backports/element-desktop: new aport
Some checks failed
/ lint (pull_request) Failing after 28s
/ deploy-x86_64 (pull_request) Successful in 27s
/ build-x86_64 (pull_request) Successful in 6m44s
/ deploy-aarch64 (pull_request) Successful in 56s
/ build-aarch64 (pull_request) Successful in 27m18s

This commit is contained in:
Antoine Martin 2025-01-07 14:09:43 -05:00
parent 8cd075ebd1
commit 4fdc697a8a
Signed by: forge
GPG key ID: D62A472A4AA7D541
8 changed files with 412 additions and 0 deletions

View file

@ -0,0 +1,166 @@
# Contributor: lauren n. liberda <lauren@selfisekai.rocks>
maintainer="lauren n. liberda <lauren@selfisekai.rocks>"
pkgname=element-desktop
pkgver=1.11.89
pkgrel=0
pkgdesc="Secure and independent communication, connected via Matrix"
url="https://element.io/"
arch="aarch64 x86_64" # same as electron
license="GPL-3.0-only"
depends="
electron
font-inconsolata
font-inter
font-nunito
font-opensans
font-twemoji
"
makedepends="
cargo
electron-dev
electron-tasje
jq
libsecret-dev
nodejs
npm
python3
py3-setuptools
sqlcipher-dev
swc
yarn
"
source="
https://github.com/vector-im/element-desktop/archive/refs/tags/v$pkgver/element-desktop-$pkgver.tar.gz
https://github.com/vector-im/element-web/archive/refs/tags/v$pkgver/element-web-$pkgver.tar.gz
add-alpine-targets.patch
use-system-headers.patch
tasje-one-hak.patch
tasje-no-fuses.patch
no-source-maps.patch.web
use-system-fonts.patch.web
element-desktop
"
options="net !check" # broken
# secfixes:
# 1.11.30-r0:
# - CVE-2023-30609
# 1.11.26-r0:
# - CVE-2023-28103
# - CVE-2023-28427
# 1.11.7-r0:
# - CVE-2022-39249
# - CVE-2022-39250
# - CVE-2022-39251
# - CVE-2022-39236
# 1.11.4-r0:
# - CVE-2022-36059
# - CVE-2022-36060
# used by buildscripts (at least web's webpack)
export VERSION=$pkgver
export CARGO_PROFILE_RELEASE_OPT_LEVEL=2
export CARGO_PROFILE_RELEASE_STRIP="symbols"
export NODE_OPTIONS="--openssl-legacy-provider"
prepare() {
default_prepare
msg "Applying more patches"
for x in $source; do
case "$x" in
*.patch.web)
msg "$x"
patch -p1 -i "$srcdir"/$x -d "$srcdir"/element-web-$pkgver
;;
esac
done
rm -rf res/fonts
(
cd "$srcdir"/element-web-$pkgver
msg "Fetch element-web dependencies"
yarn install --frozen-lockfile --ignore-scripts --ignore-engines
jq '.show_labs_settings = true' < config.sample.json > config.json
)
ln -s "$srcdir"/element-web-$pkgver/webapp webapp
msg "Fetch element-desktop dependencies"
yarn install --frozen-lockfile --ignore-scripts
}
build() {
(
cd "$srcdir"/element-web-$pkgver
msg "Build element-web"
NODE_ENV=production yarn build
)
msg "Build element-desktop"
yarn asar-webapp
# add "optional" native dependencies
# hak stands for hack
yarn run hak --target "$(uname -m)-alpine-linux-musl"
# stripping in build because it gets into asar
strip node_modules/keytar/build/Release/keytar.node
yarn build:ts
yarn build:res
# we need it as js to be of any use for tasje.
# fails with `yarn tsc`. https://github.com/electron-userland/electron-builder/issues/7961
swc compile electron-builder.ts --out-file electron-builder.mjs
yarn install --frozen-lockfile --ignore-scripts --production
tasje -c electron-builder.mjs pack
}
check() {
(
cd "$srcdir"/element-web-$pkgver
yarn test
)
}
package() {
local resources="dist/resources"
install -Dm644 $resources/app.asar "$pkgdir"/usr/lib/element-desktop/app.asar
install -Dm644 webapp.asar "$pkgdir"/usr/lib/element-desktop/webapp.asar
cp -r $resources/app.asar.unpacked "$pkgdir"/usr/lib/element-desktop/app.asar.unpacked
install -Dm644 $resources/img/element.png "$pkgdir"/usr/lib/element-desktop/img/element.png
install -Dm755 "$srcdir"/$pkgname "$pkgdir"/usr/bin/$pkgname
install -Dm644 dist/$pkgname.desktop "$pkgdir"/usr/share/applications/$pkgname.desktop
while read -r size; do
install -Dm644 dist/icons/$size.png "$pkgdir"/usr/share/icons/hicolor/$size/apps/$pkgname.png
done < dist/icons/size-list
}
sha512sums="
3b382492694a036ab8e05e904f23e49d7126bf5842ab4b86183bb71e3ca3503bbe997a4e26c5ee2298740f0894e5f26d6dc31deb5f18caf9d4f78d30e1a591c8 element-desktop-1.11.89.tar.gz
55e4abf74bd19a06071d16a1e5d1130fc06c8937626e880bf54263598b7ad06311b164e3aa21dc2494b932e9e299f261030226744d746927b44b93b7831fd08b element-web-1.11.89.tar.gz
4747893ed3e43d3074e9afe1cdd668a6be0de073d439205fe8c38c5e0f4091cc76e3cd15d98818bea5139add29501d8d07e83c58e9da230a4ce5bb538d388f80 add-alpine-targets.patch
755b17f7b828eb6920c06a6950ad4e14c32c99d22e9c05fcef7a081b5d2034adb03db3958aa5209c99fb7201f4d888c2383fc9864c5e743dd33f8b5c4925acd7 use-system-headers.patch
92e69817fdc71f60c5c7dcbd3c7b13428cc18141cf5f27720326390f6817bec85fb1c60f8016b3a8fa275f601b16f646cda12b5e379a349368eef2f801b4de7a tasje-one-hak.patch
876d40639305d5258089069a01e218a2f14c32efccc3130f06398e8b4cd63bc740909162954a58ee11b909dc5b3e87c3383d73727aa13aa2d7093c9c63f04057 tasje-no-fuses.patch
ec635fde026f7fce8e8cc57960b5b9dcec4418416d4867ed47711422d48f068bb58a3c9ceb7715efc9c177beca3788da6b0babc9b689ea8c0724a0395f2b85f8 no-source-maps.patch.web
aaf46476bac403aa5204aa265fcf0654fad4c149fd74d0ec4273c051a5549943384cae3cdd62c5b78fdedfed55c11ecceb898b886e44165cbe7e30953a095cf9 use-system-fonts.patch.web
afc588311dc3b566a754e3e7fe6b37b99a06d47b8bbce0ed9acca8ef308fdab0bd1d41b406199e5cbdd86bdce695ff847cd8668857a235cbdc292ad8b899c063 element-desktop
"

