From 5f15f99fe2d8c8679159ad3e2fcae931398055cb7a1d6a5342043e970945c61b Mon Sep 17 00:00:00 2001 From: Bruno Pitrus Date: Thu, 5 Sep 2024 20:33:51 +0000 Subject: [PATCH] - New upstream release 2024.8.2 * Disable cipher key encryption due to problems (gh#bitwarden/clients#10621) OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/bitwarden?expand=0&rev=69 --- .gitattributes | 23 ++ .gitignore | 1 + _service | 14 + argon2-binary-path.patch | 25 ++ bitwarden-2024.6.2.obscpio | 3 + bitwarden-2024.7.0.obscpio | 3 + bitwarden-2024.7.1.obscpio | 3 + bitwarden-2024.8.1.obscpio | 3 + bitwarden-2024.8.2.obscpio | 3 + bitwarden.changes | 503 ++++++++++++++++++++++++++++ bitwarden.desktop | 12 + bitwarden.obsinfo | 4 + bitwarden.sh | 4 + bitwarden.spec | 310 +++++++++++++++++ bug-reporting-url.patch | 14 + desktop_native-rust-arch.patch | 210 ++++++++++++ do-not-install-font-privately.patch | 22 ++ fix-desktop-file.patch | 13 + no-sourcemaps.patch | 52 +++ node-vendor.tar.zst | 3 + prepare-node-vendor.sh | 49 +++ prepare-vendor.sh | 58 ++++ remove-argon2-browser.patch | 65 ++++ remove-esbuild-version-check.patch | 11 + remove-unnecessary-deps.patch | 213 ++++++++++++ system-libargon2.patch | 65 ++++ vendor.tar.zst | 3 + 27 files changed, 1689 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 _service create mode 100644 argon2-binary-path.patch create mode 100644 bitwarden-2024.6.2.obscpio create mode 100644 bitwarden-2024.7.0.obscpio create mode 100644 bitwarden-2024.7.1.obscpio create mode 100644 bitwarden-2024.8.1.obscpio create mode 100644 bitwarden-2024.8.2.obscpio create mode 100644 bitwarden.changes create mode 100644 bitwarden.desktop create mode 100644 bitwarden.obsinfo create mode 100644 bitwarden.sh create mode 100644 bitwarden.spec create mode 100644 bug-reporting-url.patch create mode 100644 desktop_native-rust-arch.patch create mode 100644 do-not-install-font-privately.patch create mode 100644 fix-desktop-file.patch create mode 100644 no-sourcemaps.patch create mode 100644 node-vendor.tar.zst create mode 100644 prepare-node-vendor.sh create mode 100644 prepare-vendor.sh create mode 100644 remove-argon2-browser.patch create mode 100644 remove-esbuild-version-check.patch create mode 100644 remove-unnecessary-deps.patch create mode 100644 system-libargon2.patch create mode 100644 vendor.tar.zst diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/_service b/_service new file mode 100644 index 0000000..95ed3d7 --- /dev/null +++ b/_service @@ -0,0 +1,14 @@ + + + git + https://github.com/bitwarden/clients.git + desktop-v2024.8.2 + 2024.8.2 + bitwarden + bitwarden_license/* + + apps/cli/* + apps/web/* + + + diff --git a/argon2-binary-path.patch b/argon2-binary-path.patch new file mode 100644 index 0000000..7cd912c --- /dev/null +++ b/argon2-binary-path.patch @@ -0,0 +1,25 @@ +Remove dependency on node-pre-gyp which brings a lot of garbage + +--- bitwarden/node_modules/argon2/argon2.js.old 2023-02-18 17:54:54.041287237 +0100 ++++ bitwarden/node_modules/argon2/argon2.js 2023-02-18 19:49:49.145206908 +0100 +@@ -3,9 +3,8 @@ + const { randomBytes, timingSafeEqual } = require("crypto"); + const path = require("path"); + const { promisify } = require("util"); +-const binary = require("@mapbox/node-pre-gyp"); + +-const bindingPath = binary.find(path.resolve(__dirname, "./package.json")); ++const bindingPath = "./lib/binding/napi-v3/argon2.node" + const { hash: _hash } = require(bindingPath); + + const { deserialize, serialize } = require("@phc/format"); +--- bitwarden/node_modules/argon2/package.json.old 2023-02-18 17:54:54.141337239 +0100 ++++ bitwarden/node_modules/argon2/package.json 2023-02-18 19:51:32.473209049 +0100 +@@ -46,7 +46,6 @@ + }, + "homepage": "https://github.com/ranisalt/node-argon2#readme", + "dependencies": { +- "@mapbox/node-pre-gyp": "^1.0.11", + "@phc/format": "^1.0.0", + "node-addon-api": "^7.0.0" + }, diff --git a/bitwarden-2024.6.2.obscpio b/bitwarden-2024.6.2.obscpio new file mode 100644 index 0000000..7adaa60 --- /dev/null +++ b/bitwarden-2024.6.2.obscpio @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:935ad4966f10fcfbdac1784f248f800c7c4bb17834a67dcdd5b9b0e3061db518 +size 37969933 diff --git a/bitwarden-2024.7.0.obscpio b/bitwarden-2024.7.0.obscpio new file mode 100644 index 0000000..cc5079d --- /dev/null +++ b/bitwarden-2024.7.0.obscpio @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:1436703e869d9c2735117e4f65948f707281f0eee0c8e287516da11516e9baa8 +size 39058445 diff --git a/bitwarden-2024.7.1.obscpio b/bitwarden-2024.7.1.obscpio new file mode 100644 index 0000000..07eee3f --- /dev/null +++ b/bitwarden-2024.7.1.obscpio @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:4e67c98c75ab6b7d7a512f7ad8917fac956d7ce37ee4ed688c927dba433f66bd +size 40005133 diff --git a/bitwarden-2024.8.1.obscpio b/bitwarden-2024.8.1.obscpio new file mode 100644 index 0000000..07c1a5a --- /dev/null +++ b/bitwarden-2024.8.1.obscpio @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:a425511c3fd8e9c41079df4bbe7afd8f9678ada7902f322c3f2aa20f3fbcdae7 +size 41812493 diff --git a/bitwarden-2024.8.2.obscpio b/bitwarden-2024.8.2.obscpio new file mode 100644 index 0000000..9dc8b37 --- /dev/null +++ b/bitwarden-2024.8.2.obscpio @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:69fdfe866a500de39e5044fe31b392ede84ddd8786d8f70f3ae358a2230126a5 +size 41812493 diff --git a/bitwarden.changes b/bitwarden.changes new file mode 100644 index 0000000..5ceb15e --- /dev/null +++ b/bitwarden.changes @@ -0,0 +1,503 @@ +------------------------------------------------------------------- +Thu Sep 5 20:08:51 UTC 2024 - Bruno Pitrus + +- New upstream release 2024.8.2 + * Disable cipher key encryption due to problems (gh#bitwarden/clients#10621) + +------------------------------------------------------------------- +Wed Aug 28 09:26:31 UTC 2024 - Bruno Pitrus + +- New upstream release 2024.8.1 + * no changelog provided + +------------------------------------------------------------------- +Sun Aug 25 14:20:05 UTC 2024 - Bruno Pitrus + +- New upstream release 2024.8.0 + * Allow biometric unlock of browser extension without requiring desktop app to be unlocked + * Add support for users to set a master password when their organization updates member decryption options + * Added support for multi-thread encryption to improve performance + * Add support for biometric unlock on Linux + * Add support for vault timeout on system lock on Linux + +------------------------------------------------------------------- +Fri Jul 26 08:56:45 UTC 2024 - Bruno Pitrus + +- New upstream release 2024.7.1 + * Enable individual vault item encryption keys 🔑 + +------------------------------------------------------------------- +Mon Jul 15 19:48:10 UTC 2024 - Bruno Pitrus + +- New upstream release 2024.7.0 + * Deprecated setting for approving logins. Desktop now receives login requests by default. +- Drop no longer needed argon2-binary-path.patch + +------------------------------------------------------------------- +Wed Jun 19 12:45:54 UTC 2024 - Bruno Pitrus + +- New upstream release 2024.6.2 + * no user-visible changes + +------------------------------------------------------------------- +Wed Jun 12 16:13:30 UTC 2024 - Bruno Pitrus + +- New upstream release 2024.6.0 + * Added password protected export + * Fixed issue with email alias provider keys being stored in plaintext + +------------------------------------------------------------------- +Tue May 21 21:38:33 UTC 2024 - Bruno Pitrus + +- New upstream release 2024.5.0 + * no changelog provided +- Use new %electron_rebuild