rpm/element-desktop
SHA256
1
0
Fork 0
forked from pool/element-desktop
Code Pull Requests Activity

Accepting request 1174684 from home:dziobian:gulgul-ultron:19

Browse Source 
- Use bundled sqlcipher to work around symbol collision through mozilla-nss
  (gh#sqlcipher/sqlcipher#385)
- Ship app unpacked instead of using asar
- Remove development-only files that should not be shipped (bsc#1224133)
- prepare.sh:
  * Ship dependencies as node_modules tree for patching possibility
    (yarn offline does not support patching)
  * Work around non-reproducible hakModules dependencies
    (gh#element-hq/element-desktop#1634) (hak-remove-devdependencies.patch)
  * Remove non-free binaries from archive
  * Remove vendored openssl copy from archive
  * Put everything into one archive
- Use correct CFLAGS and RUSTFLAGS
  * add cc-link-lib-no-static.patch
- Fix various build errors with electron-builder
  * 7za-path.patch
  * remove-fuses.patch
- BuildRequire app-builder instead of using a non-free binary
- Add standard Electron module load %check
- Clean up unneeded BuildRequires
- Drop unused electron-web source copy
- Fix build error on ix86 and arm
- Fix unresolvable build on Fedora

OBS-URL: https://build.opensuse.org/request/show/1174684
OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/element-desktop?expand=0&rev=58
This commit is contained in:
Dominik Heidler 2024-05-17 11:13:00 +00:00 committed by Git OBS Bridge
parent a19d6b2779
commit 00c3f7aae2
12 changed files with 345 additions and 131 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
7za-path.patch Normal file
View File

@ -0,0 +1,14 @@
7-zip is not actually used during build
--- vendor/node_modules/builder-util/out/7za.js.orig 2024-05-15 21:11:29.747999000 +0200
+++ vendor/node_modules/builder-util/out/7za.js 2024-05-15 23:22:09.712045854 +0200
@@ -4,8 +4,7 @@ exports.getPath7x = exports.getPath7za =
const _7zip_bin_1 = require("7zip-bin");
const fs_extra_1 = require("fs-extra");
async function getPath7za() {
- await (0, fs_extra_1.chmod)(_7zip_bin_1.path7za, 0o755);
- return _7zip_bin_1.path7za;
+ return '/bin/false'
}
exports.getPath7za = getPath7za;
async function getPath7x() {

18
cc-link-lib-no-static.patch Normal file
View File

@ -0,0 +1,18 @@
Do not make cc emit "static" to cargo, that option is broken (rustc tries to repact LTO objects and corrupts them in the process leading to missing symbols).
Make rustc believe everything foreign is a “dylib”. (It's not, but that makes it pass them to intact to GCC to do the linking)
--- vendor/.hak/hakModules/matrix-seshat/vendor/cc/src/lib.rs.orig 2024-05-16 18:44:16.828468243 +0200
+++ vendor/.hak/hakModules/matrix-seshat/vendor/cc/src/lib.rs 2024-05-16 19:04:27.036595422 +0200
@@ -1100,10 +1100,10 @@ impl Build {
}
if self.link_lib_modifiers.is_empty() {
- self.print(&format!("cargo:rustc-link-lib=static={}", lib_name));
+ self.print(&format!("cargo:rustc-link-lib={}", lib_name));
} else {
let m = self.link_lib_modifiers.join(",");
- self.print(&format!("cargo:rustc-link-lib=static:{}={}", m, lib_name));
+ self.print(&format!("cargo:rustc-link-lib:{}={}", m, lib_name));
}
self.print(&format!("cargo:rustc-link-search=native={}", dst.display()));

