@moneysiren/cli 0.1.0-alpha.2 → 0.1.0-alpha.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +2 -2
- package/dist/apps/cli/src/commands/install.js +10 -1
- package/dist/apps/cli/src/release-installer.d.ts +4 -1
- package/dist/apps/cli/src/release-installer.js +25 -2
- package/dist/apps/cli/src/version.d.ts +1 -1
- package/dist/apps/cli/src/version.js +1 -1
- package/dist/packages/local-api/src/server.js +1 -1
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -67,7 +67,7 @@ Install the generated tarball into a temporary project:
|
|
|
67
67
|
mkdir -p /tmp/moneysiren-alpha-review
|
|
68
68
|
cd /tmp/moneysiren-alpha-review
|
|
69
69
|
npm init -y
|
|
70
|
-
npm install /path/to/moneysiren-cli-0.1.0-alpha.
|
|
70
|
+
npm install /path/to/moneysiren-cli-0.1.0-alpha.3.tgz
|
|
71
71
|
npm exec moneysiren
|
|
72
72
|
npm exec moneysiren -- --version
|
|
73
73
|
npm exec moneysiren -- /version
|
|
@@ -83,7 +83,7 @@ PowerShell equivalent for the temporary project:
|
|
|
83
83
|
New-Item -ItemType Directory -Force -Path $env:TEMP\moneysiren-alpha-review
|
|
84
84
|
Set-Location $env:TEMP\moneysiren-alpha-review
|
|
85
85
|
npm init -y
|
|
86
|
-
npm install C:\path\to\moneysiren-cli-0.1.0-alpha.
|
|
86
|
+
npm install C:\path\to\moneysiren-cli-0.1.0-alpha.3.tgz
|
|
87
87
|
npm exec moneysiren
|
|
88
88
|
npm exec moneysiren -- --version
|
|
89
89
|
npm exec moneysiren -- modes
|
|
@@ -229,7 +229,16 @@ function writeReleaseInstallSummary(context, result) {
|
|
|
229
229
|
for (const asset of result.assets) {
|
|
230
230
|
context.stdout(`Downloaded ${asset.surface}: ${asset.name}`);
|
|
231
231
|
context.stdout(` SHA256 verified: ${asset.checksumVerified ? "yes" : "checksum unavailable"}`);
|
|
232
|
-
context.stdout(` Signature
|
|
232
|
+
context.stdout(` Signature status: ${formatSignatureStatus(asset)}`);
|
|
233
233
|
}
|
|
234
234
|
}
|
|
235
|
+
function formatSignatureStatus(asset) {
|
|
236
|
+
if (asset.signatureVerified) {
|
|
237
|
+
return "verified";
|
|
238
|
+
}
|
|
239
|
+
if (asset.signatureStatus === "unsigned-prerelease-accepted") {
|
|
240
|
+
return "unsigned alpha accepted";
|
|
241
|
+
}
|
|
242
|
+
return "not required";
|
|
243
|
+
}
|
|
235
244
|
//# sourceMappingURL=install.js.map
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import type { InstallSurface } from "./install-profile.js";
|
|
2
2
|
export declare const DEFAULT_RELEASE_REPOSITORY = "ztwz11/moneysiren";
|
|
3
|
-
export declare const DEFAULT_RELEASE_TAG = "v0.1.0-alpha.
