ske087/quality_recticel
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add custom QZ Tray fork with pairing key authentication

Browse Source 
- Custom fork of QZ Tray 2.2.x with certificate validation bypassed
- Implemented pairing key (HMAC) authentication as replacement
- Modified files: PrintSocketClient.java (certificate check disabled)
- New files: PairingAuth.java, PairingConfigDialog.java
- Excluded build artifacts (out/, lib/javafx*) from repository
- Library JARs included for dependency management
This commit is contained in:
Scheianu Ionut
2025-10-02 02:27:45 +03:00
parent 755400a269
commit c7266c32ee
444 changed files with 63195 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
tray/ant/apple/appdmg.json.in Normal file
View File

@@ -0,0 +1,12 @@
{
"title": "${project.name}",
"background": "${basedir}/ant/apple/dmg-background.png",
"icon-size": 128,
"contents": [
{ "x": 501, "y": 154, "type": "link", "path": "/Applications" },
{ "x": 179, "y": 154, "type": "file", "path": "${build.dir}/${project.name}.app" }
],
"code-sign": {
"signing-identity" : "${codesign.activeid}"
}
}

28
tray/ant/apple/apple-bundle.plist.in Normal file
View File

@@ -0,0 +1,28 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0"><dict>
<key>CFBundleDevelopmentRegion</key><string>English</string>
<key>CFBundleIconFile</key><string>${project.filename}</string>
<key>CFBundleIdentifier</key><string>${apple.bundleid}</string>
<key>CFBundlePackageType</key><string>APPL</string>
<key>CFBundleGetInfoString</key><string>${project.name} ${build.version}</string>
<key>CFBundleSignature</key><string>${project.name}</string>
<key>CFBundleExecutable</key><string>${project.name}</string>
<key>CFBundleVersion</key><string>${build.version}</string>
<key>CFBundleShortVersionString</key><string>${build.version}</string>
<key>CFBundleName</key><string>${project.name}</string>
<key>CFBundleInfoDictionaryVersion</key><string>6.0</string>
<key>CFBundleURLTypes</key>
<array>
<dict>
<key>CFBundleURLName</key>
<string>${project.name}</string>
<key>CFBundleURLSchemes</key>
<array><string>${vendor.name}</string></array>
</dict>
</array>
<key>LSArchitecturePriority</key>
<array>
<string>${apple.target.arch}</string>
</array>
</dict></plist>

30
tray/ant/apple/apple-entitlements.plist.in Normal file
View File

@@ -0,0 +1,30 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.security.app-sandbox</key>
<${build.sandboxed}/>
<key>com.apple.security.network.client</key>
<true/>
<key>com.apple.security.network.server</key>
<true/>
<key>com.apple.security.files.all</key>
<true/>
<key>com.apple.security.print</key>
<true/>
<key>com.apple.security.device.usb</key>
<true/>
<key>com.apple.security.device.bluetooth</key>
<true/>
<key>com.apple.security.cs.allow-jit</key>
<true/>
<key>com.apple.security.cs.allow-unsigned-executable-memory</key>
<true/>
<key>com.apple.security.cs.disable-library-validation</key>
<true/>
<key>com.apple.security.cs.allow-dyld-environment-variables</key>
<true/>
<key>com.apple.security.cs.debugger</key>
<true/>
</dict>
</plist>

23
tray/ant/apple/apple-postinstall.sh.in Normal file
View File

@@ -0,0 +1,23 @@
#!/bin/bash
# Halt on first error
set -e
# Get working directory
DIR=$(cd "$(dirname "$0")" && pwd)
pushd "$DIR/payload/${project.name}.app/Contents/MacOS/"
./"${project.name}" install >> "${install.log}" 2>&1
popd
# Use install target from pkgbuild, an undocumented feature; fallback on sane location
if [ -n "$2" ]; then
pushd "$2/Contents/MacOS/"
else
pushd "/Applications/${project.name}.app/Contents/MacOS/"
fi
./"${project.name}" certgen >> "${install.log}" 2>&1
# Start qz by calling open on the .app as an ordinary user
su "$USER" -c "open ../../" || true