27
element-desktop.changes
View File

@ -1,3 +1,30 @@
-------------------------------------------------------------------
Thu May 16 19:47:15 UTC 2024 - Bruno Pitrus <brunopitrus@hotmail.com>
- Use bundled sqlcipher to work around symbol collision through mozilla-nss
(gh#sqlcipher/sqlcipher#385)
- Ship app unpacked instead of using asar
- Remove development-only files that should not be shipped (bsc#1224133)
- prepare.sh:
* Ship dependencies as node_modules tree for patching possibility
(yarn offline does not support patching)
* Work around non-reproducible hakModules dependencies
(gh#element-hq/element-desktop#1634) (hak-remove-devdependencies.patch)
* Remove non-free binaries from archive
* Remove vendored openssl copy from archive
* Put everything into one archive
- Use correct CFLAGS and RUSTFLAGS
* add cc-link-lib-no-static.patch
- Fix various build errors with electron-builder
* 7za-path.patch
* remove-fuses.patch
- BuildRequire app-builder instead of using a non-free binary
- Add standard Electron module load %check
- Clean up unneeded BuildRequires
- Drop unused electron-web source copy
- Fix build error on ix86 and arm
- Fix unresolvable build on Fedora
------------------------------------------------------------------- -------------------------------------------------------------------
Tue Apr 23 13:54:23 UTC 2024 - Dominik Heidler <dheidler@suse.de> Tue Apr 23 13:54:23 UTC 2024 - Dominik Heidler <dheidler@suse.de>

2
element-desktop.sh
View File

@ -1,3 +1,3 @@
#!/bin/sh #!/bin/sh
exec electron /usr/share/element/app.asar "$@" exec electron /usr/share/element/app "$@"

