Merge branch 'master' into or-dfx-ext

dfinity · Feb 18, 2025 · 59534f5 · 59534f5
2 parents 021ffcf + e8ceda6
commit 59534f5
Show file tree

Hide file tree

Showing 35 changed files with 349 additions and 217 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -16,7 +16,7 @@
 
 ### Motoko
 
-Updated Motoko to [0.13.7](https://github.com/dfinity/motoko/releases/tag/0.13.7)
+Updated Motoko to [0.14.1](https://github.com/dfinity/motoko/releases/tag/0.14.1)
 
 ### Frontend canister
 

diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -23,7 +23,7 @@ candid = "0.10.11"
 candid_parser = "0.1.4"
 dfx-core = { path = "src/dfx-core", version = "0.1.0" }
 ic-agent = { version = "0.39", git = "https://github.com/dfinity/agent-rs", rev = "9ebf6314ce2fcb36772c7d81d6d414b4628d6101" }
-ic-asset = { path = "src/canisters/frontend/ic-asset", version = "0.21.0" }
+ic-asset = { path = "src/canisters/frontend/ic-asset", version = "0.22.0" }
 ic-cdk = "0.13.1"
 ic-identity-hsm = { version = "0.39", git = "https://github.com/dfinity/agent-rs", rev = "9ebf6314ce2fcb36772c7d81d6d414b4628d6101" }
 ic-utils = { version = "0.39", git = "https://github.com/dfinity/agent-rs", rev = "9ebf6314ce2fcb36772c7d81d6d414b4628d6101" }

diff --git a/e2e/tests-dfx/assetscanister.bash b/e2e/tests-dfx/assetscanister.bash
@@ -726,24 +726,24 @@ check_permission_failure() {
 }
 
 @test "can serve filenames with special characters in filename" {
-  # This is observed, not expected behavior
-  # see https://dfinity.atlassian.net/browse/SDK-1247
   install_asset assetscanister
 
   dfx_start
 
   echo "filename is an ae symbol" >'src/e2e_project_frontend/assets/æ'
 
   dfx deploy
+  ID=$(dfx canister id e2e_project_frontend)
+  PORT=$(get_webserver_port)
 
   dfx canister  call --query e2e_project_frontend list '(record {})'
 
-  # decode as expected
+  # decode as expected - %c3%a6 is the utf-8 encoding of the ae symbol
   assert_command dfx canister call --query e2e_project_frontend http_request '(record{url="/%c3%a6";headers=vec{};method="GET";body=vec{}})'
   assert_match "filename is an ae symbol" # candid looks like blob "filename is \c3\a6\0a"
 
-  ID=$(dfx canister id e2e_project_frontend)
-  PORT=$(get_webserver_port)
+  assert_command curl --fail -vv http://localhost:"$PORT"/%c3%a6?canisterId="$ID"
+  assert_match "filename is an ae symbol"
 
   # fails with because %e6 is not valid utf-8 percent encoding
   assert_command_fail curl --fail -vv http://localhost:"$PORT"/%e6?canisterId="$ID"
@@ -1382,8 +1382,7 @@ EOF
   echo '[]' > src/e2e_project_frontend/assets/.ic-assets.json5
 
   assert_command dfx deploy
-  assert_contains "This project does not define a security policy for some assets."
-  assert_contains "Assets without any security policy: all"
+  assert_contains "This project does not define a security policy for any assets."
   assert_command curl --fail --head "http://localhost:$PORT/thing.json?canisterId=$ID"
   assert_not_match "content-security-policy"
   assert_not_match "permissions-policy"
@@ -1414,7 +1413,7 @@ EOF
   ]' > src/e2e_project_frontend/assets/.ic-assets.json5
 
   assert_command dfx deploy
-  assert_not_contains "This project does not define a security policy for some assets."
+  assert_not_contains "This project does not define a security policy for any assets."
   assert_command curl --fail --head "http://localhost:$PORT/thing.json?canisterId=$ID"
   assert_not_match "content-security-policy"
   assert_not_match "permissions-policy"
@@ -1428,8 +1427,8 @@ EOF
   ]' > src/e2e_project_frontend/assets/.ic-assets.json5
 
   assert_command dfx deploy
-  assert_not_contains "This project does not define a security policy for some assets."
-  assert_not_contains "This project uses the default security policy for some assets."
+  assert_not_contains "This project does not define a security policy for any assets."
+  assert_not_contains "This project uses the default security policy for all assets."
   assert_command curl --fail --head "http://localhost:$PORT/thing.json?canisterId=$ID"
   assert_not_match "content-security-policy"
   assert_not_match "permissions-policy"
@@ -1443,8 +1442,8 @@ EOF
   ]' > src/e2e_project_frontend/assets/.ic-assets.json5
 
