rpm/element-desktop
SHA256
1
0
Fork 0
forked from pool/element-desktop
Code Pull Requests Activity

Accepting request 1174684 from home:dziobian:gulgul-ultron:19

Browse Source 
- Use bundled sqlcipher to work around symbol collision through mozilla-nss
  (gh#sqlcipher/sqlcipher#385)
- Ship app unpacked instead of using asar
- Remove development-only files that should not be shipped (bsc#1224133)
- prepare.sh:
  * Ship dependencies as node_modules tree for patching possibility
    (yarn offline does not support patching)
  * Work around non-reproducible hakModules dependencies
    (gh#element-hq/element-desktop#1634) (hak-remove-devdependencies.patch)
  * Remove non-free binaries from archive
  * Remove vendored openssl copy from archive
  * Put everything into one archive
- Use correct CFLAGS and RUSTFLAGS
  * add cc-link-lib-no-static.patch
- Fix various build errors with electron-builder
  * 7za-path.patch
  * remove-fuses.patch
- BuildRequire app-builder instead of using a non-free binary
- Add standard Electron module load %check
- Clean up unneeded BuildRequires
- Drop unused electron-web source copy
- Fix build error on ix86 and arm
- Fix unresolvable build on Fedora

OBS-URL: https://build.opensuse.org/request/show/1174684
OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/element-desktop?expand=0&rev=58
This commit is contained in:
Dominik Heidler 2024-05-17 11:13:00 +00:00 committed by Git OBS Bridge
parent a19d6b2779
commit 00c3f7aae2
12 changed files with 345 additions and 131 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
7za-path.patch Normal file
View File

@ -0,0 +1,14 @@
7-zip is not actually used during build
--- vendor/node_modules/builder-util/out/7za.js.orig 2024-05-15 21:11:29.747999000 +0200
+++ vendor/node_modules/builder-util/out/7za.js 2024-05-15 23:22:09.712045854 +0200
@@ -4,8 +4,7 @@ exports.getPath7x = exports.getPath7za =
const _7zip_bin_1 = require("7zip-bin");
const fs_extra_1 = require("fs-extra");
async function getPath7za() {
- await (0, fs_extra_1.chmod)(_7zip_bin_1.path7za, 0o755);
- return _7zip_bin_1.path7za;
+ return '/bin/false'
}
exports.getPath7za = getPath7za;
async function getPath7x() {

18
cc-link-lib-no-static.patch Normal file
View File

@ -0,0 +1,18 @@
Do not make cc emit "static" to cargo, that option is broken (rustc tries to repact LTO objects and corrupts them in the process leading to missing symbols).
Make rustc believe everything foreign is a “dylib”. (It's not, but that makes it pass them to intact to GCC to do the linking)
--- vendor/.hak/hakModules/matrix-seshat/vendor/cc/src/lib.rs.orig 2024-05-16 18:44:16.828468243 +0200
+++ vendor/.hak/hakModules/matrix-seshat/vendor/cc/src/lib.rs 2024-05-16 19:04:27.036595422 +0200
@@ -1100,10 +1100,10 @@ impl Build {
}
if self.link_lib_modifiers.is_empty() {
- self.print(&format!("cargo:rustc-link-lib=static={}", lib_name));
+ self.print(&format!("cargo:rustc-link-lib={}", lib_name));
} else {
let m = self.link_lib_modifiers.join(",");
- self.print(&format!("cargo:rustc-link-lib=static:{}={}", m, lib_name));
+ self.print(&format!("cargo:rustc-link-lib:{}={}", m, lib_name));
}
self.print(&format!("cargo:rustc-link-search=native={}", dst.display()));

