chore: update link to submodule

* Update amneziavpn_ru_RU.ts

* Update amneziavpn_ru_RU.ts

* Update amneziavpn_ru_RU.ts

* Deleted corrupted ru translation

* Updated amneziavpn_ru_RU.ts

* Saved amneziavpn_ru_RU.ts

* Rewrite some back on english

* Rewrite small issues

* Rewrite another small issues

* Create deploy_mod.yml

Modificated deploy.yml - removed Linux, IOS and MacOS jobs
Made just for test and learning

* some changes

* deleted my uneccessary file

* new translations

.github/workflows/deploy.yml

@@ -255,6 +255,20 @@ jobs:
     env:
       # Keep compat with MacOS 10.15 aka Catalina by Qt 6.4
       QT_VERSION: 6.4.3
+
+      MAC_TEAM_ID: ${{ secrets.MAC_TEAM_ID }}
+
+      MAC_APP_CERT_CERT: ${{ secrets.MAC_APP_CERT_CERT }}
+      MAC_SIGNER_ID: ${{ secrets.MAC_SIGNER_ID }}
+      MAC_APP_CERT_PW: ${{ secrets.MAC_APP_CERT_PW }}
+
+      MAC_INSTALLER_SIGNER_CERT: ${{ secrets.MAC_INSTALLER_SIGNER_CERT }}
+      MAC_INSTALLER_SIGNER_ID: ${{ secrets.MAC_INSTALLER_SIGNER_ID }}
+      MAC_INSTALL_CERT_PW: ${{ secrets.MAC_INSTALL_CERT_PW }}
+
+      APPLE_DEV_EMAIL: ${{ secrets.APPLE_DEV_EMAIL }}
+      APPLE_DEV_PASSWORD: ${{ secrets.APPLE_DEV_PASSWORD }}
+
       PROD_AGW_PUBLIC_KEY: ${{ secrets.PROD_AGW_PUBLIC_KEY }}
       PROD_S3_ENDPOINT: ${{ secrets.PROD_S3_ENDPOINT }}
       DEV_AGW_PUBLIC_KEY: ${{ secrets.DEV_AGW_PUBLIC_KEY }}
@@ -295,7 +309,7 @@ jobs:
     - name: 'Build project'
       run: |
         export QT_BIN_DIR="${{ runner.temp }}/Qt/${{ env.QT_VERSION }}/macos/bin"
-        bash deploy/build_macos.sh
+        bash deploy/build_macos.sh -n
 
     - name: 'Upload installer artifact'
       uses: actions/upload-artifact@v4
@@ -318,6 +332,20 @@ jobs:
 
     env:
       QT_VERSION: 6.8.0
+
+      MAC_TEAM_ID: ${{ secrets.MAC_TEAM_ID }}
+
+      MAC_APP_CERT_CERT: ${{ secrets.MAC_APP_CERT_CERT }}
+      MAC_SIGNER_ID: ${{ secrets.MAC_SIGNER_ID }}
+      MAC_APP_CERT_PW: ${{ secrets.MAC_APP_CERT_PW }}
+
+      MAC_INSTALLER_SIGNER_CERT: ${{ secrets.MAC_INSTALLER_SIGNER_CERT }}
+      MAC_INSTALLER_SIGNER_ID: ${{ secrets.MAC_INSTALLER_SIGNER_ID }}
+      MAC_INSTALL_CERT_PW: ${{ secrets.MAC_INSTALL_CERT_PW }}
+
+      APPLE_DEV_EMAIL: ${{ secrets.APPLE_DEV_EMAIL }}
+      APPLE_DEV_PASSWORD: ${{ secrets.APPLE_DEV_PASSWORD }}
+
       PROD_AGW_PUBLIC_KEY: ${{ secrets.PROD_AGW_PUBLIC_KEY }}
       PROD_S3_ENDPOINT: ${{ secrets.PROD_S3_ENDPOINT }}
       DEV_AGW_PUBLIC_KEY: ${{ secrets.DEV_AGW_PUBLIC_KEY }}
@@ -358,7 +386,7 @@ jobs:
     - name: 'Build project'
       run: |
         export QT_BIN_DIR="${{ runner.temp }}/Qt/${{ env.QT_VERSION }}/macos/bin"
-        bash deploy/build_macos.sh
+        bash deploy/build_macos.sh -n
 
