Merge branch 'main' into main

Author: ferranabello

.github/workflows/appcast.yml

@@ -15,15 +15,15 @@ jobs:
         persist-credentials: false
 
     - name: Cache 📦
-      uses: actions/cache@v3.0.11
+      uses: actions/cache@v3.3.1
       with:
         path: AppCast/vendor/bundle
         key: ${{ runner.os }}-gems-v1.0-${{ hashFiles('AppCast/Gemfile') }}
         restore-keys: |
           ${{ runner.os }}-gems-
           
-    - name: Ruby ♦️
-      uses: actions/setup-ruby@v1.1.3
+    - name: Setup Ruby, JRuby and TruffleRuby
+      uses: ruby/setup-ruby@v1.149.0
       with:
         ruby-version: '2.7'
 

README.md

@@ -2,13 +2,17 @@
 
 The easiest way to install and switch between multiple versions of Xcode.
 
-_If you're looking for a command-line version of Xcodes.app, try [`xcodes`](https://github.com/RobotsAndPencils/xcodes)._
+_If you're looking for a command-line version of Xcodes.app, try [`xcodes`](https://github.com/XcodesOrg/xcodes)._
 
-![CI](https://github.com/RobotsAndPencils/Xcodes.app/workflows/CI/badge.svg)
+![CI](https://github.com/XcodesOrg/XcodesApp/workflows/CI/badge.svg)
 
 ![](screenshot_light.png#gh-light-mode-only)
 ![](screenshot_dark.png#gh-dark-mode-only)
 
+### :tada: Announcment
+
+XcodesApp is now part of the `XcodesOrg` - [read more here](nextstep.md)
+
 ## Features
 
 - List all available Xcode versions from [Xcode Releases'](https://xcodereleases.com) data or the Apple Developer website.
@@ -21,52 +25,51 @@ _If you're looking for a command-line version of Xcodes.app, try [`xcodes`](http
 
 ## Experiments
 
-- Thanks to the wonderful work of [https://github.com/saagarjha/unxip](https://github.com/saagarjha/unxip), turn on the experiment to increase your unxipping time by up to 70%! More can be found on his repo, but bugs, high memory may occur if used. 
+- Thanks to the wonderful work of [https://github.com/saagarjha/unxip](https://github.com/saagarjha/unxip), turn on the experiment to increase your unxipping time by up to 70%! More can be found on his repo, but bugs, high memory may occur if used.
 
-![](experiment_light.jpg#gh-light-mode-only)
-![](experiment_dark.jpg#gh-dark-mode-only)
+![](experiment_light.png#gh-light-mode-only)
+![](experiment_dark.png#gh-dark-mode-only)
 
 ## Localization
 
-Xcodes supports localization in several languages. 
+Xcodes supports localization in several languages.
 
 The following languages are supported because of the following community users!
 
 |||||
 |-|-|-|-|
 |French 🇫🇷 |[@dompepin](https://github.com/dompepin)|Italian 🇮🇹 |[gualtierofrigerio](https://github.com/gualtierofrigerio)|
 |Spanish 🇪🇸🇲 |[@cesartru88](https://github.com/cesartru88)|Korean 🇰🇷 |[@ryan-son](https://github.com/ryan-son)|
-|Russian 🇷🇺 |[@alexmazlov](https://github.com/alexmazlov)|Turkish 🇹🇷 |[@egrimo](https://github.com/egrimo)|
+|Russian 🇷🇺 |[@alexmazlov](https://github.com/alexmazlov)|Turkish 🇹🇷 |[@egesucu](https://github.com/egesucu)|
 |Hindi 🇮🇳 |[@KGurpreet](https://github.com/KGurpreet)|Chinese-Simplified 🇨🇳|[@megabitsenmzq](https://github.com/megabitsenmzq)|
 |Finnish 🇫🇮 |[@marcusziade](https://github.com/marcusziade)|Chinese-Traditional 🇹🇼|[@itszero](https://github.com/itszero)|
 |Ukranian 🇺🇦 |[@gelosi](https://github.com/gelosi)|Japanese 🇯🇵|[@tatsuz0u](https://github.com/tatsuz0u)|
 |German 🇩🇪|[@drct](https://github.com/drct)|Dutch 🇳🇱|[@jfversluis](https://github/com/jfversluis)|
-|Brazilian Portuguese 🇧🇷|[@brunomunizaf](https://github.com/brunomunizaf)|Catalan|[@ferranabello](https://github.com/ferranabello)||
+|Brazilian Portuguese 🇧🇷|[@brunomunizaf](https://github.com/brunomunizaf)|Polish 🇵🇱|[@jakex7](https://github.com/jakex7)|
+|Catalan|[@ferranabello](https://github.com/ferranabello)|
 