238
element-desktop.spec
View File

@ -23,143 +23,217 @@ Summary: A glossy Matrix collaboration client - desktop
License: Apache-2.0 License: Apache-2.0
URL: https://github.com/vector-im/element-desktop URL: https://github.com/vector-im/element-desktop
Source0: https://github.com/vector-im/element-desktop/archive/v%{version}.tar.gz#/element-desktop-%{version}.tar.gz Source0: https://github.com/vector-im/element-desktop/archive/v%{version}.tar.gz#/element-desktop-%{version}.tar.gz
Source1: https://github.com/vector-im/element-web/archive/v%{version}.tar.gz#/element-web-%{version}.tar.gz Source2: vendor.tar.zst
Source2: npm-packages-offline-cache.tar.gz
Source3: io.element.Element.desktop Source3: io.element.Element.desktop
Source4: element-desktop.sh Source4: element-desktop.sh
Source5: prepare.sh Source5: prepare.sh
Source6: hak.tar.gz Patch0: hak-remove-devdependencies.patch
Patch1: 7za-path.patch
Patch2: cc-link-lib-no-static.patch
Patch3: remove-fuses.patch
BuildRequires: element-web = %{version} BuildRequires: element-web = %{version}
BuildRequires: app-builder
BuildRequires: cargo
BuildRequires: fdupes BuildRequires: fdupes
BuildRequires: hicolor-icon-theme BuildRequires: hicolor-icon-theme
BuildRequires: jq BuildRequires: jq
BuildRequires: moreutils
BuildRequires: nodejs-electron-devel BuildRequires: nodejs-electron-devel
BuildRequires: yarn BuildRequires: pkgconfig(openssl)
BuildRequires: rust BuildRequires: zstd
BuildRequires: cargo %if 0%{?fedora}
BuildRequires: python3 BuildRequires: rust-srpm-macros
BuildRequires: sqlcipher-devel %else
BuildRequires: libsecret-devel %if 0%{?suse_version} >= 1550 || 0%{?sle_version} >= 150600
BuildRequires: gcc-c++ BuildRequires: cargo-packaging >= 1.2.0+3
BuildRequires: ccache %else
BuildRequires: zlib-devel BuildRequires: rust-packaging
BuildRequires: asar %endif
Requires: element-web = %{version} BuildRequires: cargo-auditable
Requires: nodejs-electron %endif
%if 0%{?suse_version} <= 1540
BuildRequires: nodejs18 BuildRequires: libsecret-devel
BuildRequires: gcc-c++
Requires: element-web = %{version}
Requires: nodejs-electron%{_isa}
#x86 electron requires SSE2
%ifarch %ix86
ExclusiveArch: i586 i686
BuildArch: i686
%{expand:%%global optflags %(echo "%optflags") -march=pentium4 -mtune=generic}
%{expand:%%global build_rustflags %(echo "%build_rustflags") -C target-cpu=pentium4 -Z tune-cpu=generic}
%endif %endif
# hak*.tar.gz only available for those architectures
ExclusiveArch: x86_64 aarch64
%description %description
A glossy Matrix collaboration client - desktop A glossy Matrix collaboration client - desktop
%prep %prep
%setup -q -a1 -a2 -a6 %setup -q -a2
%autopatch -p1 %autopatch -p1
SYSTEM_ELECTRON_VERSION=$(<%{_libdir}/electron/version)
jq -c '.build["electronVersion"]="'$SYSTEM_ELECTRON_VERSION'" | .build["electronDist"]="%{_libdir}/electron"' < package.json | sponge package.json
jq -c '.build["linux"]["target"]="dir"' < package.json | sponge package.json
cat package.json
jq '.piwik=false | .update_base_url=null' < element.io/release/config.json | sponge element.io/release/config.json
# build tools expect python3 interpreter behind "python" # https://blogs.gnome.org/mcatanzaro/2020/05/18/patching-vendored-rust-dependencies/
mkdir -p $HOME/bin for i in cc libloading libsqlite3-sys openssl-src rustix seshat vcpkg; do
ln -sf /usr/bin/python3 $HOME/bin/python pushd .hak/hakModules/matrix-seshat/vendor/$i
jq -cj '.files={}' .cargo-checksum.json >tmp && mv tmp .cargo-checksum.json && popd
done
jq -cj '.piwik=false | .update_base_url=null' < element.io/release/config.json > tmp && mv -v tmp element.io/release/config.json
%ifarch aarch64
mv -v .hak/matrix-seshat/x86_64-unknown-linux-gnu .hak/matrix-seshat/aarch64-unknown-linux-gnu
mv -v .hak/keytar/x86_64-unknown-linux-gnu .hak/keytar/aarch64-unknown-linux-gnu
%endif
%build %build
echo 'yarn-offline-mirror "./npm-packages-offline-cache"' >> .yarnrc export CFLAGS="%{optflags} -fpic -fno-semantic-interposition -fno-fat-lto-objects -fvisibility=hidden"
echo 'nodedir %{_includedir}/electron' >> .yarnrc export CXXFLAGS="%{optflags} -fpic -fno-semantic-interposition -fno-fat-lto-objects -fvisibility=hidden"
export LDFLAGS="%{?build_ldflags}"
export MAKEFLAGS="%{_smp_mflags}"
export ELECTRON_SKIP_BINARY_DOWNLOAD=1 export ELECTRON_SKIP_BINARY_DOWNLOAD=1
export PLAYWRIGHT_SKIP_BROWSER_DOWNLOAD=1 export PLAYWRIGHT_SKIP_BROWSER_DOWNLOAD=1
export USE_SYSTEM_APP_BUILDER=true
export OPENSSL_NO_VENDOR=1
# The `cc` crate tries to be too clever and passes some default cflags when building sqlcipher.
# Disable these and use only the ones from CFLAGS env. variable
export CRATE_CC_NO_DEFAULTS=1