View file

@ -0,0 +1,52 @@
--- a/scripts/hak/target.ts
+++ b/scripts/hak/target.ts
@@ -29,8 +29,10 @@
| "i686-unknown-linux-gnu"
| "x86_64-unknown-linux-musl"
| "x86_64-unknown-linux-gnu"
+ | "x86_64-alpine-linux-musl"
| "aarch64-unknown-linux-musl"
| "aarch64-unknown-linux-gnu"
+ | "aarch64-alpine-linux-musl"
| "powerpc64le-unknown-linux-musl"
| "powerpc64le-unknown-linux-gnu";
@@ -112,6 +114,13 @@
libC: MUSL,
};
+const x8664AlpineLinuxMusl: LinuxTarget = {
+ id: "x86_64-alpine-linux-musl",
+ platform: "linux",
+ arch: "x64",
+ libC: MUSL,
+};
+
const i686UnknownLinuxGnu: LinuxTarget = {
id: "i686-unknown-linux-gnu",
platform: "linux",
@@ -140,6 +149,13 @@
libC: MUSL,
};
+const aarch64AlpineLinuxMusl: LinuxTarget = {
+ id: "aarch64-alpine-linux-musl",
+ platform: "linux",
+ arch: "arm64",
+ libC: MUSL,
+};
+
const powerpc64leUnknownLinuxGnu: LinuxTarget = {
id: "powerpc64le-unknown-linux-gnu",
platform: "linux",
@@ -167,8 +183,10 @@
"i686-unknown-linux-gnu": i686UnknownLinuxGnu,
"x86_64-unknown-linux-musl": x8664UnknownLinuxMusl,
"x86_64-unknown-linux-gnu": x8664UnknownLinuxGnu,
+ "x86_64-alpine-linux-musl": x8664AlpineLinuxMusl,
"aarch64-unknown-linux-musl": aarch64UnknownLinuxMusl,
"aarch64-unknown-linux-gnu": aarch64UnknownLinuxGnu,
+ "aarch64-alpine-linux-musl": aarch64AlpineLinuxMusl,
"powerpc64le-unknown-linux-musl": powerpc64leUnknownLinuxMusl,
"powerpc64le-unknown-linux-gnu": powerpc64leUnknownLinuxGnu,
};

