- Version 1.11.85

# Security
- Fixes for https://github.com/element-hq/element-web/security/advisories/GHSA-w36j-v56h-q9pc
- Fixes for https://github.com/element-hq/element-web/security/advisories/GHSA-5486-384g-mcx2
- Update JS SDK with the fixes for https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-xvg8-m4x3-w6xr
Version 1.11.84
  ## ✨ Features
  * Remove abandoned MSC3886, MSC3903, MSC3906 implementations (https://github.com/element-hq/element-web/pull/28274). Contributed by @t3chguy.
  * Update to React 18 (https://github.com/element-hq/element-web/pull/24763). Contributed by @t3chguy.
  * Deduplicate icons using Compound (https://github.com/element-hq/element-web/pull/28239). Contributed by @t3chguy.
  * Replace legacy Tooltips with Compound tooltips (https://github.com/element-hq/element-web/pull/28231). Contributed by @t3chguy.
  * Deduplicate icons using Compound Design Tokens (https://github.com/element-hq/element-web/pull/28219). Contributed by @t3chguy.
  * Add reactions to html export (https://github.com/element-hq/element-web/pull/28210). Contributed by @langleyd.
  * Remove feature\_dehydration (https://github.com/element-hq/element-web/pull/28173). Contributed by @florianduros.
  ## 🐛 Bug Fixes
  * Remove upgrade encryption in `DeviceListener` and `SetupEncryptionToast` (https://github.com/element-hq/element-web/pull/28299). Contributed by @florianduros.
  * Fix 'remove alias' button in room settings (https://github.com/element-hq/element-web/pull/28269). Contributed by @Dev-Gurjar.
  * Add back unencrypted path in `StopGapWidgetDriver.sendToDevice` (https://github.com/element-hq/element-web/pull/28295). Contributed by @florianduros.
  * Fix other devices not being decorated as such (https://github.com/element-hq/element-web/pull/28279). Contributed by @t3chguy.
  * Fix pill contrast in invitation dialog (https://github.com/element-hq/element-web/pull/28250). Contributed by @florianduros.
  * Close right panel chat when minimising maximised voip widget (https://github.com/element-hq/element-web/pull/28241). Contributed by @t3chguy.
  * Fix develop changelog parsing (https://github.com/element-hq/element-web/pull/28232). Contributed by @t3chguy.
  * Fix Ctrl+F shortcut not working with minimised room summary card (https://github.com/element-hq/element-web/pull/28223). Contributed by @t3chguy.
  * Fix network dropdown missing checkbox \& aria-checked (https://github.com/element-hq/element-web/pull/28220). Contributed by @t3chguy.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/element-desktop?expand=0&rev=86

.gitattributes

@@ -0,0 +1,23 @@
+## Default LFS
+*.7z filter=lfs diff=lfs merge=lfs -text
+*.bsp filter=lfs diff=lfs merge=lfs -text
+*.bz2 filter=lfs diff=lfs merge=lfs -text
+*.gem filter=lfs diff=lfs merge=lfs -text
+*.gz filter=lfs diff=lfs merge=lfs -text
+*.jar filter=lfs diff=lfs merge=lfs -text
+*.lz filter=lfs diff=lfs merge=lfs -text
+*.lzma filter=lfs diff=lfs merge=lfs -text
+*.obscpio filter=lfs diff=lfs merge=lfs -text
+*.oxt filter=lfs diff=lfs merge=lfs -text
+*.pdf filter=lfs diff=lfs merge=lfs -text
+*.png filter=lfs diff=lfs merge=lfs -text
+*.rpm filter=lfs diff=lfs merge=lfs -text
+*.tbz filter=lfs diff=lfs merge=lfs -text
+*.tbz2 filter=lfs diff=lfs merge=lfs -text
+*.tgz filter=lfs diff=lfs merge=lfs -text
+*.ttf filter=lfs diff=lfs merge=lfs -text
+*.txz filter=lfs diff=lfs merge=lfs -text
+*.whl filter=lfs diff=lfs merge=lfs -text
+*.xz filter=lfs diff=lfs merge=lfs -text
+*.zip filter=lfs diff=lfs merge=lfs -text
+*.zst filter=lfs diff=lfs merge=lfs -text

