fix(desktop): improve AppImage icons and remote environment

.github/workflows/release.yml

@@ -232,17 +232,32 @@ jobs:
         shell: pwsh
         run: |
           $vswhere = "${env:ProgramFiles(x86)}\Microsoft Visual Studio\Installer\vswhere.exe"
-             $installPath = & $vswhere -products * -latest -property installationPath
-             $setupExe = "${env:ProgramFiles(x86)}\Microsoft Visual Studio\Installer\setup.exe"
-             $proc = Start-Process -FilePath $setupExe `
-              -ArgumentList "modify", "--installPath", "`"$installPath`"", "--add", `
-              "Microsoft.VisualStudio.Component.VC.Tools.x86.x64.Spectre", "--quiet", "--norestart" `
-              -Wait -PassThru -NoNewWindow
-             if ($null -eq $proc -or $proc.ExitCode -ne 0) {
-               $code = if ($null -ne $proc) { $proc.ExitCode } else { 1 }
-               Write-Error "Visual Studio Installer failed with exit code $code"
-               exit $code
-             }
+          $installPath = & $vswhere -products * -latest -property installationPath
+          $setupExe = "${env:ProgramFiles(x86)}\Microsoft Visual Studio\Installer\setup.exe"
+          $proc = Start-Process -FilePath $setupExe `
+            -ArgumentList "modify", "--installPath", "`"$installPath`"", "--add", `
+            "Microsoft.VisualStudio.Component.VC.Tools.x86.x64.Spectre", "--quiet", "--norestart" `
+            -Wait -PassThru -NoNewWindow
+          if ($null -eq $proc -or $proc.ExitCode -ne 0) {
+            $code = if ($null -ne $proc) { $proc.ExitCode } else { 1 }
+            Write-Error "Visual Studio Installer failed with exit code $code"
+            exit $code
+          }
+
+      - name: Install ImageMagick
+        if: matrix.platform == 'linux'
+        shell: bash
+        run: |
+          if ! command -v magick >/dev/null 2>&1 && ! command -v convert >/dev/null 2>&1; then
+              sudo apt-get update
+              sudo apt-get install -y imagemagick
+          fi
+
+          if command -v magick >/dev/null 2>&1; then
+              magick -version
+          else
+              convert -version
+          fi
 
       - name: Build desktop artifact
         shell: bash

apps/desktop/src/desktopSettings.test.ts

@@ -35,6 +35,7 @@ describe("desktopSettings", () => {
 
   it("defaults packaged nightly builds to the nightly update channel", () => {
     expect(resolveDefaultDesktopSettings("0.0.17-nightly.20260415.1")).toEqual({
+      linuxPasswordStore: "auto",
       serverExposureMode: "local-only",
       tailscaleServeEnabled: false,
       tailscaleServePort: 443,
@@ -47,6 +48,7 @@ describe("desktopSettings", () => {
     const settingsPath = makeSettingsPath();
 
     writeDesktopSettings(settingsPath, {
+      linuxPasswordStore: "gnome-libsecret",
       serverExposureMode: "network-accessible",
       tailscaleServeEnabled: true,
       tailscaleServePort: 8443,
@@ -55,6 +57,7 @@ describe("desktopSettings", () => {
     });
 