and %electron_check_native macros in specfile + +------------------------------------------------------------------- +Mon May 6 18:31:43 UTC 2024 - Bruno Pitrus + +- New upstream release 2024.4.3 + * no changelog provided + +------------------------------------------------------------------- +Mon Apr 8 17:03:46 UTC 2024 - Bruno Pitrus + +- New upstream release 2024.3.2 + * no changelog provided +- Remove non-Linux stuff from rust vendor tarball +- Work around missing debuginfo (bsc#1222175) + +------------------------------------------------------------------- +Fri Mar 8 19:00:48 UTC 2024 - Bruno Pitrus + +- New upstream release 2024.2.1 + * Fix issues with clipboard under Wayland +- Drop half of use-node-argon2.patch which was applied upstream and rename the rest as remove-argon2-browser.patch + +------------------------------------------------------------------- +Wed Feb 7 20:35:34 UTC 2024 - Bruno Pitrus + +- New upstream release 2024.2.0 + * Increased import item quantity maximum + +------------------------------------------------------------------- +Wed Jan 10 18:58:11 UTC 2024 - Bruno Pitrus + +- New upstream release 2024.1.0 + * Added password complexity checks to password protected export + * Disallow XXE in import + * Bug-fixes for imports + * Bug-fix for minimum/maximum values in generator + * Bug-fix for screen-readers not announcing stored passkeys + +------------------------------------------------------------------- +Thu Dec 21 19:46:36 UTC 2023 - Bruno Pitrus + +- New upstream release 2023.12.1 + * Make autofill overlay off by default + +------------------------------------------------------------------- +Wed Dec 6 21:55:56 UTC 2023 - Bruno Pitrus + +- New upstream release 2023.12.0 + * Add prompt to set master password when user logs in with new permissions + * Add support for Azure AD to LastPass direct import + * Modify switch account dropdown/dialog for accessibility + +------------------------------------------------------------------- +Mon Nov 27 19:59:29 UTC 2023 - Bruno Pitrus + +- Fix FTBFS with npm21 + +------------------------------------------------------------------- +Tue Nov 7 11:56:22 UTC 2023 - Bruno Pitrus + +- New upstream release 2023.10.1 + * no user-visible changes + +------------------------------------------------------------------- +Wed Nov 1 18:14:44 UTC 2023 - Bruno Pitrus + +- New upstream release 2023.10.0 + * View and edit login items with passkeys saved to them + * Add import functionality + * Add direct import for LastPass + * Add support for self-hosting email alias generators + * Bug fix for Duo hardware keys + +------------------------------------------------------------------- +Thu Oct 12 17:14:30 UTC 2023 - Bruno Pitrus + +- New upstream release 2023.9.2 + * Individual Vault Item Encryption Feature + +------------------------------------------------------------------- +Thu Sep 21 16:53:45 UTC 2023 - Bruno Pitrus + +- New upstream release 2023.9.0 + * Added password history to Bitwarden export + * Accessibility improvement for fingerprint-phrases + * Update dark theme to match web app + * Update AnonAddy to addy.io + * Remove flags from environment selector + * Security fixes + * Bug-fix for password re-prompt + * Bug-fix for Duo prompt + +------------------------------------------------------------------- +Wed Sep 6 20:08:50 UTC 2023 - Bruno Pitrus + +- New upstream release 2023.8.3 + * Support onboarding Key Connector users with existing master passwords + * Handle user decryption options from pre-TDE server response + +------------------------------------------------------------------- +Mon Aug 28 16:21:41 UTC 2023 - Bruno Pitrus + +- New upstream release 2023.8.2 + * Add SSO with trusted devices + * Add Tailwind support + * Update server selector copy + * Bug fix for selecting self-hosted server + * Bug fix for hidden icons + +------------------------------------------------------------------- +Wed Jul 26 20:19:05 UTC 2023 - Bruno Pitrus + +- New upstream release 2023.7.1 + * Remove sensitive data from memory when reloading the application + +------------------------------------------------------------------- +Sun Jul 23 14:53:28 UTC 2023 - Bruno Pitrus + +- New upstream release 2023.7.0 + * Login with device enabled for self-host + * Added new forwarder (Forward Email) + * Add collection name to title attribute + * Define card brand according to its number + +------------------------------------------------------------------- +Thu Jun 22 17:00:22 UTC 2023 - Bruno Pitrus + +- New upstream release 2023.5.1 + * Fix bug when the user selects a region it will set baseUrl in environment service +- Revert build_rustflags hack (boo#1212226) + +------------------------------------------------------------------- +Mon Jun 12 15:08:13 UTC 2023 - Bruno Pitrus + +- Replace deprecated rust-packaging with cargo-packaging (boo#1211624) +- Fix unresolvable build on Fedora + +------------------------------------------------------------------- +Wed May 31 17:04:02 UTC 2023 - Bruno Pitrus + +- New upstream release 2023.5.0 + * Updated interface for selecting self-hosted environment +- Add SingleMainWindow to .desktop file. + +------------------------------------------------------------------- +Wed Apr 26 20:36:50 UTC 2023 - Bruno Pitrus + +- New upstream release 2023.4.0 + * Send service refactor + * Updated help links +- Correct bogus npm(…) RPM provides +- Do not ship JS debuginfo (no-sourcemaps.patch) +- Fix unresolvable build on Fedora + +------------------------------------------------------------------- +Fri Apr 7 09:59:54 UTC 2023 - Bruno Pitrus + +- New upstream release 2023.3.2 + * Copy send link fix + +------------------------------------------------------------------- +Tue Mar 28 04:57:18 UTC 2023 - Bruno Pitrus + +- New upstream release 2023.3.1 + * Fix Vault Items with null Folder Value not Handled Correctly + +------------------------------------------------------------------- +Wed Mar 22 19:34:04 UTC 2023 - Bruno Pitrus + +- New upstream release 2023.3.0 + * Restyle generator panel to be panel-like and avoid overflowing +- Use obs-scm service for downloading clean tarball and package node vendor separately. + +------------------------------------------------------------------- +Sat Feb 18 21:37:59 UTC 2023 - Bruno Pitrus + +- Remove use of local-npm-proxy and cleanup tarball from prebuilt blobs + * remove-esbuild-version-check.patch +- Replace argon2-browser which was not built from source with node-argon2 + * use-node-argon2.patch + * argon2-binary-path.patch + * system-libargon2.patch +- Do not use napi-rs, instead run cargo manually. + * this gets us past the current build error on riscv, but there are further problems +- Use electron-node for building again as we ship a C module now (still ABI-stable tho) +- Replace bug reporting menu option with a link to openSUSE's bugzilla. + * bug-reporting-url.patch + +------------------------------------------------------------------- +Fri Feb 17 16:37:23 UTC 2023 - Bruno Pitrus + +- New upstream release 2023.2.0 + * Expand passwordless login support to desktop and add login with device option + * Add login request notifications + * When creating a master password at account creation, users will now be able to check if their selected master password has been in any data breeches via the Have I Been Pwned? API + * Expand title with “Mx“ option on an identity item + * Bug fix for cloning organizational items + +------------------------------------------------------------------- +Wed Jan 11 16:23:02 UTC 2023 - Bruno Pitrus + +- New upstream release 