diff --git a/.github/workflows/auth-release.yml b/.github/workflows/auth-release.yml
index 707bae895f..174b6c1d33 100644
--- a/.github/workflows/auth-release.yml
+++ b/.github/workflows/auth-release.yml
@@ -17,8 +17,8 @@ name: "Release (auth)"
# We use a suffix like `-test` to indicate that these are test tags, and that
# they belong to a pre-release.
#
-# If you need to do multiple tests, add a +x at the end of the tag. e.g.
-# `auth-v1.2.3-test+1`.
+# If you need to do multiple tests, add a .x at the end of the tag. e.g.
+# `auth-v1.2.3-test.1`.
#
# Once the testing is done, also delete the tag(s) please.
diff --git a/cli/README.md b/cli/README.md
index 8fc9aa6948..40858da0f8 100644
--- a/cli/README.md
+++ b/cli/README.md
@@ -36,7 +36,8 @@ ente --help
### Accounts
-If you wish, you can add multiple accounts (your own and that of your family members) and export all data using this tool.
+If you wish, you can add multiple accounts (your own and that of your family
+members) and export all data using this tool.
#### Add an account
@@ -44,6 +45,12 @@ If you wish, you can add multiple accounts (your own and that of your family mem
ente account add
```
+> [!NOTE]
+>
+> `ente account add` does not create new accounts, it just adds pre-existing
+> accounts to the list of accounts that the CLI knows about so that you can use
+> them for other actions.
+
#### List accounts
```shell
diff --git a/desktop/.github/workflows/build.yml b/desktop/.github/workflows/build.yml
deleted file mode 100644
index acd744c056..0000000000
--- a/desktop/.github/workflows/build.yml
+++ /dev/null
@@ -1,55 +0,0 @@
-name: Build/release
-
-on:
- push:
- tags:
- - v*
-
-jobs:
- release:
- runs-on: ${{ matrix.os }}
-
- strategy:
- matrix:
- os: [macos-latest, ubuntu-latest, windows-latest]
-
- steps:
- - name: Check out Git repository
- uses: actions/checkout@v3
- with:
- submodules: recursive
-
- - name: Install Node.js, NPM and Yarn
- uses: actions/setup-node@v3
- with:
- node-version: 20
-
- - name: Prepare for app notarization
- if: startsWith(matrix.os, 'macos')
- # Import Apple API key for app notarization on macOS
- run: |
- mkdir -p ~/private_keys/
- echo '${{ secrets.api_key }}' > ~/private_keys/AuthKey_${{ secrets.api_key_id }}.p8
-
- - name: Install libarchive-tools for pacman build # Related https://github.com/electron-userland/electron-builder/issues/4181
- if: startsWith(matrix.os, 'ubuntu')
- run: sudo apt-get install libarchive-tools
-
- - name: Ente Electron Builder Action
- uses: ente-io/action-electron-builder@v1.0.0
- with:
- # GitHub token, automatically provided to the action
- # (No need to define this secret in the repo settings)
- github_token: ${{ secrets.github_token }}
-
- # If the commit is tagged with a version (e.g. "v1.0.0"),
- # release the app after building
- release: ${{ startsWith(github.ref, 'refs/tags/v') }}
-
- mac_certs: ${{ secrets.mac_certs }}
- mac_certs_password: ${{ secrets.mac_certs_password }}
- env:
- # macOS notarization API key
- API_KEY_ID: ${{ secrets.api_key_id }}
- API_KEY_ISSUER_ID: ${{ secrets.api_key_issuer_id}}
- USE_HARD_LINKS: false
diff --git a/desktop/.github/workflows/desktop-release.yml b/desktop/.github/workflows/desktop-release.yml
new file mode 100644
index 0000000000..7013d3e579
--- /dev/null
+++ b/desktop/.github/workflows/desktop-release.yml
@@ -0,0 +1,90 @@
+name: "Release"
+
+# This will create a new draft release with public artifacts.
+#
+# Note that a release will only get created if there is an associated tag
+# (GitHub releases need a corresponding tag).