31
tray/ant/apple/apple-preinstall.sh.in Normal file
View File

@@ -0,0 +1,31 @@
#!/bin/bash
# Halt on first error
set -e
# Clear the log for writing
> "${install.log}"
# Log helper
dbg () {
echo -e "[BASH] $(date -Iseconds)\n\t$1" >> "${install.log}" 2>&1
}
# Get working directory
dbg "Calculating working directory..."
DIR=$(cd "$(dirname "$0")" && pwd)
dbg "Using working directory $DIR"
dbg "Switching to payload directory $DIR/payload/${project.name}.app/Contents/MacOS/"
pushd "$DIR/payload/${project.name}.app/Contents/MacOS/" >> "${install.log}" 2>&1
# Offer to download Java if missing
dbg "Checking for Java in payload directory..."
if ! ./"${project.name}" --version >> "${install.log}" 2>&1; then
dbg "Java was not found"
osascript -e "tell app \"Installer\" to display dialog \"Java is required. Please install Java and try again.\""
sudo -u "$USER" open "${java.download}"
exit 1
fi
dbg "Java was found in payload directory, running preinstall"
./"${project.name}" preinstall >> "${install.log}" 2>&1

6
tray/ant/apple/apple.properties Normal file
View File

@@ -0,0 +1,6 @@
# Apple build properties
apple.packager.signid=P5DMU6659X
# jdk9+ flags
# - Tray icon requires workaround https://github.com/dyorgio/macos-tray-icon-fixer/issues/9
# - Dark theme requires workaround https://github.com/bobbylight/Darcula/issues/8
apple.launch.jigsaw=--add-opens java.desktop/sun.lwawt.macosx=ALL-UNNAMED --add-opens java.desktop/java.awt=ALL-UNNAMED --add-exports java.desktop/com.apple.laf=ALL-UNNAMED

BIN
tray/ant/apple/certs/apple-codesign.cer Normal file
View File

Binary file not shown.

BIN
tray/ant/apple/certs/apple-intermediate.cer Normal file
View File

Binary file not shown.

BIN
tray/ant/apple/certs/apple-packager.cer Normal file
View File

Binary file not shown.

BIN
tray/ant/apple/dmg-background.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 48 KiB

BIN
tray/ant/apple/dmg-background@2x.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 110 KiB

