Yet another Syncthing Tray

Martchus · December 11, 2023, 2:09pm

Considering the version from winget is quite outdated I’d recommend Chocolatey then.

usefulvid · December 11, 2023, 4:24pm

True.

Martchus · December 11, 2023, 8:45pm

I’ve just added a proper documentation section about the config file: GitHub - Martchus/syncthingtray: Tray application and Dolphin/Plasma integration for Syncthing

I generally reworked the README a bit and it now also states at the beginning that it is currently the main and only documentation. It is also already linked from the wizard. I hope that no further documentation is required as things are intuitive enough.

usefulvid · December 12, 2023, 4:58pm

Winget fixed

This is the Video:

hope you like it besides my english skills

Martchus · December 12, 2023, 9:40pm

Looks generally good.

It reveals that the version on winget is the Qt 5 based one. Have you been switching to the Qt 6 based version when updating the winget packaging? If not I would recommend to do that. The Qt 5 based version is really only for supporting older versions of Windows (see the remark in the README for details).

Maybe it makes sense to make the web view option to use a Chromium-based browser the default. It is not the default because I only implemented it relatively recently as an experimental addition but I guess at this point I could change it to be the default (unless no such browser can be detected).

usefulvid · December 13, 2023, 9:28am

Winget source is now: https://github.com/Martchus/syncthingtray/releases/download/v1.4.10/syncthingtray-1.4.10-x86_64-w64-mingw32.exe.zip

Looks good?

Martchus · December 13, 2023, 12:26pm

Yes, that’s the Qt 6 based version. (Of course now v1.4.11 is the latest release.)

usefulvid · December 15, 2023, 9:14pm

You can automate the winget update if you want Example:

github.com

microsoft/PowerToys/blob/main/.github/workflows/package-submissions.yml

name: Submit Microsoft.PowerToys package to Windows Package Manager Community Repository
# based off of https://github.com/nushell/nushell/blob/main/.github/workflows/winget-submission.yml

on:
  workflow_dispatch:
  release:
    types: [published]

jobs:
  winget:
    name: Publish winget package
    runs-on: windows-latest
    steps:
      - name: Submit package to Windows Package Manager Community Repository
        run: |

          $wingetPackage = "Microsoft.PowerToys"
          $gitToken = "${{ secrets.PT_WINGET }}"

          $github = Invoke-RestMethod -uri "https://api.github.com/repos/Microsoft/PowerToys/releases"

This file has been truncated. show original

github.com

JanDeDobbeleer/oh-my-posh/blob/main/.github/workflows/winget.yml

name: Winget
on:
  workflow_dispatch:
    inputs:
      version:
        description: 'The latest version'
        required: true

jobs:
  publish:
    runs-on: windows-latest
    defaults:
      run:
        shell: pwsh
        working-directory: ${{ github.workspace }}/packages/winget
    env:
      WINGETCREATE_TOKEN: ${{ secrets.WINGETCREATE_TOKEN }}
    steps:
    - name: Checkout code 👋
      uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11

This file has been truncated. show original

Discussion on Winget

github.com/microsoft/winget-pkgs

Auto generate manifests for newer versions

opened 07:10PM - 20 May 20 UTC

felipecrs

Area-Validation-Pipeline Issue-Feature

# Disclaimer I tried to find an issue like this in both repositories, but I didn't. # Description of the new feature/enhancement To support some kind of CI that, based on previously set logic, can auto-generate manifests for newer versions of the packages.  # Proposed technical implementation details A very good example is the Chocolatey Automatic Package Updater Module: https://github.com/majkinetor/au Based on custom rules, such as scripts for finding newer versions, URLs for downloading them, a CI can run continuously based on a scheduled trigger, and if it finds a newer version, it try to build a new manifest automatically, test it, and submit a PR (or push directly).  So then, we don't need to manually create manifests for every new version of an existing package.

tmcgill · January 24, 2024, 4:08am

Hi, thanks for this useful utility. I’ve noticed that each release contains signature files for each downloadable executable package. But I’m not seeing a link on this thread, or the project page, or your own github page, to the public key one would use for verifying that signature. Where might I obtain this? Thanks.

