Merge main branch into dev before 1.6-alpha release

.github/workflows/release.yaml

@@ -3,7 +3,6 @@ on:
   push:
     tags:
       - v*.*.*
-
 jobs:
   create-release:
     name: create-release
@@ -23,6 +22,95 @@ jobs:
     uses: ./.github/workflows/sbom.yml
     with:
       upload_url: ${{ needs.create-release.outputs.upload_url }}
+  ubuntu-22-04-build:
+    needs:
+      - create-release
+    runs-on:
+      - self-hosted
+      - Linux
+      - ${{ matrix.architecture }}
+    strategy:
+      fail-fast: false
+      matrix:
+        architecture: [ARM64, X64]
+        include:
+          - architecture: ARM64
+            deb_arch: arm64
+            binary_arch: aarch64
+          - architecture: X64
+            deb_arch: amd64
+            binary_arch: x86_64
+    container:
+      image: ubuntu:22.04
+      env:
+        DEBIAN_FRONTEND: noninteractive
+        HOME: /root
+        RUSTUP_HOME: /root/.rustup
+        CARGO_HOME: /root/.cargo
+    steps:
+      - name: git install
+        run: |
+          apt-get update
+          apt-get install -y git curl ca-certificates
+          git config --global --add safe.directory '*'
+      - uses: actions/checkout@v5
+        with:
+          submodules: "recursive"
+      - uses: pnpm/action-setup@v4
+        with:
+          version: 10.17
+          run_install: false
+      - uses: actions/setup-node@v5
+        with:
+          node-version: "24"
+      - name: Get pnpm store directory
+        run: |
+          echo "STORE_PATH=$(pnpm store path --silent)" >> ${GITHUB_ENV}
+      - name: Write release version
+        run: |
+          VERSION=$(echo ${GITHUB_REF_NAME#v} | cut -d '-' -f1)
+          echo Version: $VERSION
+          echo "VERSION=$VERSION" >> ${GITHUB_ENV}
+      - uses: actions/cache@v4
+        name: Setup pnpm cache
+        with:
+          path: ${{ env.STORE_PATH }}
+          key: ${{ runner.os }}-pnpm-build-store-${{ hashFiles('**/pnpm-lock.yaml') }}
+          restore-keys: |
+            ${{ runner.os }}-pnpm-build-store-
+      - name: Install Node dependencies
+        run: pnpm install --frozen-lockfile
+      - uses: dtolnay/rust-toolchain@stable
+      - name: Install dependencies
+        run: |
+          apt-get install -y build-essential libgtk-3-dev libwebkit2gtk-4.1-dev libayatana-appindicator3-dev librsvg2-dev patchelf libssl-dev libxdo-dev unzip protobuf-compiler libprotobuf-dev rpm
+      - name: Build packages
+        uses: tauri-apps/tauri-action@v0.5.23
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          args: "--bundles deb"
+      - name: Upload DEB
+        uses: actions/upload-release-asset@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          upload_url: ${{ needs.create-release.outputs.upload_url }}
+          asset_path: src-tauri/target/release/bundle/deb/defguard-client_${{ env.VERSION }}_${{ matrix.deb_arch }}.deb
+          asset_name: defguard-client_${{ env.VERSION }}_${{ matrix.deb_arch }}_ubuntu-22-04-lts.deb
+          asset_content_type: application/octet-stream
+      - name: Install ruby with deb-s3
+        if: matrix.build != 'freebsd'
+        run: |
+          apt-get install -y ruby
+          gem install deb-s3
+          echo "$(ruby -r rubygems -e 'puts Gem.user_dir')/bin" >> $GITHUB_PATH
+      - name: Upload DEB to APT repository 
+        run: |
+          COMPONENT=$([[ "${{ github.ref_name }}" == *"-"* ]] && echo "pre-release" || echo "release") # if tag contain "-" assume it's pre-release.
+
+          deb-s3 upload -l --bucket=apt.defguard.net --access-key-id=${{ secrets.AWS_ACCESS_KEY_APT }} --secret-access-key=${{ secrets.AWS_SECRET_KEY_APT }} --s3-region=eu-north-1 --no-fail-if-exists --codename=bookworm --component="$COMPONENT" src-tauri/target/release/bundle/deb/defguard-client_${{ env.VERSION }}_${{ matrix.deb_arch }}.deb
+
 
   build-linux:
     needs:
@@ -468,3 +556,40 @@ jobs:
           asset_path: defguard-client-signed.msi
           asset_name: defguard-client_${{ env.VERSION }}_x64_en-US.msi
           asset_content_type: application/octet-stream
+
+  apt-sign:
+    needs: 
+      - build-linux
+      - ubuntu-22-04-build
+    runs-on:
+      - self-hosted
+      - Linux
+      - X64
+    strategy:
+      fail-fast: false
+    steps:
+      - name: Sign APT repository
+        run: |
+          export AWS_ACCESS_KEY_ID=${{ secrets.AWS_ACCESS_KEY_APT }}
+          export AWS_SECRET_ACCESS_KEY=${{ secrets.AWS_SECRET_KEY_APT }}
+          export AWS_REGION=eu-north-1
+          sudo apt update -y
+          sudo apt install -y awscli curl jq
+
+          for DIST in trixie bookworm; do
+            aws s3 cp s3://apt.defguard.net/dists/${DIST}/Release .
+
+            curl -X POST "${{ secrets.DEFGUARD_SIGNING_URL }}?signature_type=both" \
+              -H "Authorization: Bearer ${{ secrets.DEFGUARD_SIGNING_API_KEY }}" \
+              -F "file=@Release" \
+              -o response.json
+
+            cat response.json | jq -r '.files["Release.gpg"].content' | base64 --decode > Release.gpg
+            cat response.json | jq -r '.files.Release.content' | base64 --decode > InRelease
+
+            aws s3 cp Release.gpg s3://apt.defguard.net/dists/${DIST}/ --acl public-read
+            aws s3 cp InRelease s3://apt.defguard.net/dists/${DIST}/ --acl public-read
+
+          done
+          (aws s3 ls s3://apt.defguard.net/dists/ --recursive; aws s3 ls s3://apt.defguard.net/pool/ --recursive) | awk '{print "<a href=\""$4"\">"$4"</a><br>"}' > index.html
+          aws s3 cp index.html s3://apt.defguard.net/ --acl public-read

