git + version = "1.5.2"; # TODO: Get this from Cargo.toml or git desktopItem = makeDesktopItem { name = pname; diff --git a/package.json b/package.json index ee8a6109..f3cd54b6 100644 --- a/package.json +++ b/package.json @@ -1,7 +1,7 @@ { "name": "defguard-client", "private": false, - "version": "1.5.1", + "version": "1.5.2", "type": "module", "scripts": { "dev": "npm-run-all --parallel vite typesafe-i18n", @@ -132,4 +132,4 @@ "volta": { "node": "20.5.1" } -} +} \ No newline at end of file diff --git a/src-tauri/Cargo.lock b/src-tauri/Cargo.lock index dd6fcaff..f9647ce4 100644 --- a/src-tauri/Cargo.lock +++ b/src-tauri/Cargo.lock @@ -909,7 +909,7 @@ dependencies = [ [[package]] name = "common" -version = "1.5.1" +version = "1.5.2" dependencies = [ "nix", ] @@ -1263,7 +1263,7 @@ checksum = "be1e0bca6c3637f992fc1cc7cbc52a78c1ef6db076dbf1059c4323d6a2048376" [[package]] name = "defguard-client" -version = "1.5.1" +version = "1.5.2" dependencies = [ "anyhow", "base64 0.22.1", @@ -1321,7 +1321,7 @@ dependencies = [ [[package]] name = "defguard-dg" -version = "1.5.1" +version = "1.5.2" dependencies = [ "clap", "common", diff --git a/src-tauri/Cargo.toml b/src-tauri/Cargo.toml index e7ec0f43..466a0b5d 100644 --- a/src-tauri/Cargo.toml +++ b/src-tauri/Cargo.toml @@ -31,7 +31,7 @@ edition = "2021" homepage = "https://github.com/DefGuard/client" license-file = "../LICENSE.md" rust-version = "1.80" -version = "1.5.1" +version = "1.5.2" [package] name = "defguard-client" diff --git a/src-tauri/tauri.conf.json b/src-tauri/tauri.conf.json index a9a3ed85..8c9b8904 100644 --- a/src-tauri/tauri.conf.json +++ b/src-tauri/tauri.conf.json @@ -72,7 +72,7 @@ "productName": "defguard-client", "mainBinaryName": "defguard-client", "identifier": "net.defguard", - "version": "1.5.1", + "version": "1.5.2", "app": { "security": { "capabilities": [ @@ -107,4 +107,4 @@ } } } -} +} \ No newline at end of file From b3c146435db3f0f5ff3edd615c7c246b2d9db5a5 Mon Sep 17 00:00:00 2001 From: Adam Date: Fri, 3 Oct 2025 10:45:26 +0200 Subject: [PATCH 06/10] Fix pnpm build (#606) --- .github/workflows/release.yaml | 6 +++--- README.md | 6 ------ 2 files changed, 3 insertions(+), 9 deletions(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index a9073548..d1b9c831 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -85,12 +85,12 @@ jobs: VERSION=$(echo ${GITHUB_REF_NAME#v} | cut -d '-' -f1) echo Version: $VERSION echo "VERSION=$VERSION" >> ${GITHUB_ENV} - - uses: actions/setup-node@v4 + - uses: actions/setup-node@v5 with: - node-version: "22" + node-version: "24" - uses: pnpm/action-setup@v4 with: - version: 10 + version: 10.17 run_install: false - name: Get pnpm store directory shell: bash diff --git a/README.md b/README.md index 3d94ae36..64c52278 100644 --- a/README.md +++ b/README.md @@ -72,12 +72,6 @@ Built packages are available after in `src-tauri/target/release/bundle`. Remove `default-run` line from `[package]` section in `Cargo.toml` to build the project. -# Built and sponsored by - -

- build by teonite -

