Merged
Conversation
i2h3
requested review from
Aiiaiiio,
camilasan,
mgallien and
nilsding
as code owners
i2h3
added
os: 🍎 macOS
github-project-automation
Bot
moved this to 🧭 Planning evaluation (don't pick)
in 💻 Desktop Clients team
i2h3
moved this from 🧭 Planning evaluation (don't pick)
to 🏗️ In progress
in 💻 Desktop Clients team
i2h3
force-pushed
the
i2h3/feature/9430-all-xpc
branch
from
95d425a to
e0d96a5
Compare
Contributor
There was a problem hiding this comment.
Pull request overview
This pull request replaces UNIX socket-based IPC with XPC (Apple's Inter-Process Communication) for communication between the Nextcloud desktop client and its macOS FinderSync extension. This modernizes the macOS integration to use Apple's recommended XPC framework instead of file-based sockets.
Changes:
- Introduced XPC-based communication infrastructure (
FinderSyncXPC,FinderSyncService,FinderSyncXPCManager) to replace socket-based communication - Removed legacy socket server components (
FileProviderSocketServer,FileProviderSocketController,FinderSyncSocketLineProcessor) - Added XPC protocol definitions (
FinderSyncProtocol,FinderSyncAppProtocol) for bidirectional communication - Updated FinderSync extension to use XPC client instead of socket client
- Maintained SocketApi as the core business logic layer (reused for XPC transport)
Reviewed changes
Copilot reviewed 34 out of 35 changed files in this pull request and generated 17 comments.
Show a summary per file
| File | Description |
|---|---|
| src/gui/macOS/findersyncxpc_mac.mm | New XPC listener implementation for accepting FinderSync connections |
| src/gui/macOS/findersyncxpc.h | XPC manager interface for broadcasting status updates to extensions |
| src/gui/macOS/findersyncservice.mm | XPC service delegate implementing FinderSyncAppProtocol for extension requests |
| src/gui/macOS/findersyncservice.h | Service interface wrapping SocketApi for XPC transport |
| src/gui/socketapi/socketapi.cpp | Added XPC broadcast support alongside socket broadcasts |
| src/gui/socketapi/socketapi.h | Added friend declaration for FinderSyncService to access FileData |
| src/gui/application.cpp | Initialize XPC infrastructure on macOS |
| shell_integration/.../FinderSyncXPCManager.m | XPC client for FinderSync extension to connect to main app |
| shell_integration/.../FinderSync.m | Migrated from socket client to XPC manager |
| src/gui/macOS/fileprovidersocketserver*.* | Removed legacy socket server (File Provider uses XPC now) |
| src/gui/CMakeLists.txt | Updated build to include new XPC files and remove socket files |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
i2h3
force-pushed
the
i2h3/feature/9430-all-xpc
branch
from
e0d96a5 to
d9f2bba
Compare
i2h3
force-pushed
the
i2h3/feature/9430-all-xpc
branch
from
d9f2bba to
f521a65
Compare
Contributor
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 33 out of 33 changed files in this pull request and generated 2 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
nilsding
reviewed
Feb 17, 2026
Member
nilsding
left a comment
nilsding
left a comment
There was a problem hiding this comment.
Some comments for now -- couldn't manage to get the FinderSync XPC connection working in a local dev setup due to sandboxing issues :(
i2h3
force-pushed
the
i2h3/feature/9430-all-xpc
branch
from
f521a65 to
e630785
Compare
i2h3
force-pushed
the
i2h3/feature/9430-all-xpc
branch
from
e630785 to
0a25197
Compare
i2h3
changed the title
i2h3
force-pushed
the
i2h3/feature/9430-all-xpc
branch
3 times, most recently
from
a821dcd to
eab690c
Compare
Collaborator
Author
|
The failing tests are not related to this pull request, as it appears. |
Contributor
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 41 out of 41 changed files in this pull request and generated 15 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
i2h3
force-pushed
the
i2h3/feature/9430-all-xpc
branch
from
eab690c to
d3a3678
Compare
Replace the UNIX domain socket IPC between the desktop client and the macOS Finder Sync extension with Apple's native XPC mechanism. Motivation: The socket-based approach used a custom line-based text protocol over UNIX domain sockets, requiring manual parsing, hand-managed connection lifecycles, and offering no built-in security validation. XPC is Apple's recommended IPC for app extensions, providing type-safe method dispatch, automatic lifecycle management, and code-signing verification. Architecture: Two Objective-C protocols define a bidirectional XPC contract: - FinderSyncAppProtocol (extension -> app): file/folder status queries, context menu requests, and command execution. - FinderSyncProtocol (app -> extension): path registration, status badge pushes, localized string delivery, and menu item streaming. On the app side, FinderSyncXPC manages the XPC listener and broadcasts to all connected extensions. FinderSyncService implements the app protocol by adapting calls to the existing cross-platform SocketApi business logic via a ResponseCapturingListener, avoiding any reimplementation of sync status or menu command handling. Thread safety across XPC and Qt threads is ensured via QMetaObject::invokeMethod with blocking queued connections. On the extension side, FinderSyncXPCManager handles connection setup, reconnection with exponential backoff, and status caching. FinderSync (the FIFinderSync subclass) delegates all communication to the XPC manager and bridges Finder's synchronous menuForMenuKind: API to XPC's async model using NSCondition. Security is enforced through macOS entitlements (mach-register and mach-lookup for the FinderSyncService name) and a server-side command whitelist that restricts executable commands to a predefined set. Removed: - NCDesktopClientSocketKit framework (LocalSocketClient, LineProcessor) - FinderSyncSocketLineProcessor and FileProviderSocketLineProcessor - FileProviderSocketServer and FileProviderSocketController Resolves #9430 Signed-off-by: Iva Horn <iva.horn@nextcloud.com>