     - name: 'Upload installer artifact'
       uses: actions/upload-artifact@v4

.gitignore

@@ -138,3 +138,4 @@ CMakeFiles/
 ios-ne-build.sh
 macos-ne-build.sh
 macos-signed-build.sh
+macos-with-sign-build.sh

CMakeLists.txt

@@ -1,8 +1,9 @@
 cmake_minimum_required(VERSION 3.25.0 FATAL_ERROR)
 
 set(PROJECT AmneziaVPN)
+set(AMNEZIAVPN_VERSION 4.8.9.0)
 
-project(${PROJECT} VERSION 4.8.8.1
+project(${PROJECT} VERSION ${AMNEZIAVPN_VERSION}
         DESCRIPTION "AmneziaVPN"
         HOMEPAGE_URL "https://amnezia.org/"
 )
@@ -11,7 +12,7 @@ string(TIMESTAMP CURRENT_DATE "%Y-%m-%d")
 set(RELEASE_DATE "${CURRENT_DATE}")
 
 set(APP_MAJOR_VERSION ${CMAKE_PROJECT_VERSION_MAJOR}.${CMAKE_PROJECT_VERSION_MINOR}.${CMAKE_PROJECT_VERSION_PATCH})
-set(APP_ANDROID_VERSION_CODE 2087)
+set(APP_ANDROID_VERSION_CODE 2090)
 
 if(${CMAKE_SYSTEM_NAME} STREQUAL "Linux")
     set(MZ_PLATFORM_NAME "linux")

client/cmake/macos.cmake

@@ -18,7 +18,15 @@ set(LIBS ${LIBS}
     ${FW_NETWORK_EXTENSION}
 )
 
-set_target_properties(${PROJECT} PROPERTIES MACOSX_BUNDLE TRUE)
+set_target_properties(${PROJECT} PROPERTIES 
+    MACOSX_BUNDLE TRUE
+    MACOSX_BUNDLE_INFO_PLIST ${CMAKE_CURRENT_SOURCE_DIR}/macos/app/Info.plist
+    XCODE_ATTRIBUTE_MARKETING_VERSION "${APP_MAJOR_VERSION}"
+    XCODE_ATTRIBUTE_CURRENT_PROJECT_VERSION "${BUILD_ID}"
+    XCODE_ATTRIBUTE_PRODUCT_BUNDLE_IDENTIFIER ${BUILD_OSX_APP_IDENTIFIER}
+    XCODE_ATTRIBUTE_PRODUCT_NAME "AmneziaVPN"
+    XCODE_ATTRIBUTE_EXECUTABLE_NAME "AmneziaVPN"
+)
 set(CMAKE_OSX_ARCHITECTURES "x86_64" CACHE INTERNAL "" FORCE)
 set(CMAKE_OSX_DEPLOYMENT_TARGET 10.15)
 

client/core/controllers/coreController.cpp

@@ -299,13 +299,10 @@ void CoreController::setQmlRoot()
 
 void CoreController::initApiCountryModelUpdateHandler()
 {
-    // TODO
     connect(m_serversModel.get(), &ServersModel::updateApiCountryModel, this, [this]() {
         m_apiCountryModel->updateModel(m_serversModel->getProcessedServerData("apiAvailableCountries").toJsonArray(),
                                        m_serversModel->getProcessedServerData("apiServerCountryCode").toString());
     });
-    connect(m_serversModel.get(), &ServersModel::updateApiServicesModel, this,
-            [this]() { m_apiServicesModel->updateModel(m_serversModel->getProcessedServerData("apiConfig").toJsonObject()); });
 }
 
 void CoreController::initContainerModelUpdateHandler()