- # Legal WireGuard® is [registered trademarks](https://www.wireguard.com/trademark-policy/) of Jason A. Donenfeld. From a22afa95358de558f33f5bfc8e381a2e8636ae40 Mon Sep 17 00:00:00 2001 From: jakub-tldr <78603704+jakub-tldr@users.noreply.github.com> Date: Tue, 7 Oct 2025 09:16:16 +0200 Subject: [PATCH 07/10] Build Ubuntu 22/Debian 12 package (#611) --- .github/workflows/release.yaml | 83 +++++++++++++++++++++++++++++++--- 1 file changed, 77 insertions(+), 6 deletions(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index d1b9c831..aa681a20 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -1,9 +1,3 @@ -name: "Build app and create release" -on: - push: - tags: - - v*.*.* - jobs: build-wireguard-go: strategy: @@ -57,6 +51,83 @@ jobs: uses: ./.github/workflows/sbom.yml with: upload_url: ${{ needs.create-release.outputs.upload_url }} + ubuntu-22-04-build: + needs: + - create-release + runs-on: + - self-hosted + - Linux + - ${{ matrix.architecture }} + strategy: + fail-fast: false + matrix: + architecture: [ARM64, X64] + include: + - architecture: ARM64 + deb_arch: arm64 + binary_arch: aarch64 + - architecture: X64 + deb_arch: amd64 + binary_arch: x86_64 + container: + image: ubuntu:22.04 + env: + DEBIAN_FRONTEND: noninteractive + HOME: /root + RUSTUP_HOME: /root/.rustup + CARGO_HOME: /root/.cargo + steps: + - name: git install + run: | + apt-get update + apt-get install -y git curl ca-certificates + git config --global --add safe.directory '*' + - uses: actions/checkout@v5 + with: + submodules: "recursive" + - uses: pnpm/action-setup@v4 + with: + version: 10.17 + run_install: false + - uses: actions/setup-node@v5 + with: + node-version: "24" + - name: Get pnpm store directory + run: | + echo "STORE_PATH=$(pnpm store path --silent)" >> ${GITHUB_ENV} + - name: Write release version + run: | + VERSION=$(echo ${GITHUB_REF_NAME#v} | cut -d '-' -f1) + echo Version: $VERSION + echo "VERSION=$VERSION" >> ${GITHUB_ENV} + - uses: actions/cache@v4 + name: Setup pnpm cache + with: + path: ${{ env.STORE_PATH }} + key: ${{ runner.os }}-pnpm-build-store-${{ hashFiles('**/pnpm-lock.yaml') }} + restore-keys: | + ${{ runner.os }}-pnpm-build-store- + - name: Install Node dependencies + run: pnpm install --frozen-lockfile + - uses: dtolnay/rust-toolchain@stable + - name: Install dependencies + run: | + apt-get install -y build-essential libgtk-3-dev libwebkit2gtk-4.1-dev libayatana-appindicator3-dev librsvg2-dev patchelf libssl-dev libxdo-dev unzip protobuf-compiler libprotobuf-dev rpm + - name: Build packages + uses: tauri-apps/tauri-action@v0 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + args: "--bundles deb" + - name: Upload DEB + uses: actions/upload-release-asset@v1 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + upload_url: ${{ needs.create-release.outputs.upload_url }} + asset_path: src-tauri/target/release/bundle/deb/defguard-client_${{ env.VERSION }}_${{ matrix.deb_arch }}.deb + asset_name: defguard-client_${{ env.VERSION }}_${{ matrix.deb_arch }}_ubuntu-22-04-lts.deb + asset_content_type: application/octet-stream build-linux: needs: From 8706cead2abc2483a7d1dbd84ce27c61b050433b Mon Sep 17 00:00:00 2001 From: Jacek Chmielewski Date: Mon, 13 Oct 2025 04:39:34 -0700 Subject: [PATCH 08/10] Setup ctrl+q keyboard shortcut (#618) * register shortcut * ctrl+q keyboard shortcut closes active connections and exits --- src-tauri/Cargo.lock | 40 ++++++++++++++++++++++++++++ src-tauri/Cargo.toml | 1 + src-tauri/src/bin/defguard-client.rs | 15 +++++++++++ 3 files changed, 56 insertions(+) diff --git a/src-tauri/Cargo.lock b/src-tauri/Cargo.lock index f9647ce4..3c7eba8d 100644 --- a/src-tauri/Cargo.lock +++ b/src-tauri/Cargo.lock @@ -1293,6 +1293,7 @@ dependencies = [ "tauri-plugin-deep-link", "tauri-plugin-dialog", "tauri-plugin-fs", + "tauri-plugin-global-shortcut", "tauri-plugin-http", "tauri-plugin-log", "tauri-plugin-notification", @@ -2298,6 +2299,24 @@ version = "0.3.