yarn install --offline --pure-lockfile
export PATH="$(pwd)/node_modules/.bin:${HOME}/bin:${PATH}" %ifarch %ix86
#export ELECTRON_BUILDER_CACHE="$(pwd)/electron-builder-offline-cache/" export RUSTC_BOOTSTRAP=1
%endif
#I want to actually see the build logs for Cargo. Especially the gcc command line for dependent modules.
export RUSTC_LOG='rustc_codegen_ssa::back::link=info'
export RUSTFLAGS="%{build_rustflags} --verbose -Cstrip=none"
export CARGO_TERM_VERBOSE=true
yarn run hak build %electron_rebuild
yarn run hak copyandlink
yarn run build:native
yarn run build:universal
pushd dist/linux-universal-unpacked/resources/ #We do manually the rough equivalent of `hak build` to inject correct optflags
# provide the app.asar.unpacked folder like pre 1.11.54 pushd .hak/hakModules/keytar
mkdir -p app.asar.unpacked/node_modules/keytar/build/Release/ %electron_rebuild
asar ef app.asar .hak/hakModules/keytar/build/Release/keytar.node
mv keytar.node app.asar.unpacked/node_modules/keytar/build/Release/
mkdir -p app.asar.unpacked/node_modules/matrix-seshat/
asar ef app.asar .hak/hakModules/matrix-seshat/index.node
mv index.node app.asar.unpacked/node_modules/matrix-seshat/
# repackage the asar file with the pre 1.11.54 format
asar e app.asar app.asar.repak
cp -av app.asar.repak/.hak/hakModules/* app.asar.repak/node_modules/
asar p app.asar.repak/ app.asar
rm -r app.asar.repak/
popd popd
pushd .hak/hakModules/matrix-seshat
%if 0%{?suse_version}
auditable='auditable -vv'
%endif
cargo -vv $auditable rustc --offline --release --features=bundled-sqlcipher --lib --crate-type cdylib
ln -Tv target/release/*.so index.node
popd
#Compare definition of `build:universal` in package.json
npm run build:ts
npm run build:res
npx --no-install electron-builder --linux dir --universal -c.electronDist=%{_libdir}/electron -c.asar=false -c.nodeGypRebuild=false -c.npmRebuild=false
%install %install
#Remove sources an other files that should not be shipped
pushd dist/linux-universal-unpacked/resources/app
rm -rf node_modules/matrix-seshat/{.cargo,false,src,target,test,vendor,Cargo.lock,Cargo.toml}
find -name '*.c' -type f -print -delete
find -name '*.cc' -type f -print -delete
find -name '*.cpp' -type f -print -delete
find -name '*.h' -type f -print -delete
find -name '*.m' -type f -print -delete
find -name '*.map' -type f -print -delete
find -name '*.ts' -type f -print -delete
find -name '*.tsx' -type f -print -delete
find -name '*.gyp' -type f -print -delete
find -name '*.gypi' -type f -print -delete
find -name '*.mk' -type f -print -delete
find -name '*.Makefile' -type f -print -delete
find -name '.eslint*' -type f -print -delete
find -name .editorconfig -type f -print -delete
find -name .nvmrc -type f -print -delete
find -name .nycrc -type f -print -delete
find -name Makefile -type f -print -delete
find -name '.jscs*' -type f -print -delete
find -name obj.target -print0 |xargs -r0 -- rm -rvf --
find -name '*.d' -type f -print -delete
#Documentation
find -name '*.md' -type f -print -delete
find -name '*.markdown' -type f -print -delete
find -name '*.bnf' -type f -print -delete
find -name '*.mli' -type f -print -delete
find -name CHANGES -type f -print -delete
find -name TODO -type f -print -delete
find -name usage.txt -type f -print -delete
# Remove empty directories
find . -type d -empty -print -delete
# fix file mode
find . -type f -exec chmod 0644 {} \;
find . -name '*.node' -exec chmod 0755 {} \;
popd
# Install the app content, replace the webapp with a symlink to the system package # Install the app content, replace the webapp with a symlink to the system package
install -d -m 0755 "%{buildroot}%{_datadir}/element/" install -vd -m 0755 "%{buildroot}%{_datadir}/element/"
cp -av dist/linux-universal-unpacked/resources/* "%{buildroot}%{_datadir}/element/" cp -lrv dist/linux-universal-unpacked/resources/* -t "%{buildroot}%{_datadir}/element/"
ln -s %{_datadir}/webapps/element "%{buildroot}%{_datadir}/element/webapp" ln -vs %{_datadir}/webapps/element "%{buildroot}%{_datadir}/element/webapp"
# Install binaries to /usr/lib # Install binaries to /usr/lib
install -d -m 0755 "%{buildroot}%{_prefix}/lib/element/" install -vd -m 0755 "%{buildroot}%{_prefix}/lib/element/"
install -m0755 dist/linux-universal-unpacked/resources/app.asar.unpacked/node_modules/keytar/build/Release/keytar.node "%{buildroot}%{_prefix}/lib/element/keytar.node" install -pvm0755 dist/linux-universal-unpacked/resources/app/node_modules/keytar/build/Release/keytar.node "%{buildroot}%{_prefix}/lib/element/keytar.node"
