Improve security and reliability of macOS updates

This commit introduces several improvements to the macOS update process,
primarily focusing on enhancing security and reliability:

- Add data integrity checks to ensure downloaded updates haven't been
  tampered with.
- Optimize update progress logging in `streamWithProgress` by limiting
  amount of logs during the download process.
- Improve resource management by ensuring proper closure of file
  read/write streams.
- Add retry logic with exponential back-off during integrity checks to
  handle occasional file system preparation delays on macOS.
- Improve decision-making based on user responses.
- Improve clarity and informativeness of log messages.
- Update error dialogs for better user guidance when updates fail to
  download, unexpected errors occur or the installer can't be opened.
- Add handling for unexpected errors during the update process.
- Move to asynchronous functions for more efficient operation.
- Move to scoped imports for better code clarity.
- Update `Readable` stream type to a more modern variant in Node.
- Refactor `ManualUpdater` for improved separation of concerns.
- Document the secure update process, and log directory locations.
- Rename files to more accurately reflect their purpose.
- Add `.DS_Store` in `.gitignore` to avoid unintended files in commits.

.gitignore

@@ -11,3 +11,6 @@ node_modules
 # draw.io
 *.bkp
 *.dtmp
+
+# macOS
+.DS_Store

README.md

@@ -179,4 +179,6 @@ Check [architecture.md](./docs/architecture.md) for an overview of design and ho
 
 ## Security
 
-Security is a top priority at privacy.sexy. An extensive commitment to security verification ensures this priority. For any security concerns or vulnerabilities, please consult the [Security Policy](./SECURITY.md).
+Security is a top priority at privacy.sexy.
+An extensive commitment to security verification ensures this priority.
+For any security concerns or vulnerabilities, please consult the [Security Policy](./SECURITY.md).

SECURITY.md

@@ -1,6 +1,7 @@
 # Security Policy
 
-privacy.sexy takes security seriously. Commitment is made to address all security issues with urgency. Responsible reporting of any discovered vulnerabilities in the project is highly encouraged.
+Security is a top priority at privacy.sexy.
+Please report any discovered vulnerabilities responsibly.
 
 ## Reporting a Vulnerability
 
@@ -11,20 +12,31 @@ Efforts to responsibly disclose findings are greatly appreciated. To report a se
 
 ## Security Report Handling
 
-Upon receipt of a security report, the following actions will be taken:
+Upon receiving a security report, the process involves:
 
-- The report will be confirmed, identifying the affected components.
-- The impact and severity of the issue will be assessed.
-- Work on a fix and plan a release to address the vulnerability will be initiated.
-- The reporter will be kept updated about the progress.
+- Confirming the report and identifying affected components.
+- Assessing the impact and severity of the issue.
+- Fixing the vulnerability and planning a release to address it.
+- Keeping the reporter informed about progress.
 
-## Testing
+## Security Practices
 
-Regular and extensive testing is conducted to ensure robust security in the project. Information about testing practices can be found in the [Testing Documentation](./docs/tests.md).
+### Update Security and Integrity
+
+privacy.sexy benefits from automated update processes including security tests. Automated deployments from source code ensure immediate and secure updates, mirroring the latest source code. This aligns the deployed application with the expected source code, enhancing transparency and trust. For more details, see [CI/CD documentation](./ci-cd.md).
+
+Every desktop update undergoes a thorough verification process. Updates are cryptographically signed to ensure authenticity and integrity, preventing tampered versions from reaching your device. Version checks are conducted to prevent downgrade attacks.
+
+### Testing
+
+privacy.sexy combines extensive automated testing approach with manual tests with community.
+Details on testing practices are available in the [Testing Documentation](./docs/tests.md).
 
 ## Support
 
-For additional assistance or any unanswered questions, [submit a GitHub issue](https://github.com/undergroundwires/privacy.sexy/issues/new/choose). Security concerns are a priority, and necessary support to address them is assured.
+For help or any questions, [submit a GitHub issue](https://github.com/undergroundwires/privacy.sexy/issues/new/choose). Addressing security concerns is a priority, and we ensure the necessary support.
+
+Support privacy.sexy's commitment to security by [making a donation ❤️](https://github.com/sponsors/undergroundwires). Your contributions aid in maintaining and enhancing the project's security features.
 