     expect(readDesktopSettings(settingsPath, "0.0.17")).toEqual({
+      linuxPasswordStore: "gnome-libsecret",
       serverExposureMode: "network-accessible",
       tailscaleServeEnabled: true,
       tailscaleServePort: 8443,
@@ -67,6 +70,7 @@ describe("desktopSettings", () => {
     expect(
       setDesktopServerExposurePreference(
         {
+          linuxPasswordStore: "auto",
           serverExposureMode: "local-only",
           tailscaleServeEnabled: false,
           tailscaleServePort: 443,
@@ -76,6 +80,7 @@ describe("desktopSettings", () => {
         "network-accessible",
       ),
     ).toEqual({
+      linuxPasswordStore: "auto",
       serverExposureMode: "network-accessible",
       tailscaleServeEnabled: false,
       tailscaleServePort: 443,
@@ -88,6 +93,7 @@ describe("desktopSettings", () => {
     expect(
       setDesktopTailscaleServePreference(
         {
+          linuxPasswordStore: "auto",
           serverExposureMode: "local-only",
           tailscaleServeEnabled: false,
           tailscaleServePort: 443,
@@ -97,6 +103,7 @@ describe("desktopSettings", () => {
         { enabled: true, port: 8443 },
       ),
     ).toEqual({
+      linuxPasswordStore: "auto",
       serverExposureMode: "local-only",
       tailscaleServeEnabled: true,
       tailscaleServePort: 8443,
@@ -109,6 +116,7 @@ describe("desktopSettings", () => {
     expect(
       setDesktopTailscaleServePreference(
         {
+          linuxPasswordStore: "auto",
           serverExposureMode: "local-only",
           tailscaleServeEnabled: false,
           tailscaleServePort: 8443,
@@ -118,6 +126,7 @@ describe("desktopSettings", () => {
         { enabled: true },
       ),
     ).toEqual({
+      linuxPasswordStore: "auto",
       serverExposureMode: "local-only",
       tailscaleServeEnabled: true,
       tailscaleServePort: 8443,
@@ -130,6 +139,7 @@ describe("desktopSettings", () => {
     expect(
       setDesktopUpdateChannelPreference(
         {
+          linuxPasswordStore: "auto",
           serverExposureMode: "local-only",
           tailscaleServeEnabled: false,
           tailscaleServePort: 443,
@@ -139,6 +149,7 @@ describe("desktopSettings", () => {
         "nightly",
       ),
     ).toEqual({
+      linuxPasswordStore: "auto",
       serverExposureMode: "local-only",
       tailscaleServeEnabled: false,
       tailscaleServePort: 443,
@@ -159,6 +170,7 @@ describe("desktopSettings", () => {
     fs.writeFileSync(settingsPath, JSON.stringify({ serverExposureMode: "local-only" }), "utf8");
 
     expect(readDesktopSettings(settingsPath, "0.0.17-nightly.20260415.1")).toEqual({
+      linuxPasswordStore: "auto",
       serverExposureMode: "local-only",
       tailscaleServeEnabled: false,
       tailscaleServePort: 443,
@@ -179,6 +191,7 @@ describe("desktopSettings", () => {
     );
 
     expect(readDesktopSettings(settingsPath, "0.0.17-nightly.20260415.1")).toEqual({
+      linuxPasswordStore: "auto",
       serverExposureMode: "local-only",
       tailscaleServeEnabled: false,
       tailscaleServePort: 443,
@@ -200,6 +213,7 @@ describe("desktopSettings", () => {
     );
 
     expect(readDesktopSettings(settingsPath, "0.0.17-nightly.20260415.1")).toEqual({
+      linuxPasswordStore: "auto",
       serverExposureMode: "local-only",
       tailscaleServeEnabled: false,
       tailscaleServePort: 443,
@@ -220,6 +234,7 @@ describe("desktopSettings", () => {
     );
 
     expect(readDesktopSettings(settingsPath, "0.0.17")).toEqual({
+      linuxPasswordStore: "auto",
       serverExposureMode: "local-only",
       tailscaleServeEnabled: true,
       tailscaleServePort: 443,

apps/desktop/src/desktopSettings.ts

@@ -2,9 +2,15 @@ import * as FS from "node:fs";
 import * as Path from "node:path";
 import type { DesktopServerExposureMode, DesktopUpdateChannel } from "@t3tools/contracts";
 
+import {
+  DEFAULT_LINUX_PASSWORD_STORE,
+  normalizeLinuxPasswordStorePreference,
+  type LinuxPasswordStorePreference,
+} from "./linuxSecretStorage.ts";
 import { resolveDefaultDesktopUpdateChannel } from "./updateChannels.ts";
 
 export interface DesktopSettings {
+  readonly linuxPasswordStore: LinuxPasswordStorePreference;
   readonly serverExposureMode: DesktopServerExposureMode;
   readonly tailscaleServeEnabled: boolean;
   readonly tailscaleServePort: number;
@@ -15,6 +21,7 @@ export interface DesktopSettings {
 export const DEFAULT_TAILSCALE_SERVE_PORT = 443;
 
 export const DEFAULT_DESKTOP_SETTINGS: DesktopSettings = {
+  linuxPasswordStore: DEFAULT_LINUX_PASSWORD_STORE,
   serverExposureMode: "local-only",
   tailscaleServeEnabled: false,
   tailscaleServePort: DEFAULT_TAILSCALE_SERVE_PORT,
@@ -85,6 +92,7 @@ export function readDesktopSettings(settingsPath: string, appVersion: string): D
 
     const raw = FS.readFileSync(settingsPath, "utf8");
     const parsed = JSON.parse(raw) as {
+      readonly linuxPasswordStore?: unknown;
       readonly serverExposureMode?: unknown;
       readonly tailscaleServeEnabled?: unknown;
       readonly tailscaleServePort?: unknown;
@@ -101,6 +109,7 @@ export function readDesktopSettings(settingsPath: string, appVersion: string): D
       (isLegacySettings && parsedUpdateChannel === "nightly");
 
