Install a macOS-specific secure text field hotkey handler so Command-A selects the full contents of password controls when Cocoa does not route the shortcut through wxWidgets accelerators. Keep the existing wxWidgets accelerator handler for Command-V and Command-A, and recognize the standard paste/select-all IDs when they do reach the C++ event path.
Add Objective-C++ compilation support for the macOS helper and include it in the GUI target only on macOS.
Fixes https://github.com/veracrypt/VeraCrypt/issues/1567
Stage VeraCrypt and wxWidgets sources under the SDK package directory before rendering the OpenWrt package Makefile. The generated recipe now refers only to fixed package-local paths, so checkout and work directory names are no longer parsed as GNU Make syntax or passed unquoted through recipe source arguments.
Validate VeraCrypt and wxWidgets version tokens before substituting them into generated package metadata. This prevents unexpected Make metacharacters from entering the generated OpenWrt recipe while preserving normal dotted release versions.
Quote OpenWrt QEMU test container-size values with the existing shell quoting helper, matching the password handling and preventing user-supplied size text from being split or interpreted by the guest shell.
OpenBSD builds were relying on ggod to generate embedded resource
headers. That tool is not available on a stock OpenBSD 7.9 install,
and using base od directly is not a safe substitute because it emits
zero-padded decimal values such as 060 and 098. Those tokens are then
included in C++ source and parsed as octal constants, which either
changes values or fails compilation.
Use hexdump with an explicit unsigned-byte format for OpenBSD. It is
part of the base system and emits unpadded decimal byte values suitable
for the existing resource-header pipeline.
The text-mode binary also crashed on normal process exit on OpenBSD,
including after --version, --test, create, mount, list, and dismount.
GDB showed the crash in libpcsclite_real during SCardReleaseContext(),
called from the static SCardManager destructor. This happened even for
commands that did not use EMV or security-token support because the
static manager constructor eagerly initialized PC/SC at startup.
Avoid eager PC/SC initialization and exit-time finalization on OpenBSD.
The existing call sites still initialize PC/SC lazily when EMV/token
operations need it, while ordinary CLI commands no longer touch
pcsc-lite and no longer crash during static destruction.
Validated on OpenBSD 7.9 amd64 with:
- gmake NOGUI=1 -j2
- veracrypt --text --version
- veracrypt --text --test
- device-hosted create/mount/list/dismount smoke test through doas/vnd
Refs #1589.
Refs #1593.
Add OpenWrt SDK packaging under src/Build for console-only x86/64 builds. The build helper prepares the SDK, renders a local package recipe, builds VeraCrypt with the OpenWrt musl toolchain, uses wxWidgets 3.2.10 as static wxBase, enables FUSE3, and skips release self-tests during cross compilation.
Add a package template that installs the console binary, mount.veracrypt, and license files only. The package declares bash for mount.veracrypt and keeps runtime dependencies focused on the direct userland requirements.
Add a documented QEMU runtime test path that boots the matching OpenWrt image, installs the locally built package set with opkg, runs the VeraCrypt version and algorithm self-tests, and exercises a small filesystem=none container mount/unmount flow.
Allow wxbuild callers to pass WX_CONFIGURE_EXTRA_FLAGS so OpenWrt cross configure flags can be passed into the wxWidgets build without carrying an OpenWrt-specific source patch.
* ensure reproducible builds
* improve patch
* improve patch
* Narrow reproducibility scope to legacy and DEB
Keep the verified Linux legacy Makefile and DEB reproducibility paths, but remove the unverified RPM/openSUSE timestamp changes and AppImage reproducibility behavior from this PR.
The CPack mtime/mode clamp is now installed only for Debian/Ubuntu packaging, matching the scope covered by the provided reproducibility logs.
Retain umask 022 in the RPM/openSUSE wrappers so staged package permissions do not depend on a restrictive caller umask.
* Harden reproducible build cleanup
Validate SOURCE_DATE_EPOCH before interpolating it into Make, CMake or shell packaging paths.
Refuse live DESTDIR values in the CPack mtime clamp and pass makeself options through normal argv construction instead of eval.
---------
Co-authored-by: curious-rabbit <curious-rabbit@local>
Co-authored-by: Mounir IDRASSI <mounir.idrassi@amcrypto.jp>
Keep the executable requirement at CMake 2.8.12 for legacy CentOS 6 package builders while using the version-range syntax to declare policy compatibility up to 3.10. Newer CMake versions use the policy maximum to avoid CMake 4 failures, and older CMake versions ignore the suffix and continue to configure as before.
Add a -t option to build_veracrypt_macosx.sh so VC_OSX_TARGET can be set explicitly while preserving the existing defaults for source and Homebrew builds.
Fixes#1726.
Local macOS builds disable universal binaries. On Apple Silicon, that means
the regular objects are built for arm64 only, but Volume.make still selected
the macOS assembly bundle. Several of those assembly outputs are x86_64 only,
which makes ranlib reject Volume.a because it contains mixed cputypes.
Make local arm64 macOS builds use the existing arm64 crypto object path and
have the macOS build wrapper export CPU_ARCH/COMPILE_ASM consistently for
local builds.
In a Debian-style APT repository, the pool/ directory groups packages primarily by source package name and binary package name, version, architecture, etc. If two distinct .deb files have identical name and version (as seen in their control file) and same architecture, reprepro will report a conflict when adding one after the other.
So, we need to append distro-specific string to the existing version in order to avoid such conflict when creating VeraCrypt APT repository.
* Linux/MacOSX: during build, fallback to /tmp if wxWidgets sources not found in parent directory
* Linux: Add Github workflow to build .deb files and test generated binaries
* Linux: fix wrong wxWidgets extract path in yaml
* fix: fix wrong wxWidgets extract path in yaml
* Linux: harmonize content of test volumes and update Github workflow for this
* Fix corrupted test container
* Linux: optimize Github workflow by caching wxBuildConsole and wxBuildGUI folders
We also modify build script to detect the presence of wxBuildConsole and wxBuildGUI folders and reuse them
* Remove files mistakenly added
* Linux: Fix wrong test for Github workflow
* Linux: use static build of wxWidgets for GUI in Github workflow
* Linux: upload also .deb SHA256SUM file if it is generated in Github workflow
* Linux: fix detection logic of parent folder in build scripts
* Github workflow: add build_cmake_deb.sh as trigger to build-linux.yml
* Github workflow: add wxWidgets source code to the cache of workflow
Mounir IDRASSI
Mounir IDRASSI
thurask
curious-rabbit
Jertzukka
Sam Hocevar