27
element-desktop.changes
View File

@ -1,3 +1,30 @@
-------------------------------------------------------------------
Thu May 16 19:47:15 UTC 2024 - Bruno Pitrus <brunopitrus@hotmail.com>
- Use bundled sqlcipher to work around symbol collision through mozilla-nss
(gh#sqlcipher/sqlcipher#385)
- Ship app unpacked instead of using asar
- Remove development-only files that should not be shipped (bsc#1224133)
- prepare.sh:
* Ship dependencies as node_modules tree for patching possibility
(yarn offline does not support patching)
* Work around non-reproducible hakModules dependencies
(gh#element-hq/element-desktop#1634) (hak-remove-devdependencies.patch)
* Remove non-free binaries from archive
* Remove vendored openssl copy from archive
* Put everything into one archive
- Use correct CFLAGS and RUSTFLAGS
* add cc-link-lib-no-static.patch
- Fix various build errors with electron-builder
* 7za-path.patch
* remove-fuses.patch
- BuildRequire app-builder instead of using a non-free binary
- Add standard Electron module load %check
- Clean up unneeded BuildRequires
- Drop unused electron-web source copy
- Fix build error on ix86 and arm
- Fix unresolvable build on Fedora
-------------------------------------------------------------------
Tue Apr 23 13:54:23 UTC 2024 - Dominik Heidler <dheidler@suse.de>

2
element-desktop.sh
View File

@ -1,3 +1,3 @@
#!/bin/sh
exec electron /usr/share/element/app.asar "$@"
exec electron /usr/share/element/app "$@"

