Release to PPA (#1791)

Create a Debian source package and dput it to the cryptomator-beta staging repo

.github/workflows/release.yml

@@ -78,6 +78,7 @@ jobs:
     outputs:
       semVerNum: ${{ steps.versions.outputs.semVerNum }}
       semVerStr: ${{ steps.versions.outputs.semVerStr }}
+      ppaVerStr: ${{ steps.versions.outputs.ppaVerStr }}
       revNum: ${{ steps.versions.outputs.revNum }}
     steps:
       - uses: actions/checkout@v2
@@ -86,15 +87,19 @@ jobs:
       - id: versions
         run: |
           if [[ $GITHUB_REF == refs/tags/* ]]; then
-            VERSION_NUM=`echo ${GITHUB_REF##*/} | sed -E 's/([0-9]+\.[0-9]+\.[0-9]+).*/\1/'`
-            echo "::set-output name=semVerStr::${GITHUB_REF##*/}"
-            echo "::set-output name=semVerNum::${VERSION_NUM}"
+            SEM_VER_STR=${GITHUB_REF##*/}
           else
-            VERSION_NUM=`echo "${{ github.event.inputs.semver }}" | sed -E 's/([0-9]+\.[0-9]+\.[0-9]+).*/\1/'`
-            echo "::set-output name=semVerStr::${{ github.event.inputs.semver }}"
-            echo "::set-output name=semVerNum::${VERSION_NUM}"
+            SEM_VER_STR=${{ github.event.inputs.semver }}
           fi
-          echo "::set-output name=revNum::`git rev-list --count HEAD`"
+          SEM_VER_NUM=`echo ${SEM_VER_STR} | sed -E 's/([0-9]+\.[0-9]+\.[0-9]+).*/\1/'`
+          REVCOUNT=`git rev-list --count HEAD`
+          echo "::set-output name=semVerStr::${SEM_VER_STR}"
+          echo "::set-output name=semVerNum::${SEM_VER_NUM}"
+          echo "::set-output name=ppaVerStr::${SEM_VER_STR/-/\~}-${REVCOUNT}"
+          echo "::set-output name=revNum::${REVCOUNT}"
+      - uses: rubenesp87/semver-validation-action@0.0.6
+        with:
+          version: ${{ steps.versions.outputs.semVerStr }}
 