client/platforms/ios/WGConfig.swift

@@ -46,29 +46,59 @@ struct WGConfig: Decodable {
   }
 
   var settings: String {
-    junkPacketCount == nil ? "" :
-    """
-    Jc = \(junkPacketCount!)
-    Jmin = \(junkPacketMinSize!)
-    Jmax = \(junkPacketMaxSize!)
-    S1 = \(initPacketJunkSize!)
-    S2 = \(responsePacketJunkSize!)
-    S3 = \(cookieReplyPacketJunkSize!)
-    S4 = \(transportPacketJunkSize!)
-    H1 = \(initPacketMagicHeader!)
-    H2 = \(responsePacketMagicHeader!)
-    H3 = \(underloadPacketMagicHeader!)
-    H4 = \(transportPacketMagicHeader!)
-    I1 = \(specialJunk1!)
-    I2 = \(specialJunk2!)
-    I3 = \(specialJunk3!)
-    I4 = \(specialJunk4!)
-    I5 = \(specialJunk5!)
-    J1 = \(controlledJunk1!)
-    J2 = \(controlledJunk2!)
-    J3 = \(controlledJunk3!)
-    Itime = \(specialHandshakeTimeout!)
-    """
+    guard junkPacketCount != nil else { return "" }
+    
+    var settingsLines: [String] = []
+    
+    // Required parameters when junkPacketCount is present
+    settingsLines.append("Jc = \(junkPacketCount!)")
+    settingsLines.append("Jmin = \(junkPacketMinSize!)")
+    settingsLines.append("Jmax = \(junkPacketMaxSize!)")
+    settingsLines.append("S1 = \(initPacketJunkSize!)")
+    settingsLines.append("S2 = \(responsePacketJunkSize!)")
+    
+    settingsLines.append("H1 = \(initPacketMagicHeader!)")
+    settingsLines.append("H2 = \(responsePacketMagicHeader!)")
+    settingsLines.append("H3 = \(underloadPacketMagicHeader!)")
+    settingsLines.append("H4 = \(transportPacketMagicHeader!)")
+
+    // Optional parameters - only add if not nil and not empty
+    if let s3 = cookieReplyPacketJunkSize, !s3.isEmpty {
+      settingsLines.append("S3 = \(s3)")
+    }
+    if let s4 = transportPacketJunkSize, !s4.isEmpty {
+      settingsLines.append("S4 = \(s4)")
+    }
+    
+    if let i1 = specialJunk1, !i1.isEmpty {
+      settingsLines.append("I1 = \(i1)")
+    }
+    if let i2 = specialJunk2, !i2.isEmpty {
+      settingsLines.append("I2 = \(i2)")
+    }
+    if let i3 = specialJunk3, !i3.isEmpty {
+      settingsLines.append("I3 = \(i3)")
+    }
+    if let i4 = specialJunk4, !i4.isEmpty {
+      settingsLines.append("I4 = \(i4)")
+    }
+    if let i5 = specialJunk5, !i5.isEmpty {
+      settingsLines.append("I5 = \(i5)")
+    }
+    if let j1 = controlledJunk1, !j1.isEmpty {
+      settingsLines.append("J1 = \(j1)")
+    }
+    if let j2 = controlledJunk2, !j2.isEmpty {
+      settingsLines.append("J2 = \(j2)")
+    }
+    if let j3 = controlledJunk3, !j3.isEmpty {
+      settingsLines.append("J3 = \(j3)")
+    }
+    if let itime = specialHandshakeTimeout, !itime.isEmpty {
+      settingsLines.append("Itime = \(itime)")
+    }
+    
+    return settingsLines.joined(separator: "\n")
   }
 
   var str: String {

client/ui/controllers/api/apiConfigsController.cpp

@@ -221,8 +221,6 @@ namespace
 
         serverConfig[configKey::apiConfig] = apiConfig;
 
-        qDebug() << serverConfig;
-
         return ErrorCode::NoError;
     }
 }
@@ -250,10 +248,10 @@ bool ApiConfigsController::exportNativeConfig(const QString &serverCountryCode,
                                             apiConfigObject.value(configKey::userCountryCode).toString(),
                                             serverCountryCode,
                                             apiConfigObject.value(configKey::serviceType).toString(),
-                                            m_apiServicesModel->getSelectedServiceProtocol(),
+                                            configKey::awg, // apiConfigObject.value(configKey::serviceProtocol).toString(),
                                             serverConfigObject.value(configKey::authData).toObject() };
 
