feat(pedm): add base PEDM implementation

feat(pedm): fix ID deserializing try fixing native-libs download feat(pedm): use publish-prod feat(pedm): add package and CI steps for PEDM add test code signing feat(pedm): fix tlk.ps1 feat(pedm): fix ci.yml. Improve installer. feat(pedm): fix clippy warnings, make code safer feat(pedm): more safety comments, better Windows gating feat(pedm): feature gate PEDM behind Windows feat(pedm): add safety and other comments. feat(pedm): move impersonation to RAII Add safety comments Remove useless functions and move to proper types feat(pedm): format code, go to .NET Framework 4.8 feat(pedm): add tagging to PEDM created tokens and improvements - Make command line argv style - Fix data folder permissions - Downgrade Desktop module to .NET Framework - Updated OpenAPI clients feat(pedm): add parking lot, fix virtual accounts
Devolutions · Aug 12, 2024 · 1ed573a · 1ed573a
1 parent 65b0aab
commit 1ed573a
Show file tree

Hide file tree

Showing 306 changed files with 32,269 additions and 1,032 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -516,6 +516,9 @@ jobs:
         run: |
           $PackageVersion = "${{ needs.preflight.outputs.version }}"
           $StagingPath = Join-Path $Env:RUNNER_TEMP "staging"
+          $SymbolsPath = Join-Path $Env:RUNNER_TEMP "symbols"
+          New-Item -ItemType Directory $SymbolsPath
+
           $TargetOutputPath = Join-Path $StagingPath ${{ matrix.os }} ${{ matrix.arch }}
           $ExecutableFileName = "DevolutionsAgent_${{ runner.os }}_${PackageVersion}_${{ matrix.arch }}"
 
@@ -525,10 +528,20 @@ jobs:
             $DAgentPackage = Join-Path $TargetOutputPath $PackageFileName
 
             echo "dagent-package=$DAgentPackage" >> $Env:GITHUB_OUTPUT
+
+            $DAgentPedmDesktopExecutable = Join-Path $TargetOutputPath "DevolutionsPedmDesktop.exe"
+            echo "dagent-pedm-desktop-executable=$DAgentPedmDesktopExecutable" >> $Env:GITHUB_OUTPUT
+
+            $DAgentPedmContextMenuMsix = Join-Path $TargetOutputPath "devolutions-pedm-contextmenu.msix"
+            echo "dagent-pedm-context-menu-msix=$DAgentPedmContextMenuMsix" >> $Env:GITHUB_OUTPUT
+            
+            $DAgentPedmHook = Join-Path $TargetOutputPath "devolutions_pedm_hook.dll"
+            echo "dagent-pedm-hook=$DAgentPedmHook" >> $Env:GITHUB_OUTPUT
           }
 
           $DAgentExecutable = Join-Path $TargetOutputPath $ExecutableFileName
           echo "staging-path=$StagingPath" >> $Env:GITHUB_OUTPUT
+          echo "symbols-path=$SymbolsPath" >> $Env:GITHUB_OUTPUT
           echo "target-output-path=$TargetOutputPath" >> $Env:GITHUB_OUTPUT
           echo "dagent-executable=$DAgentExecutable" >> $Env:GITHUB_OUTPUT
 
@@ -559,6 +572,9 @@ jobs:
           choco uninstall wixtoolset
           choco install wixtoolset --version 3.14.0 --allow-downgrade --force
 
+          # Devolutions PEDM needs MakeAppx.exe
+          Write-Output "C:\Program Files (x86)\Windows Kits\10\bin\10.0.17763.0\x64" | Out-File -FilePath $env:GITHUB_PATH -Encoding utf8 -Append
+
           # WiX is installed on Windows runners but not in the PATH
           Write-Output "C:\Program Files (x86)\WiX Toolset v3.14\bin" | Out-File -FilePath $env:GITHUB_PATH -Encoding utf8 -Append
 
@@ -568,17 +584,24 @@ jobs:
           # We need to add the NASM binary folder to the PATH manually.
           Write-Output "$Env:ProgramFiles\NASM" | Out-File -FilePath $env:GITHUB_PATH -Encoding utf8 -Append
 