+#
+# The canonical source for this action is in the repository where we keep the
+# source code for the Ente Photos desktop app: https://github.com/ente-io/ente
+#
+# However, it actually lives and runs in the repository that we use for making
+# releases: https://github.com/ente-io/photos-desktop
+#
+# We need two repositories because Electron updater currently doesn't work well
+# with monorepos. For more details, see `docs/release.md`.
+
+on:
+ push:
+ # Run when a tag matching the pattern "v*"" is pushed.
+ #
+ # See: [Note: Testing release workflows that are triggered by tags].
+ tags:
+ - "v*"
+
+jobs:
+ release:
+ runs-on: ${{ matrix.os }}
+
+ defaults:
+ run:
+ working-directory: desktop
+
+ strategy:
+ matrix:
+ os: [macos-latest]
+ # Commented for testing
+ # os: [macos-latest, ubuntu-latest, windows-latest]
+
+ steps:
+ - name: Checkout code
+ uses: actions/checkout@v4
+ with:
+ # Checkout the tag photosd-v1.x.x from the source code
+ # repository when we're invoked for tag v1.x.x on the releases
+ # repository.
+ repository: ente-io/ente
+ ref: photosd-${{ github.ref_name }}
+ submodules: recursive
+
+ - name: Setup node
+ uses: actions/setup-node@v4
+ with:
+ node-version: 20
+
+ - name: Install dependencies
+ run: yarn install
+
+ - name: Prepare for app notarization
+ if: startsWith(matrix.os, 'macos')
+ # Import Apple API key for app notarization on macOS
+ run: |
+ mkdir -p ~/private_keys/
+ echo '${{ secrets.API_KEY }}' > ~/private_keys/AuthKey_${{ secrets.API_KEY_ID }}.p8
+
+ - name: Install libarchive-tools for pacman build
+ if: startsWith(matrix.os, 'ubuntu')
+ # See:
+ # https://github.com/electron-userland/electron-builder/issues/4181
+ run: sudo apt-get install libarchive-tools
+
+ - name: Build
+ uses: ente-io/action-electron-builder@v1.0.0
+ with:
+ package_root: desktop
+
+ # GitHub token, automatically provided to the action
+ # (No need to define this secret in the repo settings)
+ github_token: ${{ secrets.GITHUB_TOKEN }}
+
+ # If the commit is tagged with a version (e.g. "v1.0.0"),
+ # release the app after building.
+ release: ${{ startsWith(github.ref, 'refs/tags/v') }}
+
+ mac_certs: ${{ secrets.MAC_CERTS }}
+ mac_certs_password: ${{ secrets.MAC_CERTS_PASSWORD }}
+ env:
+ # macOS notarization API key details
+ API_KEY_ID: ${{ secrets.API_KEY_ID }}
+ API_KEY_ISSUER_ID: ${{ secrets.API_KEY_ISSUER_ID }}
+ USE_HARD_LINKS: false
diff --git a/desktop/CHANGELOG.md b/desktop/CHANGELOG.md
index 83d2123d86..eb118a424d 100644
--- a/desktop/CHANGELOG.md
+++ b/desktop/CHANGELOG.md
@@ -1,5 +1,13 @@
# CHANGELOG
+## v1.7.0 (Unreleased)
+
+v1.7 is a major rewrite to improve the security of our app. We have enabled
+sandboxing and disabled node integration for the renderer process. All this
+required restructuring our IPC mechanisms, which resulted in a lot of under the
+hood changes. The outcome is a more secure app that also uses the latest and
+greatest Electron recommendations.
+
## v1.6.63
### New
diff --git a/desktop/README.md b/desktop/README.md
index 05149f5d0c..39b7663fab 100644
--- a/desktop/README.md
+++ b/desktop/README.md
@@ -10,12 +10,6 @@ To know more about Ente, see [our main README](../README.md) or visit
## Building from source
-> [!CAUTION]
->
-> We're improving the security of the desktop app further by migrating to
-> Electron's sandboxing and contextIsolation. These updates are still WIP and
-> meanwhile the instructions below might not fully work on the main branch.