 #
 # Application Directory
@@ -195,6 +200,69 @@ jobs:
           path: appdir.tar
           if-no-files-found: error
 
+#
+# Linux PPA Source Package
+#
+  ppa:
+    name: Upload source package to PPA
+    needs: [buildkit, metadata]
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: install build tools
+        run: |
+          sudo apt-get update
+          sudo apt-get install debhelper devscripts dput
+      - name: Download linux-buildkit
+        uses: actions/download-artifact@v2
+        with:
+          name: linux-buildkit
+          path: pkgdir
+      - name: create orig.tar.gz
+        run: tar -cJf cryptomator_${{ needs.metadata.outputs.ppaVerStr }}.orig.tar.xz -C pkgdir .
+      - name: patch and rename pkgdir
+        run: |
+          cp -r dist/linux/debian/ pkgdir
+          cp -r dist/linux/resources/ pkgdir
+          export RFC2822_TIMESTAMP=`date --rfc-2822`
+          envsubst '${VERSION_STR} ${VERSION_NUM} ${REVISION_NUM}' < dist/linux/debian/rules > pkgdir/debian/rules
+          envsubst '${VERSION_STR}' < dist/linux/debian/org.cryptomator.Cryptomator.desktop > pkgdir/debian/org.cryptomator.Cryptomator.desktop
+          envsubst '${PPA_VERSION} ${RFC2822_TIMESTAMP}' < dist/linux/debian/changelog > pkgdir/debian/changelog
+          find . -name "*.jar" >> pkgdir/debian/source/include-binaries
+          mv pkgdir cryptomator_${{ needs.metadata.outputs.ppaVerStr }}
+        env:
+          VERSION_STR: ${{ needs.metadata.outputs.semVerStr }}
+          VERSION_NUM: ${{ needs.metadata.outputs.semVerNum }}
+          REVISION_NUM: ${{ needs.metadata.outputs.revNum }}
+          PPA_VERSION: ${{ needs.metadata.outputs.ppaVerStr }}-0ppa1
+      - name: import gpg key 615D449FE6E6A235
+        run: |
+          echo "${GPG_PRIVATE_KEY}" | gpg --batch --quiet --import
+          echo "${GPG_PASSPHRASE}" | gpg --batch --quiet --passphrase-fd 0 --pinentry-mode loopback -u 615D449FE6E6A235 --dry-run --sign dist/linux/debian/rules
+        env:
+          GPG_PRIVATE_KEY: ${{ secrets.RELEASES_GPG_PRIVATE_KEY }}
+          GPG_PASSPHRASE: ${{ secrets.RELEASES_GPG_PASSPHRASE }}
+      - name: debuild
+        run: debuild -S -sa -d
+        env:
+          DEBSIGN_PROGRAM: gpg --batch --pinentry-mode loopback
+          DEBSIGN_KEYID: 615D449FE6E6A235
+        working-directory: cryptomator_${{ needs.metadata.outputs.ppaVerStr }}
+      - name: Upload artifacts
+        uses: actions/upload-artifact@v2
+        with:
+          name: linux-deb-source-package
+          path: |
+            cryptomator_*.dsc
+            cryptomator_*.orig.tar.xz
+            cryptomator_*.debian.tar.xz
+            cryptomator_*_source.changes
+            cryptomator_*_source.buildinfo
+      - name: dput to beta repo
+        run: dput ppa:sebastian-stenzel/cryptomator-beta cryptomator_${PPA_VERSION}_source.changes
+        env:
+          PPA_VERSION: ${{ needs.metadata.outputs.ppaVerStr }}-0ppa1
+
 #
 # Linux Cryptomator.AppImage
 # 

.github/workflows/tmp.yml

@@ -1,15 +0,0 @@
-name: Tmp Playground # committed on develop to make `workflow_dispatch` work. Will be removed, once PPA uploads work
-
-on:
-  workflow_dispatch:
-
-jobs:
-
-#
-# Dummy
-#
-  dummy:
-    name: Basically noop
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v2

dist/linux/debian/changelog

@@ -0,0 +1,5 @@
+cryptomator (${PPA_VERSION}) focal; urgency=low
+
+  * Full changelog can be found on https://github.com/cryptomator/cryptomator/releases
+
+ -- Cryptobot <releases@cryptomator.org>  ${RFC2822_TIMESTAMP}

dist/linux/debian/compat

@@ -0,0 +1 @@
+10

dist/linux/debian/control

@@ -0,0 +1,23 @@
+Source: cryptomator
+Maintainer: Cryptobot <releases@cryptomator.org>
+Section: utils
+Priority: optional
+Build-Depends: debhelper (>=10), openjdk-16-jdk
+Standards-Version: 4.5.0
+Homepage: https://cryptomator.org
+Vcs-Git: https://github.com/cryptomator/cryptomator.git
+Vcs-browser: https://github.com/cryptomator/cryptomator
+
+Package: cryptomator
+Architecture: any
+Section: utils
+Priority: optional
+Depends: ${shlibs:Depends}, ${misc:Depends}, libfuse2, xdg-utils, libjffi-jni
+Recommends: gvfs-backends, gvfs-fuse, gnome-keyring
+XB-AppName: Cryptomator
+XB-Category: Utility;Security;FileTools;
+Homepage: https://cryptomator.org
+Description: Multi-platform client-side encryption of your cloud files.
+ Cryptomator provides free client-side AES encryption for your cloud files.
+ Create encrypted vaults, which get mounted as virtual volumes. Whatever
+ you save on one of these volumes will end up encrypted inside your vault.