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0cc23270f6e1808e30a928bdc84dea0b9b4136a8bc82338574f23baf47bbd280" +[[package]] +name = "global-hotkey" +version = "0.7.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b9247516746aa8e53411a0db9b62b0e24efbcf6a76e0ba73e5a91b512ddabed7" +dependencies = [ + "crossbeam-channel", + "keyboard-types", + "objc2 0.6.2", + "objc2-app-kit", + "once_cell", + "serde", + "thiserror 2.0.16", + "windows-sys 0.59.0", + "x11rb", + "xkeysym", +] + [[package]] name = "gloo-timers" version = "0.3.0" @@ -6291,6 +6310,21 @@ dependencies = [ "url", ] +[[package]] +name = "tauri-plugin-global-shortcut" +version = "2.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6df9f0f7bf2fe768b85fee4951c2505a35b72c44df1f6403e74e110bc13c5f58" +dependencies = [ + "global-hotkey", + "log", + "serde", + "serde_json", + "tauri", + "tauri-plugin", + "thiserror 2.0.16", +] + [[package]] name = "tauri-plugin-http" version = "2.5.2" @@ -8431,6 +8465,12 @@ dependencies = [ "zeroize", ] +[[package]] +name = "xkeysym" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b9cc00251562a284751c9973bace760d86c0276c471b4be569fe6b068ee97a56" + [[package]] name = "yoke" version = "0.8.0" diff --git a/src-tauri/Cargo.toml b/src-tauri/Cargo.toml index 466a0b5d..85b570e7 100644 --- a/src-tauri/Cargo.toml +++ b/src-tauri/Cargo.toml @@ -110,6 +110,7 @@ x25519-dalek = { version = "2", features = [ "serde", "static_secrets", ] } +tauri-plugin-global-shortcut = "2.3.0" [target.'cfg(unix)'.dependencies] hyper-util = "0.1" diff --git a/src-tauri/src/bin/defguard-client.rs b/src-tauri/src/bin/defguard-client.rs index c9a337d3..76514a4a 100644 --- a/src-tauri/src/bin/defguard-client.rs +++ b/src-tauri/src/bin/defguard-client.rs @@ -28,6 +28,7 @@ use log::{Level, LevelFilter}; #[cfg(target_os = "macos")] use tauri::{process, Env}; use tauri::{AppHandle, Builder, Manager, RunEvent, WindowEvent}; +use tauri_plugin_global_shortcut::{Code, GlobalShortcutExt, Modifiers, Shortcut, ShortcutState}; use tauri_plugin_log::{Target, TargetKind}; #[macro_use] @@ -263,6 +264,20 @@ fn main() { .build(), )?; + // Setup ctrl-q keyboard shortcut + let ctrl_q_shortcut = Shortcut::new(Some(Modifiers::CONTROL), Code::KeyQ); + app_handle.plugin( + tauri_plugin_global_shortcut::Builder::new() + .with_handler(move |app, shortcut, event| { + if shortcut == &ctrl_q_shortcut && event.state() == ShortcutState::Pressed { + info!("Ctrl-Q pressed, closing active connections and exiting"); + app.exit(0); + } + }) + .build(), + )?; + app.global_shortcut().register(ctrl_q_shortcut)?; + let state = AppState::new(config); app.manage(state); From fa11096a10de31f5c75968a22f81013bc6364459 Mon Sep 17 00:00:00 2001 From: jakub-tldr <78603704+jakub-tldr@users.noreply.github.com> Date: Tue, 14 Oct 2025 19:05:56 +0200 Subject: [PATCH 09/10] undo unnecessary deletion (#620) --- .github/workflows/release.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index aa681a20..67e125a6 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -1,3 +1,8 @@ +name: "Build app and create release" +on: + push: + tags: + - v*.