-
Fetch submodules
```sh
diff --git a/desktop/docs/release.md b/desktop/docs/release.md
index 7254e26fc1..da807b572c 100644
--- a/desktop/docs/release.md
+++ b/desktop/docs/release.md
@@ -1,43 +1,47 @@
## Releases
-> [!NOTE]
->
-> TODO(MR): This document needs to be audited and changed as we do the first
-> release from this new monorepo.
+Conceptually, the release is straightforward: We push a tag, a GitHub workflow
+gets triggered that creates a draft release with artifacts built from that tag.
+We then publish that release. The download links on our website, and existing
+apps already know how to check for the latest GitHub release and update
+accordingly.
-The Github Action that builds the desktop binaries is triggered by pushing a tag
-matching the pattern `photos-desktop-v1.2.3`. This value should match the
-version in `package.json`.
+The complication comes by the fact that Electron Updater (the mechanism that we
+use for auto updates) doesn't work well with monorepos. So we need to keep a
+separate (non-mono) repository just for doing releases.
-So the process for doing a release would be.
+- Source code lives here, in [ente-io/ente](https://github.com/ente-io/ente).
-1. Create a new branch (can be named anything). On this branch, include your
- changes.
+- Releases are done from
+ [ente-io/photos-desktop](https://github.com/ente-io/photos-desktop).
-2. Mention the changes in `CHANGELOG.md`.
+## Workflow
-3. Changing the `version` in `package.json` to `1.x.x`.
+The workflow is:
-4. Commit and push to remote
+1. Finalize the changes in the source repo.
+
+ - Update the CHANGELOG.
+ - Update the version in `package.json`
+ - `git commit -m 'Release v1.x.x'`
+ - Open PR, merge into main.
+
+2. Tag this commit with a tag matching the pattern `photosd-v1.2.3`, where
+ `1.2.3` is the version in `package.json`
```sh
- git add package.json && git commit -m 'Release v1.x.x'
- git tag v1.x.x
- git push && git push --tags
+ git tag photosd-v1.x.x
+ git push origin photosd-v1.x.x
```
-This by itself will already trigger a new release. The GitHub action will create
-a new draft release that can then be used as descibed below.
+3. Head over to the releases repository and run the trigger script, passing it
+ the tag _without_ the `photosd-` prefix.
-To wrap up, we also need to merge back these changes into main. So for that,
+ ```sh
+ ./.github/trigger-release.sh v1.x.x
+ ```
-5. Open a PR for the branch that we're working on (where the above tag was
- pushed from) to get it merged into main.
-
-6. In this PR, also increase the version number for the next release train. That
- is, supposed we just released `v4.0.1`. Then we'll change the version number
- in main to `v4.0.2-next.0`. Each pre-release will modify the `next.0` part.
- Finally, at the time of the next release, this'll become `v4.0.2`.
+## Post build
The GitHub Action runs on Windows, Linux and macOS. It produces the artifacts
defined in the `build` value in `package.json`.
@@ -46,29 +50,11 @@ defined in the `build` value in `package.json`.
- Linux - An AppImage, and 3 other packages (`.rpm`, `.deb`, `.pacman`)
- macOS - A universal DMG
-Additionally, the GitHub action notarizes the macOS DMG. For this it needs
-credentials provided via GitHub secrets.
+Additionally, the GitHub action notarizes and signs the macOS DMG (For this it
+uses credentials provided via GitHub secrets).
-During the build the Sentry webpack plugin checks to see if SENTRY_AUTH_TOKEN is
-defined. If so, it uploads the sourcemaps for the renderer process to Sentry
-(For our GitHub action, the SENTRY_AUTH_TOKEN is defined as a GitHub secret).
-
-The sourcemaps for the main (node) process are currently not sent to Sentry
-(this works fine in practice since the node process files are not minified, we
-only run `tsc`).
-
-Once the build is done, a draft release with all these artifacts attached is
-created. The build is idempotent, so if something goes wrong and we need to
-re-run the GitHub action, just delete the draft release (if it got created) and
-start a new run by pushing a new tag (if some code changes are required).
-
-If no code changes are required, say the build failed for some transient network
-or sentry issue, we can even be re-run by the build by going to Github Action
-age and rerun from there. This will re-trigger for the same tag.