2023.1.0 + * Bug fix for password generator not updating after settings change + * Re-order settings for browser integrations + * Change forwarded email providers to dropdown + * Add hidden password character count toggle to item modal + * Manage zoom factor when opening / closing the application + * Tweak disclosure widget design + * Accessibility: tweak left-hand filters + * Fix inconsistent line height in cipher box footer + * Accessibility: Make username regenerator button same as password one +- Do not Require: electron(abi), as the Rust plugin + only uses stable ABIs and its build process does not even look at Electron headers. + +------------------------------------------------------------------- +Wed Jan 4 23:57:58 UTC 2023 - Bruno Pitrus + +- Fix npm crash causing broken RPMs (missing files) getting built +- Correct wrong cpu tuning for rust code on ix86 +- Remove hardcoded list of architectures from desktop_native-rust-arch.patch + +------------------------------------------------------------------- +Wed Dec 14 20:57:18 UTC 2022 - Bruno Pitrus + +- New upstream release 2022.12.0 + * no changelog given by upstream + +------------------------------------------------------------------- +Tue Nov 29 19:59:27 UTC 2022 - Bruno Pitrus + +- New upstream release 2022.11.0 + * Updated login flow that splits username and master password into separate pages + * Updated styles for selects and form groups for accessibility + * Add folder to item view + * explicitly define themed text ::selection styles + * Add Duckduckgo’s email forwarding service + * Display creation date in vault item history + +------------------------------------------------------------------- +Mon Oct 24 17:15:24 UTC 2022 - Bruno Pitrus + +- New upstream release 2022.10.1 + * Correct a visual bug involving truncation of ciphers. + +------------------------------------------------------------------- +Thu Oct 13 12:25:47 UTC 2022 - Bruno Pitrus + +- New upstream release 2022.10.0 + * DuckDuckGo browser integration + * Added DuckDuckGo to forwarded email providers list + * Updated error message for missing master password + * Enable Arabic support + * Make all item fields (except linked fields) draggable + * Don’t prevent whitespace wrapping in links/buttons, widen desktop pages + + +------------------------------------------------------------------- +Mon Oct 3 05:14:00 UTC 2022 - Bruno Pitrus + +- Fix unsatisfiable requirment on Fedora + +------------------------------------------------------------------- +Thu Sep 15 17:14:43 UTC 2022 - Bruno Pitrus - 2022.9.1 + +- New upstream release 2022.9.1 + * no user-visible changes + +------------------------------------------------------------------- +Wed Sep 7 18:48:17 UTC 2022 - Bruno Pitrus - 2022.9.0 + +- New upstream release 2022.9.0 + * Major rewrite of the application in Rust. + +------------------------------------------------------------------- +Fri Aug 12 21:42:04 UTC 2022 - Bruno Pitrus - 2022.8.1 + +- New upstream release 2022.8.1 + * Add ability to delete user account +- New upstream release 2022.8.0 + * Names and descriptions of some app settings and preferences have been updated to be more intuitive. + * Updates to Captcha styling + * Suppress user-select for most interface elements + * Bug fix to allow search with one letter +- Use electron instead of node to run NPM to fix build on Rawhide + +------------------------------------------------------------------- +Tue Jul 12 05:04:31 UTC 2022 - Bruno Pitrus - 2022.6.2 + +- New upstream release 2022.6.2 + * No user-visible changes + +------------------------------------------------------------------- +Wed Jun 29 17:31:20 UTC 2022 - Bruno Pitrus - 2022.6.0 + +- New upstream release 2022.6.0 + * Vault timeout fix that requires a minimum of 1 min lockout + +------------------------------------------------------------------- +Sat Jun 4 14:43:35 UTC 2022 - Bruno Pitrus + +- Do not use electron-builder, instead install dependencies manually +- Replace remove-postinstallscript.patch with more comprehensive remove-unnecessary-deps.patch to trim down unnecessary vendored deps + +------------------------------------------------------------------- +Thu Jun 2 09:39:47 UTC 2022 - Bruno Pitrus - 2022.05.0 + +- New upstream URL and changed tarball structure (upstream migrated to monorepo) +- New upstream release + * no changelog provided +- Remove patches applied upstream + * Fix-incompatible-keytar-versions.patch + * Security-upgrade-keytar.patch +- Regenerate package-lock.json + * async: 0.9.2 -> 3.2.3 + * caniuse-lite: 1.0.30001325 -> 1.0.30001327 + * ejs: 3.1.6 -> 3.1.7 + * filelist: 1.0.2 -> 1.0.3 + * jake: 10.8.4 -> 10.8.5 + * keytar: 7.8.0 -> 7.9.0 + * Added deps: brace-expansion 2.0.1, minimatch 5.0.1 + * Lots of removed deps + +------------------------------------------------------------------- +Sun May 29 16:16:00 UTC 2022 - Bruno Pitrus + +- Remove spurious `prebuild-install` copy and other dev files from the package. + +------------------------------------------------------------------- +Mon May 2 14:14:41 UTC 2022 - Bruno Pitrus + +- [LEGAL] Do not use vendored app-builder binary which has no corresponding source +- Patch electron-rebuild to remove unused lzma-native dependency + +------------------------------------------------------------------- +Mon Apr 25 20:44:01 UTC 2022 - Bruno Pitrus - 1.33.0 + +- New upstream release + * Accessibility update on “Generator” to announce slider element when clicked with assistive technologies +- Update jslib +- Regenerate package-lock.json + * too many changes to list + +------------------------------------------------------------------- +Fri Apr 8 16:14:13 UTC 2022 - Bruno Pitrus + +- Remove remove-windows-security-credentials.patch and replace it with a proper fix + +------------------------------------------------------------------- +Thu Apr 7 17:47:46 UTC 2022 - Bruno Pitrus + +- Use woff font instead of woff2 because woff2 support removed in Electron 18 +- Mark package as binary compatible with Electron 17.0 – 18.x + +------------------------------------------------------------------- +Thu Mar 17 12:00:59 UTC 2022 - Bruno Pitrus + +- Disallow installing on earlier electron version than the one the RPM was built with. + +------------------------------------------------------------------- +Wed Mar 16 19:54:35 UTC 2022 - Bruno Pitrus - 1.32.0 + +- New upstream release + * Introduce captcha upon 5 failed login attempts +- Update jslib +- Regenerate package-lock.json + * tslint has been replaced by eslint + +------------------------------------------------------------------- +Tue Feb 15 16:28:44 UTC 2022 - Bruno Pitrus - 1.31.3 + +- New upstream release + * No user visible changes. +- Update jslib +- Regenerate package-lock.json: + * keytar/node_modules/detect-libc 2.0.0 -> 2.0.1 +- Add URL scheme handler to desktop file to follow upstream packages. + +------------------------------------------------------------------- +Sun Feb 13 15:42:36 UTC 2022 - Bruno Pitrus - 1.31.2 + +- Add Security-upgrade-keytar.patch + * SNYK-JS-SIMPLEGET-2361683 / CVE-2022-0355 + Exposure of Sensitive Information to an Unauthorized Actor in NPM simple-get prior to 4.0.1. +- Add Fix-incompatible-keytar-versions.patch because snyk bot is stupid +- Regenerate package-lock.json: + * keytar 7.7.0 -> 7.8.0 + * keytar/node_modules/detect-libc (none) -> 2.0.0 + * keytar/node_modules/node_abi 2.30.1 -> (none) + * keytar/node_modules/node_addon_api 3.2.1 -> 4.3.0 + * keytar/node_modules/prebuild-install 6.1.4 -> 7.0.1 + * keytar/node_modules/semver 5.7.1 -> (none) + * keytar/node_modules/simple-get (none) -> 4.0.1 + +------------------------------------------------------------------- +Sat Feb 12 11:42:32 UTC 2022 - Bruno Pitrus - 1.31.2 + +- New upstream release + * No user visible changes. +- Update jslib + +------------------------------------------------------------------- +Fri Feb 11 20:43:36 UTC 2022 - Bruno Pitrus - 1.31.1 + +- New upstream release + * No user visible changes. +- Update jslib +- Regenerate package-lock.json + * No changes in dependencies. + +------------------------------------------------------------------- +Fri Feb 11 14:47:01 UTC 2022 - Bruno Pitrus - 1.31.0 + +- New upstream release + * Account switching! + * Icon updates + * UX improvements + * Various security and bug fixes +- Update jslib +- Remove patches applied upstream: + * bump-node-to-16.patch + * bump-node-to-16-jslib.patch +- Adjust patches to upstream changes: + * fix-desktop-file.patch + * remove-windows-security-credentials.patch +- Remove patch which no longer applies: + * remove-bundled-fontawesome.patch +- Remove dependency on fontawesome (not used anymore) +- Add do-not-install-font-privately.patch +- Regenerate package-lock.json + * Too many changes to list, mainly because upstream bumped recommended Node and Electron versions. + +------------------------------------------------------------------- +Fri Jan 28 15:25:25 UTC 2022 - Bruno Pitrus - 1.30.0 + +- Clean up spec file +- Adjust bump-node-to-16.patch to more closely match upstream and avoid dependency mismatch +- Use nodejs-electron-devel instead of providing vendored headers +- Regenerate package-lock.json: + * @types/node 16.11.17 -> 16.11.21 + * jslib/{common,electron}/node_modules/@types/node 14.18.2 -> (none) + * electron/node_modules/@types/node 14.18.2 -> 14.18.9 + * @nodert-win10-rs4/windows.security.credentials.ui 0.4.4 -> (none) + +------------------------------------------------------------------- +Tue Dec 28 00:00:00 UTC 2021 - Bruno Pitrus - 1.30.0 + +- Initial version +- Inspired by the Arch Linux package by prozum +- Bump node version to 16 per upstream commit https://github.com/bitwarden/desktop/commit/5865f08b37d688ee057e82dd7acf90641b1978f5 diff --git a/bitwarden.desktop b/bitwarden.desktop new file mode 100644 index 0000000..4611e7e --- /dev/null +++ b/bitwarden.desktop @@ -0,0 +1,12 @@ +[Desktop Entry] +Name=Bitwarden +Exec=bitwarden-desktop %U +Terminal=false +Type=Application +Icon=bitwarden +StartupWMClass=Bitwarden +GenericName=Password Manager +Comment=A secure and free password manager for all of your devices. +MimeType=x-scheme-handler/bitwarden; +Categories=Utility; +SingleMainWindow=true diff --git a/bitwarden.obsinfo b/bitwarden.obsinfo new file mode 100644 index 0000000..589378b --- /dev/null +++ b/bitwarden.obsinfo @@ -0,0 +1,4 @@ +name: bitwarden +version: 2024.8.2 +mtime: 1725557694 +commit: 0a3cf4772e79f8acbc297adcae6b39802ebb9eae diff --git a/bitwarden.sh b/bitwarden.sh new file mode 100644 index 0000000..fa4f542 --- /dev/null +++ b/bitwarden.sh @@ -0,0 +1,4 @@ +#!/bin/sh +export ELECTRON_IS_DEV=0 +cd XXXLIBDIRXXX/bitwarden +exec electron XXXLIBDIRXXX/bitwarden "$@" diff --git a/bitwarden.spec b/bitwarden.spec new file mode 100644 index 0000000..feff4fa --- /dev/null +++ b/bitwarden.spec @@ -0,0 +1,310 @@ +# spec file for package bitwarden +# +# +# Copyright (c) 2023 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2021–2023 Bruno Pitrus +# Based on the Arch Linux PKGBUILD (c) 2017 prozum +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# + +#not running the tests on OBS — extremely flaky +%bcond_with test_rust + +Name: bitwarden +Version: 2024.8.2 +Release: 0 +Summary: A secure and free password manager for all of your devices +Group: Productivity/Security +License: GPL-3.0-only and MIT and (Apache-2.0 or MIT) +URL: https://github.com/bitwarden/clients + +#x86 electron requires SSE2 +%ifarch %ix86 +ExclusiveArch: i586 i686 +BuildArch: i686 +%{expand:%%global optflags %(echo "%optflags") -march=pentium4 -mtune=generic} +%{expand:%%global build_rustflags %(echo "%build_rustflags") -C target-cpu=pentium4 -Z tune-cpu=generic} +%endif + +%define version_suffix desktop + +# created by OBS service +Source0: bitwarden-%{version}.tar + +# created by prepare-vendor.sh +Source1: vendor.tar.zst + +Source2: bitwarden.sh +Source3: bitwarden.desktop + +Source99: prepare-vendor.sh + + + +#openSUSE-specific patches +Patch0: remove-unnecessary-deps.patch +Patch1: fix-desktop-file.patch +Patch3: do-not-install-font-privately.patch +Patch4: desktop_native-rust-arch.patch +Patch5: remove-argon2-browser.patch +Patch7: bug-reporting-url.patch +Patch8: no-sourcemaps.patch + + +#patches to use system libs +Patch1000: system-libargon2.patch + +#patches to fix upstream hostility (DRM etc.) +Patch4000: remove-esbuild-version-check.patch + +#tools we use explicitly +%if 0%{?fedora_version} +%define _ttfontsdir %{_datadir}/fonts/truetype +BuildRequires: glibc-all-langpacks +%endif +%if 0%{?fedora} >= 37 +BuildRequires: nodejs-npm +%else +BuildRequires: npm +%endif +BuildRequires: cargo +%if 0%{?fedora} +BuildRequires: rust-srpm-macros +%else +BuildRequires: cargo-packaging >= 1.2.0+3 +BuildRequires: cargo-auditable +%endif +BuildRequires: fdupes +BuildRequires: fontpackages-devel +BuildRequires: hicolor-icon-theme +BuildRequires: jq +%if 0%{?suse_version} +BuildRequires: nodejs-packaging +%endif +BuildRequires: nodejs-electron-devel +BuildRequires: pkgconfig(libargon2) +BuildRequires: sed +BuildRequires: zstd +#Tools used by npm +BuildRequires: gcc-c++ +BuildRequires: pkgconfig(glib-2.0) +BuildRequires: pkgconfig(libsecret-1) +BuildRequires: pkgconfig(wayland-protocols) + +#For tests +%if %{with test_rust} +BuildRequires: gnome-keyring +%if 0%{?fedora} +BuildRequires: dbus-daemon +%else +BuildRequires: dbus-1-daemon +%endif +%endif + +Requires: (google-opensans-fonts or open-sans-fonts) +Requires: nodejs-electron%{_isa} + +%global __requires_exclude ^npm(.*)|^nodejs(.*) +%global __provides_exclude ^npm(.*)|^nodejs(.*) + + + +%description +Bitwarden is a free and open-source password management service that stores sensitive information such as website credentials in an encrypted vault. Bitwarden offers a cloud-hosted service as well as the ability to deploy the solution on-premises. This package provides the GUI client. + +%prep +%autosetup -p1 -a1 + + +# Remove unused postinstall script (electron-rebuild) +sed -i '/"postinstall":/d' apps/desktop/package.json + +#Remove bundled open sans +cp -v /dev/null libs/angular/src/scss/webfonts.css +rm -rvf libs/angular/src/scss/webfonts + + + + +#Do not install font privately + +mv -v libs/angular/src/scss/bwicons/fonts/bwi-font.woff %{_builddir} +rm -rvf libs/angular/src/scss/bwicons/fonts + + +#Rust config +cd apps/desktop/desktop_native +rm -rf vendor/wayland-protocols/protocols +ln -svT /usr/share/wayland-protocols vendor/wayland-protocols/protocols +# https://blogs.gnome.org/mcatanzaro/2020/05/18/patching-vendored-rust-dependencies/ +for i in wayland-protocols libloading system-deps; do +pushd vendor/$i +jq -cj '.files={}' .cargo-checksum.json >tmp && mv tmp .cargo-checksum.json && popd +done + + + +%build +%ifarch %ix86 +export RUSTC_BOOTSTRAP=1 +%endif +export RUSTC_LOG='rustc_codegen_ssa::back::link=info' +export RUSTFLAGS="%{build_rustflags} --verbose -Cstrip=none" +export CARGO_TERM_VERBOSE=true + +export ELECTRON_SKIP_BINARY_DOWNLOAD=1 + +#esbuild is not actually used, it is only declared as a dependency of some webpack plugin +export ESBUILD_BINARY_PATH=/bin/true + + +export