-    QString protocol = apiConfigObject.value(configKey::serviceProtocol).toString();
+    QString protocol = gatewayRequestData.serviceProtocol;
     ProtocolData protocolData = generateProtocolData(protocol);
 
     QJsonObject apiPayload = gatewayRequestData.toJsonObject();
@@ -285,7 +283,7 @@ bool ApiConfigsController::revokeNativeConfig(const QString &serverCountryCode)
                                             apiConfigObject.value(configKey::userCountryCode).toString(),
                                             serverCountryCode,
                                             apiConfigObject.value(configKey::serviceType).toString(),
-                                            m_apiServicesModel->getSelectedServiceProtocol(),
+                                            configKey::awg, // apiConfigObject.value(configKey::serviceProtocol).toString(),
                                             serverConfigObject.value(configKey::authData).toObject() };
 
     QJsonObject apiPayload = gatewayRequestData.toJsonObject();

client/ui/qml/Pages2/PageSettingsKillSwitch.qml

@@ -62,8 +62,7 @@ PageType {
                 Layout.leftMargin: 16
                 Layout.rightMargin: 16
 
-                visible: false
-                // enabled: SettingsController.isKillSwitchEnabled && !ConnectionController.isConnected
+                enabled: SettingsController.isKillSwitchEnabled && !ConnectionController.isConnected
                 checked: !SettingsController.strictKillSwitchEnabled
 
                 text: qsTr("Soft KillSwitch")
@@ -74,9 +73,7 @@ PageType {
                 }
             }
 
-            DividerType {
-                visible: false
-            }
+            DividerType {}
 
             VerticalRadioButton {
                 id: strictKillSwitch
@@ -84,7 +81,9 @@ PageType {
                 Layout.leftMargin: 16
                 Layout.rightMargin: 16
 
-                enabled: SettingsController.isKillSwitchEnabled && !ConnectionController.isConnected
+                visible: false
+                enabled: false
+                // enabled: SettingsController.isKillSwitchEnabled && !ConnectionController.isConnected
                 checked: SettingsController.strictKillSwitchEnabled
 
                 text: qsTr("Strict KillSwitch")
@@ -106,7 +105,9 @@ PageType {
                 }
             }
 
-            DividerType {}
+            DividerType {
+                visible: false
+            }
             
             LabelWithButtonType {
                 Layout.topMargin: 32

client/vpnconnection.cpp

@@ -85,8 +85,7 @@ void VpnConnection::onConnectionStateChanged(Vpn::ConnectionState state)
             IpcClient::Interface()->resetIpStack();
             IpcClient::Interface()->flushDns();
 
-            if (!m_vpnConfiguration.value(config_key::configVersion).toInt() && container != DockerContainer::Awg
-                && container != DockerContainer::WireGuard) {
+            if (container != DockerContainer::Awg && container != DockerContainer::WireGuard) {
                 QString dns1 = m_vpnConfiguration.value(config_key::dns1).toString();
                 QString dns2 = m_vpnConfiguration.value(config_key::dns2).toString();
 