|
|
3
|
+
export declare const DEFAULT_RELEASE_TAG = "v0.1.0-alpha.3";
|
|
4
4
|
export interface ReleaseInstallOptions {
|
|
5
5
|
env?: Record<string, string | undefined>;
|
|
6
6
|
fetchImpl: typeof fetch;
|
|
@@ -28,16 +28,19 @@ export interface InstalledReleaseAsset {
|
|
|
28
28
|
sha256: string;
|
|
29
29
|
checksumVerified: boolean;
|
|
30
30
|
signatureVerified: boolean;
|
|
31
|
+
signatureStatus: string;
|
|
31
32
|
}
|
|
32
33
|
export interface ReleaseAssetSignatureVerifier {
|
|
33
34
|
verify(input: ReleaseAssetSignatureVerificationInput): Promise<ReleaseAssetSignatureVerificationResult>;
|
|
34
35
|
}
|
|
35
36
|
export interface ReleaseAssetSignatureVerificationInput {
|
|
36
37
|
assetName: string;
|
|
38
|
+
env: Record<string, string | undefined>;
|
|
37
39
|
expectedSignerThumbprints?: readonly string[];
|
|
38
40
|
path: string;
|
|
39
41
|
platform: NodeJS.Platform;
|
|
40
42
|
surface: Exclude<InstallSurface, "cli">;
|
|
43
|
+
tag: string;
|
|
41
44
|
}
|
|
42
45
|
export interface ReleaseAssetSignatureVerificationResult {
|
|
43
46
|
verified: boolean;
|
|
@@ -7,12 +7,13 @@ import { promisify } from "node:util";
|
|
|
7
7
|
const execFileAsync = promisify(execFile);
|
|
8
8
|
export const DEFAULT_RELEASE_REPOSITORY = "ztwz11/moneysiren";
|
|
9
9
|
// Keep the source-free installer pinned to the latest published desktop/web release tag.
|
|
10
|
-
export const DEFAULT_RELEASE_TAG = "v0.1.0-alpha.
|
|
10
|
+
export const DEFAULT_RELEASE_TAG = "v0.1.0-alpha.3";
|
|
11
11
|
const RELEASE_REPOSITORY_ENV_KEY = "MONEYSIREN_RELEASE_REPOSITORY";
|
|
12
12
|
const RELEASE_TAG_ENV_KEY = "MONEYSIREN_RELEASE_TAG";
|
|
13
13
|
const RELEASE_INSTALL_DIR_ENV_KEY = "MONEYSIREN_RELEASE_INSTALL_DIR";
|
|
14
14
|
const RELEASE_PLATFORM_ENV_KEY = "MONEYSIREN_RELEASE_PLATFORM";
|
|
15
15
|
const WINDOWS_SIGNER_THUMBPRINTS_ENV_KEY = "MONEYSIREN_WINDOWS_SIGNER_THUMBPRINTS";
|
|
16
|
+
const ALLOW_UNSIGNED_HUD_ENV_KEY = "MONEYSIREN_ALLOW_UNSIGNED_HUD";
|
|
16
17
|
export async function installReleaseAssets(options) {
|
|
17
18
|
const env = options.env ?? process.env;
|
|
18
19
|
const repository = normalizeRepository(options.repository ?? env[RELEASE_REPOSITORY_ENV_KEY] ?? DEFAULT_RELEASE_REPOSITORY);
|
|
@@ -65,6 +66,7 @@ export async function installReleaseAssets(options) {
|
|
|
65
66
|
platform,
|
|
66
67
|
releaseAssets,
|
|
67
68
|
surface,
|
|
69
|
+
tag,
|
|
68
70
|
...(options.signatureVerifier === undefined ? {} : { signatureVerifier: options.signatureVerifier }),
|
|
69
71
|
...(options.trustedWindowsSignerThumbprints === undefined
|
|
70
72
|
? {}
|
|
@@ -86,7 +88,8 @@ export async function installReleaseAssets(options) {
|
|
|
86
88
|
size: downloaded.byteLength,
|
|
87
89
|
sha256,
|
|
88
90
|
checksumVerified: checksum !== null,
|
|
89
|
-
signatureVerified: signature.status
|
|
91
|
+
signatureVerified: isVerifiedSignatureStatus(signature.status),
|
|
92
|
+
signatureStatus: signature.status,
|
|
90
93
|
});
|
|
91
94
|
}
|
|
92
95
|
await writeFile(join(installDir, "install-manifest.json"), `${JSON.stringify({
|
|
@@ -104,6 +107,7 @@ export async function installReleaseAssets(options) {
|
|
|
104
107
|
sha256: asset.sha256,
|
|
105
108
|
checksumVerified: asset.checksumVerified,