dist/linux/debian/copyright

@@ -0,0 +1,39 @@
+Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Upstream-Name: cryptomator
+Upstream-Contact: Cryptomator <info@cryptomator.org>
+Source: https://cryptomator.org
+
+Files: *
+Copyright: 2016-2021 Skymatic GmbH
+License: GPL-3+
+
+Files: debian/org.cryptomator.Cryptomator.appdata.xml
+Copyright: 2016-2021 Skymatic GmbH
+License: FSFAP
+
+License: GPL-3+
+ This program is free software: you can redistribute it
+ and/or modify it under the terms of the GNU General Public
+ License as published by the Free Software Foundation, either
+ version 3 of the License, or (at your option) any later
+ version.
+ .
+ This program is distributed in the hope that it will be
+ useful, but WITHOUT ANY WARRANTY; without even the implied
+ warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+ PURPOSE. See the GNU General Public License for more
+ details.
+ .
+ You should have received a copy of the GNU General Public
+ License along with this program. If not, see
+ <https://www.gnu.org/licenses/>.
+ .
+ On Debian systems, the full text of the GNU General Public
+ License version 3 can be found in the file
+ `/usr/share/common-licenses/GPL-3'.
+
+License: FSFAP
+ Copying and distribution of this file, with or without modification, are
+ permitted in any medium without royalty provided the copyright notice and
+ this notice are preserved. This file is offered as-is, without any
+ warranty.

dist/linux/debian/cryptomator-vault.xml

@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<mime-info xmlns="http://www.freedesktop.org/standards/shared-mime-info">
+  <mime-type type="application/x-vnd.cryptomator-vault-metadata">
+    <comment>Cryptomator Vault Metadata</comment>
+    <glob pattern="*.cryptomator"/>
+  </mime-type>
+</mime-info>

dist/linux/debian/cryptomator.install

@@ -0,0 +1,7 @@
+cryptomator usr/lib
+debian/cryptomator.sh usr/lib/cryptomator/bin
+debian/org.cryptomator.Cryptomator.desktop usr/share/applications
+debian/org.cryptomator.Cryptomator.svg usr/share/icons/hicolor/scalable/apps
+debian/org.cryptomator.Cryptomator.png usr/share/icons/hicolor/512x512/apps
+debian/org.cryptomator.Cryptomator.appdata.xml usr/share/metainfo
+debian/cryptomator-vault.xml usr/share/mime/packages

dist/linux/debian/cryptomator.links

@@ -0,0 +1 @@
+usr/lib/cryptomator/bin/cryptomator.sh usr/bin/cryptomator

dist/linux/debian/cryptomator.sh

@@ -0,0 +1,6 @@
+#!/bin/sh
+
+# fix for https://github.com/cryptomator/cryptomator/issues/1370
+export LD_PRELOAD=/usr/lib/x86_64-linux-gnu/jni/libjffi-1.2.so
+
+/usr/lib/cryptomator/bin/cryptomator

