From b73e9f4996b81008613251092def2a6579fa1660 Mon Sep 17 00:00:00 2001 From: LordGrey <48840279+Lord-Grey@users.noreply.github.com> Date: Sun, 29 Oct 2023 21:12:59 +0100 Subject: [PATCH 1/5] Qt 6.7 (#1650) * Do not validate values for options without value * Clean-up * ws281x include files workaround * Revert "ws281x include files workaround" This reverts commit 1b983087183e3c563a191edd34a318cfd0cdace1. * Use https://github.com/hyperion-project/rpi_ws281x while fix is applied in original repository --- .gitmodules | 4 ++-- CMakeLists.txt | 11 +++++------ libsrc/commandline/Parser.cpp | 25 ++++++++++++++----------- 3 files changed, 21 insertions(+), 19 deletions(-) diff --git a/.gitmodules b/.gitmodules index 624c175c..2fd17349 100644 --- a/.gitmodules +++ b/.gitmodules @@ -1,7 +1,7 @@ [submodule "dependencies/external/rpi_ws281x"] path = dependencies/external/rpi_ws281x - url = https://github.com/jgarff/rpi_ws281x - branch = master + url = https://github.com/hyperion-project/rpi_ws281x + branch = main [submodule "dependencies/external/flatbuffers"] path = dependencies/external/flatbuffers url = https://github.com/google/flatbuffers diff --git a/CMakeLists.txt b/CMakeLists.txt index 813cb750..32bbb7d2 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -222,10 +222,11 @@ if (HYPERION_LIGHT) SET ( DEFAULT_OSX OFF ) SET ( DEFAULT_QT OFF ) SET ( DEFAULT_V4L2 OFF ) - SET ( DEFAULT_AUDIO OFF ) SET ( DEFAULT_X11 OFF ) SET ( DEFAULT_XCB OFF ) + SET ( DEFAULT_AUDIO OFF ) + # Disable Input Servers SET ( DEFAULT_BOBLIGHT_SERVER OFF ) SET ( DEFAULT_CEC OFF ) @@ -274,15 +275,13 @@ message(STATUS "ENABLE_V4L2 = ${ENABLE_V4L2}") option(ENABLE_X11 "Enable the X11 grabber" ${DEFAULT_X11}) message(STATUS "ENABLE_X11 = ${ENABLE_X11}") -option(ENABLE_AUDIO "Enable the AUDIO grabber" ${DEFAULT_AUDIO}) -message(STATUS "ENABLE_AUDIO = ${ENABLE_AUDIO}") - -option(ENABLE_WS281XPWM "Enable the WS281x-PWM device" ${DEFAULT_WS281XPWM} ) -message(STATUS "ENABLE_WS281XPWM = ${ENABLE_WS281XPWM}") option(ENABLE_XCB "Enable the XCB grabber" ${DEFAULT_XCB}) message(STATUS "ENABLE_XCB = ${ENABLE_XCB}") +option(ENABLE_AUDIO "Enable the AUDIO grabber" ${DEFAULT_AUDIO}) +message(STATUS "ENABLE_AUDIO = ${ENABLE_AUDIO}") + removeIndent() message(STATUS "Input options:") diff --git a/libsrc/commandline/Parser.cpp b/libsrc/commandline/Parser.cpp index 0bceb682..df58fe1f 100644 --- a/libsrc/commandline/Parser.cpp +++ b/libsrc/commandline/Parser.cpp @@ -14,19 +14,22 @@ bool Parser::parse(const QStringList &arguments) return false; } - for(Option * option : _options) + for(Option * option : std::as_const(_options)) { - QString value = this->value(*option); - if (!option->validate(*this, value)) { - const QString error = option->getError(); - if (!error.isEmpty()) { - _errorText = tr("\"%1\" is not a valid option for %2, %3").arg(value, option->name(), error); + if (!option->valueName().isEmpty()) + { + QString value = this->value(*option); + if (!option->validate(*this, value)) { + const QString error = option->getError(); + if (!error.isEmpty()) { + _errorText = tr("\"%1\" is not a valid option for %2, %3").arg(value, option->name(), error); + } + else + { + _errorText = tr("\"%1\" is not a valid option for %2").arg(value, option->name()); + } + return false; } - else - { - _errorText = tr("\"%1\" is not a valid option for %2").arg(value, option->name()); - } - return false; } } return true; From 27027b224cc8f4db4ad3f30b1af0afec37eb2adf Mon Sep 17 00:00:00 2001 From: LordGrey <48840279+Lord-Grey@users.noreply.github.com> Date: Sun, 29 Oct 2023 21:13:34 +0100 Subject: [PATCH 2/5] Fix self-signed certificate handling (#1649) --- CHANGELOG.md | 1 + .../leddevice/dev_net/LedDevicePhilipsHue.cpp | 6 +- libsrc/leddevice/dev_net/ProviderRestApi.cpp | 73 ++++++++++++++++++- libsrc/leddevice/dev_net/ProviderRestApi.h | 2 + 4 files changed, 75 insertions(+), 7 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 061f7b09..e4024253 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -70,6 +70,7 @@ Note: The wizard will configure an APIv2 capable bridge always with Entertainmen - Changed default build from Stretch to Buster - Support Qt 6.7, Update to Protobuf 23.4.0, Update mbedTLS to v3.4.0, Update flatbuffers to v23.5.26 - Use C++17 standard as default +- Added Pull Request (PR) installation script, allowing users to test development builds savely on Linux - Fixed missing include limits in QJsonSchemaChecker - Thanks @Portisch - Fixed dependencies for deb packages in Debian Bookworm (#1579) - Thanks @hg42, @Psirus - Fixed git version identification when run in docker and local code diff --git a/libsrc/leddevice/dev_net/LedDevicePhilipsHue.cpp b/libsrc/leddevice/dev_net/LedDevicePhilipsHue.cpp index 14f9c39a..77712594 100644 --- a/libsrc/leddevice/dev_net/LedDevicePhilipsHue.cpp +++ b/libsrc/leddevice/dev_net/LedDevicePhilipsHue.cpp @@ -584,11 +584,7 @@ int LedDevicePhilipsHueBridge::close() bool LedDevicePhilipsHueBridge::configureSsl() { _restApi->setAlternateServerIdentity(_deviceBridgeId); - - if (_isDiyHue) - { - _restApi->acceptSelfSignedCertificates(true); - } + _restApi->acceptSelfSignedCertificates(true); bool success = _restApi->setCaCertificate(API_SSL_CA_CERTIFICATE_RESSOURCE); if (!success) diff --git a/libsrc/leddevice/dev_net/ProviderRestApi.cpp b/libsrc/leddevice/dev_net/ProviderRestApi.cpp index e2d07475..7321810f 100644 --- a/libsrc/leddevice/dev_net/ProviderRestApi.cpp +++ b/libsrc/leddevice/dev_net/ProviderRestApi.cpp @@ -11,6 +11,8 @@ #include #include #include +#include +#include #include @@ -451,6 +453,63 @@ bool ProviderRestApi::checkServerIdentity(const QSslConfiguration& sslConfig) co return isServerIdentified; } +bool ProviderRestApi::matchesPinnedCertificate(const QSslCertificate& certificate) +{ + bool isMatching {false}; + + QList certificateInfos = certificate.subjectInfo(QSslCertificate::CommonName); + + if (certificateInfos.isEmpty()) + { + return false; + } + QString identifier = certificateInfos.constFirst(); + + QString appDataDir = QStandardPaths::writableLocation(QStandardPaths::AppDataLocation); + QString certDir = appDataDir + "/certificates"; + QDir().mkpath(certDir); + + QString filePath(certDir + "/" + identifier + ".pem"); + QFile file(filePath); + if (file.open(QIODevice::ReadOnly)) + { + QList certificates = QSslCertificate::fromDevice(&file, QSsl::Pem); + if (!certificates.isEmpty()) + { + Debug (_log,"First used certificate loaded successfully"); + QSslCertificate pinnedeCertificate = certificates.constFirst(); + if (pinnedeCertificate == certificate) + { + isMatching = true; + } + } + else + { + Debug (_log,"Error reading first used certificate file: %s", QSTRING_CSTR(filePath)); + } + file.close(); + } + else + { + if (file.open(QIODevice::WriteOnly)) + { + QByteArray pemData = certificate.toPem(); + qint64 bytesWritten = file.write(pemData); + if (bytesWritten == pemData.size()) + { + Debug (_log,"First used certificate saved to file: %s", QSTRING_CSTR(filePath)); + isMatching = true; + } + else + { + Debug (_log,"Error writing first used certificate file: %s", QSTRING_CSTR(filePath)); + } + file.close(); + } + } + return isMatching; +} + void ProviderRestApi::onSslErrors(QNetworkReply* reply, const QList& errors) { int ignoredErrorCount {0}; @@ -466,11 +525,21 @@ void ProviderRestApi::onSslErrors(QNetworkReply* reply, const QList& } break; case QSslError::SelfSignedCertificate : - if (_isSeflSignedCertificateAccpeted) + if (_isSeflSignedCertificateAccpeted) + { + // Get