-Want to add more languages? Simply create a PR with the updated strings file. 
+Want to add more languages? Simply create a PR with the updated strings file.
 ## Installation
 
 Xcodes.app runs on macOS Big Sur 11.0 or later.
 
-### Homebrew Cask
+### Install with Homebrew
+
+Developer ID-signed and notarized release builds are available on Homebrew. These don't require Xcode to already be installed in order to use.
 
 ```sh
 brew install --cask xcodes
-
-# These are Developer ID-signed and notarized release builds and don't require Xcode to already be installed in order to use.
 ```
 
-### Download a release
+### Manually install
 
-1. Download the latest version [here](https://github.com/RobotsAndPencils/XcodesApp/releases/latest) using the **Xcodes.zip** asset. These are Developer ID-signed and notarized release builds and don't require Xcode to already be installed in order to use.
+1. Download the latest version [here](https://github.com/XcodesOrg/XcodesApp/releases/latest) using the **Xcodes.zip** asset. These are Developer ID-signed and notarized release builds and don't require Xcode to already be installed in order to use.
 2. Move the unzipped `Xcodes.app` to your `/Applications` directory
 
 ## Development
 
 You'll need macOS 12 Big Sur and Xcode 13 in order to build and run Xcodes.app.
 
-If you aren't a Robots and Pencils employee you'll need to change the CODE_SIGNING_SUBJECT_ORGANIZATIONAL_UNIT build setting to your Apple Developer team ID in order for code signing validation to succeed between the main app and the privileged helper.
-
 `Unxip` and `aria2` must be compiled as a universal binary
 ```
 # compile for Intel
@@ -77,7 +80,7 @@ If you aren't a Robots and Pencils employee you'll need to change the CODE_SIGNI
 # combine for universal binary
  lipo -create -output unxip unxip_intel unxip_m1  
 # check it
- lipo -archs unxip 
+ lipo -archs unxip
 ```
 
 Notable design decisions are recorded in [DECISIONS.md](./DECISIONS.md). The Apple authentication flow is described in [Apple.paw](./Apple.paw), which will allow you to play with the API endpoints that are involved using the [Paw](https://paw.cloud) app.
@@ -133,7 +136,7 @@ pushd Product
 ../scripts/sign_update Xcodes.zip
 popd
 
-# Go to https://github.com/RobotsAndPencils/XcodesApp/releases
+# Go to https://github.com/XcodesOrg/XcodesApp/releases
 # If there are uncategorized PRs, add the appropriate label and run the Release Drafter action manually
 # Edit the latest draft release
 # Set its tag to the tag you just pushed
@@ -152,9 +155,4 @@ popd
 
 [Matt Kiazyk](https://github.com/mattkiazyk) - [Twitter](https://www.twitter.com/mattkiazyk)
 
-
-<a href="http://www.robotsandpencils.com"><img src="R&PLogo.png" width="153" height="74" /></a>
-
-Made with ❤️ by [Robots & Pencils](http://www.robotsandpencils.com)
-
-[Twitter](https://twitter.com/xcodesApp) | [GitHub](https://github.com/robotsandpencils)
+[Twitter](https://twitter.com/xcodesApp) | [GitHub](https://github.com/xcodesOrg)