-
-If everything goes well, we'll have a release on GitHub, and the corresponding
-source maps for the renderer process uploaded to Sentry. There isn't anything
-else to do:
+To rollout the build, we need to publish the draft release. Thereafter,
+everything is automated:
- The website automatically redirects to the latest release on GitHub when
people try to download.
@@ -76,7 +62,7 @@ else to do:
- The file formats with support auto update (Windows `exe`, the Linux AppImage
and the macOS DMG) also check the latest GitHub release automatically to
download and apply the update (the rest of the formats don't support auto
- updates).
+ updates yet).
- We're not putting the desktop app in other stores currently. It is available
as a `brew cask`, but we only had to open a PR to add the initial formula,
@@ -87,6 +73,4 @@ else to do:
We can also publish the draft releases by checking the "pre-release" option.
Such releases don't cause any of the channels (our website, or the desktop app
auto updater, or brew) to be notified, instead these are useful for giving links
-to pre-release builds to customers. Generally, in the version number for these
-we'll add a label to the version, e.g. the "beta.x" in `1.x.x-beta.x`. This
-should be done both in `package.json`, and what we tag the commit with.
+to pre-release builds to customers.
diff --git a/desktop/package.json b/desktop/package.json
index 5ec8b45be3..dc5ed9dba4 100644
--- a/desktop/package.json
+++ b/desktop/package.json
@@ -1,6 +1,6 @@
{
"name": "ente",
- "version": "1.6.63",
+ "version": "1.7.0-beta.0",
"private": true,
"description": "Desktop client for Ente Photos",
"author": "Ente
+ We're putting finishing touches, coming back soon!
+
+
+ Existing indexed faces will continue to show.
+
+ ",
@@ -43,7 +43,7 @@
"@typescript-eslint/eslint-plugin": "^7",
"@typescript-eslint/parser": "^7",
"concurrently": "^8",
- "electron": "^29",
+ "electron": "^30",
"electron-builder": "^24",
"electron-builder-notarize": "^1.5",
"eslint": "^8",
diff --git a/desktop/src/main.ts b/desktop/src/main.ts
index eb1114cc4c..49b3162061 100644
--- a/desktop/src/main.ts
+++ b/desktop/src/main.ts
@@ -127,15 +127,7 @@ const registerPrivilegedSchemes = () => {
{
scheme: "stream",
privileges: {
- // TODO(MR): Remove the commented bits if we don't end up
- // needing them by the time the IPC refactoring is done.
-
- // Prevent the insecure origin issues when fetching this
- // secure: true,
- // Allow the web fetch API in the renderer to use this scheme.
supportFetchAPI: true,
- // Allow it to be used with video tags.
- // stream: true,
},
},
]);
diff --git a/desktop/src/preload.ts b/desktop/src/preload.ts
index 589b17fab2..407e541ff7 100644
--- a/desktop/src/preload.ts
+++ b/desktop/src/preload.ts
@@ -217,7 +217,25 @@ const watchReset = async () => {
// - Upload
-const pathForFile = (file: File) => webUtils.getPathForFile(file);
+const pathForFile = (file: File) => {
+ const path = webUtils.getPathForFile(file);
+ // The path that we get back from `webUtils.getPathForFile` on Windows uses
+ // "/" as the path separator. Convert them to POSIX separators.
+ //
+ // Note that we do not have access to the path or the os module in the
+ // preload script, thus this hand rolled transformation.
+
+ // However that makes TypeScript fidgety since we it cannot find navigator,
+ // as we haven't included "lib": ["dom"] in our tsconfig to avoid making DOM
+ // APIs available to our main Node.js code. We could create a separate
+ // tsconfig just for the preload script, but for now let's go with a cast.
+ //
+ // @ts-expect-error navigator is not defined.