 ---
 

aliases.sh

@@ -0,0 +1,96 @@
+#!/usr/bin/env bash
+# bash: `bash ./alias.sh` (requires sudo in macOS)
+# zsh: `zsh ./alias.sh`
+
+main() {
+  # -----
+  # gitgo
+  # -----
+  # Alias for git add, commit with amend, update commit date and force push
+  set_persistent_alias "alias gitgo='git add . && git commit --amend --no-edit --reset-author && git push -f'"
+
+  # -----
+  # gitc
+  # -----
+  # Alias for counting total characters in last commi heading
+  set_persistent_alias "alias gitc='git log --pretty='format:%Creset%s' --no-merges -1 | wc -c'"
+
+  # -----
+  # gita
+  # -----
+  # Alias for amending to latest commit
+  set_persistent_alias "alias gita='git add . && git commit --amend --no-edit --allow-empty'"
+}
+
+set_persistent_alias() {
+  local -r alias="$1"
+  local -r file="$(get_alias_file)"
+  if ! create_file "$file"; then
+    log_error "Failed to create the file: $file."
+    return 1
+  fi
+  if grep -Fxq "$alias" "$file"; then
+    echo "[$file] Alias already exists: $alias"
+  else
+    command="echo \"$alias\" >> \"$file\""
+    if type "sudo" &> /dev/null; then # Git Bash on Windows does not have sudo
+      command="sudo $command"
+    fi
+    if eval "$command"; then
+      echo "[$file] Saved alias"
+    else
+      log_error "[$file] Failed to save alias"
+    fi
+  fi
+  # shellcheck disable=SC1090
+  source "$file"
+}
+
+get_alias_file() {
+  if [ -n "${ZSH_VERSION+x}" ]; then
+    echo "$HOME/.zshrc"
+  elif [ -n "${BASH_VERSION+x}" ]; then
+    if [ "$(uname -s)" == "Darwin" ]; then
+      echo "$HOME/.bash_profile"
+    else # tested on Windows
+      echo "$HOME/.bashrc"
+    fi
+  else
+    log_error 'Unkown shell'
+    exit 1
+  fi
+}
+
+create_file() {
+  local file_path="$1"
+  if [ -z "$file_path" ]; then
+    log_error 'Missing file path.'
+    return 1
+  fi
+  local parent_dir
+  if ! parent_dir=$(dirname "$file_path"); then
+    log_error "Could not determine the parent directory for the path: $file_path"
+    return 1
+  fi
+  if [ ! -d "$parent_dir" ]; then
+    echo "Creating directory: $parent_dir"
+    if ! mkdir -p "$parent_dir"; then
+      log_error "Failed to create the parent directory: $parent_dir"
+      return 1
+    fi
+  fi
+  if [ ! -f "$file_path" ]; then
+    echo "Creating file: $file_path"
+    if ! touch "$file_path"; then
+      log_error "Failed to create the file: $file_path"
+      return 1
+    fi
+  fi
+}
+
+log_error() {
+  local -r message="$1"
+  >&2 echo "Error: $message"
+}
+
+main

docs/desktop-vs-web-features.md

@@ -1,34 +1,52 @@
 # Desktop vs. Web Features
 
-This table outlines the differences between the desktop and web versions of `privacy.sexy`.
+This table highlights differences between the desktop and web versions of `privacy.sexy`.
 
 | Feature | Desktop | Web |
-| ------- |---------|-----|
+| ------- | ------- | --- |
 | [Usage without installation](#usage-without-installation) | 🔴 Not available | 🟢 Available |
 | [Offline usage](#offline-usage) | 🟢 Available | 🟡 Partially available |
 | [Auto-updates](#auto-updates) | 🟢 Available | 🟢 Available |
 | [Logging](#logging) | 🟢 Available | 🔴 Not available |
 | [Script execution](#script-execution) | 🟢 Available | 🔴 Not available |
 
-## Feature Descriptions
+## Feature descriptions
 
 ### Usage without installation
 
-The web version can be used directly in a browser without any installation, whereas the desktop version requires downloading and installing the software.
+You can use the web version directly in a browser without installation.
+The desktop version requires download and installation.
 
-> **Note for Linux:** For Linux users, privacy.sexy is available as an AppImage, which is a portable format that does not require traditional installation. This means Linux users can use the desktop version without installation, similar to the web version.
+> **Note for Linux users:** On Linux, privacy.sexy is available as an `AppImage`, a portable format that doesn't need traditional installation.
+> This allows Linux users to use the desktop version without full installation, akin to the web version.
 
 ### Offline usage
 
-Once loaded, the web version can be used offline. The desktop version inherently supports offline usage.
+The web version, once loaded, supports offline use.
+Desktop version inherently allows offline usage.
 
 ### Auto-updates
 
-Both versions automatically update to ensure you have the latest features and security enhancements.
+Both the desktop and web versions of privacy.sexy provide timely access to the latest features and security improvements. The updates are automatically deployed from source code, reflecting the latest changes for enhanced security and reliability. For more details, see [CI/CD documentation](./ci-cd.md).
+
+The desktop version ensures secure delivery through cryptographic signatures and version checks.
+
+[Security is a top priority](./../SECURITY.md#update-security-and-integrity) at privacy.sexy.
+
+> **Note for macOS users:** On macOS, the desktop version's auto-update process involves manual steps due to Apple's code signing costs.
+> Users get notified about updates but might need to complete the installation manually.
+> Your [support through donations](https://github.com/sponsors/undergroundwires) can help improve this process ❤️.
 
 ### Logging
 
-The desktop version supports logging of activities to aid in troubleshooting. This feature is not available in the web version.
+The desktop version supports logging of activities to aid in troubleshooting.
+This feature is not available in the web version.
+
+Log file locations vary by operating system:
+
+- macOS: `$HOME/Library/Logs/privacy.sexy`
+- Linux: `$HOME/.config/privacy.sexy/logs`
+- Windows: `%APPDATA%\privacy.sexy\logs`
 
 ### Script execution