Xcodes.xcodeproj/project.pbxproj

@@ -172,6 +172,7 @@
 
 /* Begin PBXFileReference section */
 		15FAD1652811D15600B63259 /* hi */ = {isa = PBXFileReference; lastKnownFileType = text.plist.strings; name = hi; path = hi.lproj/Localizable.strings; sourceTree = "<group>"; };
+		23703D6E29EBF63500DFA346 /* pl */ = {isa = PBXFileReference; lastKnownFileType = text.plist.strings; name = pl; path = pl.lproj/Localizable.strings; sourceTree = "<group>"; };
 		25E2FA26284769A00014A318 /* it */ = {isa = PBXFileReference; lastKnownFileType = text.plist.strings; name = it; path = it.lproj/Localizable.strings; sourceTree = "<group>"; };
 		327DF109286ABE6B00D694D5 /* pt-BR */ = {isa = PBXFileReference; lastKnownFileType = text.plist.strings; name = "pt-BR"; path = "pt-BR.lproj/Localizable.strings"; sourceTree = "<group>"; };
 		36741BFC291E4FDB00A85AAE /* DownloadPreferencePane.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = DownloadPreferencePane.swift; sourceTree = "<group>"; };
@@ -736,6 +737,7 @@
 				ca,
 				"pt-BR",
 				nl,
+				pl,
 			);
 			mainGroup = CAD2E7952449574E00113D76;
 			packageReferences = (
@@ -955,6 +957,7 @@
 				5C3927ED28E4B486007B5119 /* ca */,
 				327DF109286ABE6B00D694D5 /* pt-BR */,
 				E2AFDCCA28F024D000864ADD /* nl */,
+				23703D6E29EBF63500DFA346 /* pl */,
 			);
 			name = Localizable.strings;
 			sourceTree = "<group>";
@@ -1033,7 +1036,7 @@
 				CODE_SIGN_IDENTITY = "-";
 				CODE_SIGN_STYLE = Manual;
 				COMBINE_HIDPI_IMAGES = YES;
-				CURRENT_PROJECT_VERSION = 17;
+				CURRENT_PROJECT_VERSION = 18;
 				DEVELOPMENT_ASSET_PATHS = "\"Xcodes/Preview Content\"";
 				DEVELOPMENT_TEAM = "";
 				ENABLE_HARDENED_RUNTIME = NO;
@@ -1043,7 +1046,7 @@
 					"$(inherited)",
 					"@executable_path/../Frameworks",
 				);
-				MARKETING_VERSION = 1.9.0;
+				MARKETING_VERSION = 1.10.0;
 				PRODUCT_BUNDLE_IDENTIFIER = com.robotsandpencils.XcodesApp;
 				PRODUCT_NAME = Xcodes;
 				PROVISIONING_PROFILE_SPECIFIER = "";
@@ -1274,7 +1277,7 @@
 				CODE_SIGN_ENTITLEMENTS = Xcodes/Resources/Xcodes.entitlements;
 				CODE_SIGN_STYLE = Automatic;
 				COMBINE_HIDPI_IMAGES = YES;
-				CURRENT_PROJECT_VERSION = 17;
+				CURRENT_PROJECT_VERSION = 18;
 				DEVELOPMENT_ASSET_PATHS = "\"Xcodes/Preview Content\"";
 				DEVELOPMENT_TEAM = PBH8V487HB;
 				ENABLE_HARDENED_RUNTIME = YES;
@@ -1284,7 +1287,7 @@
 					"$(inherited)",
 					"@executable_path/../Frameworks",
 				);
-				MARKETING_VERSION = 1.9.0;
+				MARKETING_VERSION = 1.10.0;
 				PRODUCT_BUNDLE_IDENTIFIER = com.robotsandpencils.XcodesApp;
 				PRODUCT_NAME = Xcodes;
 				SWIFT_VERSION = 5.0;
@@ -1298,7 +1301,7 @@
 				CODE_SIGN_ENTITLEMENTS = Xcodes/Resources/Xcodes.entitlements;
 				CODE_SIGN_STYLE = Automatic;
 				COMBINE_HIDPI_IMAGES = YES;
-				CURRENT_PROJECT_VERSION = 17;
+				CURRENT_PROJECT_VERSION = 18;
 				DEVELOPMENT_ASSET_PATHS = "\"Xcodes/Preview Content\"";
 				DEVELOPMENT_TEAM = PBH8V487HB;
 				ENABLE_HARDENED_RUNTIME = YES;
@@ -1308,7 +1311,7 @@
 					"$(inherited)",
 					"@executable_path/../Frameworks",
 				);
-				MARKETING_VERSION = 1.9.0;
+				MARKETING_VERSION = 1.10.0;
 				PRODUCT_BUNDLE_IDENTIFIER = com.robotsandpencils.XcodesApp;
 				PRODUCT_NAME = Xcodes;
 				SWIFT_VERSION = 5.0;