+ const platform = (navigator as { platform: string }).platform;
+ return platform.toLowerCase().includes("win")
+ ? path.split("\\").join("/")
+ : path;
+};
const listZipItems = (zipPath: string) =>
ipcRenderer.invoke("listZipItems", zipPath);
diff --git a/desktop/yarn.lock b/desktop/yarn.lock
index 2210d47450..d4338312bd 100644
--- a/desktop/yarn.lock
+++ b/desktop/yarn.lock
@@ -1199,10 +1199,10 @@ electron-updater@^6.1:
semver "^7.3.8"
tiny-typed-emitter "^2.1.0"
-electron@^29:
- version "29.3.1"
- resolved "https://registry.yarnpkg.com/electron/-/electron-29.3.1.tgz#87c82b2cd2c326f78f036499377a5448bea5d4bb"
- integrity sha512-auge1/6RVqgUd6TgIq88wKdUCJi2cjESi3jy7d+6X4JzvBGprKBqMJ8JSSFpu/Px1YJrFUKAxfy6SC+TQf1uLw==
+electron@^30:
+ version "30.0.2"
+ resolved "https://registry.yarnpkg.com/electron/-/electron-30.0.2.tgz#95ba019216bf8be9f3097580123e33ea37497733"
+ integrity sha512-zv7T+GG89J/hyWVkQsLH4Y/rVEfqJG5M/wOBIGNaDdqd8UV9/YZPdS7CuFeaIj0H9LhCt95xkIQNpYB/3svOkQ==
dependencies:
"@electron/get" "^2.0.0"
"@types/node" "^20.9.0"
diff --git a/docs/docs/self-hosting/guides/custom-server/index.md b/docs/docs/self-hosting/guides/custom-server/index.md
index bf695af308..a5ce76cc2b 100644
--- a/docs/docs/self-hosting/guides/custom-server/index.md
+++ b/docs/docs/self-hosting/guides/custom-server/index.md
@@ -25,10 +25,13 @@ configure the endpoint the app should be connecting to.
> You can download the CLI from
> [here](https://github.com/ente-io/ente/releases?q=tag%3Acli-v0)
-Define a config.yaml and put it either in the same directory as CLI or path
-defined in env variable `ENTE_CLI_CONFIG_PATH`
+Define a config.yaml and put it either in the same directory as where you run
+the CLI from ("current working directory"), or in the path defined in env
+variable `ENTE_CLI_CONFIG_PATH`:
```yaml
endpoint:
api: "http://localhost:8080"
```
+
+(Another [example](https://github.com/ente-io/ente/blob/main/cli/config.yaml.example))
diff --git a/mobile/lib/utils/file_uploader.dart b/mobile/lib/utils/file_uploader.dart
index d77bc95d7e..f81f9d34bb 100644
--- a/mobile/lib/utils/file_uploader.dart
+++ b/mobile/lib/utils/file_uploader.dart
@@ -357,10 +357,16 @@ class FileUploader {
final List
Este mapa é hospedado pelo OpenStreetMap , e os exatos locais de suas fotos nunca são compartilhados.
Você pode desativar esse recurso a qualquer momento nas Configurações.
", + "ENABLE_MAP_DESCRIPTION": "Isto mostrará suas fotos em um mapa do mundo.Este mapa é hospedado pelo OpenStreetMap, e os exatos locais de suas fotos nunca são compartilhados.
Você pode desativar esse recurso a qualquer momento nas Configurações.
", "DISABLE_MAP_DESCRIPTION": "Isto irá desativar a exibição de suas fotos em um mapa mundial.
Você pode ativar este recurso a qualquer momento nas Configurações.
", "DISABLE_MAP": "Desabilitar mapa", "DETAILS": "Detalhes", @@ -380,14 +380,14 @@ "LINK_EXPIRED_MESSAGE": "Este link expirou ou foi desativado!", "MANAGE_LINK": "Gerenciar link", "LINK_TOO_MANY_REQUESTS": "Desculpe, este álbum foi visualizado em muitos dispositivos!", - "FILE_DOWNLOAD": "Permitir transferências", + "FILE_DOWNLOAD": "Permitir downloads", "LINK_PASSWORD_LOCK": "Bloqueio de senha", "PUBLIC_COLLECT": "Permitir adicionar fotos", "LINK_DEVICE_LIMIT": "Limite de dispositivos", "NO_DEVICE_LIMIT": "Nenhum", "LINK_EXPIRY": "Expiração do link", "NEVER": "Nunca", - "DISABLE_FILE_DOWNLOAD": "Desabilitar transferência", + "DISABLE_FILE_DOWNLOAD": "Desabilitar download", "DISABLE_FILE_DOWNLOAD_MESSAGE": "Tem certeza de que deseja desativar o botão de download para arquivos?