CFLAGS="%{optflags} -fpic -fno-semantic-interposition -fvisibility=hidden" +export CXXFLAGS="%{optflags} -fpic -fno-semantic-interposition -fvisibility=hidden" +export LDFLAGS="%{?build_ldflags}" +export MAKEFLAGS="%{_smp_mflags}" + +%if 0%{?suse_version} +auditable='auditable -vv' +%endif + + + + +%electron_rebuild + +cd apps/desktop +pushd desktop_native +cargo -vv $auditable rustc --offline --release --package desktop_napi --lib --crate-type cdylib +popd + +npm run build +npm run clean:dist + +#copy this manually instead of using electron-builder. there's few enough dependencies. +cd build +mkdir -pv node_modules/@bitwarden/desktop-napi +cp -plv ../desktop_native/napi/{package.json,index.js} -t node_modules/@bitwarden/desktop-napi +cp -plvT ../desktop_native/target/release/*.so node_modules/@bitwarden/desktop-napi/desktop_napi.node +rm -fv ../../../node_modules/argon2/build-tmp-napi-v3/node_gyp_bins/python3 +cp -plvr ../../../node_modules/argon2 -t node_modules/ +cp -plvr ../../../node_modules/node-gyp-build -t node_modules/ +cp -plvr '../../../node_modules/@phc' -t node_modules/ + + +%install +cd %{_builddir}/bitwarden-%{version}/apps/desktop +mkdir -pv %{buildroot}%{_libdir} +cp -plr build %{buildroot}%{_libdir}/%{name} +for i in 16 32 64 128 256 512 1024 +do +install -pvDm644 resources/icons/${i}x${i}.png "%{buildroot}%{_datadir}/icons/hicolor/${i}x${i}/apps/%{name}.png" +done +install -pvDm755 "%{_sourcedir}/%{name}.sh" "%{buildroot}%{_bindir}/bitwarden-desktop" +sed -i "s,XXXLIBDIRXXX,%{_libdir},g" "%{buildroot}%{_bindir}/bitwarden-desktop" +install -pvDm644 "%{_sourcedir}"/%{name}.desktop -t "%{buildroot}%{_datadir}"/applications +install -pvDm644 %{_builddir}/bwi-font.woff -t%{buildroot}%{_ttfontsdir} + +%fdupes %{buildroot}%{_prefix} + +#Remove development garbage +cd %{buildroot}%{_libdir}/%{name} +#JS debug symbols (unusable) +find -name '*.map' -type f -print -delete +#Source code +find -name '*.c' -type f -print -delete +find -name '*.cpp' -type f -print -delete +find -name '*.h' -type f -print -delete +find -name '*.gyp' -type f -print -delete +find -name '*.gypi' -type f -print -delete +find -name '*.ts' -type f -print -delete +find -name '*.cts' -type f -print -delete +find -name build-tmp-napi-v3 -print0 |xargs -r0 -- rm -rvf -- +find -name src -print0 |xargs -r0 -- rm -rvf -- +find -name Makefile -type f -print -delete +find -name 'Pipfile*' -type f -print -delete +find -name '*.patch' -type f -print -delete +#Temporary build files +find -name '.deps' -print0 |xargs -r0 -- rm -rvf -- +find -name 'obj.target' -print0 |xargs -r0 -- rm -rvf -- +find -name 'vendor' -print0 |xargs -r0 -- rm -rvf -- +find -name '*package-lock.json' -type f -print -delete +find -name '*.mk' -type f -print -delete +find -name '*.Makefile' -type f -print -delete + +#Documentation +find -name '*.md' -type f -print -delete +find -name doc -print0 |xargs -r0 -- rm -rvf -- +find -name test -print0 |xargs -r0 -- rm -rvf -- +#Compile-time-only dependencies +find -name nan -print0 |xargs -r0 -- rm -rvf -- +find -name node-addon-api -print0 |xargs -r0 -- rm -rvf -- +#Other trash +find -name '*.yml' -type f -print -delete +find -name '.npmignore' -type f -print -delete +find -name '.gitignore' -type f -print -delete + +#Fix file mode +find . -type f -exec chmod 644 {} \; +find . -name '*.node' -exec chmod 755 {} \; + +# Remove empty directories +find . -type d -empty -print -delete + + +%if 0%{?suse_version} +%reconfigure_fonts_scriptlets +%endif + +%check +%electron_check_native + +#Rust tests +%if %{with test_rust} +%ifarch %ix86 +export RUSTC_BOOTSTRAP=1 +%endif +export RUSTC_LOG='rustc_codegen_ssa::back::link=info' +export RUSTFLAGS="%{build_rustflags} --verbose -Cstrip=none" +export CARGO_TERM_VERBOSE=true +export CFLAGS="%{optflags} -fpic -fno-semantic-interposition -fvisibility=hidden" +export CXXFLAGS="%{optflags} -fpic -fno-semantic-interposition -fvisibility=hidden" +export LDFLAGS="%{?build_ldflags}" +export MAKEFLAGS="%{_smp_mflags}" +%if 0%{?suse_version} +auditable='auditable -vv' +%endif +cd apps/desktop +pushd desktop_native +# see .github/workflows/test.yml +export XDG_CONFIG_HOME=$(mktemp -d) + +dbus-run-session sh -c ' echo '' | gnome-keyring-daemon --unlock && echo '' | gnome-keyring-daemon --start && exec cargo -vv '"$auditable"' test --release --no-fail-fast --workspace -- --test-threads=1' +%endif + +%files +%defattr(-,root,root) +%{_bindir}/bitwarden-desktop +%{_libdir}/%{name} +%{_datadir}/applications/%{name}.desktop +%{_datadir}/icons/hicolor/1024x1024 +%{_datadir}/icons/hicolor/128x128/apps/bitwarden.png +%{_datadir}/icons/hicolor/16x16/apps/bitwarden.png +%{_datadir}/icons/hicolor/256x256/apps/bitwarden.png +%{_datadir}/icons/hicolor/32x32/apps/bitwarden.png +%{_datadir}/icons/hicolor/512x512/apps/bitwarden.png +%{_datadir}/icons/hicolor/64x64/apps/bitwarden.png +%{_ttfontsdir}/ +%license LICENSE.txt +%license LICENSE_GPL.txt + +%changelog diff --git a/bug-reporting-url.patch b/bug-reporting-url.patch new file mode 100644 index 0000000..432e2cb --- /dev/null +++ b/bug-reporting-url.patch @@ -0,0 +1,14 @@ +All bug reports should go through the distro maintainers first. +Replace upstream's bug report link with the openSUSE bugzilla. + +--- a/apps/desktop/src/main/menu/menu.help.ts ++++ b/apps/desktop/src/main/menu/menu.help.ts +@@ -65,7 +65,7 @@ + return { + id: "fileBugReport", + label: this.localize("fileBugReport"), +- click: () => shell.openExternal("https://github.com/bitwarden/clients/issues"), ++ click: () => shell.openExternal("https://bugzilla.opensuse.org/enter_bug.cgi?classification=openSUSE"), + }; + } + diff --git a/desktop_native-rust-arch.patch b/desktop_native-rust-arch.patch new file mode 100644 index 0000000..265a323 --- /dev/null +++ b/desktop_native-rust-arch.patch @@ -0,0 +1,210 @@ +Replace wrong path to Rust native module with something we actually control (we aren't using the napi-rs script which is awful). +I have no idea wtf musl is even doing there, as Electron is officially supported only on GNU systems. + +--- clients/apps/desktop/desktop_native/napi/index.js.orig 2024-07-15 19:10:33.919215714 +0200 ++++ clients/apps/desktop/desktop_native/napi/index.js 2024-07-15 19:33:23.753781579 +0200 +@@ -1,203 +1,7 @@ +-const { existsSync, readFileSync } = require('fs') +-const { join } = require('path') +- +-const { platform, arch } = process +- + let nativeBinding = null +-let localFileExisted = false + let loadError = null + +-function isMusl() { +- // For Node 10 +- if (!process.report || typeof process.report.getReport !