on Windows and Macos, most filesystems are case-insensitive,
which can lead to dangerous situations
one example is when another program (not copyparty or its UI) wants to
rename a file from `Foo` to `foo`; the program will probably start by
checking if `foo` exists and then delete it, however this would match
`Foo` and confuse the program into deleting the wrong file
fix this by adding a VERY EXPENSIVE detector to prevent this,
by listing the parent folder and checking if the case matches
this check will auto-enable when a case-insensitive FS is detected on
startup, but option `casechk` (global or volflag) can override this
* make-sfx.sh: fix missing licenses on very first build
* docker/make.sh: add warning on missing deps
* pyinstaller: cleanup notes
* add notes:
* building on archlinux
* buliding python 2.7
* support for Zed IDE
previously, the first selected file became the name of the zip
now, the name will be "sel-foldername", similar to when the whole
folder is downloaded, but with a prefix to indicate it's a subset
the check for a leading newline was not specific enough,
accidentally matching the opening line of a json document,
triggering the xhr safeguard and wasting a roundtrip
new options --qr-stdout and --qr-stderr will always print the qr-code
into the console, even if copyparty is running in quiet mode (-q)
closes https://codeberg.org/9001/copyparty/issues/1
assume launcher is in /usr/local/bin/ rather than /usr/bin
which is the case as of recently
Signed-off-by: Beethoven <44652883+Beethoven-n@users.noreply.github.com>
ntfs on linux can be picky about cloning mtime onto a new file;
generally we don't care if that fails, however, we also want the
speedup that CopyFile2 can offer, so cannot use copyfile directly
this avoids the following issue:
up2k:3537 <_symlink>: shutil.copy2(fsenc(csrc), fsenc(dst))
shutil:437 <copy2>: copystat(src, dst, follow_symlinks=follow_sym[...]
shutil:376 <copystat>: lookup("utime")(dst, ns=(st.st_atime_ns, s[...]
[PermissionError] [Errno 1] Operation not permitted, '/windows/videos'
idk what this was *supposed* to do but what it *did* was prevent
loading the full image even when the request had a good referrer
(this broke viewing images in firefox at least)
docker buildx imagetools inspect copyparty/ac:beta@sha256:[...] --raw
would show the annotations from the base alpine image instead of ours
thx to @EmilyxFox for figuring this out!
the preferred locations (XDG_CONFIG_HOME and ~/.config)
are trusted and will behave as before, because they are
only writable by the current unix-user
but when an emergency fallback location ($TMPDIR or /tmp) is used
because none of the preferred locations are writable, then this
will now force-disable sessions-db, idp-db, chpw, and shares
this security safeguard can be overridden with --unsafe-state
will now also create the config folder with chmod 700 (rwx------)
pausing a video with spacebar while video is focused would first
get handled by the js hotkey, and then chrome would ignore our
hint that bubbling should cease and undo it anyways
apparently the convention is that hotkeys should follow the letters
according to the layout, and not remain in the qwerty position
this breaks apart the cluster of media controls (uiojkl),
but that's the intended and expected behavior so it should be fine