376
tray/ant/apple/installer.xml Normal file
View File

@@ -0,0 +1,376 @@
<project name="apple-installer" basedir="../../" xmlns:if="ant:if">
<property file="ant/project.properties"/>
<import file="${basedir}/ant/version.xml"/>
<import file="${basedir}/ant/platform-detect.xml"/>
<!--
################################################################
# Apple Installer #
################################################################
-->
<target name="build-pkg" depends="get-identity,add-certificates,get-version,platform-detect">
<echo level="info">Creating installer using pkgbuild</echo>
<!--
#####################################
# Create scripts, payload and pkg #
#####################################
-->
<mkdir dir="${build.dir}/scripts/payload"/>
<!-- Get the os-preferred name for the target architecture -->
<condition property="apple.target.arch" value="arm64">
<isset property="target.arch.aarch64"/>
</condition>
<property name="apple.target.arch" value="x86_64" description="fallback value"/>
<!-- Build app without sandboxing by default-->
<property name="build.sandboxed" value="false"/>
<antcall target="build-app">
<param name="bundle.dir" value="${build.dir}/scripts/payload/${project.name}.app"/>
</antcall>
<!-- Add a break in the logs -->
<antcall target="packaging"/>
<!-- scripts/ -->
<copy file="ant/apple/apple-preinstall.sh.in" tofile="${build.dir}/scripts/preinstall">
<filterchain><expandproperties/></filterchain>
</copy>
<copy file="ant/apple/apple-postinstall.sh.in" tofile="${build.dir}/scripts/postinstall">
<filterchain><expandproperties/></filterchain>
</copy>
<chmod perm="a+x" type="file">
<fileset dir="${build.dir}/scripts">
<include name="preinstall"/>
<include name="postinstall"/>
</fileset>
</chmod>
<exec executable="pkgbuild" failonerror="true">
<arg value="--identifier"/>
<arg value="${apple.bundleid}"/>
<arg value="--nopayload"/>
<arg value="--install-location"/>
<arg value="/Applications/${project.name}.app"/>
<arg value="--scripts"/>
<arg value="${build.dir}/scripts"/>
<arg value="--version"/>
<arg value="${build.version}"/>
<arg value="--sign" if:true="${codesign.available}"/>
<arg value="${codesign.activeid}" if:true="${codesign.available}"/>
<arg value="${out.dir}/${project.filename}${build.type}-${build.version}-${apple.target.arch}-unbranded.pkg"/>
</exec>
<!-- Branding for qz only -->
<condition property="pkg.background" value="pkg-background.tiff" else="pkg-background-blank.tiff">
<equals arg1="${project.filename}" arg2="qz-tray"/>
</condition>
<!-- Copy branded resources to out/resources -->
<mkdir dir="${out.dir}/resources"/>
<copy file="${basedir}/ant/apple/${pkg.background}" tofile="${out.dir}/resources/background.tiff" failonerror="true"/>
<!-- Create product definition plist that stipulates supported arch -->
<copy file="ant/apple/product-def.plist.in" tofile="${build.dir}/product-def.plist">
<filterchain><expandproperties/></filterchain>
</copy>
<!-- Create a distribution.xml file for productbuild -->
<exec executable="productbuild" failonerror="true">
<arg value="--synthesize"/>
<arg value="--sign" if:true="${codesign.available}"/>
<arg value="${codesign.activeid}" if:true="${codesign.available}"/>
<arg value="--timestamp"/>
<arg value="--package"/>
<arg value="${out.dir}/${project.filename}${build.type}-${build.version}-${apple.target.arch}-unbranded.pkg"/>
<arg value="--product"/>
<arg value="${build.dir}/product-def.plist"/>
<arg value="--scripts"/>
<arg value="${build.dir}/scripts"/>
<arg value="${out.dir}/distribution.xml"/>
</exec>
<!-- Inject title, background -->
<replace file="${out.dir}/distribution.xml" token="&lt;options customize">
<replacevalue><![CDATA[<title>@project.name@ @build.version@</title>
<background file="background.tiff" mime-type="image/tiff" alignment="bottomleft" scaling="none"/>
<background-darkAqua file="background.tiff" mime-type="image/tiff" alignment="bottomleft" scaling="none"/>
<options customize]]></replacevalue>
<replacefilter token="@project.name@" value="${project.name}"/>
<replacefilter token="@build.version@" value="${build.version}"/>
</replace>
<!-- Create a branded .pkg using productbuild -->
<exec executable="productbuild" dir="${out.dir}" failonerror="true">
<arg value="--sign" if:true="${codesign.available}"/>
<arg value="${codesign.activeid}" if:true="${codesign.available}"/>
<arg value="--timestamp"/>
<arg value="--distribution"/>
<arg value="${out.dir}/distribution.xml"/>
<arg value="--resources"/>
<arg value="${out.dir}/resources"/>
<arg value="--product"/>
<arg value="${build.dir}/product-def.plist"/>
<arg value="--package-path"/>