install -m0755 dist/linux-universal-unpacked/resources/app.asar.unpacked/node_modules/matrix-seshat/index.node "%{buildroot}%{_prefix}/lib/element/matrix-seshat.node" install -pvm0755 dist/linux-universal-unpacked/resources/app/node_modules/matrix-seshat/index.node "%{buildroot}%{_prefix}/lib/element/matrix-seshat.node"
ln -sfv "%{_prefix}/lib/element/keytar.node" "%{buildroot}%{_datadir}/element/app.asar.unpacked/node_modules/keytar/build/Release/keytar.node" ln -sfv "%{_prefix}/lib/element/keytar.node" "%{buildroot}%{_datadir}/element/app/node_modules/keytar/build/Release/keytar.node"
ln -sfv "%{_prefix}/lib/element/matrix-seshat.node" "%{buildroot}%{_datadir}/element/app.asar.unpacked/node_modules/matrix-seshat/index.node" ln -sfv "%{_prefix}/lib/element/matrix-seshat.node" "%{buildroot}%{_datadir}/element/app/node_modules/matrix-seshat/index.node"
# Config file # Config file
install -m 0755 -d %{buildroot}%{_sysconfdir}/element install -vm 0755 -d %{buildroot}%{_sysconfdir}/element
install -m 0644 element.io/release/config.json "%{buildroot}%{_sysconfdir}/element/config.json" install -pvm 0644 element.io/release/config.json "%{buildroot}%{_sysconfdir}/element/config.json"
install -m 0755 -d %{buildroot}%{_sysconfdir}/webapps/element install -pvm 0755 -d %{buildroot}%{_sysconfdir}/webapps/element
ln -s %{_sysconfdir}/element/config.json "%{buildroot}%{_sysconfdir}/webapps/element/config.json" ln -vs %{_sysconfdir}/element/config.json "%{buildroot}%{_sysconfdir}/webapps/element/config.json"
install -d -m 0755 "%{buildroot}%{_datadir}/webapps/element/" install -vd -m 0755 "%{buildroot}%{_datadir}/webapps/element/"
ln -s %{_sysconfdir}/element/config.json "%{buildroot}%{_datadir}/webapps/element/config.json" # moved here from element-web to make symlink check happy ln -vs %{_sysconfdir}/element/config.json "%{buildroot}%{_datadir}/webapps/element/config.json" # moved here from element-web to make symlink check happy
# Required extras # Required extras
install -d -m 0755 "%{buildroot}%{_datadir}/applications/" install -vd -m 0755 "%{buildroot}%{_datadir}/applications/"
install -m 0644 %{SOURCE3} "%{buildroot}%{_datadir}/applications/io.element.Element.desktop" install -pvm 0644 %{SOURCE3} "%{buildroot}%{_datadir}/applications/io.element.Element.desktop"
install -d -m 0755 "%{buildroot}%{_bindir}/" install -vd -m 0755 "%{buildroot}%{_bindir}/"
install -m 0755 %{SOURCE4} "%{buildroot}%{_bindir}/%{name}" install -pvm 0755 %{SOURCE4} "%{buildroot}%{_bindir}/%{name}"
# Icons # Icons
install -d -m 0755 "%{buildroot}%{_datadir}/icons/hicolor/scalable/apps/" install -vd -m 0755 "%{buildroot}%{_datadir}/icons/hicolor/scalable/apps/"
install -m 0644 element-web-%{version}/res/themes/element/img/logos/element-logo.svg "%{buildroot}%{_datadir}/icons/hicolor/scalable/apps/io.element.Element.svg"
for i in 16 24 48 64 96 128 256 512; do for i in 16 24 48 64 96 128 256 512; do
install -d -m 0755 "%{buildroot}%{_datadir}/icons/hicolor/${i}x${i}/apps/" install -vd -m 0755 "%{buildroot}%{_datadir}/icons/hicolor/${i}x${i}/apps/"
install -m 0644 build/icons/${i}x${i}.png "%{buildroot}%{_datadir}/icons/hicolor/${i}x${i}/apps/io.element.Element.png" install -pvm 0644 build/icons/${i}x${i}.png "%{buildroot}%{_datadir}/icons/hicolor/${i}x${i}/apps/io.element.Element.png"
done done
%fdupes %{buildroot}%{_datadir} %fdupes %{buildroot}%{_datadir}
%check
%electron_check_native
%files %files
%license LICENSE %license LICENSE
%{_bindir}/%{name} %{_bindir}/%{name}
%{_datadir}/element/
%dir %{_datadir}/element/
%{_datadir}/element/webapp
%{_datadir}/element/app-update.yml
%dir %{_datadir}/element/app
%{_datadir}/element/app/lib
%{_datadir}/element/app/node_modules
%{_datadir}/element/app/package.json
%dir %{_datadir}/element/img
%{_datadir}/element/img/element.ico
%{_datadir}/element/img/element.png
%{_prefix}/lib/element/ %{_prefix}/lib/element/
%config(noreplace) %{_sysconfdir}/element/config.json %config(noreplace) %{_sysconfdir}/element/config.json
%{_sysconfdir}/webapps/element/config.json %{_sysconfdir}/webapps/element/config.json
%{_datadir}/webapps/element/config.json %{_datadir}/webapps/element/config.json
%dir %{_sysconfdir}/element/ %dir %{_sysconfdir}/element/
%{_datadir}/applications/io.element.Element.desktop %{_datadir}/applications/io.element.Element.desktop
%{_datadir}/icons/hicolor/scalable/apps/io.element.Element.svg
%{_datadir}/icons/hicolor/*/apps/io.element.Element.png %{_datadir}/icons/hicolor/*/apps/io.element.Element.png
%changelog %changelog