deploy/build_macos.sh

@@ -71,11 +71,54 @@ cmake --build . --config release --target all
 KEYCHAIN_PATH="$PROJECT_DIR/mac_sign.keychain"
 trap 'echo "Cleaning up mac_sign.keychain..."; security delete-keychain "$KEYCHAIN_PATH" 2>/dev/null || true; rm -f "$KEYCHAIN_PATH" 2>/dev/null || true' EXIT
 KEYCHAIN=$(security default-keychain -d user | tr -d '"[:space:]"')
-security list-keychains -d user -s "$KEYCHAIN_PATH" "$KEYCHAIN" "$(security list-keychains -d user | tr '\n' ' ')"
-security create-keychain -p "" "$KEYCHAIN_PATH"
-security import "$DEPLOY_DIR/DeveloperIdApplicationCertificate.p12" -k "$KEYCHAIN_PATH" -P "$MAC_APP_CERT_PW" -T /usr/bin/codesign
-security import "$DEPLOY_DIR/DeveloperIdInstallerCertificate.p12" -k "$KEYCHAIN_PATH" -P "$MAC_INSTALL_CERT_PW" -T /usr/bin/codesign
+
+# Build a clean list of the *existing* user key-chains. The raw output of
+#   security list-keychains -d user
+# looks roughly like:
+#     "    \"/Users/foo/Library/Keychains/login.keychain-db\"\n    \"/Library/Keychains/System.keychain\""
+# Every entry is surrounded by quotes and indented with a few blanks. Feeding
+# that verbatim back to `security list-keychains -s` inside a single quoted
+# argument leads to one long, invalid path on some systems. We therefore strip
+# the quotes and rely on the shell to split the string on whitespace so that
+# each path becomes its own argument.
+
+read -ra EXISTING_KEYCHAINS <<< "$(security list-keychains -d user | tr -d '"')"
+
+security list-keychains -d user -s "$KEYCHAIN_PATH" "$KEYCHAIN" "${EXISTING_KEYCHAINS[@]}"
+KEYCHAIN_PWD=""  # Empty password keeps things simple for CI jobs
+# Create, unlock and configure the temporary key-chain so that `codesign` can
+# access the imported identities without triggering interactive prompts.
+security create-keychain -p "$KEYCHAIN_PWD" "$KEYCHAIN_PATH"
+# Keep the key-chain unlocked for the duration of the job (6 hours is plenty).
+security set-keychain-settings -lut 21600 "$KEYCHAIN_PATH"
+security unlock-keychain -p "$KEYCHAIN_PWD" "$KEYCHAIN_PATH"
+
+# Import the signing certificates only when the corresponding passwords are
+# available in the environment.  This allows the script to run in environments
+# where code-signing is intentionally turned off (e.g. CI jobs that just build
+# the artefacts without releasing them).
+
+if [ -n "${MAC_APP_CERT_PW-}" ]; then
+  # If the certificate is provided via environment variable, decode it.
+  if [ -n "${MAC_APP_CERT_CERT-}" ]; then
+    echo "$MAC_APP_CERT_CERT" | base64 -d > "$DEPLOY_DIR/DeveloperIdApplicationCertificate.p12"
+  fi
+  security import "$DEPLOY_DIR/DeveloperIdApplicationCertificate.p12" \
+          -k "$KEYCHAIN_PATH" -P "$MAC_APP_CERT_PW" -A
+fi
+
+if [ -n "${MAC_INSTALL_CERT_PW-}" ]; then
+  # Same logic for the installer certificate.
+  if [ -n "${MAC_INSTALLER_SIGNER_CERT-}" ]; then
+    echo "$MAC_INSTALLER_SIGNER_CERT" | base64 -d > "$DEPLOY_DIR/DeveloperIdInstallerCertificate.p12"
+  fi
+  security import "$DEPLOY_DIR/DeveloperIdInstallerCertificate.p12" \
+          -k "$KEYCHAIN_PATH" -P "$MAC_INSTALL_CERT_PW" -A
+fi
+
+# This certificate has no password.
 security import "$DEPLOY_DIR/DeveloperIDG2CA.cer" -k "$KEYCHAIN_PATH" -T /usr/bin/codesign
+
 security list-keychains -d user -s "$KEYCHAIN_PATH"
 
 echo "____________________________________"

service/CMakeLists.txt

@@ -1,7 +1,7 @@
 cmake_minimum_required(VERSION 3.25.0 FATAL_ERROR)
 
 set(PROJECT service)
-project(${PROJECT})
+project(${PROJECT} VERSION ${AMNEZIAVPN_VERSION})
 
 set(CMAKE_CXX_STANDARD 20)
 set(CMAKE_CXX_STANDARD_REQUIRED ON)

service/server/CMakeLists.txt

@@ -1,7 +1,7 @@
 cmake_minimum_required(VERSION 3.25.0 FATAL_ERROR)
 
 set(PROJECT AmneziaVPN-service)
-project(${PROJECT})
+project(${PROJECT} VERSION ${AMNEZIAVPN_VERSION})
 
 set(CMAKE_CXX_STANDARD 20)
 set(CMAKE_CXX_STANDARD_REQUIRED ON)
@@ -162,7 +162,14 @@ if (WIN32 OR APPLE OR LINUX)
     )
 endif()
 