View file

@ -0,0 +1,3 @@
#!/bin/sh
exec electron /usr/lib/element-desktop/app.asar "$@"

View file

@ -0,0 +1,18 @@
--- ./webpack.config.js.orig
+++ ./webpack.config.js
@@ -102,15 +102,6 @@
}
const development = {};
- if (devMode) {
- // Embedded source maps for dev builds, can't use eval-source-map due to CSP
- development["devtool"] = "inline-source-map";
- } else {
- // High quality source maps in separate .map files which include the source. This doesn't bulk up the .js
- // payload file size, which is nice for performance but also necessary to get the bundle to a small enough
- // size that sentry will accept the upload.
- development["devtool"] = "source-map";
- }
// Resolve the directories for the js-sdk for later use. We resolve these early, so we
// don't have to call them over and over. We also resolve to the package.json instead of the src

View file

@ -0,0 +1,59 @@
we can't do fuses because we ship one binary in the electron package.
and we can't import them here, since they are in devDependencies, which are uninstalled at this stage.
--- ./electron-builder.ts.orig
+++ ./electron-builder.ts
@@ -1,8 +1,7 @@
import * as os from "os";
import * as fs from "fs";
import * as path from "path";
-import { Arch, Configuration as BaseConfiguration, AfterPackContext } from "electron-builder";
-import { flipFuses, FuseVersion, FuseV1Options } from "@electron/fuses";
+import { Configuration as BaseConfiguration } from "electron-builder";
/**
* This script has different outputs depending on your os platform.
@@ -54,43 +53,6 @@
const config: Writable<Configuration> = {
appId: "im.riot.app",
asarUnpack: "**/*.node",
- afterPack: async (context: AfterPackContext) => {
- if (context.electronPlatformName !== "darwin" || context.arch === Arch.universal) {
- // Burn in electron fuses for proactive security hardening.
- // On macOS, we only do this for the universal package, as the constituent arm64 and amd64 packages are embedded within.
- const ext = (<Record<string, string>>{
- darwin: ".app",
- win32: ".exe",
- linux: "",
- })[context.electronPlatformName];
-
- let executableName = context.packager.appInfo.productFilename;
- if (context.electronPlatformName === "linux") {
- // Linux uses the package name as the executable name
- executableName = context.packager.appInfo.name;
- }
-
- const electronBinaryPath = path.join(context.appOutDir, `${executableName}${ext}`);
- console.log(`Flipping fuses for: ${electronBinaryPath}`);
-
- await flipFuses(electronBinaryPath, {
- version: FuseVersion.V1,
- resetAdHocDarwinSignature: context.electronPlatformName === "darwin" && context.arch === Arch.universal,
-
- [FuseV1Options.EnableCookieEncryption]: true,
- [FuseV1Options.OnlyLoadAppFromAsar]: true,
-
- [FuseV1Options.RunAsNode]: false,
- [FuseV1Options.EnableNodeOptionsEnvironmentVariable]: false,
- [FuseV1Options.EnableNodeCliInspectArguments]: false,
-
- // Mac app crashes on arm for us when `LoadBrowserProcessSpecificV8Snapshot` is enabled
- [FuseV1Options.LoadBrowserProcessSpecificV8Snapshot]: false,
- // https://github.com/electron/fuses/issues/7
- [FuseV1Options.EnableEmbeddedAsarIntegrityValidation]: false,
- });
- }
- },
files: [
"package.json",
"lib/**",