.gitignore

@@ -0,0 +1 @@
+.osc

7za-path.patch

@@ -0,0 +1,14 @@
+7-zip is not actually used during build
+
+--- vendor/node_modules/builder-util/out/7za.js.orig	2024-05-15 21:11:29.747999000 +0200
++++ vendor/node_modules/builder-util/out/7za.js	2024-05-15 23:22:09.712045854 +0200
+@@ -4,8 +4,7 @@ exports.getPath7x = exports.getPath7za =
+ const _7zip_bin_1 = require("7zip-bin");
+ const fs_extra_1 = require("fs-extra");
+ async function getPath7za() {
+-    await (0, fs_extra_1.chmod)(_7zip_bin_1.path7za, 0o755);
+-    return _7zip_bin_1.path7za;
++    return '/bin/false'
+ }
+ exports.getPath7za = getPath7za;
+ async function getPath7x() {

cc-link-lib-no-static.patch

@@ -0,0 +1,18 @@
+Do not make cc emit "static" to cargo, that option is broken (rustc tries to repact LTO objects and corrupts them in the process leading to missing symbols).
+Make rustc believe everything foreign is a “dylib”. (It's not, but that makes it pass them to intact to GCC to do the linking)
+
+--- vendor/.hak/hakModules/matrix-seshat/vendor/cc/src/lib.rs.orig	2024-05-16 18:44:16.828468243 +0200
++++ vendor/.hak/hakModules/matrix-seshat/vendor/cc/src/lib.rs	2024-05-16 19:04:27.036595422 +0200
+@@ -1100,10 +1100,10 @@ impl Build {
+         }
+ 
+         if self.link_lib_modifiers.is_empty() {
+-            self.print(&format!("cargo:rustc-link-lib=static={}", lib_name));
++            self.print(&format!("cargo:rustc-link-lib={}", lib_name));
+         } else {
+             let m = self.link_lib_modifiers.join(",");
+-            self.print(&format!("cargo:rustc-link-lib=static:{}={}", m, lib_name));
++            self.print(&format!("cargo:rustc-link-lib:{}={}", m, lib_name));
+         }
+         self.print(&format!("cargo:rustc-link-search=native={}", dst.display()));
+ 

element-desktop-1.11.71.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:3b196f6f02a122a08046920ec51944c954aaf91f5f931624a99b042558781ac6
+size 3213199

element-desktop-1.11.75.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:37d5a0b4a5ff87fc06385352348601abdd9d3a0bbf31a91e3a47754bf08778a8
+size 3209951

element-desktop-1.11.76.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:95877c1907ffc50d41ed4721b4ef27a67a3bde41c0c0def16e85d0a1e2ed525a
+size 3210451

element-desktop-1.11.77.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:dda715fd1dc5ed289673908109804e8796a9e43131b120d400920f7e12b21a0d
+size 3210592

element-desktop-1.11.79.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:d73cb303ede989505eda022e59e20cfe672a31b636a34a51350c941e2bbabe29
+size 3210950

element-desktop-1.11.80.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:6c737e95ce34ef07f5c69f82b86234daa79a1b26caa662d327fdde81ceb0117e
+size 3228540

element-desktop-1.11.81.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:762463f507e042cf4c3ac01d58e6d7c575cbb160f74c46a264a2246dc8a672e9
+size 3228812

element-desktop-1.11.83.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:be20c6cdf5b77bd9ee49bc202611a3e13deed31522e7cf956635ae13112008de
+size 3240812

element-desktop-1.11.85.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:9ecf6b4c6594d141953e6b8cd740dfb2cb405b8f61e27c9cae9f0fce1672ec19
+size 3110056

element-desktop.sh

@@ -0,0 +1,3 @@
+#!/bin/sh
+
+exec electron /usr/share/element/app "$@"