238
element-desktop.spec
View File

@ -23,143 +23,217 @@ Summary: A glossy Matrix collaboration client - desktop
License: Apache-2.0
URL: https://github.com/vector-im/element-desktop
Source0: https://github.com/vector-im/element-desktop/archive/v%{version}.tar.gz#/element-desktop-%{version}.tar.gz
Source1: https://github.com/vector-im/element-web/archive/v%{version}.tar.gz#/element-web-%{version}.tar.gz
Source2: npm-packages-offline-cache.tar.gz
Source2: vendor.tar.zst
Source3: io.element.Element.desktop
Source4: element-desktop.sh
Source5: prepare.sh
Source6: hak.tar.gz
Patch0: hak-remove-devdependencies.patch
Patch1: 7za-path.patch
Patch2: cc-link-lib-no-static.patch
Patch3: remove-fuses.patch
BuildRequires: element-web = %{version}
BuildRequires: app-builder
BuildRequires: cargo
BuildRequires: fdupes
BuildRequires: hicolor-icon-theme
BuildRequires: jq
BuildRequires: moreutils
BuildRequires: nodejs-electron-devel
BuildRequires: yarn
BuildRequires: rust
BuildRequires: cargo
BuildRequires: python3
BuildRequires: sqlcipher-devel
BuildRequires: libsecret-devel
BuildRequires: gcc-c++
BuildRequires: ccache
BuildRequires: zlib-devel
BuildRequires: asar
Requires: element-web = %{version}
Requires: nodejs-electron
%if 0%{?suse_version} <= 1540
BuildRequires: nodejs18
BuildRequires: pkgconfig(openssl)
BuildRequires: zstd
%if 0%{?fedora}
BuildRequires: rust-srpm-macros
%else
%if 0%{?suse_version} >= 1550 || 0%{?sle_version} >= 150600
BuildRequires: cargo-packaging >= 1.2.0+3
%else
BuildRequires: rust-packaging
%endif
BuildRequires: cargo-auditable
%endif
BuildRequires: libsecret-devel
BuildRequires: gcc-c++
Requires: element-web = %{version}
Requires: nodejs-electron%{_isa}
#x86 electron requires SSE2
%ifarch %ix86
ExclusiveArch: i586 i686
BuildArch: i686
%{expand:%%global optflags %(echo "%optflags") -march=pentium4 -mtune=generic}
%{expand:%%global build_rustflags %(echo "%build_rustflags") -C target-cpu=pentium4 -Z tune-cpu=generic}
%endif
# hak*.tar.gz only available for those architectures
ExclusiveArch: x86_64 aarch64
%description
A glossy Matrix collaboration client - desktop
%prep
%setup -q -a1 -a2 -a6
%setup -q -a2
%autopatch -p1
SYSTEM_ELECTRON_VERSION=$(<%{_libdir}/electron/version)
jq -c '.build["electronVersion"]="'$SYSTEM_ELECTRON_VERSION'" | .build["electronDist"]="%{_libdir}/electron"' < package.json | sponge package.json
jq -c '.build["linux"]["target"]="dir"' < package.json | sponge package.json
cat package.json
jq '.piwik=false | .update_base_url=null' < element.io/release/config.json | sponge element.io/release/config.json
# build tools expect python3 interpreter behind "python"
mkdir -p $HOME/bin
ln -sf /usr/bin/python3 $HOME/bin/python
# https://blogs.gnome.org/mcatanzaro/2020/05/18/patching-vendored-rust-dependencies/
for i in cc libloading libsqlite3-sys openssl-src rustix seshat vcpkg; do
pushd .hak/hakModules/matrix-seshat/vendor/$i
jq -cj '.files={}' .cargo-checksum.json >tmp && mv tmp .cargo-checksum.json && popd
done
jq -cj '.piwik=false | .update_base_url=null' < element.io/release/config.json > tmp && mv -v tmp element.io/release/config.json
%ifarch aarch64
mv -v .hak/matrix-seshat/x86_64-unknown-linux-gnu .hak/matrix-seshat/aarch64-unknown-linux-gnu
mv -v .hak/keytar/x86_64-unknown-linux-gnu .hak/keytar/aarch64-unknown-linux-gnu
%endif
%build
echo 'yarn-offline-mirror "./npm-packages-offline-cache"' >> .yarnrc
echo 'nodedir %{_includedir}/electron' >> .yarnrc
export CFLAGS="%{optflags} -fpic -fno-semantic-interposition -fno-fat-lto-objects -fvisibility=hidden"
export CXXFLAGS="%{optflags} -fpic -fno-semantic-interposition -fno-fat-lto-objects -fvisibility=hidden"
export LDFLAGS="%{?build_ldflags}"
export MAKEFLAGS="%{_smp_mflags}"
export ELECTRON_SKIP_BINARY_DOWNLOAD=1
export PLAYWRIGHT_SKIP_BROWSER_DOWNLOAD=1
export USE_SYSTEM_APP_BUILDER=true
export OPENSSL_NO_VENDOR=1
# The `cc` crate tries to be too clever and passes some default cflags when building sqlcipher.
# Disable these and use only the ones from CFLAGS env. variable
export CRATE_CC_NO_DEFAULTS=1
yarn install --offline --pure-lockfile
export PATH="$(pwd)/node_modules/.bin:${HOME}/bin:${PATH}"
