impl: add new configurable option to disable CLI signature verification

fioan89 · fioan89 · commit 11245b6650b4 · 2025-07-29T23:58:00.000+03:00
These options are configurable from the Settings page there is no available
shortcut on the main plugin page to discourage the quick disable of CLI verification
diff --git a/src/main/kotlin/com/coder/gateway/CoderSettingsConfigurable.kt b/src/main/kotlin/com/coder/gateway/CoderSettingsConfigurable.kt
@@ -8,13 +8,17 @@ import com.intellij.openapi.components.service
 import com.intellij.openapi.options.BoundConfigurable
 import com.intellij.openapi.ui.DialogPanel
 import com.intellij.openapi.ui.ValidationInfo
+import com.intellij.ui.components.JBCheckBox
 import com.intellij.ui.components.JBTextField
 import com.intellij.ui.dsl.builder.AlignX
+import com.intellij.ui.dsl.builder.Cell
 import com.intellij.ui.dsl.builder.RowLayout
 import com.intellij.ui.dsl.builder.bindSelected
 import com.intellij.ui.dsl.builder.bindText
 import com.intellij.ui.dsl.builder.panel
+import com.intellij.ui.dsl.builder.selected
 import com.intellij.ui.layout.ValidationInfoBuilder
+import com.intellij.ui.layout.not
 import java.net.URL
 import java.nio.file.Path
 
@@ -60,22 +64,27 @@ class CoderSettingsConfigurable : BoundConfigurable("Coder") {
                     .bindText(state::binaryDirectory)
                     .comment(CoderGatewayBundle.message("gateway.connector.settings.binary-destination.comment"))
             }.layout(RowLayout.PARENT_GRID)
-            row {
-                cell() // For alignment.
-                checkBox(CoderGatewayBundle.message("gateway.connector.settings.enable-binary-directory-fallback.title"))
-                    .bindSelected(state::enableBinaryDirectoryFallback)
-                    .comment(
-                        CoderGatewayBundle.message("gateway.connector.settings.enable-binary-directory-fallback.comment"),
-                    )
-            }.layout(RowLayout.PARENT_GRID)
-            row {
-                cell() // For alignment.
-                checkBox(CoderGatewayBundle.message("gateway.connector.settings.fallback-on-coder-for-signatures.title"))
-                    .bindSelected(state::fallbackOnCoderForSignatures)
-                    .comment(
-                        CoderGatewayBundle.message("gateway.connector.settings.fallback-on-coder-for-signatures.comment"),
-                    )
-            }.layout(RowLayout.PARENT_GRID)
+            group {
+                lateinit var signatureVerificationCheckBox: Cell<JBCheckBox>
+                row {
+                    cell() // For alignment.
+                    signatureVerificationCheckBox =
+                        checkBox(CoderGatewayBundle.message("gateway.connector.settings.disable-signature-validation.title"))
+                            .bindSelected(state::disableSignatureVerification)
+                            .comment(
+                                CoderGatewayBundle.message("gateway.connector.settings.disable-signature-validation.comment"),
+                            )
+                }.layout(RowLayout.PARENT_GRID)
+                row {
+                    cell() // For alignment.
+                    checkBox(CoderGatewayBundle.message("gateway.connector.settings.fallback-on-coder-for-signatures.title"))
+                        .bindSelected(state::fallbackOnCoderForSignatures)
+                        .comment(
+                            CoderGatewayBundle.message("gateway.connector.settings.fallback-on-coder-for-signatures.comment"),
+                        )
+                }.visibleIf(signatureVerificationCheckBox.selected.not())
+                    .layout(RowLayout.PARENT_GRID)
+            }
             row(CoderGatewayBundle.message("gateway.connector.settings.header-command.title")) {
                 textField().resizableColumn().align(AlignX.FILL)
                     .bindText(state::headerCommand)
@@ -122,7 +131,10 @@ class CoderSettingsConfigurable : BoundConfigurable("Coder") {
                 textArea().resizableColumn().align(AlignX.FILL)
                     .bindText(state::sshConfigOptions)
                     .comment(
-                        CoderGatewayBundle.message("gateway.connector.settings.ssh-config-options.comment", CODER_SSH_CONFIG_OPTIONS),
+                        CoderGatewayBundle.message(
+                            "gateway.connector.settings.ssh-config-options.comment",
+                            CODER_SSH_CONFIG_OPTIONS
+                        ),
                     )
             }.layout(RowLayout.PARENT_GRID)
             row(CoderGatewayBundle.message("gateway.connector.settings.setup-command.title")) {
@@ -162,7 +174,7 @@ class CoderSettingsConfigurable : BoundConfigurable("Coder") {
                     .bindText(state::defaultIde)
                     .comment(
                         "The default IDE version to display in the IDE selection dropdown. " +
-                            "Example format: CL 2023.3.6 233.15619.8",
+                                "Example format: CL 2023.3.6 233.15619.8",
                     )
             }
             row(CoderGatewayBundle.message("gateway.connector.settings.check-ide-updates.heading")) {
diff --git a/src/main/kotlin/com/coder/gateway/settings/CoderSettings.kt b/src/main/kotlin/com/coder/gateway/settings/CoderSettings.kt
@@ -65,7 +65,12 @@ open class CoderSettingsState(
     open var enableBinaryDirectoryFallback: Boolean = false,
 
     /**
-     * Controls whether we fall back release.coder.com
+     * Controls whether we verify the cli signature
+     */
+    open var disableSignatureVerification: Boolean = false,
+
+    /**
+     * Controls whether we fall back release.coder.com if signature validation is enabled
      */
     open var fallbackOnCoderForSignatures: Boolean = false,
 
@@ -160,6 +165,12 @@ open class CoderSettings(
     val enableBinaryDirectoryFallback: Boolean
         get() = state.enableBinaryDirectoryFallback
 
+    /**
+     * Controls whether we verify the cli signature
+     */
+    val disableSignatureVerification: Boolean
+        get() = state.disableSignatureVerification
+
     /**
      * Controls whether we fall back release.coder.com
      */
diff --git a/src/main/resources/messages/CoderGatewayBundle.properties b/src/main/resources/messages/CoderGatewayBundle.properties
@@ -75,10 +75,10 @@ gateway.connector.settings.enable-binary-directory-fallback.title=Fall back to d
 gateway.connector.settings.enable-binary-directory-fallback.comment=Checking this \
   box will allow the plugin to fall back to the data directory when the CLI \
   directory is not writable.
-
+gateway.connector.settings.disable-signature-validation.title=Disable Coder CLI signature verification
+gateway.connector.settings.disable-signature-validation.comment=Useful if you run an unsigned fork for the binary
 gateway.connector.settings.fallback-on-coder-for-signatures.title=Fall back on releases.coder.com for signatures
 gateway.connector.settings.fallback-on-coder-for-signatures.comment=Verify binary signature using releases.coder.com when CLI signatures are not available from the deployment
-
 gateway.connector.settings.header-command.title=Header command
 gateway.connector.settings.header-command.comment=An external command that \
   outputs additional HTTP headers added to all requests. The command must \