element-desktop.spec

@@ -0,0 +1,238 @@
+#
+# spec file for package element-desktop
+#
+# Copyright (c) 2023 SUSE LLC
+#
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
+#
+
+
+Name:           element-desktop
+Version:        1.11.85
+Release:        0
+Summary:        A glossy Matrix collaboration client - desktop
+License:        AGPL-3.0-only or GPL-3.0-only
+URL:            https://github.com/vector-im/element-desktop
+Source0:        https://github.com/vector-im/element-desktop/archive/v%{version}.tar.gz#/element-desktop-%{version}.tar.gz
+Source2:        vendor.tar.zst
+Source3:        io.element.Element.desktop
+Source4:        element-desktop.sh
+Source5:        prepare.sh
+Patch0:         hak-remove-devdependencies.patch
+Patch1:         7za-path.patch
+Patch2:         cc-link-lib-no-static.patch
+Patch3:         remove-fuses.patch
+Patch4:         no-walrus-operator.patch
+BuildRequires:  element-web = %{version}
+BuildRequires:  app-builder
+BuildRequires:  cargo
+BuildRequires:  fdupes
+BuildRequires:  hicolor-icon-theme
+BuildRequires:  jq
+BuildRequires:  nodejs-electron-devel
+BuildRequires:  pkgconfig(openssl)
+BuildRequires:  zstd
+%if 0%{?fedora}
+BuildRequires:  rust-srpm-macros
+%else
+BuildRequires:  cargo-packaging >= 1.2.0+3
+BuildRequires:  cargo-auditable
+%endif
+
+BuildRequires:  libsecret-devel
+BuildRequires:  gcc-c++
+Requires:       element-web = %{version}
+Requires:       nodejs-electron%{_isa}
+
+#x86 electron requires SSE2
+%ifarch %ix86
+ExclusiveArch:  i586 i686
+BuildArch:      i686
+%{expand:%%global optflags %(echo "%optflags") -march=pentium4 -mtune=generic}
+%{expand:%%global build_rustflags %(echo "%build_rustflags") -C target-cpu=pentium4 -Z tune-cpu=generic}
+%endif
+
+
+%description
+A glossy Matrix collaboration client - desktop
+
+%prep
+%setup -q -a2
+%autopatch -p1
+
+# https://blogs.gnome.org/mcatanzaro/2020/05/18/patching-vendored-rust-dependencies/
+for i in cc libloading libsqlite3-sys openssl-src rustix seshat vcpkg; do
+pushd .hak/hakModules/matrix-seshat/vendor/$i
+jq -cj '.files={}' .cargo-checksum.json >tmp && mv tmp .cargo-checksum.json && popd
+done
+
+
+jq -cj '.piwik=false | .update_base_url=null' < element.io/release/config.json > tmp && mv -v tmp element.io/release/config.json
+
+
+%build
+export CFLAGS="%{optflags} -fpic -fno-semantic-interposition -fno-fat-lto-objects -fvisibility=hidden"
+export CXXFLAGS="%{optflags} -fpic -fno-semantic-interposition -fno-fat-lto-objects -fvisibility=hidden"
+export LDFLAGS="%{?build_ldflags}"
+export MAKEFLAGS="%{_smp_mflags}"
+export ELECTRON_SKIP_BINARY_DOWNLOAD=1
+export PLAYWRIGHT_SKIP_BROWSER_DOWNLOAD=1
+export USE_SYSTEM_APP_BUILDER=true
+export OPENSSL_NO_VENDOR=1
+# The `cc` crate tries to be too clever and passes some default cflags when building sqlcipher.
+# Disable these and use only the ones from CFLAGS env. variable
+export CRATE_CC_NO_DEFAULTS=1
+
+
+%ifarch %ix86
+export RUSTC_BOOTSTRAP=1
+%endif
+#I want to actually see the build logs for Cargo. Especially the gcc command line for dependent modules.
+export RUSTC_LOG='rustc_codegen_ssa::back::link=info'
+export RUSTFLAGS="%{build_rustflags} --verbose -Cstrip=none"
+export CARGO_TERM_VERBOSE=true
+
+%electron_rebuild
+
+
+#We do manually the rough equivalent of `hak build` to inject correct optflags
+pushd .hak/hakModules/keytar
+%electron_rebuild
+popd
+
+pushd .hak/hakModules/matrix-seshat
+%if 0%{?suse_version}
+auditable='auditable -vv'
+%endif
+cargo -vv $auditable rustc --offline --release --features=bundled-sqlcipher --lib --crate-type cdylib
+ln -Tv target/release/*.so index.node
+popd
+
+
+#Compare definition of `build:universal` in package.json
+npm run build:ts
+npm run build:res
+npx --no-install electron-builder --linux dir --universal -c.electronDist=%{_libdir}/electron -c.asar=false -c.nodeGypRebuild=false -c.npmRebuild=false
+
+
+
+
+%install
+#Remove sources an other files that should not be shipped
+pushd dist/linux-universal-unpacked/resources/app
+rm -rf node_modules/matrix-seshat/{.cargo,false,src,target,test,vendor,Cargo.lock,Cargo.toml}
+find -name '*.c' -type f -print -delete
+find -name '*.cc' -type f -print -delete
+find -name '*.cpp' -type f -print -delete
+find -name '*.h' -type f -print -delete