     return {
+      linuxPasswordStore: normalizeLinuxPasswordStorePreference(parsed.linuxPasswordStore),
       serverExposureMode:
         parsed.serverExposureMode === "network-accessible" ? "network-accessible" : "local-only",
       tailscaleServeEnabled: parsed.tailscaleServeEnabled === true,

apps/desktop/src/linuxSecretStorage.test.ts

@@ -0,0 +1,98 @@
+import { describe, expect, it } from "vitest";
+
+import {
+  normalizeLinuxPasswordStorePreference,
+  resolveLinuxPasswordStoreSwitch,
+  resolveLinuxSecretStorageUnavailableMessage,
+} from "./linuxSecretStorage.ts";
+
+describe("linuxSecretStorage", () => {
+  it("preserves explicit supported password-store preferences", () => {
+    expect(normalizeLinuxPasswordStorePreference("gnome-libsecret")).toBe("gnome-libsecret");
+    expect(normalizeLinuxPasswordStorePreference("kwallet")).toBe("kwallet");
+    expect(normalizeLinuxPasswordStorePreference("kwallet5")).toBe("kwallet5");
+    expect(normalizeLinuxPasswordStorePreference("kwallet6")).toBe("kwallet6");
+  });
+
+  it("falls back to auto for missing or unsupported preferences", () => {
+    expect(normalizeLinuxPasswordStorePreference(undefined)).toBe("auto");
+    expect(normalizeLinuxPasswordStorePreference("basic")).toBe("auto");
+  });
+
+  it("does not force a password-store for desktops Electron already recognizes", () => {
+    expect(
+      resolveLinuxPasswordStoreSwitch({
+        preference: "auto",
+        env: { XDG_CURRENT_DESKTOP: "GNOME" },
+      }),
+    ).toBeNull();
+    expect(
+      resolveLinuxPasswordStoreSwitch({
+        preference: "auto",
+        env: { XDG_CURRENT_DESKTOP: "KDE", KDE_SESSION_VERSION: "6" },
+      }),
+    ).toBeNull();
+  });
+
+  it("forces gnome-libsecret for unrecognized Linux desktop sessions", () => {
+    expect(
+      resolveLinuxPasswordStoreSwitch({
+        preference: "auto",
+        env: { XDG_CURRENT_DESKTOP: "niri" },
+      }),
+    ).toBe("gnome-libsecret");
+  });
+
+  it("uses explicit preferences instead of the auto heuristic", () => {
+    expect(
+      resolveLinuxPasswordStoreSwitch({
+        preference: "kwallet6",
+        env: { XDG_CURRENT_DESKTOP: "niri" },
+      }),
+    ).toBe("kwallet6");
+  });
+
+  it("uses GNOME Keyring remediation for libsecret and unknown backends", () => {
+    expect(
+      resolveLinuxSecretStorageUnavailableMessage({
+        configuredPreference: "auto",
+        selectedBackend: "gnome_libsecret",
+        env: { XDG_CURRENT_DESKTOP: "niri" },
+      }),
+    ).toContain("GNOME Keyring");
+  });
+
+  it("prefers explicit libsecret selection over KDE desktop heuristics", () => {
+    expect(
+      resolveLinuxSecretStorageUnavailableMessage({
+        configuredPreference: "gnome-libsecret",
+        selectedBackend: "unknown",
+        env: { XDG_CURRENT_DESKTOP: "KDE" },
+      }),
+    ).toContain("GNOME Keyring");
+    expect(
+      resolveLinuxSecretStorageUnavailableMessage({
+        configuredPreference: "auto",
+        selectedBackend: "gnome_libsecret",
+        env: { XDG_CURRENT_DESKTOP: "KDE" },
+      }),
+    ).toContain("GNOME Keyring");
+  });
+
+  it("uses KWallet remediation for KDE desktops and selected backends", () => {
+    expect(
+      resolveLinuxSecretStorageUnavailableMessage({
+        configuredPreference: "auto",
+        selectedBackend: "kwallet6",
+        env: {},
+      }),
+    ).toContain("KWallet");
+    expect(
+      resolveLinuxSecretStorageUnavailableMessage({
+        configuredPreference: "auto",
+        selectedBackend: "unknown",
+        env: { XDG_CURRENT_DESKTOP: "KDE" },
+      }),
+    ).toContain("KWallet");
+  });
+});