Os visualizadores ainda podem capturar imagens da tela ou salvar uma cópia de suas fotos usando ferramentas externas.
", "SHARED_USING": "Compartilhar usando ", "SHARING_REFERRAL_CODE": "Use o código {{referralCode}} para obter 10 GB de graça", @@ -408,8 +408,8 @@ "STOP_ALL_UPLOADS_MESSAGE": "Tem certeza que deseja parar todos os envios em andamento?", "STOP_UPLOADS_HEADER": "Parar envios?", "YES_STOP_UPLOADS": "Sim, parar envios", - "STOP_DOWNLOADS_HEADER": "Parar transferências?", - "YES_STOP_DOWNLOADS": "Sim, parar transferências", + "STOP_DOWNLOADS_HEADER": "Parar downloads?", + "YES_STOP_DOWNLOADS": "Sim, parar downloads", "STOP_ALL_DOWNLOADS_MESSAGE": "Tem certeza que deseja parar todos as transferências em andamento?", "albums_one": "1 Álbum", "albums_other": "{{count, number}} Álbuns", @@ -556,8 +556,8 @@ "SELECT_COLLECTION": "Selecionar álbum", "PIN_ALBUM": "Fixar álbum", "UNPIN_ALBUM": "Desafixar álbum", - "DOWNLOAD_COMPLETE": "Transferência concluída", - "DOWNLOADING_COLLECTION": "Transferindo {{name}}", + "DOWNLOAD_COMPLETE": "Download concluído", + "DOWNLOADING_COLLECTION": "Fazendo download de {{name}}", "DOWNLOAD_FAILED": "Falha ao baixar", "DOWNLOAD_PROGRESS": "{{progress.current}} / {{progress.total}} arquivos", "CHRISTMAS": "Natal", @@ -622,6 +622,6 @@ "TRY_AGAIN": "Tente novamente", "PASSKEY_FOLLOW_THE_STEPS_FROM_YOUR_BROWSER": "Siga os passos do seu navegador para continuar acessando.", "LOGIN_WITH_PASSKEY": "Entrar com a chave de acesso", - "autogenerated_first_album_name": "", - "autogenerated_default_album_name": "" + "autogenerated_first_album_name": "Meu Primeiro Álbum", + "autogenerated_default_album_name": "Novo Álbum" } diff --git a/web/packages/next/locales/zh-CN/translation.json b/web/packages/next/locales/zh-CN/translation.json index d2345f1ae7..c67018aaaf 100644 --- a/web/packages/next/locales/zh-CN/translation.json +++ b/web/packages/next/locales/zh-CN/translation.json @@ -622,6 +622,6 @@ "TRY_AGAIN": "重试", "PASSKEY_FOLLOW_THE_STEPS_FROM_YOUR_BROWSER": "按照浏览器中提示的步骤继续登录。", "LOGIN_WITH_PASSKEY": "使用通行密钥来登录", - "autogenerated_first_album_name": "", - "autogenerated_default_album_name": "" + "autogenerated_first_album_name": "我的第一个相册", + "autogenerated_default_album_name": "新建相册" } diff --git a/web/packages/next/types/file.ts b/web/packages/next/types/file.ts deleted file mode 100644 index 6dd1032cdb..0000000000 --- a/web/packages/next/types/file.ts +++ /dev/null @@ -1,36 +0,0 @@ -/* - * ElectronFile is a custom interface that is used to represent - * any file on disk as a File-like object in the Electron desktop app. - * - * This was added to support the auto-resuming of failed uploads - * which needed absolute paths to the files which the - * normal File interface does not provide. - */ -export interface ElectronFile { - name: string; - path: string; - size: number; - lastModified: number; - stream: () => Promise