Build environment

Starting with release 617, the source code of the application is bundled with all the stuff required to build the final index.html, the same exact file loaded when using the Clipperz application. The build process is managed using an Apache Ant “script”: build.xml.

Required stuff

Apache Ant

Apache Ant is a quite common build tool used mainly for Java applications, but its features are quite flexible and it could be easily adapted to many other batch tasks. Instructions on how to install Ant are available from the online manual. The Clipperz project is regularly build using Ant version 1.6.5, running on MacOSX.

Additional Ant tasks

Beside the standard Ant tasks, our script also invokes two external tools:

• a customized version of Rhino realized by the Dojo project used to compress Javascript source files. This is a Java application and is included for convenience in our code package (jars/tool/custom_rhino.jar), so you should be able to use it out of the box.
• CSSTidy is an external compiled tool used to clean and compress CSS files. Being compiled, you need to install the right version for your platform. We are providing only the MacOSX version in the project package (tools/csstidy_osx_1.2). If you want to run the build script on another platform, you will need to download the right CSSTidy file, and fix the script reference into the build.xml file. It is probably possible to create a multiplatform build script, but at the moment we have no plan to implement it.

Package content

Once unpacked, the project folder contains the following items:

• build.xml: this is the main “script” to build the project;
• jar: a folder with all the required Java tools used by the script to build the project;
• properties: a folder containing property definitions used by the build scripts;
• src
  • css: folder containing all css definition files;
  • html: folder containing the template index.html file used by the script;
  • js: folder with all the JavaScript code used by the project, both original code and third-party library code;
• tools: folder with non Java-based external tools. At the moment containing only CSSTidy.

Running the script

To build the project, the Ant tool must be launched from the project folder containing the build.xml file. The default task is already setup, so it will just do the right thing. It is really this simple!

Expected output

The build script will put all the generated files into the _build folder, created beside the build.xml file. Inside the _build folder there should be two different folders:

• _scratch: a folder containing all the temporary files generated by the build script;
• context: a folder containing the final output of the build process: the index.html file.

---

The final index.html is the same exact file that is loaded into your browser when you access the Clipperz application; the checksums of this file should match the published checksum of the Clipperz application.

---

Older versions

• version 1147, live from 29 february 2008
  • improved the consistency checks in order to avoid any possible corruption of users data;
  • fixed a regression relative to IE, added on the last version due the the new way localization strings are managed;
• version 1143, live from 13 february 2008
  • fixed an error blocking some users to access their account;
  • changed the way localization strings are handled;
  • fixed many minor issues reported by users;
• version 1123, live from 19 december 2007
  • implemented the missing import formats;
  • implemented the Clippers JSON export;
• version 1098, live from 5 december 2007
  • fixed some issues on IE;
• version 1096, live from 1 december 2007
  • fixed an issue that kept showing the donation reminder over and over;
• version 1095, live from 29 november 2007
  • updated the descriptions of the new features;
• version 1078, live from 22 november 2007
  • import for CSV, Excel, KeePass and PasswordPlus data;
  • direct login working for HTTP Authentication sites;
  • updated all the translations;
• version 998, live from 13 october 2007
  • fixed an errore while deleting a corrupted card;
  • updated the chinese translation;
  • updated the italian translation;
• version 981, live from 11 october 2007
  • improved the performances of decryption on IE;
• version 977, live from 10 october 2007
  • fixed a problem on the offline copy;
  • fixed a problem with the compact version;
• version 975, live from 10 october 2007
  • fixed a problem on the offline copy;
• version 974, live from 9 october 2007
  • added “one time passwords”;
  • added the login history;
  • many minor fixes in the user interface;
  • updated backend;
• version 960 (922-readOnly), live from 9 october 2007
  • read-only version to allow a database upgrade for the next release;
• version 922, live from 26 september 2007
  • fixed some french typos;
• version 909, live from 21 september 2007
  • added the french translation;
• version 842, live from 12 august 2007
  • added the spanish translation;
  • updated the other translations with the changes done recently on the UI.
• version 826, live from 8 august 2007
  • fixed a few bugs (most of which related to IE) of the previous version.
• version 818, live from 7 august 2007
  • fitted the whole offline version in a single file instead of the ZIP file;
  • added the “tools” main panel (replacing the previous bookmarklet only panel);
  • added a password generator to the tools panel;
  • added a password length counter in the password generator panel and dialog.
• version 796, live from 29 july 2007
  • added the pasword generator
• version 770, live from 18 july 2007
  • performance improvements while saving the cards on IE
• version 765, live from 16 july 2007
  • performance improvements in the AES code
• version 744, live from 03 july 2007
  • added the Chinese translation
  • small performance improvements in the UI code
  • fixed the problems with the offline version with Opera
• version 707, live from 22 May 2007
  • added the Japanese translation
• version 700, live from 18 May 2007
  • improved the Compact version
  • fixed some issues with the card creation wizard on Safari
• version 698, live from 14 May 2007
  • added the Compact version designed for FireFox sidebar
• version 694, live from 13 May 2007
  • fixed a few problems on IE
• version 688, live from 8 May 2007
  • added the Portuguese translation
  • fixed a regression on language code processing
• version 663, live from 7 May 2007
  • added templates for card creation
• version 632, live from 26 April 2007
  • added visual feedback on the strength of the passwords to the change passphrase form
• version 625, live from 24 April 2007
  • card note field now resizable
  • added visual strength indicator for password fields
  • no password generator yet
• version 617, live from 18 April 2007
  • IE now fully supported
  • fixed many issues with the direct login
  • the source code package now include everything needed to build the application; detailed instructions updated here
• version 599, live from 12 April 2007
  • fixed a silly CSS error affecting only with IE
• version 598, live from 12 April 2007
  • fixed an issue that allowed only a single direct login window to be opened at once
• version 592, live from 11 April 2007
  • improved graphic
  • first version of the lock feature
  • improved the export feature
  • improved the bookmarklet (now it is able to process also Amazon Web services login form)
• version 579, live from 6 April 2007
  • fixed a problem with default language support
  • added a draft implementation of the export feature
• version 574, live from 4 April 2007
  • added multilingual support
  • added Italian interface
  • improved bookmarklet pop-over
• version 497-551, live from 28 March 2007
• version 497-548, live from 21 March 2007
• version 497-540, live from 20 March 2007
• version 497-535, live from 19 March 2007
• version 497-530, live from 17 March 2007
• version 497-522, live from 16 March 2007
• version 497-511, live from 15 March 2007
• version 497-505, live from 13 March 2007