3
element-web-1.11.65.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:7e4fbe8f1e4091efb7c45d5c42730fc0ed97036a8dea7fbc7a2e0c5d6d554d40
size 2384721

29
hak-remove-devdependencies.patch Normal file
View File

@ -0,0 +1,29 @@
hak fetch tries to download devDependencies for two modules. Unfortunately it does so in a very non-deterministic manner (no shrinkwrap file)
Remove that step since the devDependencies are not actually needed for any of these two modules.
--- element-desktop-1.11.65/scripts/hak/fetch.ts.orig 2024-04-23 15:14:00.000000000 +0200
+++ element-desktop-1.11.65/scripts/hak/fetch.ts 2024-05-15 19:40:21.779432272 +0200
@@ -35,23 +35,6 @@ export default async function fetch(hakE
console.log("Fetching " + moduleInfo.name + "@" + moduleInfo.version);
const packumentCache = new Map();
- await pacote.extract(`${moduleInfo.name}@${moduleInfo.version}`, moduleInfo.moduleBuildDir, {
- packumentCache,
- });
-
- console.log("Running yarn install in " + moduleInfo.moduleBuildDir);
- await new Promise<void>((resolve, reject) => {
- const proc = childProcess.spawn(hakEnv.isWin() ? "yarn.cmd" : "yarn", ["install", "--ignore-scripts"], {
- stdio: "inherit",
- cwd: moduleInfo.moduleBuildDir,
- // We need shell mode on Windows to be able to launch `.cmd` executables
- // See https://nodejs.org/en/blog/vulnerability/april-2024-security-releases-2
- shell: hakEnv.isWin(),
- });
- proc.on("exit", (code) => {
- code ? reject(code) : resolve();
- });
- });
// also extract another copy to the output directory at this point
// nb. we do not yarn install in the output copy: we could install in

3
hak.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:9266775907df3e6b82c2183b997f27cd81a28d2353496778bc6151fbb5eb47dc
size 130652001

3
npm-packages-offline-cache.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:4236876eeff2aacc1fa694a730e17268a93e1ec74066796b74e022d61835d271
size 147561699