dist/linux/debian/org.cryptomator.Cryptomator.appdata.xml

@@ -0,0 +1,69 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Copyright 2018 Armin Schrenk <armin.schrenk@zoho.eu> -->
+<component type="desktop-application">
+  <id>org.cryptomator.Cryptomator</id>
+  <metadata_license>FSFAP</metadata_license>
+  <project_license>GPL-3.0-or-later</project_license>
+  <name>Cryptomator</name>
+  <summary>Multi-platform client-side encryption tool optimized for cloud storages</summary>
+  <description>
+    <p>
+      Cryptomator offers multi-platform transparent client-side encryption of your files in the cloud.
+    </p>
+    <p>
+      Features:
+      <ul>
+        <li>Works with Dropbox, Google Drive, OneDrive, ownCloud, Nextcloud and any other cloud storage service which synchronizes with a local directory</li>
+        <li>Open Source means: No backdoors, control is better than trust</li>
+        <li>Client-side: No accounts, no data shared with any online service</li>
+        <li>Totally transparent: Just work on the virtual drive as if it were a USB flash drive</li>
+        <li>AES encryption with 256-bit key length</li>
+        <li>File names get encrypted</li>
+        <li>Folder structure gets obfuscated</li>
+        <li>Use as many vaults in your Dropbox as you want, each having individual passwords</li>
+        <li>One thousand commits for the security of your data!! :tada:</li>
+      </ul>
+    </p>
+    <p>
+      Privacy:
+      <ul>
+        <li>256-bit keys (unlimited strength policy bundled with native binaries)</li>
+        <li>Scrypt key derivation</li>
+        <li>Cryptographically secure random numbers for salts, IVs and the masterkey of course</li>
+        <li>Sensitive data is wiped from the heap asap</li>
+        <li>Lightweight: Complexity kills security</li>
+      </ul>
+    </p>
+    <p>
+      Consistency:
+      <ul>
+        <li>HMAC over file contents to recognize changed ciphertext before decryption</li>
+        <li>I/O operations are transactional and atomic, if the filesystems support it</li>
+        <li>Each file contains all information needed for decryption (except for the key of course), no common metadata means no Single Point of Failure</li>
+      </ul>
+    </p>
+  </description>
+  <categories>
+      <category>Office</category>
+      <category>Security</category>
+      <category>FileTools</category>
+      <category>Java</category>
+  </categories>
+  <url type="homepage">http://cryptomator.org</url>
+  <url type="bugtracker">https://github.com/cryptomator/cryptomator/issues</url>
+  <url type="faq">https://community.cryptomator.org/c/kb/faq</url>
+  <url type="help">https://community.cryptomator.org/</url>
+  <url type="donation">https://cryptomator.org/</url>
+  <content_rating type="oars-1.0">
+    <content_attribute id="violence-cartoon">none</content_attribute>
+    <content_attribute id="drugs-alcohol">none</content_attribute>
+    <content_attribute id="sex-nudity">none</content_attribute>
+    <content_attribute id="language-profanity">none</content_attribute>
+    <content_attribute id="social-info">mild</content_attribute> <!-- update checker conencts to https://api.cryptomator.org/updates/latestVersion.json -->
+  </content_rating>
+  <project_group>Cryptomator</project_group>
+  <provides>
+    <binary>cryptomator</binary>
+  </provides>
+  <launchable type="desktop-id">org.cryptomator.Cryptomator.desktop</launchable>
+</component>

dist/linux/debian/org.cryptomator.Cryptomator.desktop

@@ -0,0 +1,11 @@
+[Desktop Entry]
+Name=Cryptomator
+Version=${VERSION_STR}
+Comment=Cloud Storage Encryption Utility
+Exec=/usr/bin/cryptomator %f
+Icon=org.cryptomator.Cryptomator
+Terminal=false
+Type=Application
+Categories=Utility;Security;FileTools;
+StartupWMClass=org.cryptomator.launcher.Cryptomator
+MimeType=application/vnd.cryptomator.encrypted;application/x-vnd.cryptomator.vault-metadata;

dist/linux/debian/postinst

@@ -0,0 +1,44 @@
+#!/bin/sh
+# postinst script for Cryptomator
+#
+# see: dh_installdeb(1)
+
+set -e
+
+# summary of how this script can be called:
+#        * <postinst> `configure' <most-recently-configured-version>
+#        * <old-postinst> `abort-upgrade' <new version>
+#        * <conflictor's-postinst> `abort-remove' `in-favour' <package>
+#          <new-version>
+#        * <postinst> `abort-remove'
+#        * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
+#          <failed-install-package> <version> `removing'
+#          <conflicting-package> <version>
+# for details, see http://www.debian.org/doc/debian-policy/ or
+# the debian-policy package
+
+case "$1" in
+    configure)
+        echo Adding shortcut to the menu
+        if [ ! -d "/usr/share/desktop-directories" ]; then
+          mkdir -p /usr/share/desktop-directories
+        fi
+        xdg-desktop-menu install --novendor /usr/share/applications/org.cryptomator.Cryptomator.desktop
+        xdg-mime install /usr/share/mime/packages/cryptomator-vault.xml
+    ;;
+
+    abort-upgrade|abort-remove|abort-deconfigure)
+    ;;
+
+    *)
+        echo "postinst called with unknown argument \`$1'" >&2
+        exit 1
+    ;;
+esac
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0

