thePR0M3TH3AN/seedPass
1
0
Fork 0
mirror of https://github.com/PR0M3TH3AN/SeedPass.git synced 2025-09-08 15:28:44 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #727 from PR0M3TH3AN/codex/update-gui-to-install-pinned-toga-versions

Browse Source 
feat: secure GUI backend installation
This commit is contained in:
thePR0M3TH3AN
2025-08-03 09:59:32 -04:00
committed by GitHub
parent a16310b04b 68f47052c3
commit c3ed4c08ee
1 changed files with 33 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
src/seedpass/cli.py
View File

@@ -850,10 +850,16 @@ def gui(
if not _gui_backend_available(): if not _gui_backend_available():
if sys.platform.startswith("linux"): if sys.platform.startswith("linux"):
pkg = "toga-gtk" pkg = "toga-gtk"
version = "0.5.2"
sha256 = "15b346ac1a2584de5effe5e73a3888f055c68c93300aeb111db9d64186b31646"
elif sys.platform == "win32": elif sys.platform == "win32":
pkg = "toga-winforms" pkg = "toga-winforms"
version = "0.5.2"
sha256 = "83181309f204bcc4a34709d23fdfd68467ae8ecc39c906d13c661cb9a0ef581b"
elif sys.platform == "darwin": elif sys.platform == "darwin":
pkg = "toga-cocoa" pkg = "toga-cocoa"
version = "0.5.2"
sha256 = "a4d5d1546bf92372a6fb1b450164735fb107b2ee69d15bf87421fec3c78465f9"
else: else:
typer.echo( typer.echo(
f"Unsupported platform '{sys.platform}' for BeeWare GUI.", f"Unsupported platform '{sys.platform}' for BeeWare GUI.",
@@ -863,21 +869,42 @@ def gui(
if not install: if not install:
typer.echo( typer.echo(
f"BeeWare GUI backend not found. Please install {pkg} " f"BeeWare GUI backend not found. Please install {pkg} manually or rerun "
"manually or rerun with '--install'.", "with '--install'.",
err=True, err=True,
) )
raise typer.Exit(1) raise typer.Exit(1)
if not typer.confirm(f"Install {pkg} using pip?", default=False): if not typer.confirm(
f"Install {pkg}=={version} with hash verification?", default=False
):
typer.echo("Installation cancelled.", err=True) typer.echo("Installation cancelled.", err=True)
raise typer.Exit(1) raise typer.Exit(1)
typer.echo(
"SeedPass uses pinned versions and SHA256 hashes to verify the GUI backend "
"and protect against tampered packages."
)
try: try:
subprocess.check_call([sys.executable, "-m", "pip", "install", pkg]) subprocess.check_call(
typer.echo(f"Successfully installed {pkg}.") [
sys.executable,
"-m",
"pip",
"install",
"--require-hashes",
f"{pkg}=={version}",
f"--hash=sha256:{sha256}",
]
)
typer.echo(f"Successfully installed {pkg}=={version}.")
except subprocess.CalledProcessError as exc: except subprocess.CalledProcessError as exc:
typer.echo(f"Failed to install {pkg}: {exc}", err=True) typer.echo(
"Secure installation failed. Please install the package manually "
f"from a trusted source. Details: {exc}",
err=True,
)
raise typer.Exit(1) raise typer.Exit(1)
if not _gui_backend_available(): if not _gui_backend_available():