View file

@ -0,0 +1,20 @@
directories in .hak/hakModules are already symlinked inside node_modules,
and as such are already being copied by default. this makes tasje fail with:
```
thread 'main' panicked at 'called `Result::unwrap()` on an `Err` value:
FileAlreadyWritten("/node_modules/keytar/package.json")', src/main.rs:200:18
```
--- ./electron-builder.ts.orig
+++ ./electron-builder.ts
@@ -74,10 +74,6 @@
},
files: [
"package.json",
- {
- from: ".hak/hakModules",
- to: "node_modules",
- },
"lib/**",
],
extraResources: [

View file

@ -0,0 +1,79 @@
--- a/src/vector/jitsi/index.pcss
+++ b/src/vector/jitsi/index.pcss
@@ -14,7 +14,7 @@
font-family: "Nunito";
font-style: normal;
font-weight: 400;
- src: url("$(res)/fonts/Nunito/Nunito-Regular.ttf") format("truetype");
+ src: local("Nunito Regular");
}
$dark-fg: #edf3ff;
--- a/res/themes/light/css/_fonts.pcss
+++ b/res/themes/light/css/_fonts.pcss
@@ -5,16 +5,16 @@
@font-face {
font-family: "Twemoji";
font-weight: 400;
- src: url("$(res)/fonts/Twemoji_Mozilla/TwemojiMozilla-colr.woff2") format("woff2");
+ src: local("Twemoji");
}
/* For at least Chrome on Windows 10, we have to explictly add extra weights for the emoji to appear in bold messages, etc. */
@font-face {
font-family: "Twemoji";
font-weight: 600;
- src: url("$(res)/fonts/Twemoji_Mozilla/TwemojiMozilla-colr.woff2") format("woff2");
+ src: local("Twemoji");
}
@font-face {
font-family: "Twemoji";
font-weight: 700;
- src: url("$(res)/fonts/Twemoji_Mozilla/TwemojiMozilla-colr.woff2") format("woff2");
+ src: local("Twemoji");
}
--- a/res/themes/legacy-light/css/_fonts.pcss
+++ b/res/themes/legacy-light/css/_fonts.pcss
@@ -23,17 +23,17 @@
font-family: "Nunito";
font-style: normal;
font-weight: 400;
- src: url("$(res)/fonts/Nunito/Nunito-Regular.ttf") format("truetype");
+ src: local("Nunito Regular");
}
@font-face {
font-family: "Nunito";
font-style: normal;
font-weight: 600;
- src: url("$(res)/fonts/Nunito/Nunito-SemiBold.ttf") format("truetype");
+ src: local("Nunito SemiBold");
}
@font-face {
font-family: "Nunito";
font-style: normal;
font-weight: 700;
- src: url("$(res)/fonts/Nunito/Nunito-Bold.ttf") format("truetype");
+ src: local("Nunito Bold");
}
--- ./src/theme.ts.orig
+++ ./src/theme.ts
@@ -7,20 +7,6 @@
Please see LICENSE files in the repository root for full details.
*/
-import "@fontsource/inter/400.css";
-import "@fontsource/inter/400-italic.css";
-import "@fontsource/inter/500.css";
-import "@fontsource/inter/500-italic.css";
-import "@fontsource/inter/600.css";
-import "@fontsource/inter/600-italic.css";
-import "@fontsource/inter/700.css";
-import "@fontsource/inter/700-italic.css";
-
-import "@fontsource/inconsolata/latin-ext-400.css";
-import "@fontsource/inconsolata/latin-400.css";
-import "@fontsource/inconsolata/latin-ext-700.css";
-import "@fontsource/inconsolata/latin-700.css";
-
import { logger } from "matrix-js-sdk/src/logger";
import { _t } from "./languageHandler";

View file

@ -0,0 +1,15 @@
--- a/scripts/hak/hakEnv.ts
+++ b/scripts/hak/hakEnv.ts
@@ -101,11 +101,10 @@
...process.env,
npm_config_arch: this.target.arch,
npm_config_target_arch: this.target.arch,
- npm_config_disturl: "https://electronjs.org/headers",
+ npm_config_nodedir: "/usr/include/electron/node_headers",
npm_config_runtime: this.runtime,
npm_config_target: this.runtimeVersion,
npm_config_build_from_source: "true",
- npm_config_devdir: path.join(os.homedir(), ".electron-gyp"),
};
}