package.json

@@ -64,6 +64,7 @@
     "@tauri-apps/plugin-notification": "^2.3.1",
     "@tauri-apps/plugin-opener": "^2.5.0",
     "@tauri-apps/plugin-os": "^2.3.1",
+    "@tauri-apps/plugin-process": "^2.3.0",
     "@tauri-apps/plugin-window-state": "^2.4.0",
     "@types/byte-size": "^8.1.2",
     "@use-gesture/react": "^10.3.1",
@@ -92,6 +93,7 @@
     "react-click-away-listener": "^2.4.0",
     "react-dom": "^19.2.0",
     "react-hook-form": "^7.63.0",
+    "react-hotkeys-hook": "^5.2.1",
     "react-loading-skeleton": "^3.5.0",
     "react-markdown": "^10.1.0",
     "react-qr-code": "^2.0.18",

src-tauri/Cargo.toml

@@ -112,6 +112,7 @@ x25519-dalek = { version = "2", features = [
     "serde",
     "static_secrets",
 ] }
+tauri-plugin-process = "2.3.0"
 
 [target.'cfg(unix)'.dependencies]
 nix = { version = "0.30.1", features = ["user", "fs"] }

src-tauri/capabilities/default.json

@@ -48,6 +48,7 @@
     "os:allow-hostname",
     "dialog:default",
     "clipboard-manager:allow-write-text",
+    "process:allow-exit",
     {
       "identifier": "http:default",
       "allow": [

src-tauri/deny.toml

@@ -87,11 +87,11 @@ ignore = [
     { id = "RUSTSEC-2024-0420", reason = "Tauri v2 GTK3 dependency (unmaintained)" },
     { id = "RUSTSEC-2025-0052", reason = "Discontinued, but dark-light v2.0.0 needs it" },
     { id = "RUSTSEC-2025-0057", reason = "Tauri needs it" },
-    { id = "RUSTSEC-2025-0075", reason = "Tauri v2 GTK3 dependency (unmaintained)" },
-    { id = "RUSTSEC-2025-0080", reason = "Tauri v2 GTK3 dependency (unmaintained)" },
-    { id = "RUSTSEC-2025-0081", reason = "Tauri v2 GTK3 dependency (unmaintained)" },
-    { id = "RUSTSEC-2025-0098", reason = "Tauri v2 GTK3 dependency (unmaintained)" },
-    { id = "RUSTSEC-2025-0100", reason = "Tauri v2 GTK3 dependency (unmaintained)" },
+    { id = "RUSTSEC-2025-0075", reason = "Tauri v2 dependency (unmaintained)" },
+    { id = "RUSTSEC-2025-0080", reason = "Tauri v2 dependency (unmaintained)" },
+    { id = "RUSTSEC-2025-0081", reason = "Tauri v2 dependency (unmaintained)" },
+    { id = "RUSTSEC-2025-0098", reason = "Tauri v2 dependency (unmaintained)" },
+    { id = "RUSTSEC-2025-0100", reason = "Tauri v2 dependency (unmaintained)" },
 ]
 # If this is true, then cargo deny will use the git executable to fetch advisory database.
 # If this is false, then it uses a built-in git library.

src-tauri/src/bin/defguard-client.rs

@@ -160,6 +160,7 @@ fn main() {
         .plugin(tauri_plugin_window_state::Builder::new().build())
         .plugin(tauri_plugin_opener::init())
         .plugin(tauri_plugin_os::init())
+        .plugin(tauri_plugin_process::init())
         .setup(|app| {
             // Register for linux and dev windows builds
             #[cfg(any(target_os = "linux", all(debug_assertions, windows)))]

src/components/App/App.tsx

@@ -4,7 +4,7 @@ import '../../shared/scss/index.scss';
 
 import { QueryClient } from '@tanstack/query-core';
 import { QueryClientProvider } from '@tanstack/react-query';
-import { debug } from '@tauri-apps/plugin-log';
+import { debug, info } from '@tauri-apps/plugin-log';
 import { openUrl } from '@tauri-apps/plugin-opener';
 import dayjs from 'dayjs';
 import customParseData from 'dayjs/plugin/customParseFormat';
@@ -38,6 +38,8 @@ import { useTheme } from '../../shared/defguard-ui/hooks/theme/useTheme';
 import { ThemeProvider } from '../../shared/providers/ThemeProvider/ThemeProvider';
 import { routes } from '../../shared/routes';
 import { ApplicationUpdateManager } from '../ApplicationUpdateManager/ApplicationUpdateManager';
+import { exit } from '@tauri-apps/plugin-process';
+import { useHotkeys } from 'react-hotkeys-hook';
 
 dayjs.extend(duration);
 dayjs.extend(utc);
@@ -186,6 +188,12 @@ export const App = () => {
     };
   }, []);
 
+  // register ctrl+q keyboard shortcut
+  useHotkeys('ctrl+q', () => {
+      info("Ctrl-Q pressed, exiting.");
+      exit(0);
+  });
+
   if (!appLoaded) return null;
 
   return (