101
prepare.sh
View File

@ -2,75 +2,98 @@
set -ex set -ex
version=$1 version=$1
sed -i -e "s/^\(Version: *\)[^ ]*$/\1${version}/" element-desktop.spec sed -i -e "s/^\(Version: *\)[^ ]*$/\1${version}/" element-desktop.spec
oldwd="$(pwd)" oldwd="$(pwd)"
tmpdir="$(mktemp -d)" tmpdir="$(mktemp -d)"
#zypper install yarn cargo gcc-c++ sqlcipher-devel libsecret-devel
#zypper install findutils file yarn cargo cargo-vendor-filterer moreutils jq
version=$(grep "Version:" element-desktop.spec | awk '{print $2}') version=$(grep "Version:" element-desktop.spec | awk '{print $2}')
osc rm -f element-web-*.tar.gz ||: osc rm -f element-web-*.tar.gz ||:
osc rm -f element-desktop-*.tar.gz ||: osc rm -f element-desktop-*.tar.gz ||:
wget -c https://github.com/vector-im/element-desktop/archive/v${version}.tar.gz -O element-desktop-${version}.tar.gz wget -c https://github.com/vector-im/element-desktop/archive/v${version}.tar.gz -O element-desktop-${version}.tar.gz
wget -c https://github.com/vector-im/element-web/archive/v${version}.tar.gz -O element-web-${version}.tar.gz
osc add -f element-web-*.tar.gz
osc add -f element-desktop-*.tar.gz osc add -f element-desktop-*.tar.gz
cp element-desktop.spec "$tmpdir/" cp element-desktop.spec "$tmpdir/"
cd "$tmpdir" cd "$tmpdir"
rm -rf "element-desktop-${version}" #dziobian: yarn has completely broken caching policy which first compiles the module and then caches the result.
wget -c https://github.com/vector-im/element-desktop/archive/v${version}.tar.gz -O element-desktop-${version}.tar.gz #additionally, --ignore-scripts seems to be evaluated during caching, and not during install to node_modules.
tar xzvf element-desktop-${version}.tar.gz #Mitigate this by resetting ~ to an empty directory
mkdir -pv "$tmpdir/home"
export HOME="$tmpdir/home"
tar -xzvvf "${oldwd}/element-desktop-${version}.tar.gz"
cd element-desktop-${version} cd element-desktop-${version}
last_packaged_version=$(osc cat devel:languages:nodejs/element-desktop/element-desktop.spec | grep "^Version:" | awk '{print $NF}') #These patches change results of things we want to execute below
patch -p1 --verbose < "${oldwd}/hak-remove-devdependencies.patch"
last_packaged_version=$(<"${oldwd}/element-desktop.spec" grep "^Version:" | awk '{print $NF}')
changes=$(grep "^Changes in \[$last_packaged_version\]" -B10000 CHANGELOG.md | head -n -2 | sed -e '/^==*$/d' -e 's/Changes in \[\([^\[]*\)\].*/Version \1/' -e 's/^\([^-].*\)$/ \1/' -e 's/\[.*\](\(.*\))/\1/g' -e 's/^ *Version /Version /g') changes=$(grep "^Changes in \[$last_packaged_version\]" -B10000 CHANGELOG.md | head -n -2 | sed -e '/^==*$/d' -e 's/Changes in \[\([^\[]*\)\].*/Version \1/' -e 's/^\([^-].*\)$/ \1/' -e 's/\[.*\](\(.*\))/\1/g' -e 's/^ *Version /Version /g')
echo 'yarn-offline-mirror "./npm-packages-offline-cache"' > .yarnrc # This will vendor the packages but not execute any build scripts (but see caveat about caching above)
yarn cache clean yarn install --frozen-lockfile --ignore-engines --ignore-platform --ignore-scripts --link-duplicates
rm -rf node_modules/
yarn install --pure-lockfile || : # this will download tha packages into the offline cache
export PATH="$PATH:node_modules/.bin" export PATH="$PATH:node_modules/.bin"
yarn run hak check
#hak does not have version pinning, which is terrible.
#Therefore we manually pin the minimum versions specified in package.json
jq '.hakDependencies[]|= sub("^\\^";"";"i")' <package.json > package.json.new
diff --color=always -bup package.json{,.new} || true
mv package.json{.new,}
yarn run hak fetch yarn run hak fetch
# prefetch cargo crates # prefetch cargo crates
pushd .hak/matrix-seshat/x86_64-unknown-linux-gnu/build pushd .hak/hakModules/matrix-seshat
cargo vendor mkdir -pv .cargo
mkdir -p .cargo cargo vendor-filterer --platform='*-unknown-linux-gnu' --platform='*-unknown-linux-gnueabihf' --all-features=true > .cargo/config
cat > .cargo/config.toml <<EOF #remove vendored libraries
[source.crates-io] rm -rvf vendor/openssl-src/openssl
replace-with = "vendored-sources"
[source.vendored-sources]
directory = "vendor"
EOF
popd popd
patch -p0 <<EOF #fetch node-addon-api for keytar. Unfortunately there is no package lock, therefore we use lowest supported version (for reproducility)
--- .hak/keytar/x86_64-unknown-linux-gnu/build/node_modules/node-gyp/gyp/pylib/gyp/input.py 2023-06-15 12:09:05.127000000 +0200 #we need to install it manuall in a separate directory wiithout a package.json. good that node-addon-api has no dependencies.
+++ .hak/keytar/x86_64-unknown-linux-gnu/build/node_modules/node-gyp/gyp/pylib/gyp/input.py 2023-06-15 13:34:18.969088855 +0200 pushd .hak/hakModules/keytar
@@ -1190,7 +1190,7 @@ naa_version=$(jq -cj '.dependencies["node-addon-api"]' <package.json | sed 's/^\^//')
else: mkdir -pv "$tmpdir/naa"
ast_code = compile(cond_expr_expanded, "<string>", "eval") pushd "$tmpdir/naa"
cached_conditions_asts[cond_expr_expanded] = ast_code npm install --verbose --ignore-scripts --no-save node-addon-api@"${naa_version}"
- env = {"__builtins__": {}, "v": StrictVersion} popd
+ env = {"__builtins__": {"openssl_fips": ""}, "v": StrictVersion} mv -v "$tmpdir/naa/node_modules" -t .
if eval(ast_code, env, variables): popd
return true_dict
return false_dict #Remove non-free binaries, starting with a few common file extensions
EOF find . -name '*.node' -print -delete
find . -name '*.jar' -print -delete
find . -name '*.dll' -print -delete
find . -name '*.exe' -print -delete
find . -name '*.dylib' -print -delete
find . -name '*.so' -print -delete
find . -name '*.o' -print -delete
find . -name '*.a' -print -delete
find . -name '*.wasm' -print -delete
#now detect the rest. This should catch all ELFs that may be executed. We use sponge to avoid a race condition between find and rm
find . -type f| sponge |\
xargs -P"$(nproc)" -- sh -c 'file -S "$@" | grep -v '\'': .*script'\'' | grep '\'': .*executable'\'' | tee /dev/stderr | sed '\''s/: .*//'\'' | xargs rm -fv'
rm -f "${oldwd}/vendor.tar.zst"
ZSTD_CLEVEL=19 ZSTD_NBTHREADS=$(nproc) tar --zstd --sort=name -vvScf "${oldwd}/vendor.tar.zst" .hak node_modules
tar czf npm-packages-offline-cache.tar.gz ./npm-packages-offline-cache
tar czf hak.tar.gz ./.hak
cp -v npm-packages-offline-cache.tar.gz hak.tar.gz "$oldwd/"
cd "$oldwd" cd "$oldwd"
echo rm -rf "$tmpdir" echo rm -rf "$tmpdir"
echo -e "\n\nDONE creating npm dependency offline cache file 'npm-packages-offline-cache.tar.gz'" echo -e "\n\nDONE creating npm offline dependencies archive 'vendor.tar.zst'"
read -p "Write changes?" read -p "Write changes?"