   assert_command dfx deploy
-  assert_contains "This project uses the default security policy for some assets."
-  assert_contains "Unhardened assets: all"
+  assert_contains "This project uses the default security policy for all assets."
+  assert_not_contains "Unhardened assets:"
   assert_command curl --fail --head "http://localhost:$PORT/thing.json?canisterId=$ID"
   assert_match "content-security-policy"
   assert_match "permissions-policy"
@@ -1480,7 +1479,7 @@ EOF
   ]' > src/e2e_project_frontend/assets/.ic-assets.json5
 
   assert_command dfx deploy
-  assert_not_contains "This project uses the default security policy for some assets."
+  assert_not_contains "This project uses the default security policy for all assets."
   assert_command curl --fail --head "http://localhost:$PORT/thing.json?canisterId=$ID"
   assert_match "content-security-policy"
   assert_match "permissions-policy"
@@ -1508,8 +1507,8 @@ EOF
   ]' > src/e2e_project_frontend/assets/.ic-assets.json5
 
   assert_command dfx deploy
-  assert_not_contains "This project does not define a security policy for some assets."
-  assert_not_contains "This project uses the default security policy for some assets."
+  assert_not_contains "This project does not define a security policy for any assets."
+  assert_not_contains "This project uses the default security policy for all assets."
   assert_command curl --fail --head "http://localhost:$PORT/thing.json?canisterId=$ID"
   assert_match "content-security-policy: overwritten"
   assert_match "permissions-policy"

diff --git a/e2e/tests-dfx/deploy.bash b/e2e/tests-dfx/deploy.bash
@@ -66,14 +66,14 @@ teardown() {
   (
     cd src
     assert_command dfx deploy
-    assert_match "Installing code for"
+    assert_match "Installed code for"
   )
 
   assert_command dfx canister call hello_backend greet '("Banzai")'
   assert_eq '("Hello, Banzai!")'
 
   assert_command dfx deploy
-  assert_not_match "Installing code for"
+  assert_not_match "Installed code for"
   assert_match "is already installed"
 }
 

diff --git a/e2e/tests-dfx/error_context.bash b/e2e/tests-dfx/error_context.bash
@@ -138,12 +138,11 @@ teardown() {
   PATH="$helpers_path" assert_command_fail "$dfx_path" deploy npm_missing
 
   # expect to see the npm command line
-  assert_contains 'program: "npm"'
-  assert_match 'args: \[.*"npm".*"run".*"build".*\]'
+  assert_match 'npm run build'
   # expect to see the name of the canister
   assert_match "npm_missing"
   # expect to see the underlying cause
-  assert_match "No such file or directory"
+  assert_match "(Is it installed?)"
 }
 
 @test "missing asset source directory" {

diff --git a/e2e/tests-dfx/install.bash b/e2e/tests-dfx/install.bash
@@ -42,7 +42,7 @@ teardown() {
 
   assert_command dfx canister install --all
 
-  assert_match "Installing code for canister e2e_project_backend"
+  assert_match "Installed code for canister e2e_project_backend"
 }
 
 @test "install succeeds with network name" {
@@ -52,7 +52,7 @@ teardown() {
 
   assert_command dfx canister install --all --network local
 
-  assert_match "Installing code for canister e2e_project_backend"
+  assert_match "Installed code for canister e2e_project_backend"
 }
 
 @test "install fails with network name that is not in dfx.json" {

diff --git a/e2e/tests-dfx/mode_reinstall.bash b/e2e/tests-dfx/mode_reinstall.bash
@@ -41,7 +41,7 @@ teardown() {
     assert_command dfx canister install --mode=reinstall hello_backend
 
     assert_match "YOU WILL LOSE ALL DATA IN THE CANISTER"
-    assert_match "Reinstalling code for canister hello_backend"
+    assert_match "Reinstalled code for canister hello_backend"
   )
 }
 
@@ -54,7 +54,7 @@ teardown() {
 
     assert_match "YOU WILL LOSE ALL DATA IN THE CANISTER"
 
-    assert_not_match "Installing code for canister"
+    assert_not_match "Installed code for canister"
     assert_contains "Refusing to install canister without approval"
     assert_contains "User declined consent"
   )
@@ -77,7 +77,7 @@ teardown() {
     assert_command dfx deploy --mode=reinstall hello_backend
 
     assert_match "YOU WILL LOSE ALL DATA IN THE CANISTER"
-    assert_match "Reinstalling code for canister hello_backend"
+    assert_match "Reinstalled code for canister hello_backend"
   )
 }
 
@@ -90,7 +90,7 @@ teardown() {
 
     assert_match "YOU WILL LOSE ALL DATA IN THE CANISTER"
 