+set(RESOURCES)
+
 if(WIN32)
+    configure_file(
+        ${CMAKE_CURRENT_LIST_DIR}/amneziavpn-service.rc.in
+        ${CMAKE_CURRENT_BINARY_DIR}/amneziavpn-service.rc
+    )
+
     set(HEADERS ${HEADERS}
         ${CMAKE_CURRENT_LIST_DIR}/tapcontroller_win.h
         ${CMAKE_CURRENT_LIST_DIR}/router_win.h
@@ -203,6 +210,10 @@ if(WIN32)
         ${CMAKE_CURRENT_SOURCE_DIR}/../../client/platforms/windows/windowsutils.cpp
     )
 
+    set(RESOURCES ${RESOURCES}
+        ${CMAKE_CURRENT_BINARY_DIR}/amneziavpn-service.rc
+    )
+
     set(LIBS
         user32
         rasapi32
@@ -308,7 +319,7 @@ include_directories(
 )
 
 
-add_executable(${PROJECT} ${SOURCES} ${HEADERS})
+add_executable(${PROJECT} ${SOURCES} ${HEADERS} ${RESOURCES})
 target_link_libraries(${PROJECT} PRIVATE Qt6::Core Qt6::Widgets Qt6::Network Qt6::RemoteObjects Qt6::Core5Compat Qt6::DBus ${LIBS})
 target_compile_definitions(${PROJECT} PRIVATE "MZ_$<UPPER_CASE:${MZ_PLATFORM_NAME}>")
 

service/server/amneziavpn-service.rc.in

@@ -0,0 +1,38 @@
+#include <windows.h>
+LANGUAGE LANG_ENGLISH, SUBLANG_ENGLISH_US
+
+#define VER_COMPANYNAME_STR         "AmneziaVPN"
+#define VER_FILEDESCRIPTION_STR     "AmneziaVPN Service"
+#define VER_INTERNALNAME_STR        VER_FILEDESCRIPTION_STR
+#define VER_LEGALCOPYRIGHT_STR      "AmneziaVPN."
+#define VER_LEGALTRADEMARKS1_STR    "All Rights Reserved"
+#define VER_LEGALTRADEMARKS2_STR    VER_LEGALTRADEMARKS1_STR
+#define VER_ORIGINALFILENAME_STR    "AmneziaVPN-service.exe"
+#define VER_PRODUCTNAME_STR         VER_FILEDESCRIPTION_STR
+
+VS_VERSION_INFO VERSIONINFO
+FILEVERSION     @CMAKE_PROJECT_VERSION_MAJOR@,@CMAKE_PROJECT_VERSION_MINOR@,@CMAKE_PROJECT_VERSION_PATCH@,@CMAKE_PROJECT_VERSION_TWEAK@
+PRODUCTVERSION  @CMAKE_PROJECT_VERSION_MAJOR@,@CMAKE_PROJECT_VERSION_MINOR@,@CMAKE_PROJECT_VERSION_PATCH@
+BEGIN
+    BLOCK "StringFileInfo"
+    BEGIN
+        BLOCK "040904E4"
+        BEGIN
+            VALUE "CompanyName",        VER_COMPANYNAME_STR
+            VALUE "FileDescription",    VER_FILEDESCRIPTION_STR
+            VALUE "FileVersion",        "@CMAKE_PROJECT_VERSION@"
+            VALUE "InternalName",       VER_INTERNALNAME_STR
+            VALUE "LegalCopyright",     VER_LEGALCOPYRIGHT_STR
+            VALUE "LegalTrademarks1",   VER_LEGALTRADEMARKS1_STR
+            VALUE "LegalTrademarks2",   VER_LEGALTRADEMARKS2_STR
+            VALUE "OriginalFilename",   VER_ORIGINALFILENAME_STR
+            VALUE "ProductName",        VER_PRODUCTNAME_STR
+            VALUE "ProductVersion",     "@CMAKE_PROJECT_VERSION@"
+        END
+    END
+
+    BLOCK "VarFileInfo"
+    BEGIN
+        VALUE "Translation", 0x409, 1252
+    END
+END