Martchus · January 24, 2024, 10:00am

Normally gpg itself tells you the key it lacks to verify a signature, e.g.:

$ gpg --verify syncthingtray-1.4.12-x86_64-pc-linux-gnu.tar.xz{.sig,}
gpg: Signature made Tue Jan  2 22:52:05 2024 CET
gpg:                using RSA key B9E36A7275FC61B464B67907E06FE8F53CDC6A4C
gpg: Can't check signature: No public key

You can then import that key:

$ gpg --recv-keys B9E36A7275FC61B464B67907E06FE8F53CDC6A4C
gpg: key E06FE8F53CDC6A4C: public key "Martchus <martchus@gmx.net>" imported
gpg: Total number processed: 1
gpg:               imported: 1

Now you can verify the signature again:

$ gpg --verify syncthingtray-1.4.12-x86_64-pc-linux-gnu.tar.xz{.sig,}
gpg: Signature made Tue Jan  2 22:52:05 2024 CET
gpg:                using RSA key B9E36A7275FC61B464B67907E06FE8F53CDC6A4C
gpg: Good signature from "Martchus <martchus@gmx.net>" [unknown]
gpg:                 aka "Marius Kittler <mariuskittler@gmx.de>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: B9E3 6A72 75FC 61B4 64B6  7907 E06F E8F5 3CDC 6A4C

It would even be possibly to configure receiving keys automatically. Of course the signature is still not considered trustworthy yet but the verification works and the signature matched. If you want to make it a trusted signature you can --lsign-key it. (If the signature would not have matched because the file was tampered with you would have gotten gpg: BAD signature from "Martchus <martchus@gmx.net>" [unknown] instead.)

Note that I’m not using gpg very often so take my word with a grain of salt.

tmcgill · February 7, 2024, 3:52pm

Thanks. Of course, the drawback there is that, for verification purposes, it’s sort of circular reasoning to look at the signature to figure out what key signed it, then go find the matching key and then verify that that key signed it. All that winds up really proving is that it was signed by someone. Whose key that really is, you wouldn’t know. Ideally there is a trusted public place to see the key belonging to a particular person or organization, separate from where the download itself comes from.

Martchus · February 7, 2024, 4:23pm

Yes, in the first place you only verify that the file is correctly signed by someone. On subsequent downloads you can verify that the file is signed by the same someone as before which is when the verification becomes useful.

Not sure how to solve this from my side. I could of course mention the key on GitHub but that’s not very useful because if someone gains access to my account and can tamper with the files offered there for download they can most likely also edit the mentioning of the key. The key needed to be mentioned at a different place than where the download is served from.

When setting up a website for Syncthing Tray (at some point) I am probably going to use GitHub pages. I guess if I would mention the key there the same caveat would apply.

Maybe it would make more sense to link to other places where the key is mentioned, e.g. Unofficial user repositories - ArchWiki and Server dashboard. It is unlikely that an attacker tampering the downloads on GitHub would also be able to gain access to the systems hosting these pages at the same time. So I could change my release script to mention these pages in the release description (which could be a bit more descriptive anyway). Of course the same problem still applies as an attacker could just change those references to other servers under they’re control and new users would probably not notice it.

calmh · February 7, 2024, 4:31pm

I would start by just mentioning it in the README. Compromised binaries/packages can end up on download sites in ways other than having your Github account compromised^[1], and if it’s in the repo, then the signature is at least as trusted as the source code. After a while it becomes established.

and of course some of those can be before you sign it, anyway, but… ↩︎

Martchus · March 5, 2024, 3:00pm

Changes in recent releases of Syncthing Tray that might be worth highlighting:

Syncthing Tray now allows one to automatically stop Syncthing (or pause all devices) as long as the current network connection is considered metered. So if you migrated from SyncTrayzor and found this feature was missing you can now enable it in Syncthing Tray as well under the launcher settings (or connection settings for just pausing devices).
The KDE integrations were ported to KDE 6 a while ago and are now ready to use after KDE 6 has just been released. Note that when using my packaging for Arch Linux, openSUSE and Fedora you will have to use the Qt 6 version of the packages (the set of packages ending with -qt6).
A bug with the high-DPI support that caused too big or blurry icons in setups with mixed scaling factors was fixed.
Syncthing Tray supports now Qt 6.7 and its improved styling under Windows 11. So when Qt 6.7 is released the next Syncthing Tray release will look much better under Windows 11. (Of course you will still be able to switch the style back if you prefer a more traditional look.)

Lolozendev · March 6, 2024, 12:01pm

Hi I’m using ubuntu 22.04.4 gnome , I tried to install syncthingtray by downloading the binary syncthingtray-1.5.0-x86_64-pc-linux-gnu.tar.xz which I unzipped into my /opt, I already have my syncthing setup, I encountered a few annoying bugs first I have to double left click to open the tray, then it closes only when I open a new app, if I re open it a second time now it doesn’t closes unless I manage to right click and open the settings from the tray.

maybe I did something wrong at the installation, the app seemed to work fine apart from those bug, what’s the best way to install the tray ?