-    assert_not_match "Installing code for canister"
+    assert_not_match "Installed code for canister"
     assert_contains "Refusing to install canister without approval"
     assert_contains "User declined consent"
   )
@@ -123,7 +123,7 @@ teardown() {
     assert_match "You are about to reinstall the hello_frontend canister."
     assert_not_match "You are about to reinstall the hello_backend canister."
     assert_match "YOU WILL LOSE ALL DATA IN THE CANISTER"
-    assert_match "Reinstalling code for canister hello_frontend,"
+    assert_match "Reinstalled code for canister hello_frontend,"
   )
 
   # the hello_backend canister should not have been upgraded (which would reset the non-stable var)
@@ -141,24 +141,24 @@ teardown() {
     assert_command dfx deploy --mode=reinstall hello_backend
 
     assert_match "YOU WILL LOSE ALL DATA IN THE CANISTER"
-    assert_match "Reinstalling code for canister hello_backend"
+    assert_match "Reinstalled code for canister hello_backend"
   )
   echo y | (
     assert_command dfx deploy --mode=reinstall hello_backend
 
     assert_match "YOU WILL LOSE ALL DATA IN THE CANISTER"
-    assert_match "Reinstalling code for canister hello_backend"
+    assert_match "Reinstalled code for canister hello_backend"
   )
   echo YES | (
     assert_command dfx deploy --mode=reinstall hello_backend
 
     assert_match "YOU WILL LOSE ALL DATA IN THE CANISTER"
-    assert_match "Reinstalling code for canister hello_backend"
+    assert_match "Reinstalled code for canister hello_backend"
   )
   echo YeS | (
     assert_command dfx deploy --mode=reinstall hello_backend
 
     assert_match "YOU WILL LOSE ALL DATA IN THE CANISTER"
-    assert_match "Reinstalling code for canister hello_backend"
+    assert_match "Reinstalled code for canister hello_backend"
   )
 }
diff --git a/e2e/tests-replica/deploy.bash b/e2e/tests-replica/deploy.bash
@@ -60,7 +60,7 @@ teardown() {
   assert_command dfx canister create --all
 
   assert_command dfx deploy
-  assert_match 'Installing code for canister'
+  assert_match 'Installed code for canister'
 }
 
 @test "dfx deploy supports arguments" {
@@ -85,13 +85,13 @@ teardown() {
   # Therefore, there is no "attempting (install|upgrade)" message.
 
   assert_command dfx deploy hello_backend
-  assert_match 'Installing code for canister'
+  assert_match 'Installed code for canister'
 
   assert_command dfx canister call hello_backend greet '("First")'
   assert_eq '("Hello, First!")'
 
   assert_command dfx deploy hello_backend --upgrade-unchanged
-  assert_match 'Upgrading code for canister'
+  assert_match 'Upgraded code for canister'
 
   assert_command dfx canister call hello_backend greet '("Second")'
   assert_eq '("Hello, Second!")'

diff --git a/nix/sources.json b/nix/sources.json
@@ -130,27 +130,27 @@
         "builtin": false,
         "description": "The Motoko base library",
         "owner": "dfinity",
-        "sha256": "1hzp592d3g2m5mj85kpg6nqi8qwxbjy0600dr6ccpa1ac4fqh9f5",
+        "sha256": "15bqz0zg0s6hl0dcdszqgv82pbabmfzzphyjdxm4djvpmm1d6gmp",
         "type": "tarball",
-        "url": "https://github.com/dfinity/motoko/releases/download/0.13.7/motoko-base-library.tar.gz",
+        "url": "https://github.com/dfinity/motoko/releases/download/0.14.1/motoko-base-library.tar.gz",
         "url_template": "https://github.com/dfinity/motoko/releases/download/<version>/motoko-base-library.tar.gz",
-        "version": "0.13.7"
+        "version": "0.14.1"
     },
     "motoko-x86_64-darwin": {
         "builtin": false,
-        "sha256": "0z5d8n3vyji2b5ncznkw9cycb3h0iz5np4sv8ila0w0s806yawzz",
+        "sha256": "05qix25k4nndqimjz9a66sbcj9ck9np3cns4pg2md61as412b9kv",
         "type": "file",
-        "url": "https://github.com/dfinity/motoko/releases/download/0.13.7/motoko-Darwin-x86_64-0.13.7.tar.gz",
+        "url": "https://github.com/dfinity/motoko/releases/download/0.14.1/motoko-Darwin-x86_64-0.14.1.tar.gz",
         "url_template": "https://github.com/dfinity/motoko/releases/download/<version>/motoko-Darwin-x86_64-<version>.tar.gz",
-        "version": "0.13.7"
+        "version": "0.14.1"
     },
     "motoko-x86_64-linux": {
         "builtin": false,
-        "sha256": "1zf1ir1sfn8bbsfhb6qwcw2hcqsyn496njs4iqmhkya6n0yhsdrf",
+        "sha256": "0wwmg9hzhd1q8fmskn7r6vwzjzk50x8sdb6r9djdpaq8pzjiz8b2",
         "type": "file",
-        "url": "https://github.com/dfinity/motoko/releases/download/0.13.7/motoko-Linux-x86_64-0.13.7.tar.gz",
+        "url": "https://github.com/dfinity/motoko/releases/download/0.14.1/motoko-Linux-x86_64-0.14.1.tar.gz",
         "url_template": "https://github.com/dfinity/motoko/releases/download/<version>/motoko-Linux-x86_64-<version>.tar.gz",
-        "version": "0.13.7"
+        "version": "0.14.1"
     },
     "pocket-ic-x86_64-darwin": {
         "rev": "4ba583480e05a518aa2bcf36f5a0e48475e8edc2",