== 'function') { +- try { +- return readFileSync('/usr/bin/ldd', 'utf8').includes('musl') +- } catch (e) { +- return true +- } +- } else { +- const { glibcVersionRuntime } = process.report.getReport().header +- return !glibcVersionRuntime +- } +-} +- +-switch (platform) { +- case 'android': +- switch (arch) { +- case 'arm64': +- localFileExisted = existsSync(join(__dirname, 'desktop_napi.android-arm64.node')) +- try { +- if (localFileExisted) { +- nativeBinding = require('./desktop_napi.android-arm64.node') +- } else { +- nativeBinding = require('@bitwarden/desktop-napi-android-arm64') +- } +- } catch (e) { +- loadError = e +- } +- break +- case 'arm': +- localFileExisted = existsSync(join(__dirname, 'desktop_napi.android-arm-eabi.node')) +- try { +- if (localFileExisted) { +- nativeBinding = require('./desktop_napi.android-arm-eabi.node') +- } else { +- nativeBinding = require('@bitwarden/desktop-napi-android-arm-eabi') +- } +- } catch (e) { +- loadError = e +- } +- break +- default: +- throw new Error(`Unsupported architecture on Android ${arch}`) +- } +- break +- case 'win32': +- switch (arch) { +- case 'x64': +- localFileExisted = existsSync( +- join(__dirname, 'desktop_napi.win32-x64-msvc.node') +- ) +- try { +- if (localFileExisted) { +- nativeBinding = require('./desktop_napi.win32-x64-msvc.node') +- } else { +- nativeBinding = require('@bitwarden/desktop-napi-win32-x64-msvc') +- } +- } catch (e) { +- loadError = e +- } +- break +- case 'ia32': +- localFileExisted = existsSync( +- join(__dirname, 'desktop_napi.win32-ia32-msvc.node') +- ) +- try { +- if (localFileExisted) { +- nativeBinding = require('./desktop_napi.win32-ia32-msvc.node') +- } else { +- nativeBinding = require('@bitwarden/desktop-napi-win32-ia32-msvc') +- } +- } catch (e) { +- loadError = e +- } +- break +- case 'arm64': +- localFileExisted = existsSync( +- join(__dirname, 'desktop_napi.win32-arm64-msvc.node') +- ) +- try { +- if (localFileExisted) { +- nativeBinding = require('./desktop_napi.win32-arm64-msvc.node') +- } else { +- nativeBinding = require('@bitwarden/desktop-napi-win32-arm64-msvc') +- } +- } catch (e) { +- loadError = e +- } +- break +- default: +- throw new Error(`Unsupported architecture on Windows: ${arch}`) +- } +- break +- case 'darwin': +- switch (arch) { +- case 'x64': +- localFileExisted = existsSync(join(__dirname, 'desktop_napi.darwin-x64.node')) +- try { +- if (localFileExisted) { +- nativeBinding = require('./desktop_napi.darwin-x64.node') +- } else { +- nativeBinding = require('@bitwarden/desktop-napi-darwin-x64') +- } +- } catch (e) { +- loadError = e +- } +- break +- case 'arm64': +- localFileExisted = existsSync( +- join(__dirname, 'desktop_napi.darwin-arm64.node') +- ) +- try { +- if (localFileExisted) { +- nativeBinding = require('./desktop_napi.darwin-arm64.node') +- } else { +- nativeBinding = require('@bitwarden/desktop-napi-darwin-arm64') +- } +- } catch (e) { +- loadError = e +- } +- break +- default: +- throw new Error(`Unsupported architecture on macOS: ${arch}`) +- } +- break +- case 'freebsd': +- if (arch !== 'x64') { +- throw new Error(`Unsupported architecture on FreeBSD: ${arch}`) +- } +- localFileExisted = existsSync(join(__dirname, 'desktop_napi.freebsd-x64.node')) +- try { +- if (localFileExisted) { +- nativeBinding = require('./desktop_napi.freebsd-x64.node') +- } else { +- nativeBinding = require('@bitwarden/desktop-napi-freebsd-x64') +- } +- } catch (e) { +- loadError = e +- } +- break +- case 'linux': +- switch (arch) { +- case 'x64': +- localFileExisted = existsSync( +- join(__dirname, 'desktop_napi.linux-x64-musl.node') +- ) +- try { +- if (localFileExisted) { +- nativeBinding = require('./desktop_napi.linux-x64-musl.node') +- } else { +- nativeBinding = require('@bitwarden/desktop-napi-linux-x64-musl') +- } +- } catch (e) { +- loadError = e +- } +- break +- case 'arm64': +- localFileExisted = existsSync( +- join(__dirname, 'desktop_napi.linux-arm64-musl.node') +- ) +- try { +- if (localFileExisted) { +- nativeBinding = require('./desktop_napi.linux-arm64-musl.node') +- } else { +- nativeBinding = require('@bitwarden/desktop-napi-linux-arm64-musl') +- } +- } catch (e) { +- loadError = e +- } +- break +- case 'arm': +- localFileExisted = existsSync( +- join(__dirname, 'desktop_napi.linux-arm-gnueabihf.node') +- ) +- try { +- if (localFileExisted) { +- nativeBinding = require('./desktop_napi.linux-arm-gnueabihf.node') +- } else { +- nativeBinding = require('@bitwarden/desktop-napi-linux-arm-gnueabihf') +- } +- } catch (e) { +- loadError = e +- } +- break +- default: +- throw new Error(`Unsupported architecture on Linux: ${arch}`) +- } +- break +- default: +- throw new Error(`Unsupported OS: ${platform}, architecture: ${arch}`) +-} ++nativeBinding = require('./desktop_napi.node') + + if (!nativeBinding) { + if (loadError) { diff --git a/do-not-install-font-privately.patch b/do-not-install-font-privately.patch new file mode 100644 index 0000000..13dc269 --- /dev/null +++ b/do-not-install-font-privately.patch @@ -0,0 +1,22 @@ +Fonts in general-purpose formats such as Type1, OpenType TT (TTF) or OpenType CFF (OTF) are subject to specific openSUSE:Packaging_Fonts, and should never be packaged in a private application directory instead of the system-wide font repositories. + +--- a/libs/angular/src/scss/bwicons/styles/style.scss ++++ b/libs/angular/src/scss/bwicons/styles/style.scss +@@ -2,17 +2,6 @@ $icomoon-font-family: "bwi-font" !defaul + $icomoon-font-path: "~@bitwarden/angular/src/scss/bwicons/fonts/" !default; + + // New font sheet? Update the font-face information below +-@font-face { +- font-family: "#{$icomoon-font-family}"; +- src: +- url($icomoon-font-path + "bwi-font.svg") format("svg"), +- url($icomoon-font-path + "bwi-font.ttf") format("truetype"), +- url($icomoon-font-path + "bwi-font.woff") format("woff"), +- url($icomoon-font-path + "bwi-font.woff2") format("woff2"); +- font-weight: normal; +- font-style: normal; +- font-display: block; +-} + + // Base Class + .bwi { diff --git a/fix-desktop-file.patch b/fix-desktop-file.patch new file mode 100644 index 0000000..88d80a6 --- /dev/null +++ b/fix-desktop-file.patch @@ -0,0 +1,13 @@ +This patch is required to make "Start automatically on login" work + +--- a/apps/desktop/src/main/messaging.main.ts ++++ b/apps/desktop/src/main/messaging.main.ts +@@ -114,7 +114,7 @@ + Version=${app.getVersion()} + Name=Bitwarden + Comment=Bitwarden startup script +-Exec=${app.getPath("exe")} ++Exec=bitwarden-desktop + StartupNotify=false + Terminal=false`; + diff --git a/no-sourcemaps.patch b/no-sourcemaps.patch new file mode 100644 index 0000000..4dda8da --- /dev/null +++ b/no-sourcemaps.patch @@ -0,0 +1,52 @@ +--- clients/tsconfig.json.old 2023-04-26 13:30:57.000000000 +0200 ++++ clients/tsconfig.json 2023-04-26 20:15:39.879489082 +0200 +@@ -6,7 +6,7 @@ + "target": "ES2016", + "module": "ES2020", + "lib": ["es5", "es6", "es7", "dom", "ES2021"], +- "sourceMap": true, ++ "sourceMap": false, + "allowSyntheticDefaultImports": true, + "experimentalDecorators": true, + "emitDecoratorMetadata": true, +--- clients/apps/desktop/webpack.renderer.js.old 2023-04-26 13:30:57.000000000 +0200 ++++ clients/apps/desktop/webpack.renderer.js 2023-04-26 20:17:42.900973173 +0200 +@@ -61,7 +61,7 @@ + + const renderer = { + mode: NODE_ENV, +- devtool: "source-map", ++ devtool: false, + target: "web", + node: { + __dirname: false, +@@ -138,7 +138,7 @@ + new AngularWebpackPlugin({ + tsConfigPath: "tsconfig.renderer.json", + entryModule: "src/app/app.module#AppModule", +- sourceMap: true, ++ sourceMap: false, + }), + // ref: https://github.com/angular/angular/issues/20357 + new webpack.ContextReplacementPlugin( +@@ -150,9 +150,6 @@ + filename: "index.html", + chunks: ["app/vendor", "app/main"], + }), +- new webpack.SourceMapDevToolPlugin({ +- include: ["app/main.js"], +- }), + new MiniCssExtractPlugin({ + filename: "[name].[contenthash].css", + chunkFilename: "[id].[contenthash].css", +--- clients/apps/desktop/tsconfig.json.old 2023-12-06 21:48:09.744042358 +0100 ++++ clients/apps/desktop/tsconfig.json 2023-12-06 21:53:51.341419937 +0100 +@@ -6,7 +6,7 @@ + "experimentalDecorators": true, + "module": "ES2020", + "target": "ES2016", +- "sourceMap": true, ++ "removeComments": true, + "types": [], + "baseUrl": ".", + "paths": { diff --git a/node-vendor.tar.zst b/node-vendor.tar.zst new file mode 100644 index 0000000..db223ef --- /dev/null +++ b/node-vendor.tar.zst @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:8e62ee1659f6325677411aa7c8b99d84c328a705fda82370489a4920f646ffbb +size 35111893 diff --git a/prepare-node-vendor.sh b/prepare-node-vendor.sh new file mode 100644 index 0000000..bc103ad --- /dev/null +++ b/prepare-node-vendor.sh @@ -0,0 +1,49 @@ +#!