<arg value="${project.filename}${build.type}-${build.version}-${apple.target.arch}-unbranded.pkg"/>
<arg value="${out.dir}/${project.filename}${build.type}-${build.version}-${apple.target.arch}.pkg"/>
</exec>
<!-- Cleanup unbranded version -->
<delete file="${out.dir}/${project.filename}${build.type}-${build.version}-${apple.target.arch}-unbranded.pkg"/>
</target>
<target name="build-dmg" depends="get-identity,add-certificates,get-version">
<echo level="info">Creating app bundle</echo>
<!--
#####################################
# Create payload and bundle as dmg #
#####################################
-->
<!-- Dmg JSON -->
<copy file="ant/apple/appdmg.json.in" tofile="${build.dir}/appdmg.json">
<filterchain><expandproperties/></filterchain>
</copy>
<!-- Build app with sandboxing by default-->
<property name="build.sandboxed" value="true"/>
<antcall target="build-app">
<param name="bundle.dir" value="${build.dir}/${project.name}.app"/>
</antcall>
<!-- Add a break in the logs -->
<antcall target="packaging"/>
<exec executable="appdmg" failonerror="true">
<arg value="${build.dir}/appdmg.json"/>
<arg value="${out.dir}/${project.filename}${build.type}-${build.version}.dmg"/>
</exec>
</target>
<target name="build-app" depends="get-identity">
<!-- App Bundle -->
<mkdir dir="${bundle.dir}"/>
<!-- Contents/ -->
<copy file="ant/apple/apple-bundle.plist.in" tofile="${bundle.dir}/Contents/Info.plist">
<filterchain><expandproperties/></filterchain>
</copy>
<!-- Contents/MacOS/ -->
<mkdir dir="${bundle.dir}/Contents/MacOS"/>
<copy file="ant/unix/unix-launcher.sh.in" tofile="${bundle.dir}/Contents/MacOS/${project.name}">
<filterchain><expandproperties/></filterchain>
</copy>
<!-- Contents/Resources/ -->
<copy todir="${bundle.dir}/Contents/Resources">
<fileset dir="${dist.dir}">
<include name="${project.filename}.jar"/>
<include name="LICENSE.txt"/>
<include name="override.crt"/>
</fileset>
</copy>
<copy file="assets/branding/apple-icon.icns" tofile="${bundle.dir}/Contents/Resources/${project.filename}.icns"/>
<copy file="ant/unix/unix-uninstall.sh.in" tofile="${bundle.dir}/Contents/Resources/uninstall">
<filterchain><expandproperties/></filterchain>
</copy>
<copy todir="${bundle.dir}/Contents/Resources/demo">
<fileset dir="${dist.dir}/demo" includes="**"/>
</copy>
<!-- Provision files -->
<delete dir="${bundle.dir}/Contents/Resources/provision" failonerror="false"/>
<copy todir="${bundle.dir}/Contents/Resources/provision" failonerror="false">
<fileset dir="${provision.dir}" includes="**"/>
</copy>
<chmod perm="a+x" type="file" verbose="true">
<fileset dir="${bundle.dir}/Contents/Resources/" casesensitive="false">
<!-- Must iterate on parent directory in case "provision" is missing -->
<include name="provision/*"/>
<exclude name="provision/*.crt"/>
<exclude name="provision/*.txt"/>
<exclude name="provision/*.json"/>
</fileset>
</chmod>
<!-- Java runtime -->
<copy todir="${bundle.dir}/Contents/PlugIns/Java.runtime">
<fileset dir="${dist.dir}/Java.runtime" includes="**"/>
</copy>
<copy todir="${bundle.dir}/Contents/Frameworks">
<fileset dir="${dist.dir}/libs" includes="**"/>
</copy>
<copy todir="${bundle.dir}">
<fileset dir="${bundle.dir}" includes="**"/>
</copy>
<!-- set payload files executable -->
<chmod perm="a+x" type="file">
<fileset dir="${bundle.dir}">
<include name="**/${project.name}"/>
<include name="**/Resources/uninstall"/>
<include name="**/bin/*"/>
<include name="**/lib/jspawnhelper"/>
</fileset>
</chmod>
<copy file="ant/apple/apple-entitlements.plist.in" tofile="${build.dir}/apple-entitlements.plist">
<filterchain><expandproperties/></filterchain>
</copy>
<!-- use xargs to loop over and codesign all files-->
<echo level="info" message="Signing ${bundle.dir} using ${codesign.activeid}"/>
<!-- Find -X fails on spaces but doesn't failonerror, this may lead to overlooked errors. -->
<!-- Currently the only file that may contains a space is the main executable which we omit from signing anyway. -->
<exec executable="bash" failonerror="true" dir="${bundle.dir}">
<arg value="-c"/>
<arg value="find -X &quot;.&quot; -type f -not -path &quot;*/Contents/MacOS/*&quot; -exec sh -c 'file -I &quot;{}&quot; |grep -m1 &quot;x-mach-binary&quot;|cut -f 1 -d \:' \; |xargs codesign --force -s &quot;${codesign.activeid}&quot; --timestamp --options runtime"/>
</exec>
<exec executable="codesign" failonerror="true">
<arg value="--force"/>
<arg value="-s"/>
<arg value="${codesign.activeid}"/>
<arg value="--timestamp"/>
<arg value="--options"/>
<arg value="runtime"/>
<arg value="--entitlement"/>
<arg value="${build.dir}/apple-entitlements.plist"/>