diff --git a/src/canisters/frontend/ic-asset/Cargo.toml b/src/canisters/frontend/ic-asset/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "ic-asset"
-version = "0.21.0"
+version = "0.22.0"
 authors.workspace = true
 edition.workspace = true
 repository.workspace = true

diff --git a/src/canisters/frontend/ic-asset/src/sync.rs b/src/canisters/frontend/ic-asset/src/sync.rs
@@ -384,9 +384,14 @@ pub(crate) fn gather_asset_descriptors(
             .filter(|asset| asset.config.warn_about_no_security_policy())
             .collect_vec();
         if !no_policy_assets.is_empty() {
+            let qnt = if no_policy_assets.len() == asset_descriptors.len() {
+                "any"
+            } else {
+                "some"
+            };
             warn!(
                 logger,
-                "This project does not define a security policy for some assets."
+                "This project does not define a security policy for {qnt} assets."
             );
             warn!(
                 logger,
@@ -399,9 +404,7 @@ pub(crate) fn gather_asset_descriptors(
             warn!(logger, "  }}");
             warn!(logger, "]");
 
-            if no_policy_assets.len() == asset_descriptors.len() {
-                warn!(logger, "Assets without any security policy: all");
-            } else {
+            if no_policy_assets.len() != asset_descriptors.len() {
                 warn!(logger, "Assets without any security policy:");
                 for asset in &no_policy_assets {
                     warn!(logger, "  - {}", asset.key);
@@ -413,11 +416,14 @@ pub(crate) fn gather_asset_descriptors(
             .filter(|asset| asset.config.warn_about_standard_security_policy())
             .collect_vec();
         if !standard_policy_assets.is_empty() {
-            warn!(logger, "This project uses the default security policy for some assets. While it is set up to work with many applications, it is recommended to further harden the policy to increase security against attacks like XSS.");
-            warn!(logger, "To get started, have a look at 'dfx info canister-security-policy'. It shows the default security policy along with suggestions on how to improve it.");
-            if standard_policy_assets.len() == asset_descriptors.len() {
-                warn!(logger, "Unhardened assets: all");
+            let qnt = if standard_policy_assets.len() == asset_descriptors.len() {
+                "all"
             } else {
+                "some"
+            };
+            warn!(logger, "This project uses the default security policy for {qnt} assets. While it is set up to work with many applications, it is recommended to further harden the policy to increase security against attacks like XSS.");
+            warn!(logger, "To get started, have a look at 'dfx info canister-security-policy'. It shows the default security policy along with suggestions on how to improve it.");
+            if standard_policy_assets.len() != asset_descriptors.len() {
                 warn!(logger, "Unhardened assets:");
                 for asset in &standard_policy_assets {
                     warn!(logger, "  - {}", asset.key);

diff --git a/src/canisters/frontend/icx-asset/Cargo.toml b/src/canisters/frontend/icx-asset/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "icx-asset"
-version = "0.21.0"
+version = "0.22.0"
 authors.workspace = true
 edition.workspace = true
 repository.workspace = true
@@ -15,7 +15,12 @@ keywords = ["internet-computer", "agent", "icp", "dfinity", "asset"]
 anstyle.workspace = true
 anyhow.workspace = true
 candid = { workspace = true }
-clap = { workspace = true, features = ["derive", "cargo", "unstable-styles", "wrap_help" ] }
+clap = { workspace = true, features = [
+    "derive",
+    "cargo",
+    "unstable-styles",
+    "wrap_help",
+] }
 delay = "0.3.1"
 humantime.workspace = true
 ic-agent = { workspace = true }