35
remove-fuses.patch Normal file
View File

@ -0,0 +1,35 @@
It is impossible to monkeypatch a shared copy of Electron, and in current versions of the nodejs-electron package
we intentionally fail the build of any app which tries to do this to alert the packager.
One problematic fuse which may break user data compatibility with upstream binaries is cookie encryption.
If a user runs an app with fused electron and then with unfused one, their cookies will get deleted.
OBSERVATION(dziobian):
Element creates a cookies sqlite database on startup but seems to never write anything to it.
Deleting the database manually seemed to have no effect.
--- element-desktop-1.11.65/electron-builder.ts.orig 2024-04-23 15:14:00.000000000 +0200
+++ element-desktop-1.11.65/electron-builder.ts 2024-05-16 18:51:14.513871208 +0200
@@ -75,22 +75,6 @@ const config: Writable<Configuration> =
const electronBinaryPath = path.join(context.appOutDir, `${executableName}${ext}`);
console.log(`Flipping fuses for: ${electronBinaryPath}`);
- await flipFuses(electronBinaryPath, {
- version: FuseVersion.V1,
- resetAdHocDarwinSignature: context.electronPlatformName === "darwin" && context.arch === Arch.universal,
-
- [FuseV1Options.EnableCookieEncryption]: true,
- [FuseV1Options.OnlyLoadAppFromAsar]: true,
-
- [FuseV1Options.RunAsNode]: false,
- [FuseV1Options.EnableNodeOptionsEnvironmentVariable]: false,
- [FuseV1Options.EnableNodeCliInspectArguments]: false,
-
- // Mac app crashes on arm for us when `LoadBrowserProcessSpecificV8Snapshot` is enabled
- [FuseV1Options.LoadBrowserProcessSpecificV8Snapshot]: false,
- // https://github.com/electron/fuses/issues/7
- [FuseV1Options.EnableEmbeddedAsarIntegrityValidation]: false,
- });
}
},
files: [

3
vendor.tar.zst Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:8e6ce200a3d75ebecfdf1ba91b735e8959100d9d4ce96da7e4acd61cc2c95410
size 37766553