i2h3
force-pushed
the
i2h3/feature/9430-all-xpc
branch
from
d3a3678 to
c447fdb
Compare
qobject_cast<Application*> requires the complete type definition, not just the forward declaration from folderman.h. This fixes the macOS classic client build (without BUILD_FILE_PROVIDER_MODULE). Signed-off-by: Iva Horn <iva.horn@nextcloud.com> Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
clang-tidy-diff defaults to processing .m and .mm files, but the CI runs on ubuntu-latest where macOS framework headers (Foundation, etc.) are unavailable. Add -regex flag to restrict analysis to C/C++ files. Signed-off-by: Iva Horn <iva.horn@nextcloud.com> Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
QPointer<QIODevice> requires QIODevice to be a complete type so the compiler can verify it inherits from QObject. Without the include, clang-tidy on Linux (where QIODevice is not transitively included) fails with an incomplete-type error. Signed-off-by: Iva Horn <iva.horn@nextcloud.com> Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
application.h only forward-declares Mac::FinderSyncXPC. The call to finderSyncXPC->setStatusResult() requires the full definition, so include findersyncxpc.h directly (guarded by Q_OS_MACOS). Signed-off-by: Iva Horn <iva.horn@nextcloud.com> Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The previous regex excluded .m/.mm files but Objective-C headers (.h) under macOS/ and MacOSX/ directories still import Foundation and Cocoa frameworks unavailable on Linux. Use negative lookahead to skip files in these directories entirely. Signed-off-by: Iva Horn <iva.horn@nextcloud.com> Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
|
Artifact containing the AppImage: nextcloud-appimage-pr-9463.zip Digest: To test this change/fix you can download the above artifact file, unzip it, and run it. Please make sure to quit your existing Nextcloud app and backup your data. |
|
8 tasks
github-project-automation
Bot
moved this from 🏗️ In progress
to ☑️ Done
in 💻 Desktop Clients team
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Replaces UNIX socket-based inter-process communication between the Nextcloud desktop client and the macOS Finder Sync extension with Apple's native XPC (cross-process communication) mechanism.
Closes #9430
Motivation
The previous architecture used UNIX domain sockets with a custom line-based text protocol to communicate between the main app and the Finder Sync extension. This approach had several drawbacks:
XPC is Apple's recommended IPC mechanism for app extensions. It provides type-safe method dispatch, automatic connection lifecycle management, and code-signing validation out of the box.
Architecture
Old Architecture (Removed)
New Architecture
Communication is bidirectional via two complementary protocols:
FinderSyncAppProtocol(extension → app): File/folder status queries, context menu requests, command executionFinderSyncProtocol(app → extension): Path registration, status badge pushes, localized string delivery, menu item streamingKey Design Decisions
SocketApi reuse: Rather than reimplementing business logic,
FinderSyncServiceadapts XPC calls to the existing cross-platformSocketApiclass via aResponseCapturingListenerthat intercepts command output in-memory instead of writing to a socket.SocketApiis declared as a friend class to allow direct access toFileData.Thread marshaling: The XPC listener runs on a system-provided thread, but
SocketApimust be accessed on Qt's main thread. All calls cross this boundary viaQMetaObject::invokeMethodwithQt::BlockingQueuedConnection.Command whitelisting: The app-side
FinderSyncServiceonly allows a predefined set of commands (SHARE,LOCK_FILE,ACTIVITY, etc.) to be executed via XPC, preventing arbitrary command injection from a compromised extension.Reconnection with exponential backoff: The extension-side
FinderSyncXPCManagerreconnects automatically on connection interruption (1s → 2s → 4s → 8s max).Lazy bootstrap: When an extension connects, the app emits
extensionConnected()and pushes all currently registered sync folder paths. The extension has no persistent state about folders.Synchronous menu contract: Finder's
menuForMenuKind:API is synchronous, but XPC is async. The extension bridges this with anNSConditionthat blocks until the app delivers all menu items and signals completion.Files Changed
Removed (socket infrastructure)
NCDesktopClientSocketKit/— Entire shared socket framework (LocalSocketClient, LineProcessor)FinderSyncSocketLineProcessor— Extension-side socket protocol parserFileProviderSocketLineProcessor— File provider extension socket parserFileProviderSocketServer/FileProviderSocketController— App-side socket server and per-connection handlerAdded (XPC infrastructure)
FinderSyncXPCManager.h/.m— XPC client with reconnection, status caching, and delegate callbacksServices/FinderSyncAppProtocol.h— Protocol for extension → app callsServices/FinderSyncProtocol.h— Protocol for app → extension callsfindersyncxpc.h/.mm— XPC listener, connection management, broadcast to extensionsfindersyncservice.h/.mm— ImplementsFinderSyncAppProtocol, adapts XPC toSocketApiFinderSyncProtocol.h/FinderSyncAppProtocol.h— Symlinked protocol headersModified
FinderSync.h/.m— Rewired from socket line processor toFinderSyncXPCManagerFileProviderExtension.swift— Removed socket-related codeapplication.cpp/.h— InstantiatesFinderSyncXPCandFinderSyncService, connectsextensionConnectedsignalsocketapi.cpp/.h— Added friend declaration forFinderSyncService, minor refactoringCMakeLists.txt— Replaced socket source files with XPC source filesmacosx.entitlements.cmake— Addedmach-register.global-namefor XPC serviceFinderSyncExt.entitlements.cmake— Addedmach-lookup.global-nameand application groupsSigner.swift— Added entitlements for Finder Sync extension during code signingproject.pbxproj— Removed socket kit targets and references, added XPC files