dist/linux/debian/prerm

@@ -0,0 +1,42 @@
+#!/bin/sh
+# prerm script for Cryptomator
+#
+# see: dh_installdeb(1)
+
+set -e
+
+# summary of how this script can be called:
+#        * <prerm> `remove'
+#        * <old-prerm> `upgrade' <new-version>
+#        * <new-prerm> `failed-upgrade' <old-version>
+#        * <conflictor's-prerm> `remove' `in-favour' <package> <new-version>
+#        * <deconfigured's-prerm> `deconfigure' `in-favour'
+#          <package-being-installed> <version> `removing'
+#          <conflicting-package> <version>
+# for details, see http://www.debian.org/doc/debian-policy/ or
+# the debian-policy package
+
+
+case "$1" in
+    remove|upgrade|deconfigure)
+        echo Removing shortcut
+
+        xdg-desktop-menu uninstall --novendor /usr/share/applications/org.cryptomator.Cryptomator.desktop
+        xdg-mime uninstall /usr/share/mime/packages/cryptomator-vault.xml
+    ;;
+
+    failed-upgrade)
+    ;;
+
+    *)
+        echo "prerm called with unknown argument \`$1'" >&2
+        exit 1
+    ;;
+esac
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0

dist/linux/debian/rules

@@ -0,0 +1,53 @@
+#!/usr/bin/make -f
+# -*- makefile -*-
+
+# Uncomment this to turn on verbose mode.
+#export DH_VERBOSE=1
+
+%:
+	dh $@
+
+override_dh_auto_clean:
+	rm -rf runtime
+	rm -rf cryptomator
+	rm -rf debian/cryptomator
+
+override_dh_auto_build:
+	jlink \
+		--output runtime \
+		--add-modules java.base,java.desktop,java.logging,java.naming,java.net.http,java.scripting,java.sql,java.xml,jdk.unsupported,jdk.crypto.ec,jdk.accessibility \
+		--no-header-files \
+		--no-man-pages \
+		--strip-debug \
+		--compress=2
+	jpackage \
+		--type app-image \
+		--runtime-image runtime \
+		--input libs \
+		--module-path mods \
+		--module org.cryptomator.desktop/org.cryptomator.launcher.Cryptomator \
+		--dest . \
+		--name cryptomator \
+		--vendor "Skymatic GmbH" \
+		--copyright "(C) 2016 - 2021 Skymatic GmbH" \
+		--java-options "-Xss5m" \
+		--java-options "-Xmx256m" \
+		--java-options "-Dfile.encoding=\"utf-8\"" \
+		--java-options "-Dcryptomator.logDir=\"~/.local/share/Cryptomator/logs\"" \
+		--java-options "-Dcryptomator.pluginDir=\"~/.local/share/Cryptomator/plugins\"" \
+		--java-options "-Dcryptomator.settingsPath=\"~/.config/Cryptomator/settings.json:~/.Cryptomator/settings.json\"" \
+		--java-options "-Dcryptomator.ipcSocketPath=\"~/.config/Cryptomator/ipc.socket\"" \
+		--java-options "-Dcryptomator.mountPointsDir=\"~/.local/share/Cryptomator/mnt\"" \
+		--java-options "-Dcryptomator.showTrayIcon=false" \
+		--java-options "-Dcryptomator.buildNumber=\"ppa-${REVISION_NUM}\"" \
+		--java-options "-Dcryptomator.appVersion=\"${VERSION_STR}\"" \
+		--app-version "${VERSION_NUM}.${REVISION_NUM}" \
+		--resource-dir resources \
+		--verbose
+
+override_dh_fixperms:
+	dh_fixperms
+	chmod +x debian/cryptomator/usr/lib/cryptomator/bin/cryptomator.sh
+
+# override_dh_strip:
+	# no-op

dist/linux/debian/source/format

@@ -0,0 +1 @@
+3.0 (quilt)

dist/linux/debian/source/include-binaries

@@ -0,0 +1,2 @@
+debian/org.cryptomator.Cryptomator.png
+resources/cryptomator.png