#export ELECTRON_BUILDER_CACHE="$(pwd)/electron-builder-offline-cache/"
%ifarch %ix86
export RUSTC_BOOTSTRAP=1
%endif
#I want to actually see the build logs for Cargo. Especially the gcc command line for dependent modules.
export RUSTC_LOG='rustc_codegen_ssa::back::link=info'
export RUSTFLAGS="%{build_rustflags} --verbose -Cstrip=none"
export CARGO_TERM_VERBOSE=true
yarn run hak build
yarn run hak copyandlink
%electron_rebuild
yarn run build:native
yarn run build:universal
pushd dist/linux-universal-unpacked/resources/
# provide the app.asar.unpacked folder like pre 1.11.54
mkdir -p app.asar.unpacked/node_modules/keytar/build/Release/
asar ef app.asar .hak/hakModules/keytar/build/Release/keytar.node
mv keytar.node app.asar.unpacked/node_modules/keytar/build/Release/
mkdir -p app.asar.unpacked/node_modules/matrix-seshat/
asar ef app.asar .hak/hakModules/matrix-seshat/index.node
mv index.node app.asar.unpacked/node_modules/matrix-seshat/
# repackage the asar file with the pre 1.11.54 format
asar e app.asar app.asar.repak
cp -av app.asar.repak/.hak/hakModules/* app.asar.repak/node_modules/
asar p app.asar.repak/ app.asar
rm -r app.asar.repak/
#We do manually the rough equivalent of `hak build` to inject correct optflags
pushd .hak/hakModules/keytar
%electron_rebuild
popd
pushd .hak/hakModules/matrix-seshat
%if 0%{?suse_version}
auditable='auditable -vv'
%endif
cargo -vv $auditable rustc --offline --release --features=bundled-sqlcipher --lib --crate-type cdylib
ln -Tv target/release/*.so index.node
popd
#Compare definition of `build:universal` in package.json
npm run build:ts
npm run build:res
npx --no-install electron-builder --linux dir --universal -c.electronDist=%{_libdir}/electron -c.asar=false -c.nodeGypRebuild=false -c.npmRebuild=false
%install
#Remove sources an other files that should not be shipped
pushd dist/linux-universal-unpacked/resources/app
rm -rf node_modules/matrix-seshat/{.cargo,false,src,target,test,vendor,Cargo.lock,Cargo.toml}
find -name '*.c' -type f -print -delete
find -name '*.cc' -type f -print -delete
find -name '*.cpp' -type f -print -delete
find -name '*.h' -type f -print -delete
find -name '*.m' -type f -print -delete
find -name '*.map' -type f -print -delete
find -name '*.ts' -type f -print -delete
find -name '*.tsx' -type f -print -delete
find -name '*.gyp' -type f -print -delete
find -name '*.gypi' -type f -print -delete
find -name '*.mk' -type f -print -delete
find -name '*.Makefile' -type f -print -delete
find -name '.eslint*' -type f -print -delete
find -name .editorconfig -type f -print -delete
find -name .nvmrc -type f -print -delete
find -name .nycrc -type f -print -delete
find -name Makefile -type f -print -delete
find -name '.jscs*' -type f -print -delete
find -name obj.target -print0 |xargs -r0 -- rm -rvf --
find -name '*.d' -type f -print -delete
#Documentation
find -name '*.md' -type f -print -delete
find -name '*.markdown' -type f -print -delete
find -name '*.bnf' -type f -print -delete
find -name '*.mli' -type f -print -delete
find -name CHANGES -type f -print -delete
find -name TODO -type f -print -delete
find -name usage.txt -type f -print -delete
# Remove empty directories
find . -type d -empty -print -delete
# fix file mode
find . -type f -exec chmod 0644 {} \;
find . -name '*.node' -exec chmod 0755 {} \;
popd
# Install the app content, replace the webapp with a symlink to the system package
install -d -m 0755 "%{buildroot}%{_datadir}/element/"
cp -av dist/linux-universal-unpacked/resources/* "%{buildroot}%{_datadir}/element/"
ln -s %{_datadir}/webapps/element "%{buildroot}%{_datadir}/element/webapp"
install -vd -m 0755 "%{buildroot}%{_datadir}/element/"
cp -lrv dist/linux-universal-unpacked/resources/* -t "%{buildroot}%{_datadir}/element/"
ln -vs %{_datadir}/webapps/element "%{buildroot}%{_datadir}/element/webapp"
# Install binaries to /usr/lib
install -d -m 0755 "%{buildroot}%{_prefix}/lib/element/"
install -m0755 dist/linux-universal-unpacked/resources/app.asar.unpacked/node_modules/keytar/build/Release/keytar.node "%{buildroot}%{_prefix}/lib/element/keytar.node"
install -m0755 dist/linux-universal-unpacked/resources/app.asar.unpacked/node_modules/matrix-seshat/index.node "%{buildroot}%{_prefix}/lib/element/matrix-seshat.node"