+find -name '*.m' -type f -print -delete
+find -name '*.map' -type f -print -delete
+find -name '*.ts' -type f -print -delete
+find -name '*.tsx' -type f -print -delete
+find -name '*.gyp' -type f -print -delete
+find -name '*.gypi' -type f -print -delete
+find -name '*.mk' -type f -print -delete
+find -name '*.Makefile' -type f -print -delete
+find -name '.eslint*' -type f -print -delete
+find -name .editorconfig -type f -print -delete
+find -name .nvmrc -type f -print -delete
+find -name .nycrc -type f -print -delete
+find -name Makefile -type f -print -delete
+find -name '.jscs*' -type f -print -delete
+find -name obj.target -print0 |xargs -r0 -- rm -rvf --
+find -name '*.d' -type f -print -delete
+
+#Documentation
+find -name '*.md' -type f -print -delete
+find -name '*.markdown' -type f -print -delete
+find -name '*.bnf' -type f -print -delete
+find -name '*.mli' -type f -print -delete
+find -name CHANGES -type f -print -delete
+find -name TODO -type f -print -delete
+find -name usage.txt -type f -print -delete
+
+# Remove empty directories
+find . -type d -empty -print -delete
+
+# fix file mode
+find . -type f -exec chmod 0644 {} \;
+find . -name '*.node' -exec chmod 0755 {} \;
+popd
+
+
+
+# Install the app content, replace the webapp with a symlink to the system package
+install -vd -m 0755 "%{buildroot}%{_datadir}/element/"
+cp -lrv dist/linux-universal-unpacked/resources/* -t "%{buildroot}%{_datadir}/element/"
+ln -vs %{_datadir}/webapps/element "%{buildroot}%{_datadir}/element/webapp"
+
+# Install binaries to /usr/lib
+install -vd -m 0755 "%{buildroot}%{_prefix}/lib/element/"
+install -pvm0755 dist/linux-universal-unpacked/resources/app/node_modules/keytar/build/Release/keytar.node "%{buildroot}%{_prefix}/lib/element/keytar.node"
+install -pvm0755 dist/linux-universal-unpacked/resources/app/node_modules/matrix-seshat/index.node "%{buildroot}%{_prefix}/lib/element/matrix-seshat.node"
+ln -sfv "%{_prefix}/lib/element/keytar.node" "%{buildroot}%{_datadir}/element/app/node_modules/keytar/build/Release/keytar.node"
+ln -sfv "%{_prefix}/lib/element/matrix-seshat.node" "%{buildroot}%{_datadir}/element/app/node_modules/matrix-seshat/index.node"
+
+# Config file
+install -vm 0755 -d %{buildroot}%{_sysconfdir}/element
+install -pvm 0644 element.io/release/config.json "%{buildroot}%{_sysconfdir}/element/config.json"
+
+install -pvm 0755 -d %{buildroot}%{_sysconfdir}/webapps/element
+ln -vs %{_sysconfdir}/element/config.json "%{buildroot}%{_sysconfdir}/webapps/element/config.json"
+
+install -vd -m 0755 "%{buildroot}%{_datadir}/webapps/element/"
+ln -vs %{_sysconfdir}/element/config.json "%{buildroot}%{_datadir}/webapps/element/config.json" # moved here from element-web to make symlink check happy
+
+# Required extras
+install -vd -m 0755 "%{buildroot}%{_datadir}/applications/"
+install -pvm 0644 %{SOURCE3} "%{buildroot}%{_datadir}/applications/io.element.Element.desktop"
+install -vd -m 0755 "%{buildroot}%{_bindir}/"
+install -pvm 0755 %{SOURCE4} "%{buildroot}%{_bindir}/%{name}"
+
+# Icons
+install -vd -m 0755 "%{buildroot}%{_datadir}/icons/hicolor/scalable/apps/"
+for i in 16 24 48 64 96 128 256 512; do
+	install -vd -m 0755 "%{buildroot}%{_datadir}/icons/hicolor/${i}x${i}/apps/"
+	install -pvm 0644 build/icons/${i}x${i}.png "%{buildroot}%{_datadir}/icons/hicolor/${i}x${i}/apps/io.element.Element.png"
+done
+
+# Prevent error msg on element start
+ln -vs de_DE.json "%{buildroot}%{_datadir}/element/app/lib/i18n/strings/de.json"
+
+%fdupes %{buildroot}%{_datadir}
+
+%check
+%electron_check_native
+
+%files
+%license LICENSE-AGPL-3.0 LICENSE-GPL-3.0
+%{_bindir}/%{name}
+
+%dir %{_datadir}/element/
+%{_datadir}/element/webapp
+%{_datadir}/element/app-update.yml
+%dir %{_datadir}/element/app
+%{_datadir}/element/app/lib
+%{_datadir}/element/app/node_modules
+%{_datadir}/element/app/package.json
+%dir %{_datadir}/element/img
+%{_datadir}/element/img/*
+
+%{_prefix}/lib/element/
+%config(noreplace) %{_sysconfdir}/element/config.json
+%{_sysconfdir}/webapps/element/config.json
+%{_datadir}/webapps/element/config.json
+%dir %{_sysconfdir}/element/
+%{_datadir}/applications/io.element.Element.desktop
+%{_datadir}/icons/hicolor/*/apps/io.element.Element.png
+
+%changelog