Checksums

Every time you visit the Clipperz login page, your browser downloads about 1 MB of JavaScript code. This is the whole code of the Clipperz web application, the code that your browser will run while you enjoy Clipperz. This code takes care of everything you can do within Clipperz, from logging you in to signing you out.

Therefore it is critical to be sure that the downloaded code has not been tampered with. This page gives you some practical advice on checking the genuineness of your code.

Checksums and hash functions

A checksum (or digital fingerprint, or message digest) is a string of characters generated by special algorithms called “cryptographic hash functions”. These algorithms take a message (e.g. a text file) of any length as input and produces a fixed length string as output.

Good hash function are such that it’s very difficult to:

• find a message that matches a given checksum;
• generate “collisions”, wherein two different messages have the same message digest.

For these reasons it is a good idea to use checksums as handy identifiers of large objects such as text files, they could be seen as a condensed digital representation that is, to a high degree of probability, unique for a given input data sequence.

If a text file is modified the correspondent checksum will be completely different, even if only a single character has been changed.

To date the two most-commonly used hash functions are MD5 and SHA-1, producing respectively 128-bit and 160-bit outputs.

How to compute the checksum of the Clipperz application

You need to perform the following two steps:

1. save the page source to a file;
2. run the hash function.

1. Save Clipperz source code to a file

For any other purpose, you could access the source code of any web page, by simply using the built browser functionality. Select “View > Page source” from the browser menus and then you could just copy the entire code to a file.

But in this case you need to be sure that not even a single character is added or changed. Therefore you should avoid the above procedure and opt for a safer method.

• Windows, Linux, Unix

  Install Wget for your operating system and the run the following command from a terminal window:

  wget https://beta.clipperz.com/index.html

  Further information about installing and using wget in a Windows environment can be found here.

• OS X

  Run the following command from a terminal window:

  curl http://beta.clipperz.com/index.html -o index.html

2. Compute the hash function of the Clipperz code

Locate the index.html file generated by the previous step on your hard disk.

• Windows

  Install one of the following utilities. Then run it to compute the MD5 or SHA-1 digest of the index.html file.

  • Microsoft File Checksum Integrity Verifier utility (download)
  • Fastsum integrity control (download)
  • Karen’s Hasher (download)

• Unix, Linux, OS X

  Open a terminal window, move to the directory where the ‘index.html’ file is located and run one or both of the following commands:

  • md5 index.html
  • openssl sha1 index.html

Eventually, compare the values obtained with the ones available in the right column of the Clipperz web site. If they don’t match please report immediately.