ln -sfv "%{_prefix}/lib/element/keytar.node" "%{buildroot}%{_datadir}/element/app.asar.unpacked/node_modules/keytar/build/Release/keytar.node"
ln -sfv "%{_prefix}/lib/element/matrix-seshat.node" "%{buildroot}%{_datadir}/element/app.asar.unpacked/node_modules/matrix-seshat/index.node"
install -vd -m 0755 "%{buildroot}%{_prefix}/lib/element/"
install -pvm0755 dist/linux-universal-unpacked/resources/app/node_modules/keytar/build/Release/keytar.node "%{buildroot}%{_prefix}/lib/element/keytar.node"
install -pvm0755 dist/linux-universal-unpacked/resources/app/node_modules/matrix-seshat/index.node "%{buildroot}%{_prefix}/lib/element/matrix-seshat.node"
ln -sfv "%{_prefix}/lib/element/keytar.node" "%{buildroot}%{_datadir}/element/app/node_modules/keytar/build/Release/keytar.node"
ln -sfv "%{_prefix}/lib/element/matrix-seshat.node" "%{buildroot}%{_datadir}/element/app/node_modules/matrix-seshat/index.node"
# Config file
install -m 0755 -d %{buildroot}%{_sysconfdir}/element
install -m 0644 element.io/release/config.json "%{buildroot}%{_sysconfdir}/element/config.json"
install -vm 0755 -d %{buildroot}%{_sysconfdir}/element
install -pvm 0644 element.io/release/config.json "%{buildroot}%{_sysconfdir}/element/config.json"
install -m 0755 -d %{buildroot}%{_sysconfdir}/webapps/element
ln -s %{_sysconfdir}/element/config.json "%{buildroot}%{_sysconfdir}/webapps/element/config.json"
install -pvm 0755 -d %{buildroot}%{_sysconfdir}/webapps/element
ln -vs %{_sysconfdir}/element/config.json "%{buildroot}%{_sysconfdir}/webapps/element/config.json"
install -d -m 0755 "%{buildroot}%{_datadir}/webapps/element/"
ln -s %{_sysconfdir}/element/config.json "%{buildroot}%{_datadir}/webapps/element/config.json" # moved here from element-web to make symlink check happy
install -vd -m 0755 "%{buildroot}%{_datadir}/webapps/element/"
ln -vs %{_sysconfdir}/element/config.json "%{buildroot}%{_datadir}/webapps/element/config.json" # moved here from element-web to make symlink check happy
# Required extras
install -d -m 0755 "%{buildroot}%{_datadir}/applications/"
install -m 0644 %{SOURCE3} "%{buildroot}%{_datadir}/applications/io.element.Element.desktop"
install -d -m 0755 "%{buildroot}%{_bindir}/"
install -m 0755 %{SOURCE4} "%{buildroot}%{_bindir}/%{name}"
install -vd -m 0755 "%{buildroot}%{_datadir}/applications/"
install -pvm 0644 %{SOURCE3} "%{buildroot}%{_datadir}/applications/io.element.Element.desktop"
install -vd -m 0755 "%{buildroot}%{_bindir}/"
install -pvm 0755 %{SOURCE4} "%{buildroot}%{_bindir}/%{name}"
# Icons
install -d -m 0755 "%{buildroot}%{_datadir}/icons/hicolor/scalable/apps/"
install -m 0644 element-web-%{version}/res/themes/element/img/logos/element-logo.svg "%{buildroot}%{_datadir}/icons/hicolor/scalable/apps/io.element.Element.svg"
install -vd -m 0755 "%{buildroot}%{_datadir}/icons/hicolor/scalable/apps/"
for i in 16 24 48 64 96 128 256 512; do
install -d -m 0755 "%{buildroot}%{_datadir}/icons/hicolor/${i}x${i}/apps/"
install -m 0644 build/icons/${i}x${i}.png "%{buildroot}%{_datadir}/icons/hicolor/${i}x${i}/apps/io.element.Element.png"
install -vd -m 0755 "%{buildroot}%{_datadir}/icons/hicolor/${i}x${i}/apps/"
install -pvm 0644 build/icons/${i}x${i}.png "%{buildroot}%{_datadir}/icons/hicolor/${i}x${i}/apps/io.element.Element.png"
done
%fdupes %{buildroot}%{_datadir}
%check
%electron_check_native
%files
%license LICENSE
%{_bindir}/%{name}
%{_datadir}/element/
%dir %{_datadir}/element/
%{_datadir}/element/webapp
%{_datadir}/element/app-update.yml
%dir %{_datadir}/element/app
%{_datadir}/element/app/lib
%{_datadir}/element/app/node_modules
%{_datadir}/element/app/package.json
%dir %{_datadir}/element/img
%{_datadir}/element/img/element.ico
%{_datadir}/element/img/element.png
%{_prefix}/lib/element/
%config(noreplace) %{_sysconfdir}/element/config.json
%{_sysconfdir}/webapps/element/config.json
%{_datadir}/webapps/element/config.json
%dir %{_sysconfdir}/element/
%{_datadir}/applications/io.element.Element.desktop
%{_datadir}/icons/hicolor/scalable/apps/io.element.Element.svg
%{_datadir}/icons/hicolor/*/apps/io.element.Element.png
%changelog

