Install staged /usr child directories by merging their contents into existing destination directories instead of replacing them. This preserves /usr/sbin symlinks to bin on merged-/usr distributions while keeping traditional layouts working.
Fixes issue: https://github.com/veracrypt/VeraCrypt/issues/1764
Allow reproducible makeself finalization to run with Python 2.6+ or Python 3 by avoiding Python 3-only syntax and probing python3, python, then python2.
Run the install(SCRIPT) mtime/mode clamp for every CPack generator instead of
only the DEB branch, so the RPM payload staging tree is normalised the same way
before rpmbuild sees it. Payload file timestamps and permissions are therefore
reproducible on any rpm version.
For the RPM header, set the spec %defines that pin BuildTime to
SOURCE_DATE_EPOCH (use_source_date_epoch_as_buildtime, which consumes the
exported environment variable) and BuildHost to a fixed value (_buildhost), and
clamp payload mtimes through both the legacy clamp_mtime_to_source_date_epoch
macro and its modern build_mtime_policy replacement. source_date_epoch_from_changelog
is disabled so CPack's placeholder changelog date cannot hijack the epoch.
These macros only exist on rpm >= 4.14 (buildtime/mtime) and >= 4.18
(buildhost). To make the two header fields reproducible on older rpm as well
(CentOS/RHEL 7, rpm < 4.14), add a small libc-interposition shim
(Build/Tools/repro_buildstamp.c) that pins time() and the build hostname,
LD_PRELOAD'ed onto cpack's rpmbuild child by the RPM packaging wrappers. The
shim calls the real uname() and overwrites only nodename, leaving architecture
detection intact, never overrides monotonic clocks, and defers to the real
time() when SOURCE_DATE_EPOCH is unset so a missing epoch is a no-op rather than
a frozen 1970 clock. It is enabled only after it compiles and loads cleanly;
otherwise packaging proceeds without it, because a preload that fails to load
would emit an ld.so error that rpm's check-buildroot script turns into a fatal
%install error.
Derive and export SOURCE_DATE_EPOCH in the rpm and openSUSE wrappers the same
way the deb wrapper already does, mark both wrappers executable, and note in the
README that .deb and .rpm packages are reproducible including on older rpm.
Install a macOS-specific secure text field hotkey handler so Command-A selects the full contents of password controls when Cocoa does not route the shortcut through wxWidgets accelerators. Keep the existing wxWidgets accelerator handler for Command-V and Command-A, and recognize the standard paste/select-all IDs when they do reach the C++ event path.
Add Objective-C++ compilation support for the macOS helper and include it in the GUI target only on macOS.
Fixes https://github.com/veracrypt/VeraCrypt/issues/1567
Bundle the FUSE2 userspace library inside the AppImage AppDir and make AppRun prefer APPDIR/usr/lib. This lets the bundled VeraCrypt binary resolve libfuse.so.2 on systems where FUSE2 userspace packages are no longer installed by default.
Name AppImage artifacts according to the GTK backend detected during the build. GTK3 builds keep the default VeraCrypt-<version>-<arch>.AppImage name, while GTK2 builds use a gtk2-legacy suffix to distinguish the legacy compatibility artifact.
Include immintrin.h in the Argon2 AVX2 implementation so GCC toolchains such as the one on CentOS 7 see the AVX2 intrinsic types when compiling with -mavx2.
Refs: https://github.com/veracrypt/VeraCrypt/issues/1595
* ensure reproducible builds
* improve patch
* improve patch
* Narrow reproducibility scope to legacy and DEB
Keep the verified Linux legacy Makefile and DEB reproducibility paths, but remove the unverified RPM/openSUSE timestamp changes and AppImage reproducibility behavior from this PR.
The CPack mtime/mode clamp is now installed only for Debian/Ubuntu packaging, matching the scope covered by the provided reproducibility logs.
Retain umask 022 in the RPM/openSUSE wrappers so staged package permissions do not depend on a restrictive caller umask.
* Harden reproducible build cleanup
Validate SOURCE_DATE_EPOCH before interpolating it into Make, CMake or shell packaging paths.
Refuse live DESTDIR values in the CPack mtime clamp and pass makeself options through normal argv construction instead of eval.
---------
Co-authored-by: curious-rabbit <curious-rabbit@local>
Co-authored-by: Mounir IDRASSI <mounir.idrassi@amcrypto.jp>
Update the old logo with a simplified one without extra label text.
.ico and .icns are updated on Windows and macOS, and .png, .svg
are added on Linux and FreeBSD.
Original logo design by Andreas Becker, recreated by danielwerg with
some edits and symbolic version by me.
This patch moves away from gnome-terminal -e options which is deprecated
and subject to possibly be removed in the future. The -- option is nearly
equivalent in behaviour. Also ensures that uninstallation script has correct
privileges, adds window title to xmessage and ensures correct files are
used during installation.
The build script build_veracrypt_macosx.h now accepts the argument -f to enable fuse-t support.
It is also possible to set the environment variable VC_OSX_FUSET to 1 for FUSE-T support.
A change was done in CoreUnix::GetMountedVolumes to add a waiting loop for control file to be accessible because when using FUSE-T there always a delay before control file can be serialized.
Replaced an incorrect 'end' statement with 'endif' in the
MacOSX-specific section of the Main.make file. This resolves the make
error caused by an unclosed conditional block.
* Add missing macOS requirement for 'make package'
We need packages for the last build step on macOS, update docs
to reflect the requirement.
* Add build instructions using homebrew
On macOS, we can use a package manager to easily install
dependencies. This simplifies onboarding and building Veracrypt.