Martchus · March 6, 2024, 12:31pm

Unfortunately not a platform/environment I use myself but maybe others can be of better help. I assume you use this extension then?

The number of clicks is not controlled by the Syncthing Tray but by the tray/shell itself. So I’m afraid that’s nothing I could tweak from my side (and in any other environment I know only a single click is required).

This all sounds like your environment doesn’t support the type of application Syncthing Tray is.

Probably your only mistake was your choice of environment - GNOME is just very streamlined and therefore too limited to support applications like Syncthing Tray well. You can workaround it by changing the window type in the appearance settings, e.g. you can make it so the web UI opens directly when clicking on the icon (so the “buggy” part is just left out). See also GitHub - Martchus/syncthingtray: Tray application and Dolphin/Plasma integration for Syncthing for more details.

Lolozendev · March 6, 2024, 12:40pm

thank you for your quick answer! Tbh I’m used to gnome, but open to new environments , is there any one you’d recommend (I’d love yo use syncthingtray in the way it was intended to)?

Martchus · March 6, 2024, 1:36pm

I think general recommendations are out of scope for this thread (especially as they could lead to heated discussions) and it also really depends on your personal preferences.

Syncthing Tray is best supported on Windows as this is a stable/uniform platform that supports everything needed for Syncthing Tray to work. Plasma is also well supported considering the Plasmoid and Dolphin integration. Generally, any X11-based environment with proper tray icon support is supposed to work. However, the distribution for GNU/Linux is not as easy as for Windows so packages for your distribution might be too old nor non-existent (and the binary for GNU/Linux on GitHub cannot support the Plasmoid). Also checkout the supported platforms section in the README.

jackdinn · March 6, 2024, 8:28pm

After update 1.5.0 The GUI has changed (on KDE) to what looks to be an older GUI and i can not figure how to get it back

I have seen it do this before but i cant for the life of me remember how i get it to work again.

EDIT: I am thinking that the problem is that i usually use the plasmoid but this is the stand-alone app. But i cant see how to add the plasmoid, it is not listed in the “add widget” or the system tray configs?

It normally looks like this (not the colour & theme)

Screenshot_20240306_193746

But it now looks like this?

Screenshot_20240306_192555

It looks like an older GUI to me but i dont know.

I dont really want to uninstall and reinstall because im not sure i want to set it all up again (if i can remember how).

Any suggestions?

System info

syncthingtray Version  : 1.5.0-1

System:
  Host: greg-optiplex7050 Kernel: 6.6.10-1-MANJARO arch: x86_64 bits: 64
    Desktop: KDE Plasma v: 5.27.10 Distro: Manjaro Linux
Machine:
  Type: Desktop System: Dell product: OptiPlex 7050 v: N/A
    serial: <superuser required>
  Mobo: Dell model: 055H3G v: A01 serial: <superuser required> UEFI: Dell
    v: 1.26.0 date: 08/20/2023
CPU:
  Info: quad core Intel Core i7-7700 [MCP] speed (MHz): avg: 4086
    min/max: 800/4200
Graphics:
  Device-1: Intel HD Graphics 630 driver: i915 v: kernel
  Display: x11 server: X.Org v: 21.1.10 with: Xwayland v: 23.2.3 driver: X:
    loaded: modesetting dri: iris gpu: i915 resolution: 3840x2160~60Hz
  API: OpenGL v: 4.6 compat-v: 4.5 vendor: intel mesa v: 23.3.3-manjaro1.1
    renderer: Mesa Intel HD Graphics 630 (KBL GT2)
Network:
  Device-1: Intel Ethernet I219-LM driver: e1000e
  Device-2: Intel Wireless 8265 / 8275 driver: iwlwifi
Drives:
  Local Storage: total: 1.84 TiB used: 228.87 GiB (12.1%)
Info:
  Processes: 220 Uptime: 31m Memory: total: 16 GiB available: 15.49 GiB
  used: 4.84 GiB (31.3%) Shell: fish inxi: 3.3.31

acolomb · March 6, 2024, 9:03pm

Just a thought about GNOME desktop integration in general: There are several extensions for GNOME Shell that offer some of the same functionality, though not as feature-rich as syncthingtray. I’m using one of those happily, though maintenance regarding new version compatibility is not always as quick as one could wish.