hak-remove-devdependencies.patch

@@ -0,0 +1,33 @@
+hak fetch tries to download devDependencies for two modules. Unfortunately it does so in a very non-deterministic manner (no shrinkwrap file)
+Remove that step since the devDependencies are not actually needed for any of these two modules.
+
+--- element-desktop-1.11.85/scripts/hak/fetch.ts	2024-11-12 13:39:42.758502395 +0100
++++ element-desktop-1.11.85/scripts/hak/fetch.ts	2024-11-12 13:41:05.048799436 +0100
+@@ -27,27 +27,6 @@
+     console.log("Fetching " + moduleInfo.name + "@" + moduleInfo.version);
+ 
+     const packumentCache = new Map();
+-    await pacote.extract(`${moduleInfo.name}@${moduleInfo.version}`, moduleInfo.moduleBuildDir, {
+-        packumentCache,
+-    });
+-
+-    console.log("Running yarn install in " + moduleInfo.moduleBuildDir);
+-    await new Promise<void>((resolve, reject) => {
+-        const proc = childProcess.spawn(hakEnv.isWin() ? "yarn.cmd" : "yarn", ["install", "--ignore-scripts"], {
+-            stdio: "inherit",
+-            cwd: moduleInfo.moduleBuildDir,
+-            // We need shell mode on Windows to be able to launch `.cmd` executables
+-            // See https://nodejs.org/en/blog/vulnerability/april-2024-security-releases-2
+-            shell: hakEnv.isWin(),
+-        });
+-        proc.on("exit", (code) => {
+-            if (code) {
+-                reject(code);
+-            } else {
+-                resolve();
+-            }
+-        });
+-    });
+ 
+     // also extract another copy to the output directory at this point
+     // nb. we do not yarn install in the output copy: we could install in

io.element.Element.desktop

@@ -0,0 +1,20 @@
+[Desktop Entry]
+Name=Element
+GenericName=Matrix Client
+GenericName[x-test]=xxMatrix Clientxx
+GenericName[zh_CN]=Matrix 客户端
+GenericName[zh_TW]=Matrix 用戶端程式
+Comment=Feature-rich client for Matrix
+Comment[zh_CN]=功能丰富的 Matrix 客户端
+Comment[zh_TW]=功能豐富的的 Matrix 用戶端程式
+Exec=/usr/bin/element-desktop %u
+Terminal=false
+Type=Application
+Icon=io.element.Element
+StartupWMClass=Element
+Categories=Network;InstantMessaging;Chat;IRCClient;
+MimeType=x-scheme-handler/io.element.desktop;x-scheme-handler/element;
+Keywords=chat;gitter;irc;messaging;messenger;riot;voice;
+Keywords[zh_CN]=聊天;沟通;消息;通信;语音;gitter;irc;riot;
+Keywords[zh_TW]=聊天;溝通;消息;通信;語音;gitter;irc;riot;
+X-GNOME-SingleWindow=true