3
element-web-1.11.65.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:7e4fbe8f1e4091efb7c45d5c42730fc0ed97036a8dea7fbc7a2e0c5d6d554d40
size 2384721

29
hak-remove-devdependencies.patch Normal file
View File

@ -0,0 +1,29 @@
hak fetch tries to download devDependencies for two modules. Unfortunately it does so in a very non-deterministic manner (no shrinkwrap file)
Remove that step since the devDependencies are not actually needed for any of these two modules.
--- element-desktop-1.11.65/scripts/hak/fetch.ts.orig 2024-04-23 15:14:00.000000000 +0200
+++ element-desktop-1.11.65/scripts/hak/fetch.ts 2024-05-15 19:40:21.779432272 +0200
@@ -35,23 +35,6 @@ export default async function fetch(hakE
console.log("Fetching " + moduleInfo.name + "@" + moduleInfo.version);
const packumentCache = new Map();
- await pacote.extract(`${moduleInfo.name}@${moduleInfo.version}`, moduleInfo.moduleBuildDir, {
- packumentCache,
- });
-
- console.log("Running yarn install in " + moduleInfo.moduleBuildDir);
- await new Promise<void>((resolve, reject) => {
- const proc = childProcess.spawn(hakEnv.isWin() ? "yarn.cmd" : "yarn", ["install", "--ignore-scripts"], {
- stdio: "inherit",
- cwd: moduleInfo.moduleBuildDir,
- // We need shell mode on Windows to be able to launch `.cmd` executables
- // See https://nodejs.org/en/blog/vulnerability/april-2024-security-releases-2
- shell: hakEnv.isWin(),
- });
- proc.on("exit", (code) => {
- code ? reject(code) : resolve();
- });
- });
// also extract another copy to the output directory at this point
// nb. we do not yarn install in the output copy: we could install in

3
hak.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:9266775907df3e6b82c2183b997f27cd81a28d2353496778bc6151fbb5eb47dc
size 130652001

3
npm-packages-offline-cache.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:4236876eeff2aacc1fa694a730e17268a93e1ec74066796b74e022d61835d271
size 147561699