*.* jobs: build-wireguard-go: strategy: From c9f89f344332e392a67265284bf2a085ff8b6a8d Mon Sep 17 00:00:00 2001 From: Jacek Chmielewski Date: Wed, 22 Oct 2025 11:24:19 +0200 Subject: [PATCH 10/10] Fix ctrl+q keyboard shortcut (#632) * Revert "Setup ctrl+q keyboard shortcut (#618)" This reverts commit 8706cead2abc2483a7d1dbd84ce27c61b050433b. * ctrl+q keyboard shortcut using the process plugin * update cargo-deny ignores * fix deny.toml comments * use useHotkeys react hook --- package.json | 2 ++ pnpm-lock.yaml | 24 +++++++++++++ src-tauri/Cargo.lock | 51 ++++++---------------------- src-tauri/Cargo.toml | 2 +- src-tauri/capabilities/default.json | 1 + src-tauri/deny.toml | 5 +++ src-tauri/src/bin/defguard-client.rs | 16 +-------- src/components/App/App.tsx | 10 +++++- 8 files changed, 54 insertions(+), 57 deletions(-) diff --git a/package.json b/package.json index f3cd54b6..83aa787e 100644 --- a/package.json +++ b/package.json @@ -64,6 +64,7 @@ "@tauri-apps/plugin-notification": "^2.3.1", "@tauri-apps/plugin-opener": "^2.5.0", "@tauri-apps/plugin-os": "^2.3.1", + "@tauri-apps/plugin-process": "^2.3.0", "@tauri-apps/plugin-window-state": "^2.4.0", "@types/byte-size": "^8.1.2", "@use-gesture/react": "^10.3.1", @@ -92,6 +93,7 @@ "react-click-away-listener": "^2.4.0", "react-dom": "^19.1.1", "react-hook-form": "^7.63.0", + "react-hotkeys-hook": "^5.2.1", "react-loading-skeleton": "^3.5.0", "react-markdown": "^10.1.0", "react-qr-code": "^2.0.18", diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index b2cd5ffb..524c4d09 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -59,6 +59,9 @@ importers: '@tauri-apps/plugin-os': specifier: ^2.3.1 version: 2.3.1 + '@tauri-apps/plugin-process': + specifier: ^2.3.0 + version: 2.3.0 '@tauri-apps/plugin-window-state': specifier: ^2.4.0 version: 2.4.0 @@ -143,6 +146,9 @@ importers: react-hook-form: specifier: ^7.63.0 version: 7.63.0(react@19.1.1) + react-hotkeys-hook: + specifier: ^5.2.1 + version: 5.2.1(react-dom@19.1.1(react@19.1.1))(react@19.1.1) react-loading-skeleton: specifier: ^3.5.0 version: 3.5.0(react@19.1.1) @@ -1207,6 +1213,9 @@ packages: '@tauri-apps/plugin-os@2.3.1': resolution: {integrity: sha512-ty5V8XDUIFbSnrk3zsFoP3kzN+vAufYzalJSlmrVhQTImIZa1aL1a03bOaP2vuBvfR+WDRC6NgV2xBl8G07d+w==} + '@tauri-apps/plugin-process@2.3.0': + resolution: {integrity: sha512-0DNj6u+9csODiV4seSxxRbnLpeGYdojlcctCuLOCgpH9X3+ckVZIEj6H7tRQ7zqWr7kSTEWnrxtAdBb0FbtrmQ==} + '@tauri-apps/plugin-window-state@2.4.0': resolution: {integrity: sha512-hRSzPNi2NG0lPFthfVY0V5C1MyWN/gGaQtQYw7i9zZhLzrhZveHZ2omHG1rIiIsjfTGbO7fhjydSoeTTK9GqLw==} @@ -2458,6 +2467,12 @@ packages: peerDependencies: react: ^16.8.0 || ^17 || ^18 || ^19 + react-hotkeys-hook@5.2.1: + resolution: {integrity: sha512-xbKh6zJxd/vJHT4Bw4+0pBD662Fk20V+VFhLqciCg+manTVO4qlqRqiwFOYelfHN9dBvWj9vxaPkSS26ZSIJGg==} + peerDependencies: + react: '>=16.8.0' + react-dom: '>=16.8.0' + react-is@16.13.1: resolution: {integrity: sha512-24e6ynE2H+OKt4kqsOvNd8kBpV65zoxbA4BVsEOB3ARVWQki/DHzaUoC5KuON/BiccDaCCTZBuOcfZs70kR8bQ==} @@ -3845,6 +3860,10 @@ snapshots: dependencies: '@tauri-apps/api': 2.8.0 + '@tauri-apps/plugin-process@2.3.0': + dependencies: + '@tauri-apps/api': 2.8.0 + '@tauri-apps/plugin-window-state@2.4.0': dependencies: '@tauri-apps/api': 2.8.0 @@ -5285,6 +5304,11 @@ snapshots: dependencies: react: 19.1.1 + react-hotkeys-hook@5.2.1(react-dom@19.1.1(react@19.1.1))(react@19.1.1): + dependencies: + react: 19.1.1 + react-dom: 19.1.1(react@19.1.1) + react-is@16.13.1: {} react-is@18.3.1: {} diff --git a/src-tauri/Cargo.lock b/src-tauri/Cargo.lock index 3c7eba8d..dc335b73 100644 --- a/src-tauri/Cargo.lock +++ b/src-tauri/Cargo.lock @@ -1293,12 +1293,12 @@ dependencies = [ "tauri-plugin-deep-link", "tauri-plugin-dialog", "tauri-plugin-fs", - "tauri-plugin-global-shortcut", "tauri-plugin-http", "tauri-plugin-log", "tauri-plugin-notification", "tauri-plugin-opener", "tauri-plugin-os", + "tauri-plugin-process", "tauri-plugin-single-instance", "tauri-plugin-window-state", "thiserror 2.0.16", @@ -2299,24 +2299,6 @@ version = "0.3.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0cc23270f6e1808e30a928bdc84dea0b9b4136a8bc82338574f23baf47bbd280" -[[package]] -name = "global-hotkey" -version = "0.7.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b9247516746aa8e53411a0db9b62b0e24efbcf6a76e0ba73e5a91b512ddabed7" -dependencies = [ - "crossbeam-channel", - "keyboard-types", - "objc2 0.6.2", - "objc2-app-kit", - "once_cell", - "serde", - "thiserror 2.0.16", - "windows-sys 0.59.0", - "x11rb", - "xkeysym", -] - [[package]] name = "gloo-timers" version = "0.3.0" @@ -6310,21 +6292,6 @@ dependencies = [ "url", ] -[[package]] -name = "tauri-plugin-global-shortcut" -version = "2.3.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6df9f0f7bf2fe768b85fee4951c2505a35b72c44df1f6403e74e110bc13c5f58" -dependencies = [ - "global-hotkey", - "log", - "serde", - "serde_json", - "tauri", - "tauri-plugin", - "thiserror 2.0.16", -] - [[package]] name = "tauri-plugin-http" version = "2.5.2" @@ -6430,6 +6397,16 @@ dependencies = [ "thiserror 2.0.16", ] +[[package]] +name = "tauri-plugin-process" +version = "2.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7461c622a5ea00eb9cd9f7a08dbd3bf79484499fd5c21aa2964677f64ca651ab" +dependencies = [ + "tauri", + "tauri-plugin", +] + [[package]] name = "tauri-plugin-single-instance" version = "2.3.4" @@ -8465,12 +8442,6 @@ dependencies = [ "zeroize", ] -[[package]] -name = "xkeysym" -version = "0.2.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b9cc00251562a284751c9973bace760d86c0276c471b4be569fe6b068ee97a56" - [[package]] name = "yoke" version = "0.8.0" diff --git a/src-tauri/Cargo.toml b/src-tauri/Cargo.toml index 85b570e7..6fc6485b 100644 --- a/src-tauri/Cargo.toml +++ b/src-tauri/Cargo.toml @@ -110,7 +110,7 @@ x25519-dalek = { version = "2", features = [ "serde", "static_secrets", ] } -tauri-plugin-global-shortcut = "2.3.0" +tauri-plugin-process = "2.3.0" [target.'cfg(unix)'.dependencies] hyper-util = "0.1" diff --git a/src-tauri/capabilities/default.json b/src-tauri/capabilities/default.json index c171d2b6..d8b4de1b 100644 --- a/src-tauri/capabilities/default.json +++ b/src-tauri/capabilities/default.json @@ -48,6 +48,7 @@ "os:allow-hostname", "dialog:default", "clipboard-manager:allow-write-text", + "process:allow-exit", { "identifier": "http:default", "allow": [ diff --git a/src-tauri/deny.toml b/src-tauri/deny.toml index f0d3f368..d7769622 100644 --- a/src-tauri/deny.toml +++ b/src-tauri/deny.toml @@ -87,6 +87,11 @@ ignore = [ { id = "RUSTSEC-2024-0420", reason = "Tauri v2 GTK3 dependency (unmaintained)" }, { id = "RUSTSEC-2025-0052", reason = "Discontinued, but dark-light v2.0.0 needs it" }, { id = "RUSTSEC-2025-0057", reason = "Tauri needs it" }, + { id = "RUSTSEC-2025-0075", reason = "Tauri v2 dependency (unmaintained)" }, + { id = "RUSTSEC-2025-0080", reason = "Tauri v2 dependency (unmaintained)" }, + { id = "RUSTSEC-2025-0081", reason = "Tauri v2 dependency (unmaintained)" }, + { id = "RUSTSEC-2025-0098", reason = "Tauri v2 dependency (unmaintained)" }, + { id = "RUSTSEC-2025-0100", reason = "Tauri v2 dependency (unmaintained)" }, ] # If this is true, then cargo deny will use the git executable to fetch advisory database. # If this is false, then it uses a built-in git library. diff --git a/src-tauri/src/bin/defguard-client.rs b/src-tauri/src/bin/defguard-client.rs index 76514a4a..0b4411e6 100644 --- a/src-tauri/src/bin/defguard-client.rs +++ b/src-tauri/src/bin/defguard-client.rs @@ -28,7 +28,6 @@ use log::{Level, LevelFilter}; #[cfg(target_os = "macos")] use tauri::{process, Env}; use tauri::{AppHandle, Builder, Manager, RunEvent, WindowEvent}; -use tauri_plugin_global_shortcut::{Code, GlobalShortcutExt, Modifiers, Shortcut, ShortcutState}; use tauri_plugin_log::{Target, TargetKind}; #[macro_use] @@ -185,6 +184,7 @@ fn main() { .plugin(tauri_plugin_window_state::Builder::new().build()) .plugin(tauri_plugin_opener::init()) .plugin(tauri_plugin_os::init()) + .plugin(tauri_plugin_process::init()) .setup(|app| { // Register for linux and dev windows builds #[cfg(any(target_os = "linux", all(debug_assertions, windows)))] @@ -264,20 +264,6 @@ fn main() { .build(), )?; - // Setup ctrl-q keyboard shortcut - let ctrl_q_shortcut = Shortcut::new(Some(Modifiers::CONTROL), Code::KeyQ); - app_handle.plugin( - tauri_plugin_global_shortcut::Builder::new() - .with_handler(move |app, shortcut, event| { - if shortcut == &ctrl_q_shortcut && event.state() == ShortcutState::Pressed { - info!("Ctrl-Q pressed, closing active connections and exiting"); - app.exit(0); - } - }) - .build(), - )?; - app.global_shortcut().register(ctrl_q_shortcut)?; - let state = AppState::new(config); app.manage(state); diff --git a/src/components/App/App.tsx b/src/components/App/App.tsx index 5bc83de6..df7132cf 100644 --- a/src/components/App/App.tsx +++ b/src/components/App/App.tsx @@ -4,7 +4,7 @@ import '../../shared/scss/index.scss'; import { QueryClient } from '@tanstack/query-core'; import { QueryClientProvider } from '@tanstack/react-query'; -import { debug } from '@tauri-apps/plugin-log'; +import { debug, info } from '@tauri-apps/plugin-log'; import { openUrl } from '@tauri-apps/plugin-opener'; import dayjs from 'dayjs'; import customParseData from 'dayjs/plugin/customParseFormat'; @@ -38,6 +38,8 @@ import { useTheme } from '../../shared/defguard-ui/hooks/theme/useTheme'; import { ThemeProvider } from '../../shared/providers/ThemeProvider/ThemeProvider'; import { routes } from '../../shared/routes'; import { ApplicationUpdateManager } from '../ApplicationUpdateManager/ApplicationUpdateManager'; +import { exit } from '@tauri-apps/plugin-process'; +import { useHotkeys } from 'react-hotkeys-hook'; dayjs.extend(duration); dayjs.extend(utc); @@ -186,6 +188,12 @@ export const App = () => { }; }, []); + // register ctrl+q keyboard shortcut + useHotkeys('ctrl+q', () => { + info("Ctrl-Q pressed, exiting."); + exit(0); + }); + if (!appLoaded) return null; return (