Xcodes/AppleAPI/Sources/AppleAPI/Client.swift

@@ -14,12 +14,22 @@ public class Client {
         return Current.network.dataTask(with: URLRequest.itcServiceKey)
             .map(\.data)
             .decode(type: ServiceKeyResponse.self, decoder: JSONDecoder())
-            .flatMap { serviceKeyResponse -> AnyPublisher<URLSession.DataTaskPublisher.Output, Swift.Error> in
+            .flatMap { serviceKeyResponse -> AnyPublisher<(String, String), Swift.Error> in
                 serviceKey = serviceKeyResponse.authServiceKey
-                return Current.network.dataTask(with: URLRequest.signIn(serviceKey: serviceKey, accountName: accountName, password: password))
-                    .mapError { $0 as Swift.Error }
+                
+                // Fixes issue https://github.com/RobotsAndPencils/XcodesApp/issues/360
+                // On 2023-02-23, Apple added a custom implementation of hashcash to their auth flow
+                // Without this addition, Apple ID's would get set to locked
+                return self.loadHashcash(accountName: accountName, serviceKey: serviceKey)
+                    .map { return (serviceKey, $0)}
                     .eraseToAnyPublisher()
             }
+            .flatMap { (serviceKey, hashcash) -> AnyPublisher<URLSession.DataTaskPublisher.Output, Swift.Error> in
+                    
+                return Current.network.dataTask(with: URLRequest.signIn(serviceKey: serviceKey, accountName: accountName, password: password, hashcash: hashcash))
+                            .mapError { $0 as Swift.Error }
+                            .eraseToAnyPublisher()
+            }
             .flatMap { result -> AnyPublisher<AuthenticationState, Swift.Error> in
                 let (data, response) = result
                 return Just(data)
@@ -56,6 +66,44 @@ public class Client {
             .mapError { $0 as Swift.Error }
             .eraseToAnyPublisher()
     }
+    
+    func loadHashcash(accountName: String, serviceKey: String) -> AnyPublisher<String, Swift.Error> {
+        
+        Result {
+            try URLRequest.federate(account: accountName, serviceKey: serviceKey)
+        }
+        .publisher
+        .flatMap { request in
+            Current.network.dataTask(with: request)
+                .mapError { $0 as Error }
+                .tryMap { (data, response) throws -> (String) in
+                    guard let urlResponse = response as? HTTPURLResponse else {
+                        throw AuthenticationError.invalidSession
+                    }
+                    switch urlResponse.statusCode {
+                    case 200..<300:
+                        
+                        let httpResponse = response as! HTTPURLResponse
+                        guard let bitsString = httpResponse.allHeaderFields["X-Apple-HC-Bits"] as? String, let bits = UInt(bitsString) else {
+                            throw AuthenticationError.invalidHashcash
+                        }
+                        guard let challenge = httpResponse.allHeaderFields["X-Apple-HC-Challenge"] as? String else {
+                            throw AuthenticationError.invalidHashcash
+                        }
+                        guard let hashcash = Hashcash().mint(resource: challenge, bits: bits) else {
+                            throw AuthenticationError.invalidHashcash
+                        }
+                        return (hashcash)
+                    case 400, 401:
+                        throw AuthenticationError.invalidHashcash
+                    case let code:
+                        throw AuthenticationError.badStatusCode(statusCode: code, data: data, response: urlResponse)
+                    }
+                }
+        }
+        .eraseToAnyPublisher()
+    
+    }
 
     func handleTwoStepOrFactor(data: Data, response: URLResponse, serviceKey: String) -> AnyPublisher<AuthenticationState, Swift.Error> {
         let httpResponse = response as! HTTPURLResponse
@@ -190,6 +238,7 @@ public enum AuthenticationState: Equatable {
 
 public enum AuthenticationError: Swift.Error, LocalizedError, Equatable {
     case invalidSession
+    case invalidHashcash
     case invalidUsernameOrPassword(username: String)
     case incorrectSecurityCode
     case unexpectedSignInResponse(statusCode: Int, message: String?)
@@ -206,6 +255,8 @@ public enum AuthenticationError: Swift.Error, LocalizedError, Equatable {
         switch self {
         case .invalidSession:
             return "Your authentication session is invalid. Try signing in again."
+        case .invalidHashcash:
+            return "Could not create a hashcash for the session."
         case .invalidUsernameOrPassword:
             return "Invalid username and password combination."
         case .incorrectSecurityCode:

Xcodes/AppleAPI/Sources/AppleAPI/Hashcash.swift

@@ -0,0 +1,96 @@
+//
+//  Hashcash.swift
+//  
+//
+//  Created by Matt Kiazyk on 2023-02-23.
+//
+
+import Foundation
+import CryptoKit
+import CommonCrypto
+
+/*
+# This App Store Connect hashcash spec was generously donated by...
+ #
+ #                         __  _
+ #    __ _  _ __   _ __   / _|(_)  __ _  _   _  _ __  ___  ___
+ #   / _` || '_ \ | '_ \ | |_ | | / _` || | | || '__|/ _ \/ __|
+ #  | (_| || |_) || |_) ||  _|| || (_| || |_| || |  |  __/\__ \
+ #   \__,_|| .__/ | .__/ |_|  |_| \__, | \__,_||_|   \___||___/
+ #         |_|    |_|             |___/
+ #
+ #
+*/
+public struct Hashcash {
+    /// A function to returned a minted hash, using a bit and resource string
+    ///
+    /**
+      X-APPLE-HC: 1:11:20230223170600:4d74fb15eb23f465f1f6fcbf534e5877::6373
+                  ^  ^      ^                       ^                     ^
+                  |  |      |                       |                     +-- Counter
+                  |  |      |                       +-- Resource
+                  |  |      +-- Date YYMMDD[hhmm[ss]]
+                  |  +-- Bits (number of leading zeros)
+                  +-- Version
+     
+     We can't use an off-the-shelf Hashcash because Apple's implementation is not quite the same as the spec/convention.
+     1. The spec calls for a nonce called "Rand" to be inserted between the Ext and Counter. They don't do that at all.
+     2. The Counter conventionally encoded as base-64 but Apple just uses the decimal number's string representation.
+      
+     Iterate from Counter=0 to Counter=N finding an N that makes the SHA1(X-APPLE-HC) lead with Bits leading zero bits
+     We get the "Resource" from the X-Apple-HC-Challenge header and Bits from X-Apple-HC-Bits
+     */
+    /// - Parameters:
+    ///    - resource: a string to be used for minting
+    ///    - bits: grabbed from `X-Apple-HC-Bits` header
+    ///    - date: Default uses Date() otherwise used for testing to check.
+    /// - Returns: A String hash to use in `X-Apple-HC` header on /signin
+    public func mint(resource: String,
+                     bits: UInt = 10,
+                     date: String? = nil) -> String? {
+        
+        let ver = "1"
+        
+        var ts: String
+        if let date = date {
+            ts = date
+        } else {
+            let formatter = DateFormatter()
+            formatter.dateFormat = "yyMMddHHmmss"
+            ts = formatter.string(from: Date())
+        }
+        
+        let challenge = "\(ver):\(bits):\(ts):\(resource):"
+        
+        var counter = 0
+        
+        while true {
+            guard let digest = ("\(challenge):\(counter)").sha1 else {
+                print("ERROR: Can't generate SHA1 digest")
+                return nil
+            }
+            
+            if digest == bits {
+                return "\(challenge):\(counter)"
+            }
+            counter += 1
+        }
+    }
+}
+
+extension String {
+    var sha1: Int? {
+        
+        let data = Data(self.utf8)
+        var digest = [UInt8](repeating: 0, count:Int(CC_SHA1_DIGEST_LENGTH))
+        data.withUnsafeBytes {
+            _ = CC_SHA1($0.baseAddress, CC_LONG(data.count), &digest)
+        }
+        let bigEndianValue = digest.withUnsafeBufferPointer {
+                 ($0.baseAddress!.withMemoryRebound(to: UInt32.self, capacity: 1) { $0 })
+        }.pointee
+        let value = UInt32(bigEndian: bigEndianValue)
+        return value.leadingZeroBitCount
+    }
+}
+