101
prepare.sh
View File

@ -2,75 +2,98 @@
set -ex
version=$1
sed -i -e "s/^\(Version: *\)[^ ]*$/\1${version}/" element-desktop.spec
oldwd="$(pwd)"
tmpdir="$(mktemp -d)"
#zypper install yarn cargo gcc-c++ sqlcipher-devel libsecret-devel
#zypper install findutils file yarn cargo cargo-vendor-filterer moreutils jq
version=$(grep "Version:" element-desktop.spec | awk '{print $2}')
osc rm -f element-web-*.tar.gz ||:
osc rm -f element-desktop-*.tar.gz ||:
wget -c https://github.com/vector-im/element-desktop/archive/v${version}.tar.gz -O element-desktop-${version}.tar.gz
wget -c https://github.com/vector-im/element-web/archive/v${version}.tar.gz -O element-web-${version}.tar.gz
osc add -f element-web-*.tar.gz
osc add -f element-desktop-*.tar.gz
cp element-desktop.spec "$tmpdir/"
cd "$tmpdir"
rm -rf "element-desktop-${version}"
wget -c https://github.com/vector-im/element-desktop/archive/v${version}.tar.gz -O element-desktop-${version}.tar.gz
tar xzvf element-desktop-${version}.tar.gz
#dziobian: yarn has completely broken caching policy which first compiles the module and then caches the result.
#additionally, --ignore-scripts seems to be evaluated during caching, and not during install to node_modules.
#Mitigate this by resetting ~ to an empty directory
mkdir -pv "$tmpdir/home"
export HOME="$tmpdir/home"
tar -xzvvf "${oldwd}/element-desktop-${version}.tar.gz"
cd element-desktop-${version}
last_packaged_version=$(osc cat devel:languages:nodejs/element-desktop/element-desktop.spec | grep "^Version:" | awk '{print $NF}')
#These patches change results of things we want to execute below
patch -p1 --verbose < "${oldwd}/hak-remove-devdependencies.patch"
last_packaged_version=$(<"${oldwd}/element-desktop.spec" grep "^Version:" | awk '{print $NF}')
changes=$(grep "^Changes in \[$last_packaged_version\]" -B10000 CHANGELOG.md | head -n -2 | sed -e '/^==*$/d' -e 's/Changes in \[\([^\[]*\)\].*/Version \1/' -e 's/^\([^-].*\)$/ \1/' -e 's/\[.*\](\(.*\))/\1/g' -e 's/^ *Version /Version /g')
echo 'yarn-offline-mirror "./npm-packages-offline-cache"' > .yarnrc
yarn cache clean
rm -rf node_modules/
yarn install --pure-lockfile || : # this will download tha packages into the offline cache
# This will vendor the packages but not execute any build scripts (but see caveat about caching above)
yarn install --frozen-lockfile --ignore-engines --ignore-platform --ignore-scripts --link-duplicates
export PATH="$PATH:node_modules/.bin"
yarn run hak check
#hak does not have version pinning, which is terrible.
#Therefore we manually pin the minimum versions specified in package.json
jq '.hakDependencies[]|= sub("^\\^";"";"i")' <package.json > package.json.new
diff --color=always -bup package.json{,.new} || true
mv package.json{.new,}
yarn run hak fetch
# prefetch cargo crates
pushd .hak/matrix-seshat/x86_64-unknown-linux-gnu/build
cargo vendor
mkdir -p .cargo
cat > .cargo/config.toml <<EOF
[source.crates-io]
replace-with = "vendored-sources"
[source.vendored-sources]
directory = "vendor"
EOF
pushd .hak/hakModules/matrix-seshat
mkdir -pv .cargo
cargo vendor-filterer --platform='*-unknown-linux-gnu' --platform='*-unknown-linux-gnueabihf' --all-features=true > .cargo/config
#remove vendored libraries
rm -rvf vendor/openssl-src/openssl
popd
patch -p0 <<EOF
--- .hak/keytar/x86_64-unknown-linux-gnu/build/node_modules/node-gyp/gyp/pylib/gyp/input.py 2023-06-15 12:09:05.127000000 +0200
+++ .hak/keytar/x86_64-unknown-linux-gnu/build/node_modules/node-gyp/gyp/pylib/gyp/input.py 2023-06-15 13:34:18.969088855 +0200
@@ -1190,7 +1190,7 @@
else:
ast_code = compile(cond_expr_expanded, "<string>", "eval")
cached_conditions_asts[cond_expr_expanded] = ast_code
- env = {"__builtins__": {}, "v": StrictVersion}
+ env = {"__builtins__": {"openssl_fips": ""}, "v": StrictVersion}
if eval(ast_code, env, variables):
return true_dict
return false_dict
EOF
#fetch node-addon-api for keytar. Unfortunately there is no package lock, therefore we use lowest supported version (for reproducility)
#we need to install it manuall in a separate directory wiithout a package.json. good that node-addon-api has no dependencies.
pushd .hak/hakModules/keytar
naa_version=$(jq -cj '.dependencies["node-addon-api"]' <package.json | sed 's/^\^//')
mkdir -pv "$tmpdir/naa"
pushd "$tmpdir/naa"
npm install --verbose --ignore-scripts --no-save node-addon-api@"${naa_version}"
popd
mv -v "$tmpdir/naa/node_modules" -t .
popd
#Remove non-free binaries, starting with a few common file extensions
find . -name '*.node' -print -delete
find . -name '*.jar' -print -delete
find . -name '*.dll' -print -delete
find . -name '*.exe' -print -delete
find . -name '*.dylib' -print -delete
find . -name '*.so' -print -delete
find . -name '*.o' -print -delete
find . -name '*.a' -print -delete
find . -name '*.wasm' -print -delete
#now detect the rest. This should catch all ELFs that may be executed. We use sponge to avoid a race condition between find and rm
find . -type f| sponge |\
xargs -P"$(nproc)" -- sh -c 'file -S "$@" | grep -v '\'': .*script'\'' | grep '\'': .*executable'\'' | tee /dev/stderr | sed '\''s/: .*//'\'' | xargs rm -fv'
rm -f "${oldwd}/vendor.tar.zst"
ZSTD_CLEVEL=19 ZSTD_NBTHREADS=$(nproc) tar --zstd --sort=name -vvScf "${oldwd}/vendor.tar.zst" .hak node_modules
tar czf npm-packages-offline-cache.tar.gz ./npm-packages-offline-cache
tar czf hak.tar.gz ./.hak
cp -v npm-packages-offline-cache.tar.gz hak.tar.gz "$oldwd/"
cd "$oldwd"
echo rm -rf "$tmpdir"
echo -e "\n\nDONE creating npm dependency offline cache file 'npm-packages-offline-cache.tar.gz'"
echo -e "\n\nDONE creating npm offline dependencies archive 'vendor.tar.zst'"
read -p "Write changes?"