/bin/sh -eux + +# dnf install curl gzip jq npm patch tar wget + +PKGDIR="$(pwd)" + + + + + + +cd clients + + + +#These patches touch NPM's files +patch --verbose -p1 -b < $PKGDIR/remove-unnecessary-deps.patch + +#remove unnecessary / non-free source +rm -rf apps/browser apps/cli apps/web bitwarden_license + +npm ci --verbose --ignore-scripts + +echo ">>>>>> Remove argon2 vendor" +rm -rf node_modules/argon2/argon2 + +echo ">>>>>> Remove non-free binaries" +find . -type f -name "*.wasm" -print -delete +find . -type f -name "*.jar" -print -delete +find . -type f -name "*.exe" -print -delete +find . -type f -name "*.node" -print -delete +find . -type f -name "*.dll" -print -delete +find . -type f -name "*.dylib" -print -delete +find . -type f -name "*.so" -print -delete +find . -type f -name "*.o" -print -delete +find . -type f -name "*.a" -print -delete + +#We use sponge to avoid a race condition between find and rm +find -type f | sponge | xargs -P$(nproc) -- sh -c 'file -S "$@" | grep -v '\'' .*script'\'' | grep '\'' .*executable'\'' | tee /dev/stderr | sed '\''s/: .*//'\'' | xargs rm -fv' + + +# Remove empty directories +echo ">>>>>> Remove empty directories" +find . -type d -empty -print -delete + + +echo ">>>>>> Create tarball" +ZSTD_CLEVEL=19 ZSTD_NBTHREADS=$(nproc) tar --zstd --sort=name -vvScf "${PKGDIR}/node-vendor.tar.zst" node_modules + diff --git a/prepare-vendor.sh b/prepare-vendor.sh new file mode 100644 index 0000000..e80f248 --- /dev/null +++ b/prepare-vendor.sh @@ -0,0 +1,58 @@ +#!/bin/bash -eux + +# dnf install curl gzip jq npm patch tar wget + +PKGDIR="$(pwd)" + + + + + + +cd clients + + + +#These patches touch NPM's files +patch --verbose -p1 -b < $PKGDIR/remove-unnecessary-deps.patch + +#remove unnecessary / non-free source +rm -rf apps/browser apps/cli apps/web bitwarden_license + +npm ci --verbose --ignore-scripts + +echo ">>>>>> Remove argon2 vendor" +rm -rf node_modules/argon2/argon2 + +# Since version 2024.8.0 (August 2024), obs-service-cargo_vendor does not work anymore: +# ERROR obs_service_cargo::audit: cargo_lock_err=Parse("parse error: couldn't resolve dependency: bytes\n") +# ERROR obs_service_cargo::utils: Unable to complete cargo audit rustsec_err=Error { kind: BadParam, msg: "parse error: parse error: couldn't resolve dependency: bytes\n", source: None } +pushd apps/desktop/desktop_native +mkdir -pv .cargo +cargo vendor-filterer --platform='*-unknown-linux-gnu' --platform='*-unknown-linux-gnueabihf' --all-features > .cargo/config +popd + +echo ">>>>>> Remove non-free binaries" +find . -type f -name "*.wasm" -print -delete +find . -type f -name "*.jar" -print -delete +find . -type f -name "*.exe" -print -delete +find . -type f -name "*.node" -print -delete +find . -type f -name "*.dll" -print -delete +find . -type f -name "*.dylib" -print -delete +find . -type f -name "*.so" -print -delete +find . -type f -name "*.o" -print -delete +find . -type f -name "*.a" -print -delete + +#We use sponge to avoid a race condition between find and rm +find -type f | sponge | xargs -P$(nproc) -- sh -c 'file -S "$@" | grep -v '\'' .*script'\'' | grep '\'' .*executable'\'' | tee /dev/stderr | sed '\''s/: .*//'\'' | xargs rm -fv' + + + +# Remove empty directories +echo ">>>>>> Remove empty directories" +find . -type d -empty -print -delete + + +echo ">>>>>> Create tarball" +ZSTD_CLEVEL=19 ZSTD_NBTHREADS=$(nproc) tar --zstd --sort=name -vvScf "${PKGDIR}/vendor.tar.zst" node_modules apps/desktop/desktop_native/{.cargo/config,vendor} + diff --git a/remove-argon2-browser.patch b/remove-argon2-browser.patch new file mode 100644 index 0000000..bdb57a4 --- /dev/null +++ b/remove-argon2-browser.patch @@ -0,0 +1,65 @@ +Remove dependency on argon-browser2 which should be dead code after https://github.com/bitwarden/clients/commit/996823169a5134da56c0e08f6e83a01e64164774 +We used to path this to use node_modules/argon2 but cannot anymore due to sandbox now being enabled; fortunately, upstream at the same time moved the crypto to main process. +Therefore the WASM implementation in web-crypto-function should be dead code now and can be removed because we do not want to compile WASM. + +--- bitwarden/apps/desktop/webpack.renderer.js.old 2023-02-15 19:02:44.000000000 +0100 ++++ bitwarden/apps/desktop/webpack.renderer.js 2023-02-18 18:41:53.074156675 +0100 +@@ -40,11 +40,6 @@ + }, + type: "asset/resource", + }, +- { +- test: /\.wasm$/, +- loader: "base64-loader", +- type: "javascript/auto", +- }, + ], + }, + plugins: [], +@@ -127,11 +122,6 @@ + test: /[\/\\]@angular[\/\\].+\.js$/, + parser: { system: true }, + }, +- { +- test: /\.wasm$/, +- loader: "base64-loader", +- type: "javascript/auto", +- }, + ], + }, + plugins: [ +--- a/libs/common/src/platform/services/web-crypto-function.service.ts ++++ b/libs/common/src/platform/services/web-crypto-function.service.ts +@@ -1,4 +1,3 @@ +-import * as argon2 from "argon2-browser"; + import * as forge from "node-forge"; + + import { Utils } from "../../platform/misc/utils"; +@@ -54,24 +53,9 @@ export class WebCryptoFunctionService implements CryptoFunctionService { + memory: number, + parallelism: number, + ): Promise { +- if (!this.wasmSupported) { +- throw "Webassembly support is required for the Argon2 KDF feature."; +- } +- +- const passwordArr = new Uint8Array(this.toBuf(password)); +- const saltArr = new Uint8Array(this.toBuf(salt)); +- +- const result = await argon2.hash({ +- pass: passwordArr, +- salt: saltArr, +- time: iterations, +- mem: memory, +- parallelism: parallelism, +- hashLen: 32, +- type: argon2.ArgonType.Argon2id, +- }); +- argon2.unloadRuntime(); +- return result.hash; ++ const err="This should be unreachable dead code. If you're seeing this message, please report a bug to openSUSE maintainers because we must have made a mistake when patching." ++ alert(err) ++ throw err + } + + async hkdf( diff --git a/remove-esbuild-version-check.patch b/remove-esbuild-version-check.patch new file mode 100644 index 0000000..b861e04 --- /dev/null +++ b/remove-esbuild-version-check.patch @@ -0,0 +1,11 @@ +--- bitwarden/node_modules/esbuild/install.js.old 2023-02-18 17:54:51.928231193 +0100 ++++ bitwarden/node_modules/esbuild/install.js 2023-02-18 18:18:42.659268572 +0100 +@@ -85,7 +85,7 @@ + } + throw err; + } +- if (stdout !