|
|
106
109
|
signatureVerified: asset.signatureVerified,
|
|
110
|
+
signatureStatus: asset.signatureStatus,
|
|
107
111
|
})),
|
|
108
112
|
}, null, 2)}\n`, "utf8");
|
|
109
113
|
return {
|
|
@@ -249,10 +253,12 @@ async function verifyReleaseAssetSignature(input) {
|
|
|
249
253
|
});
|
|
250
254
|
return verifier.verify({
|
|
251
255
|
assetName: input.assetName,
|
|
256
|
+
env: input.env,
|
|
252
257
|
...(expectedSignerThumbprints === null ? {} : { expectedSignerThumbprints }),
|
|
253
258
|
path: input.path,
|
|
254
259
|
platform: input.platform,
|
|
255
260
|
surface: input.surface,
|
|
261
|
+
tag: input.tag,
|
|
256
262
|
});
|
|
257
263
|
}
|
|
258
264
|
const defaultReleaseAssetSignatureVerifier = {
|
|
@@ -272,6 +278,13 @@ const defaultReleaseAssetSignatureVerifier = {
|
|
|
272
278
|
};
|
|
273
279
|
}
|
|
274
280
|
if (input.expectedSignerThumbprints === undefined || input.expectedSignerThumbprints.length === 0) {
|
|
281
|
+
if (isUnsignedPrereleaseHudAllowed(input.env, input.tag)) {
|
|
282
|
+
return {
|
|
283
|
+
verified: true,
|
|
284
|
+
status: "unsigned-prerelease-accepted",
|
|
285
|
+
message: "Unsigned Windows HUD artifact accepted for alpha prerelease.",
|
|
286
|
+
};
|
|
287
|
+
}
|
|
275
288
|
return {
|
|
276
289
|
verified: false,
|
|
277
290
|
status: "missing-signature-metadata",
|
|
@@ -306,6 +319,16 @@ async function findExpectedSignerThumbprints(input) {
|
|
|
306
319
|
}
|
|
307
320
|
return null;
|
|
308
321
|
}
|
|
322
|
+
function isVerifiedSignatureStatus(status) {
|
|
323
|
+
return status !== "not-required" && status !== "unsigned-prerelease-accepted";
|
|
324
|
+
}
|
|
325
|
+
function isUnsignedPrereleaseHudAllowed(env, tag) {
|
|
326
|
+
const configured = env[ALLOW_UNSIGNED_HUD_ENV_KEY]?.trim().toLowerCase();
|
|
327
|
+
if (configured !== undefined && configured.length > 0) {
|
|
328
|
+
return ["1", "true", "yes", "on"].includes(configured);
|
|
329
|
+
}
|
|
330
|
+
return /-(?:alpha|beta|rc)(?:[.\d-]*)?$/i.test(tag);
|
|
331
|
+
}
|
|
309
332
|
async function verifyWindowsAuthenticodeSignature(path, expectedSignerThumbprints) {
|
|
310
333
|
const literalPath = powerShellSingleQuotedString(path);
|
|
311
334
|
try {
|
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
export declare const CLI_VERSION = "0.1.0-alpha.
|
|
1
|
+
export declare const CLI_VERSION = "0.1.0-alpha.3";
|
|
2
2
|
//# sourceMappingURL=version.d.ts.map
|
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
export const CLI_VERSION = "0.1.0-alpha.
|
|
1
|
+
export const CLI_VERSION = "0.1.0-alpha.3";
|
|
2
2
|
//# sourceMappingURL=version.js.map
|
|
@@ -3,7 +3,7 @@ import { parseNotificationPreferences, readNotificationDigest, readNotificationP
|
|
|
3
3
|
import { assertLoopbackHost, isLoopbackHost, removeRuntimeLock, writeRuntimeLock, } from "../../runtime/src/index.js";
|
|
4
4
|
const DEFAULT_HOST = "127.0.0.1";
|
|
5
5
|
const DEFAULT_PORT = 47831;
|
|
6
|
-
const DEFAULT_VERSION = "0.1.0-alpha.
|
|
6
|
+
const DEFAULT_VERSION = "0.1.0-alpha.3";
|
|
7
7
|
export async function startLocalApiServer(options = {}) {
|
|
8
8
|
const host = options.host ?? DEFAULT_HOST;
|
|
9
9
|
const requestedPort = options.port ?? DEFAULT_PORT;
|