<arg value="${bundle.dir}/Contents/PlugIns/Java.runtime/Contents/Home/bin/java"/>
<arg value="${bundle.dir}/Contents/PlugIns/Java.runtime/Contents/Home/bin/jcmd"/>
<arg value="${bundle.dir}/Contents/PlugIns/Java.runtime"/>
</exec>
<exec executable="codesign" failonerror="true">
<arg value="-s"/>
<arg value="${codesign.activeid}"/>
<arg value="--timestamp"/>
<arg value="--options"/>
<arg value="runtime"/>
<arg value="--entitlement"/>
<arg value="${build.dir}/apple-entitlements.plist"/>
<arg value="${bundle.dir}"/>
</exec>
<!-- Verify Java.runtime -->
<antcall target="verify-signature">
<param name="signed.bundle.name" value="Java.runtime"/>
<param name="signed.bundle.dir" value="${bundle.dir}/Contents/PlugIns/Java.runtime"/>
</antcall>
<!-- Verify QZ Tray.app -->
<antcall target="verify-signature" >
<param name="signed.bundle.name" value="${project.name}.app"/>
<param name="signed.bundle.dir" value="${bundle.dir}"/>
</antcall>
</target>
<target name="add-certificates" depends="get-identity">
<!-- Remove expired certificates -->
<exec executable="security">
<arg value="delete-certificate"/>
<arg value="-Z"/>
<arg value="A69020D49B47383064ADD5779911822850235953"/>
</exec>
<exec executable="security">
<arg value="delete-certificate"/>
<arg value="-Z"/>
<arg value="6FD7892971854384AF40FAD1E0E6C56A992BC5EE"/>
</exec>
<exec executable="security">
<arg value="delete-certificate"/>
<arg value="-Z"/>
<arg value="F7F10838412D9187042EE1EB018794094AFA189A"/>
</exec>
<exec executable="security">
<arg value="add-certificates"/>
<arg value="${basedir}/ant/apple/certs/apple-packager.cer"/>
<arg value="${basedir}/ant/apple/certs/apple-intermediate.cer"/>
<arg value="${basedir}/ant/apple/certs/apple-codesign.cer"/>
</exec>
</target>
<target name="copy-dylibs" if="target.os.mac">
<echo level="info">Copying native library files to libs</echo>
<mkdir dir="${dist.dir}/libs"/>
<copy todir="${dist.dir}/libs" flatten="true" verbose="true">
<fileset dir="${out.dir}/libs-temp">
<!--x86_64-->
<include name="**/darwin-x86-64/*" if="target.arch.x86_64"/> <!-- jna/hid4java -->
<include name="**/osx-x86_64/*" if="target.arch.x86_64"/> <!-- usb4java -->
<include name="**/osx_64/*" if="target.arch.x86_64"/> <!-- jssc -->
<!--aarch64-->
<include name="**/darwin-aarch64/*" if="target.arch.aarch64"/> <!-- jna/hid4java -->
<include name="**/osx-aarch64/*" if="target.arch.aarch64"/> <!-- usb4java -->
<include name="**/osx_arm64/*" if="target.arch.aarch64"/> <!-- jssc -->
</fileset>
</copy>
</target>
<target name="get-identity">
<property file="ant/apple/apple.properties"/>
<!-- Ensure ${apple.packager.signid} is in Keychain -->
<exec executable="bash" failonerror="false" resultproperty="codesign.qz">
<arg value="-c"/>
<arg value="security find-identity -v |grep '(${apple.packager.signid})'"/>
</exec>
<!-- Fallback to "-" (ad-hoc) if ${apple.packager.signid} isn't found -->
<condition property="codesign.activeid" value="${apple.packager.signid}" else="-">
<equals arg1="${codesign.qz}" arg2="0"/>
</condition>
<!-- Fallback to "-" (ad-hoc) if ${apple.packager.signid} isn't found -->
<condition property="codesign.available">
<equals arg1="${codesign.qz}" arg2="0"/>
</condition>
<!-- Property to show warning later -->
<condition property="codesign.selfsign">
<equals arg1="${codesign.activeid}" arg2="-"/>
</condition>
</target>
<target name="verify-signature">
<echo level="info">Verifying ${signed.bundle.name} Signature</echo>
<echo level="info">Location: ${signed.bundle.dir}</echo>
<exec executable="codesign" failifexecutionfails="false" resultproperty="signing.status">
<arg value="-v"/>
<arg value="--strict"/>
<arg value="${signed.bundle.dir}"/>
</exec>
<condition property="message.severity" value="info" else="warn">
<equals arg1="${signing.status}" arg2="0"/>
</condition>
<condition property="message.description"
value="Signing passed: Successfully signed"
else="Signing failed:: Signing failed (will prevent app from launching)">
<equals arg1="${signing.status}" arg2="0"/>
</condition>
<echo level="${message.severity}">${message.description}</echo>
</target>
<!-- Stub title/separator workaround for build-pkg/build-dmg -->
<target name="packaging"/>
</project>

BIN
tray/ant/apple/pkg-background-blank.tiff Normal file
View File

Binary file not shown.

BIN
tray/ant/apple/pkg-background.tiff Normal file
View File

Binary file not shown.

10
tray/ant/apple/product-def.plist.in Normal file
View File

@@ -0,0 +1,10 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>arch</key>
<array>
<string>${apple.target.arch}</string>
</array>
</dict>
</plist>