the peer certificate associated with the error + QSslCertificate certificate = error.certificate(); + if (matchesPinnedCertificate(certificate)) { + Debug (_log,"'Trust on first use' - Certificate received matches pinned certificate"); ignoreSslError = true; } - break; + else + { + Error (_log,"'Trust on first use' - Certificate received does not match pinned certificate"); + } + } + break; default: break; } diff --git a/libsrc/leddevice/dev_net/ProviderRestApi.h b/libsrc/leddevice/dev_net/ProviderRestApi.h index b93d13ea..db4f9bd7 100644 --- a/libsrc/leddevice/dev_net/ProviderRestApi.h +++ b/libsrc/leddevice/dev_net/ProviderRestApi.h @@ -444,6 +444,8 @@ private: bool checkServerIdentity(const QSslConfiguration& sslConfig) const; + bool matchesPinnedCertificate(const QSslCertificate& certificate); + Logger* _log; /// QNetworkAccessManager object for sending REST-requests. From 8a54eff6563f5b47c7dd5dcef1fb2f41507e8cda Mon Sep 17 00:00:00 2001 From: Hyperion-Bot <20935312+Hyperion-Bot@users.noreply.github.com> Date: Mon, 30 Oct 2023 00:21:59 +0000 Subject: [PATCH 3/5] Update submodule rpi_ws281x --- dependencies/external/rpi_ws281x | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dependencies/external/rpi_ws281x b/dependencies/external/rpi_ws281x index 1f47b59e..49086d39 160000 --- a/dependencies/external/rpi_ws281x +++ b/dependencies/external/rpi_ws281x @@ -1 +1 @@ -Subproject commit 1f47b59ed603223d1376d36c788c89af67ae2fdc +Subproject commit 49086d3913367d2fb014a615f9d958a47867bc39 From f57c4f84acd92dede4a2e5e1c8eef6786eaff99c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 2 Nov 2023 14:38:23 +0100 Subject: [PATCH 4/5] Bump jurplel/install-qt-action from 3 to 4 (#1652) Bumps [jurplel/install-qt-action](https://github.com/jurplel/install-qt-action) from 3 to 4. --- .github/workflows/pull-request.yml | 2 +- .github/workflows/push-master.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index eee7c150..12d69ae4 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -137,7 +137,7 @@ jobs: echo -n "+PR${{ github.event.pull_request.number }}" >> .version - name: Install Qt - uses: jurplel/install-qt-action@v3 + uses: jurplel/install-qt-action@v4 with: version: ${{env.QT_VERSION}} target: 'desktop' diff --git a/.github/workflows/push-master.yml b/.github/workflows/push-master.yml index b0ee7a1d..23c0abc8 100644 --- a/.github/workflows/push-master.yml +++ b/.github/workflows/push-master.yml @@ -102,7 +102,7 @@ jobs: submodules: recursive - name: Install Qt - uses: jurplel/install-qt-action@v3 + uses: jurplel/install-qt-action@v4 with: version: ${{env.QT_VERSION}} target: 'desktop' From c9518db59742ddae6da7c93a49d3eaf3fe5d7ab5 Mon Sep 17 00:00:00 2001 From: LordGrey Date: Fri, 3 Nov 2023 19:54:59 +0100 Subject: [PATCH 5/5] Revert "Bump jurplel/install-qt-action from 3 to 4 (#1652)" This reverts commit f57c4f84acd92dede4a2e5e1c8eef6786eaff99c. --- .github/workflows/pull-request.yml | 2 +- .github/workflows/push-master.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index 12d69ae4..eee7c150 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -137,7 +137,7 @@ jobs: echo -n "+PR${{ github.event.pull_request.number }}" >> .version - name: Install Qt - uses: jurplel/install-qt-action@v4 + uses: jurplel/install-qt-action@v3 with: version: ${{env.QT_VERSION}} target: 'desktop' diff --git a/.github/workflows/push-master.yml b/.github/workflows/push-master.yml index 23c0abc8..b0ee7a1d 100644 --- a/.github/workflows/push-master.yml +++ b/.github/workflows/push-master.yml @@ -102,7 +102,7 @@ jobs: submodules: recursive - name: Install Qt - uses: jurplel/install-qt-action@v4 + uses: jurplel/install-qt-action@v3 with: version: ${{env.QT_VERSION}} target: 'desktop'