+      - name: Add msbuild to PATH
+        if: matrix.os == 'windows'
+        uses: microsoft/setup-msbuild@v2
+
       - name: Build
         shell: pwsh
         env:
           TARGET_OUTPUT_PATH: ${{ steps.load-variables.outputs.target-output-path }}
           DAGENT_EXECUTABLE: ${{ steps.load-variables.outputs.dagent-executable }}
           CARGO_PACKAGE: devolutions-agent
-        run: ./ci/tlk.ps1 build -Product agent -Platform ${{ matrix.os }} -Architecture ${{ matrix.arch }} -CargoProfile ${{ needs.preflight.outputs.rust-profile }}
-
-      - name: Add msbuild to PATH
-        if: matrix.os == 'windows'
-        uses: microsoft/setup-msbuild@v2
+        run: |
+          if ($Env:RUNNER_OS -eq "Windows") {
+            $Env:DAGENT_PEDM_DESKTOP_EXECUTABLE = "${{ steps.load-variables.outputs.dagent-pedm-desktop-executable }}"
+            $Env:DAGENT_PEDM_HOOK = "${{ steps.load-variables.outputs.dagent-pedm-hook }}"
+            $Env:DAGENT_PEDM_CONTEXT_MENU_MSIX = "${{ steps.load-variables.outputs.dagent-pedm-context-menu-msix }}"
+          }
+          
+          ./ci/tlk.ps1 build -Product agent -Platform ${{ matrix.os }} -Architecture ${{ matrix.arch }} -CargoProfile ${{ needs.preflight.outputs.rust-profile }}
 
       - name: Package
         shell: pwsh
@@ -589,6 +612,9 @@ jobs:
         run: |
           if ($Env:RUNNER_OS -eq "Windows") {
             $Env:DAGENT_PACKAGE = "${{ steps.load-variables.outputs.dagent-package }}"
+            $Env:DAGENT_PEDM_DESKTOP_EXECUTABLE = "${{ steps.load-variables.outputs.dagent-pedm-desktop-executable }}"
+            $Env:DAGENT_PEDM_HOOK = "${{ steps.load-variables.outputs.dagent-pedm-hook }}"
+            $Env:DAGENT_PEDM_CONTEXT_MENU_MSIX = "${{ steps.load-variables.outputs.dagent-pedm-context-menu-msix }}"
           }
 
           ./ci/tlk.ps1 package -Product agent -Platform ${{ matrix.os }} -Architecture ${{ matrix.arch }} -CargoProfile ${{ needs.preflight.outputs.rust-profile }}

diff --git a/.github/workflows/package.yml b/.github/workflows/package.yml
@@ -34,8 +34,23 @@ jobs:
       run: ${{ steps.get-run.outputs.run }}
       commit: ${{ steps.get-commit.outputs.commit }}
       version: ${{ steps.get-version.outputs.version }}
+      package-env: ${{ steps.info.outputs.package-env }}
 
     steps:
+      - name: Package information
+        id: info
+        shell: pwsh
+        run: |
+          $ref = '${{ github.ref_name }}'
+          $IsMasterBranch = ('${{ github.ref_name }}' -eq 'master')
+          $IsScheduledJob = ('${{ github.event_name }}' -eq 'schedule')
+          $PackageEnv = if ($IsMasterBranch -And -Not $IsScheduledJob) {
+            "publish-prod"
+          } else {
+            "publish-prod" # "publish-test"
+          }
+          echo "package-env=$PackageEnv" >> $Env:GITHUB_OUTPUT
+
       ## workflow_dispatch: The run_id is read from the inputs
       ## workflow_call:     The run_id is the current run_id
       - name: Get run
@@ -130,8 +145,8 @@ jobs:
   codesign:
     name: Codesign
     runs-on: ${{ matrix.runner }}
-    environment: publish-prod
     needs: preflight
+    environment: ${{ needs.preflight.outputs.package-env }}
     strategy:
       matrix:
         project: [ jetsocat, devolutions-gateway, devolutions-agent ]
@@ -212,12 +227,33 @@ jobs:
         run: |
           $IncludePattern = switch ('${{ matrix.project }}') {
             'devolutions-gateway' { 'DevolutionsGateway_*.exe' }
-            'devolutions-agent' { 'DevolutionsAgent_*.exe' }
+            'devolutions-agent' { 'DevolutionsAgent_*.exe', 'devolutions-pedm-contextmenu.msix', 'DevolutionsPedmDesktop.exe', 'devolutions_pedm_hook.dll' }
             'jetsocat' { 'jetsocat_*' }
           }
           $ExcludePattern = "*.pdb"
-          Get-ChildItem -Path ${{ runner.temp }} -Recurse -Include "$IncludePattern" -Exclude $ExcludePattern | % {
+          Get-ChildItem -Path ${{ runner.temp }} -Recurse -Include $IncludePattern -Exclude $ExcludePattern | % {
             if ('${{ matrix.os }}' -Eq 'windows') {
+              if ($_.Name -Eq 'devolutions-pedm-contextmenu.msix') {
+                $PackagePublisher = '${{ secrets.CODE_SIGNING_APPX_PUBLISHER }}'
+                $UnpackedMsix = Join-Path ${{ runner.temp }} "unpacked-context-menu-msix"
+                $AppxManifest = Join-Path $UnpackedMsix "AppxManifest.xml"
+                $PackedMsix = $_.FullName
+
+                & 'MakeAppx.exe' unpack /p $PackedMsix /d $UnpackedMsix /nv
+                Remove-Item $PackedMsix -Force | Out-Null
+                $appx = [xml](Get-Content -Path $AppxManifest)
+                $appx.Package.Identity.Publisher = $PackagePublisher
+                $xmlWriterSettings = New-Object System.Xml.XmlWriterSettings
+                $xmlWriterSettings.Indent = $true
+                $xmlWriterSettings.Encoding = [System.Text.Encoding]::UTF8
+                $xmlTextWriter = [System.Xml.XmlTextWriter]::Create($AppxManifest, $xmlWriterSettings)
+                $appx.Save($xmlTextWriter)
+                $xmlTextWriter.Close()
+                & 'MakeAppx.exe' pack /d $UnpackedMsix /p $PackedMsix /nv
+              
+                Remove-Item $UnpackedMsix -Recurse -Force | Out-Null
+              }
+
               $Params = @('sign',
                 '-kvt', '${{ secrets.AZURE_TENANT_ID }}',
                 '-kvu', '${{ secrets.CODE_SIGNING_KEYVAULT_URL }}',
@@ -256,12 +292,12 @@ jobs:
         if: matrix.os == 'windows' && (matrix.project == 'devolutions-gateway' || matrix.project == 'devolutions-agent')
         uses: microsoft/setup-msbuild@v2
 
