@@ -10,6 +10,7 @@ public enum ValidationError: Error {
1010 case invalidTeamIdentifier(identifier: String?)
1111 case missingInfoPList
1212 case invalidVersion(version: String?)
13+ case belowMinimumCoderVersion
1314
1415 public var description: String {
1516 switch self {
@@ -29,13 +30,18 @@ public enum ValidationError: Error {
2930 "Invalid team identifier: \(identifier ?? "unknown")."
3031 case .missingInfoPList:
3132 "Info.plist is not embedded within the dylib."
33+ case .belowMinimumCoderVersion:
34+ "The Coder deployment must be version \(SignatureValidator.minimumCoderVersion) or higher to use Coder Desktop."
3235 }
3336 }
3437
3538 public var localizedDescription: String { description }
3639}
3740
3841public class SignatureValidator {
42+ // Whilst older dylibs exist, this app assumes v2.20 or later.
43+ static let minimumCoderVersion = "2.20.0"
44+
3945 private static let expectedName = "CoderVPN"
4046 private static let expectedIdentifier = "com.coder.Coder-Desktop.VPN.dylib"
4147 private static let expectedTeamIdentifier = "4399GN35BJ"
@@ -95,11 +101,20 @@ public class SignatureValidator {
95101 throw .invalidIdentifier(identifier: infoPlist[infoNameKey] as? String)
96102 }
97103
104+ // Downloaded dylib must match the version of the server
98105 guard let dylibVersion = infoPlist[infoShortVersionKey] as? String,
99- expectedVersion.compare(dylibVersion, options: .numeric) != .orderedDescending
106+ expectedVersion == dylibVersion
100107 else {
101108 throw .invalidVersion(version: infoPlist[infoShortVersionKey] as? String)
102109 }
110+
111+ // Downloaded dylib must be at least the minimum Coder server version
112+ guard let dylibVersion = infoPlist[infoShortVersionKey] as? String,
113+ // x.compare(y) is .orderedDescending if x > y
114+ minimumCoderVersion.compare(dylibVersion, options: .numeric) != .orderedDescending
115+ else {
116+ throw .belowMinimumCoderVersion
117+ }
103118 }
104119}
105120
0 commit comments