35
remove-fuses.patch Normal file
View File

@ -0,0 +1,35 @@
It is impossible to monkeypatch a shared copy of Electron, and in current versions of the nodejs-electron package
we intentionally fail the build of any app which tries to do this to alert the packager.
One problematic fuse which may break user data compatibility with upstream binaries is cookie encryption.
If a user runs an app with fused electron and then with unfused one, their cookies will get deleted.
OBSERVATION(dziobian):
Element creates a cookies sqlite database on startup but seems to never write anything to it.
Deleting the database manually seemed to have no effect.
--- element-desktop-1.11.65/electron-builder.ts.orig 2024-04-23 15:14:00.000000000 +0200
+++ element-desktop-1.11.65/electron-builder.ts 2024-05-16 18:51:14.513871208 +0200
@@ -75,22 +75,6 @@ const config: Writable<Configuration> =
const electronBinaryPath = path.join(context.appOutDir, `${executableName}${ext}`);
console.log(`Flipping fuses for: ${electronBinaryPath}`);
- await flipFuses(electronBinaryPath, {
- version: FuseVersion.V1,
- resetAdHocDarwinSignature: context.electronPlatformName === "darwin" && context.arch === Arch.universal,
-
- [FuseV1Options.EnableCookieEncryption]: true,
- [FuseV1Options.OnlyLoadAppFromAsar]: true,
-
- [FuseV1Options.RunAsNode]: false,
- [FuseV1Options.EnableNodeOptionsEnvironmentVariable]: false,
- [FuseV1Options.EnableNodeCliInspectArguments]: false,
-
- // Mac app crashes on arm for us when `LoadBrowserProcessSpecificV8Snapshot` is enabled
- [FuseV1Options.LoadBrowserProcessSpecificV8Snapshot]: false,
- // https://github.com/electron/fuses/issues/7
- [FuseV1Options.EnableEmbeddedAsarIntegrityValidation]: false,
- });
}
},
files: [

3
vendor.tar.zst Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:8e6ce200a3d75ebecfdf1ba91b735e8959100d9d4ce96da7e4acd61cc2c95410
size 37766553