-      - name: Download native libs
+      - name: Download native-libs
+        uses: actions/download-artifact@v4
         if: matrix.project == 'devolutions-gateway' && matrix.os == 'windows'
-        shell: pwsh
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: gh run download ${{ needs.preflight.outputs.run }} -n native-libs -D "./native-libs/"
+        with:
+          name: native-libs
+          path: native-libs
 
       - name: Regenerate Gateway MSI
         if: matrix.project == 'devolutions-gateway' && matrix.os == 'windows'
@@ -285,6 +321,9 @@ jobs:
         run: |
           $PackageRoot = Join-Path ${{ runner.temp }} ${{ matrix.project}}
           $Env:DAGENT_EXECUTABLE = Get-ChildItem -Path $PackageRoot -Recurse -Include '*DevolutionsAgent*.exe' | Select -First 1
+          $Env:DAGENT_PEDM_DESKTOP_EXECUTABLE = Get-ChildItem -Path $PackageRoot -Recurse -Include 'DevolutionsPedmDesktop.exe' | Select -First 1
+          $Env:DAGENT_PEDM_CONTEXT_MENU_MSIX = Get-ChildItem -Path $PackageRoot -Recurse -Include 'devolutions-pedm-contextmenu.msix' | Select -First 1
+          $Env:DAGENT_PEDM_HOOK = Get-ChildItem -Path $PackageRoot -Recurse -Include 'devolutions_pedm_hook.dll' | Select -First 1
 
           ./ci/tlk.ps1 package -Product agent -PackageOption generate
 
@@ -363,7 +402,7 @@ jobs:
           }
 
       - name: Verification
-        if: matrix.os == 'windows' || matrix.os == 'macos'
+        if: (matrix.os == 'windows' || matrix.os == 'macos') && env.package-env == 'publish-prod'
         shell: pwsh
         run: |
           $RootPath = Join-Path ${{ runner.temp }} ${{ matrix.project }} ${{ matrix.os }}
@@ -423,13 +462,28 @@ jobs:
         with:
           pattern: devolutions-agent-*
           merge-multiple: true
+
+      - name: Split symbols
+        shell: pwsh
+        run: |
+          $SymbolsPath = New-Item -ItemType Directory $(Join-Path "${{ runner.temp }}" 'symbols')
+          Get-ChildItem -Path "${{ github.workspace }}" -Recurse -Include '*.pdb' | % {
+            Move-Item $_ $SymbolsPath
+          }
 
       - name: Upload Artifacts
         uses: actions/upload-artifact@v4
         with:
           path: ${{ github.workspace }}/**/*
           name: devolutions-agent
           overwrite: true
+
+      - name: Upload Symbol Artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          path: ${{ runner.temp }}/symbols
+          name: devolutions-agent-symbols
+          overwrite: true
 
   jetsocat-merge:
     name: Merge jetsocat artifacts