== versionFromPackageJSON) { ++ if (0) { + throw new Error(`Expected ${JSON.stringify(versionFromPackageJSON)} but got ${JSON.stringify(stdout)}`); + } + } diff --git a/remove-unnecessary-deps.patch b/remove-unnecessary-deps.patch new file mode 100644 index 0000000..9652e95 --- /dev/null +++ b/remove-unnecessary-deps.patch @@ -0,0 +1,213 @@ +@types/semver and path-browserify is normally included transitively by storybook which we delete, adding it here explicitely because it is needed for build + +--- clients/package.json.orig 2024-07-15 19:10:38.711610685 +0200 ++++ clients/package.json 2024-07-15 19:25:13.322024338 +0200 +@@ -13,7 +13,6 @@ + }, + "homepage": "https://bitwarden.com", + "scripts": { +- "prepare": "husky", + "lint": "eslint . --cache --cache-strategy content && prettier --check .", + "lint:fix": "eslint . --cache --cache-strategy content --fix", + "lint:clear": "rimraf .eslintcache", +@@ -26,7 +25,7 @@ + "storybook": "ng run components:storybook", + "build-storybook": "ng run components:build-storybook", + "build-storybook:ci": "ng run components:build-storybook --webpack-stats-json", +- "postinstall": "patch-package" ++ "postinstall": "true" + }, + "workspaces": [ + "apps/*", +@@ -35,120 +34,44 @@ + ], + "devDependencies": { + "@angular-devkit/build-angular": "16.2.14", +- "@angular-eslint/eslint-plugin": "16.3.1", +- "@angular-eslint/eslint-plugin-template": "16.3.1", +- "@angular-eslint/template-parser": "16.3.1", +- "@angular/cli": "16.2.14", + "@angular/compiler-cli": "16.2.12", +- "@angular/elements": "16.2.12", +- "@babel/core": "^7.24.6", + "@babel/preset-env": "^7.24.6", +- "@compodoc/compodoc": "1.1.25", +- "@electron/notarize": "2.3.0", +- "@electron/rebuild": "3.6.0", + "@ngtools/webpack": "16.2.14", +- "@storybook/addon-a11y": "7.6.19", +- "@storybook/addon-actions": "7.6.19", +- "@storybook/addon-designs": "7.0.9", +- "@storybook/addon-essentials": "7.6.19", +- "@storybook/addon-interactions": "7.6.19", +- "@storybook/addon-links": "7.6.19", +- "@storybook/angular": "7.6.19", +- "@storybook/jest": "0.2.3", +- "@storybook/testing-library": "0.2.2", +- "@types/argon2-browser": "1.18.4", +- "@types/chrome": "0.0.262", +- "@types/firefox-webext-browser": "111.0.5", +- "@types/inquirer": "8.2.10", + "@types/jest": "29.5.12", +- "@types/jquery": "3.5.30", +- "@types/jsdom": "21.1.7", +- "@types/koa": "2.14.0", +- "@types/koa__multer": "2.0.7", +- "@types/koa__router": "12.0.4", +- "@types/koa-bodyparser": "4.3.7", +- "@types/koa-json": "2.0.23", +- "@types/lowdb": "1.0.15", + "@types/lunr": "2.3.7", + "@types/node": "20.14.8", +- "@types/node-fetch": "2.6.4", + "@types/node-forge": "1.3.11", + "@types/node-ipc": "9.2.3", + "@types/papaparse": "5.3.14", +- "@types/proper-lockfile": "4.1.4", +- "@types/react": "16.14.60", +- "@types/retry": "0.12.5", ++ "@types/semver": "^7.3.4", + "@types/zxcvbn": "4.4.4", +- "@typescript-eslint/eslint-plugin": "7.16.1", +- "@typescript-eslint/parser": "7.16.1", +- "@webcomponents/custom-elements": "1.6.0", +- "@yao-pkg/pkg": "^5.12.0", + "autoprefixer": "10.4.19", +- "babel-loader": "^9.1.3", +- "base64-loader": "1.0.0", +- "browserslist": "^4.23.0", +- "chromatic": "10.9.6", + "concurrently": "8.2.2", + "copy-webpack-plugin": "12.0.2", + "cross-env": "7.0.3", + "css-loader": "6.10.0", + "electron": "31.3.1", +- "electron-builder": "24.13.3", + "electron-log": "5.0.1", +- "electron-reload": "2.0.0-alpha.1", + "electron-store": "8.2.0", + "electron-updater": "6.1.8", +- "eslint": "8.57.0", +- "eslint-config-prettier": "9.1.0", +- "eslint-import-resolver-typescript": "3.6.1", +- "eslint-plugin-import": "2.29.1", +- "eslint-plugin-rxjs": "5.0.3", +- "eslint-plugin-rxjs-angular": "2.0.1", +- "eslint-plugin-storybook": "0.8.0", +- "eslint-plugin-tailwindcss": "3.17.4", +- "gulp": "4.0.2", +- "gulp-filter": "9.0.1", +- "gulp-if": "3.0.0", +- "gulp-json-editor": "2.6.0", +- "gulp-replace": "1.1.4", +- "gulp-zip": "6.0.0", + "html-loader": "5.0.0", +- "html-webpack-injector": "1.1.4", + "html-webpack-plugin": "5.6.0", +- "husky": "9.1.4", +- "jest-junit": "16.0.0", + "jest-mock-extended": "3.0.7", +- "jest-preset-angular": "14.1.1", +- "lint-staged": "15.2.8", + "mini-css-extract-plugin": "2.8.1", + "node-ipc": "9.2.1", ++ "path-browserify": "^1.0.1", + "postcss": "8.4.38", + "postcss-loader": "8.1.1", +- "prettier": "3.3.3", +- "prettier-plugin-tailwindcss": "0.6.5", +- "process": "0.11.10", +- "react": "18.3.1", +- "react-dom": "18.3.1", + "regedit": "^3.0.3", +- "remark-gfm": "3.0.1", + "rimraf": "6.0.1", + "sass": "1.74.1", + "sass-loader": "14.2.1", +- "storybook": "7.6.19", +- "style-loader": "3.3.4", +- "tailwindcss": "3.4.3", +- "ts-jest": "29.2.2", + "ts-loader": "9.5.1", + "tsconfig-paths-webpack-plugin": "4.1.0", +- "type-fest": "2.19.0", + "typescript": "5.1.6", + "url": "0.11.3", +- "util": "0.12.5", +- "wait-on": "7.2.0", + "webpack": "5.93.0", +- "webpack-cli": "5.1.4", +- "webpack-dev-server": "5.0.4", +- "webpack-node-externals": "3.0.0" ++ "webpack-cli": "5.1.4" + }, + "dependencies": { + "@angular/animations": "16.2.12", +@@ -160,55 +83,28 @@ + "@angular/platform-browser": "16.2.12", + "@angular/platform-browser-dynamic": "16.2.12", + "@angular/router": "16.2.12", +- "@koa/multer": "3.0.2", +- "@koa/router": "12.0.1", + "@microsoft/signalr": "8.0.7", + "@microsoft/signalr-protocol-msgpack": "8.0.7", + "@ng-select/ng-select": "11.2.0", + "argon2": "0.40.1", +- "argon2-browser": "1.18.0", + "big-integer": "1.6.51", +- "bootstrap": "4.6.0", +- "braintree-web-drop-in": "1.42.0", + "buffer": "6.0.3", +- "bufferutil": "4.0.8", +- "chalk": "4.1.2", + "commander": "11.1.0", +- "core-js": "3.36.1", +- "form-data": "4.0.0", +- "https-proxy-agent": "7.0.2", +- "inquirer": "8.2.6", +- "jquery": "3.7.1", +- "jsdom": "24.1.1", + "jszip": "3.10.1", +- "koa": "2.15.0", +- "koa-bodyparser": "4.4.1", +- "koa-json": "2.0.2", +- "lowdb": "1.0.0", + "lunr": "2.3.9", +- "multer": "1.4.5-lts.1", +- "ngx-infinite-scroll": "16.0.0", + "ngx-toastr": "17.0.2", + "node-fetch": "2.6.12", + "node-forge": "1.3.1", + "nord": "0.2.1", + "oidc-client-ts": "2.4.0", +- "open": "8.4.2", + "papaparse": "5.4.1", +- "patch-package": "8.0.0", +- "popper.js": "1.16.1", +- "proper-lockfile": "4.1.2", +- "qrcode-parser": "2.1.3", +- "qrious": "4.0.2", + "rxjs": "7.8.1", +- "tabbable": "6.2.0", + "tldts": "6.1.38", + "utf-8-validate": "6.0.4", + "zone.js": "0.13.3", + "zxcvbn": "4.4.2" + }, + "overrides": { +- "tailwindcss": "$tailwindcss", + "@storybook/angular": { + "zone.js": "$zone.js" + }, +--- clients/apps/desktop/desktop_native/napi/package.json.orig 2024-07-15 19:10:33.919215714 +0200 ++++ clients/apps/desktop/desktop_native/napi/package.json 2024-07-15 19:25:13.322024338 +0200 +@@ -10,9 +10,6 @@ + }, + "author": "", + "license": "GPL-3.0", +- "devDependencies": { +- "@napi-rs/cli": "2.16.2" +- }, + "napi": { + "name": "desktop_napi", + "triples": { diff --git a/system-libargon2.patch b/system-libargon2.patch new file mode 100644 index 0000000..2b43e7c --- /dev/null +++ b/system-libargon2.patch @@ -0,0 +1,65 @@ +--- clients/node_modules/argon2/binding.gyp.orig 2024-07-15 19:27:24.157408387 +0200 ++++ clients/node_modules/argon2/binding.gyp 2024-07-15 19:40:42.806528404 +0200 +@@ -20,7 +20,7 @@ + "Release": { + "target_conditions": [ + ["OS != 'win'", { +- "cflags+": ["-fdata-sections", "-ffunction-sections", "-flto", "-fvisibility=hidden"], ++ "cflags+": ["-fvisibility=hidden"], + "ldflags+": ["-Wl,--gc-sections"] + }] + ], +@@ -29,26 +29,7 @@ + } + }, + "targets": [ +- { +- "target_name": "libargon2", +- "sources": [ +- "argon2/src/argon2.c", +- "argon2/src/blake2/blake2b.c", +- "argon2/src/core.c", +- "argon2/src/encoding.c", +- "argon2/src/thread.c" +- ], +- "cflags+": ["-Wno-type-limits"], +- "conditions": [ +- ["target_arch == 'ia32' or target_arch == 'x64'", { +- "cflags+": ["-msse", "-msse2"], +- "sources+": ["argon2/src/opt.c"] +- }, { +- "sources+": ["argon2/src/ref.c"] +- }] +- ], +- "type": "static_library" +- }, { ++{ + "target_name": "argon2", + "defines+": [ + "NAPI_VERSION=<(napi_build_version)", +@@ -58,10 +39,15 @@ + "sources": [ + "argon2_node.cpp" + ], +- "cflags_cc+": ["-Wall", "-Wextra", "-Wconversion", "-Wformat", "-Wnon-virtual-dtor", "-pedantic", "-Werror"], ++ "cflags_cc+": ["-Wall", "-Wextra", "-Wconversion", "-Wformat", "-Wnon-virtual-dtor", "-pedantic"], + "cflags_cc!": ["-fno-exceptions"], + "include_dirs": [" + #include + #include + #include diff --git a/vendor.tar.zst b/vendor.tar.zst new file mode 100644 index 0000000..67eefc3 --- /dev/null +++ b/vendor.tar.zst @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:f336dcd548f1fdb65092ee8a86923674ff41284044c96835b5e9693f1e89f9bf +size 43032335