no-walrus-operator.patch

@@ -0,0 +1,24 @@
+--- foo/node_modules/node-gyp/gyp/pylib/gyp/common.py	2024-09-26 12:47:30.529999000 +0200
++++ ./common.py	2024-09-26 22:52:44.247875969 +0200
+@@ -432,13 +432,17 @@
+     def replace_sep(s):
+         return s.replace(os.sep, "/") if os.sep != "/" else s
+ 
+-    if CC := os.environ.get("CC_target") or os.environ.get("CC"):
++    CC = os.environ.get("CC_target") or os.environ.get("CC")
++    CXX = os.environ.get("CXX_target") or os.environ.get("CXX")
++    CFLAGS = os.environ.get("CFLAGS")
++    CXXFLAGS = os.environ.get("CXXFLAGS")
++    if CC:
+         cmd += shlex.split(replace_sep(CC))
+-        if CFLAGS := os.environ.get("CFLAGS"):
++        if CFLAGS:
+             cmd += shlex.split(replace_sep(CFLAGS))
+-    elif CXX := os.environ.get("CXX_target") or os.environ.get("CXX"):
++    elif CXX:
+         cmd += shlex.split(replace_sep(CXX))
+-        if CXXFLAGS := os.environ.get("CXXFLAGS"):
++        if CXXFLAGS:
+             cmd += shlex.split(replace_sep(CXXFLAGS))
+     else:
+         return {}

prepare.sh

@@ -0,0 +1,103 @@
+#!/bin/bash
+
+set -ex
+
+
+
+
+version=$1
+last_packaged_version=$(cat "element-desktop.spec" | grep "^Version:" | awk '{print $NF}')
+sed -i -e "s/^\(Version: *\)[^ ]*$/\1${version}/" element-desktop.spec
+
+oldwd="$(pwd)"
+tmpdir="$(mktemp -d)"
+
+
+#zypper install findutils file yarn cargo cargo-vendor-filterer moreutils jq
+
+version=$(grep "Version:" element-desktop.spec | awk '{print $2}')
+osc rm -f element-web-*.tar.gz ||:
+osc rm -f element-desktop-*.tar.gz ||:
+wget -c https://github.com/vector-im/element-desktop/archive/v${version}.tar.gz -O element-desktop-${version}.tar.gz
+osc add -f element-desktop-*.tar.gz
+cp element-desktop.spec "$tmpdir/"
+cd "$tmpdir"
+
+#dziobian: yarn has completely broken caching policy which first compiles the module and then caches the result.
+#additionally, --ignore-scripts seems to be evaluated during caching, and not during install to node_modules.
+#Mitigate this by resetting ~ to an empty directory
+mkdir -pv "$tmpdir/home"
+oldhome="$HOME"
+export HOME="$tmpdir/home"
+
+tar -xzvvf "${oldwd}/element-desktop-${version}.tar.gz"
+cd element-desktop-${version}
+
+#These patches change results of things we want to execute below
+patch -p1 --verbose < "${oldwd}/hak-remove-devdependencies.patch"
+
+changes=$(grep "^Changes in \[$last_packaged_version\]" -B10000 CHANGELOG.md |  head -n -2 | sed -e '/^==*$/d' -e 's/Changes in \[\([^\[]*\)\].*/Version \1/' -e 's/^\([^-].*\)$/  \1/' -e 's/\[.*\](\(.*\))/\1/g' -e 's/^ *Version /Version /g')
+
+# This will vendor the packages but not execute any build scripts (but see caveat about caching above)
+yarn install --frozen-lockfile --ignore-engines --ignore-platform  --ignore-scripts --link-duplicates
+
+export PATH="$PATH:node_modules/.bin"
+
+#hak does not have version pinning, which is terrible.
+#Therefore we manually pin the minimum versions specified in package.json
+jq '.hakDependencies[]|= sub("^\\^";"";"i")' <package.json > package.json.new
+diff --color=always -bup package.json{,.new} || true
+mv package.json{.new,}
+
+
+
+yarn run hak fetch
+
+# prefetch cargo crates
+pushd .hak/hakModules/matrix-seshat
+mkdir -pv .cargo 
+cargo vendor-filterer --platform='*-unknown-linux-gnu' --platform='*-unknown-linux-gnueabihf' --all-features > .cargo/config
+#remove vendored libraries
+rm -rvf vendor/openssl-src/openssl
+popd
+
+#fetch node-addon-api for keytar. Unfortunately there is no package lock, therefore we use lowest supported version (for reproducility)
+#we need to install it manuall in a separate directory wiithout a package.json. good that node-addon-api has no dependencies.
+pushd .hak/hakModules/keytar
+naa_version=$(jq -cj '.dependencies["node-addon-api"]' <package.json | sed 's/^\^//')
+mkdir -pv "$tmpdir/naa"
+pushd "$tmpdir/naa"
+npm install --verbose --ignore-scripts --no-save node-addon-api@"${naa_version}"
+popd
+mv -v "$tmpdir/naa/node_modules" -t .
+popd
+
+#Remove non-free binaries, starting with a few common file extensions
+find . -name '*.node' -print -delete
+find . -name '*.jar' -print -delete
+find . -name '*.dll' -print -delete
+find . -name '*.exe' -print -delete
+find . -name '*.dylib' -print -delete
+find . -name '*.so' -print -delete
+find . -name '*.o' -print -delete
+find . -name '*.a' -print -delete
+find . -name '*.wasm' -print -delete
+
+#now detect the rest. This should catch all ELFs that may be executed. We use sponge to avoid a race condition between find and rm
+find . -type f| sponge |\
+    xargs -P"$(nproc)" -- sh -c 'file -S "$@" | grep -v '\'': .*script'\'' | grep '\'': .*executable'\'' | tee /dev/stderr | sed '\''s/: .*//'\'' | xargs rm -fv'
+
+
+rm -f "${oldwd}/vendor.tar.zst"
+ZSTD_CLEVEL=19 ZSTD_NBTHREADS=$(nproc) tar --zstd --sort=name -vvScf "${oldwd}/vendor.tar.zst" .hak node_modules
+
+
+cd "$oldwd"
+echo rm -rf "$tmpdir"
+echo -e "\n\nDONE creating npm offline dependencies archive 'vendor.tar.zst'"
+
+
+read -p "Write changes?"
+export HOME="$oldhome"
+osc vc -m "${changes}" element-desktop.changes
+dos2unix element-desktop.changes