* Add flag to use homebrew packages
When building, we can use prebuilt wxwidgets from homebrew to
simplify and speed up local building. We also put the package
behind a flag as it's optional during development.
* Skip signing for local builds
When building with homebrew, skip signing. This can be put behind
a flag to enable, if needed.
* Use system yasm on macOS if available
The binary in the repo is not universal (x86_64) and therefore
building fails on arm architecture if Rosetta is not installed.
Use local yasm if available.
* Build local arch only in development
When building via homebrew and locally, build only the local arch
which skips ASM for arm(Mx) for MacOS. This removes the need to
have rosetta installed for building.
* Fix compilation issue when COMPILE_ASM is undefined
Use a conditional check for COMPILE_ASM not being false instead of true.
This avoids passing the variable to other parts of the build script.
* Set SDK 12 as the minimum requirement and target
Align the requirement to SDK 12 in both the makefile and script,
and update the comment to remove confusion.
I chose to leave this on 12 to be on the side of err and support
as many building platforms as possible, when we can support.
The local script now also sets the target using the local sdk
version. This should improve the local development experience.
* Fix wrong architecture for macOS in x86 builds
We now build only the current arch for local development builds
in macOS. This change also fixes the x86 builds failing.
* Add instructions brew backed macOS local builds
Flags to build a local build using homebrew packages are not
default and require parameter -b to build. We also don't build
packages directly, which requires -p.
* Fix wxwidgets not linking in local x86 macOS development builds
* Clarify build location in the document
* Implement Language selection into settings
Initial commit to create a new tab in PreferencesNotebook for
Language selection. By default, if nothing is chosen, it uses the
current behaviour of using the language from system environment
variables. If another language is chosen from the settings, it is
saved into the Configuration.xml and this is used instead.
* Fix SetStringSelection() assert issue on macOS
* Add header include to fix build
* Add current language pack, authors and way to use literal strings
* Translations also for FreeBSD
* Minimal GTK3 WX build on FreeBSD requires wxGraphicsContext
* Get Preferences properly instead of workaround function
* Use WrapSizer instead of BoxSizer for author line
This forces long author lists to be put on a new line, reducing
the need to increase window width.
* Update Finnish translation
* Borrow translation from IDM_LANGUAGE where it makes sense
* Remove colon and thus unneeded function
* Simplify Language tab layout
* Reintroduce macOS specific fixes to Forms.cpp
* cleanup
In old Linux distributions, tar command doesn't support
"--keep-directory-symlink" so we now dynamically detect if this switch
is support and then we use it if it is available
* new xml Tag for en and de
* add linux support for env LANG
* precopiled header into TrueCrypt.fdp to substitute '_()' with 'LangString[]'
* more LangString in Code
* add Language xml's to Linux Setup location
* backup language for linux is en
* remove Language.en.xml install
* rearange new xml lines to end
* yes/no dialogs now translated
* All OK/Cancel Button now support international
Co-authored-by: tb@tbon.de <tb@tbon.de>
* Revert "Linux: Fix failure to run VeraCrypt binary built for console mode on headless machines (fix issue https://github.com/veracrypt/VeraCrypt/issues/531)"
The build failure still exists for system wxGTK compiled with '--disable-gui':
```
In file included from TextUserInterface.cpp:27:
TextUserInterface.h: In member function ‘virtual bool VeraCrypt::TextUserInterface::Initialize(int&, wxChar**)’:
TextUserInterface.h:50:63: error: ‘wxAppBase’ has not been declared
50 | virtual bool Initialize (int &argc, wxChar **argv) { return wxAppBase::Initialize(argc, argv); }
```
This reverts commit 737e1f126b.
* Revert "Linux: fix compilation error when building console-only version of VeraCrypt that is statically linked to wxWidgets"
The build failure still exists for system wxGTK compiled with '--disable-gui':
```
In file included from TextUserInterface.cpp:27:
TextUserInterface.h: In member function ‘virtual bool VeraCrypt::TextUserInterface::Initialize(int&, wxChar**)’:
TextUserInterface.h:50:63: error: ‘wxAppBase’ has not been declared
50 | virtual bool Initialize (int &argc, wxChar **argv) { return wxAppBase::Initialize(argc, argv); }
```
This reverts commit 14bee5e6a2.
* src/Main/Main.make: simplify the WX_CONFIG_LIBS logic
Irrespective of whether we are linking against widgets statically or
dynamically, pull in only 'base' when GUI is disabled, and
'adv,core,base' when GUI is enabled. When GUI is disabled, the C/CXX
flag must include '-DwxUSE_GUI=0' for this to work.
* src/Makefile: pass '-DwxUSE_GUI=0' when NOGUI=1
veracrypt with NOGUI=1 fails to properly link against wxGTK compiled
with '--disable-gui' only using the 'base' library because the wx's
setup.h implicitly defines wxUSE_GUI=1, which then changes the
definition of various structures, requiring symbols from the core
library as well.
For example, wxwidgets include/wx/app.h defines:
#if wxUSE_GUI
class WXDLLIMPEXP_CORE wxAppBase : public wxAppConsole
...
[snip]
...
#else // !GUI
// wxApp is defined in core and we cannot define another one in wxBase,
// so use the preprocessor to allow using wxApp in console programs too
#define wxApp wxAppConsole
#endif // GUI/!GUI
To fix this, pass '-DwxUSE_GUI=0' when compiling veracrypt with
NOGUI=1.
Closes: https://github.com/veracrypt/VeraCrypt/issues/531
Mounir IDRASSI
Mounir IDRASSI
curious-rabbit
Jertzukka
Deniz Türkoglu
Unit 193
T-Bonhagen
Thierry Lelegard
Gokturk Yuksek
El Mostafa Idrassi