remove-fuses.patch

@@ -0,0 +1,35 @@
+It is impossible to monkeypatch a shared copy of Electron, and in current versions of the nodejs-electron package
+we intentionally fail the build of any app which tries to do this to alert the packager.
+
+One problematic fuse which may break user data compatibility with upstream binaries is cookie encryption.
+If a user runs an app with fused electron and then with unfused one, their cookies will get deleted.
+
+OBSERVATION(dziobian):
+Element creates a cookies sqlite database on startup but seems to never write anything to it.
+Deleting the database manually seemed to have no effect.
+
+--- element-desktop-1.11.65/electron-builder.ts.orig	2024-04-23 15:14:00.000000000 +0200
++++ element-desktop-1.11.65/electron-builder.ts	2024-05-16 18:51:14.513871208 +0200
+@@ -75,22 +75,6 @@ const config: Writable<Configuration> =
+             const electronBinaryPath = path.join(context.appOutDir, `${executableName}${ext}`);
+             console.log(`Flipping fuses for: ${electronBinaryPath}`);
+ 
+-            await flipFuses(electronBinaryPath, {
+-                version: FuseVersion.V1,
+-                resetAdHocDarwinSignature: context.electronPlatformName === "darwin" && context.arch === Arch.universal,
+-
+-                [FuseV1Options.EnableCookieEncryption]: true,
+-                [FuseV1Options.OnlyLoadAppFromAsar]: true,
+-
+-                [FuseV1Options.RunAsNode]: false,
+-                [FuseV1Options.EnableNodeOptionsEnvironmentVariable]: false,
+-                [FuseV1Options.EnableNodeCliInspectArguments]: false,
+-
+-                // Mac app crashes on arm for us when `LoadBrowserProcessSpecificV8Snapshot` is enabled
+-                [FuseV1Options.LoadBrowserProcessSpecificV8Snapshot]: false,
+-                // https://github.com/electron/fuses/issues/7
+-                [FuseV1Options.EnableEmbeddedAsarIntegrityValidation]: false,
+-            });
+         }
+     },
+     files: [

vendor.tar.zst

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:7872d12b83320a0b50e881371e1145e58ea1043132af9e9b99797723c8ace490
+size 72665298