From ba63055d9e152d3af0e536bbd45ea830c7982d7a Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Tue, 7 Jan 2025 14:09:43 -0500 Subject: [PATCH] backports/element-desktop: new aport --- backports/element-desktop/APKBUILD | 166 ++++++++++++++++++ .../element-desktop/add-alpine-targets.patch | 52 ++++++ backports/element-desktop/element-desktop | 3 + .../element-desktop/no-source-maps.patch.web | 18 ++ .../element-desktop/tasje-no-fuses.patch | 59 +++++++ backports/element-desktop/tasje-one-hak.patch | 20 +++ .../use-system-fonts.patch.web | 79 +++++++++ .../element-desktop/use-system-headers.patch | 15 ++ 8 files changed, 412 insertions(+) create mode 100644 backports/element-desktop/APKBUILD create mode 100644 backports/element-desktop/add-alpine-targets.patch create mode 100755 backports/element-desktop/element-desktop create mode 100644 backports/element-desktop/no-source-maps.patch.web create mode 100644 backports/element-desktop/tasje-no-fuses.patch create mode 100644 backports/element-desktop/tasje-one-hak.patch create mode 100644 backports/element-desktop/use-system-fonts.patch.web create mode 100644 backports/element-desktop/use-system-headers.patch diff --git a/backports/element-desktop/APKBUILD b/backports/element-desktop/APKBUILD new file mode 100644 index 0000000..3254990 --- /dev/null +++ b/backports/element-desktop/APKBUILD @@ -0,0 +1,166 @@ +# Contributor: lauren n. liberda +maintainer="lauren n. liberda " +pkgname=element-desktop +pkgver=1.11.89 +pkgrel=0 +pkgdesc="Secure and independent communication, connected via Matrix" +url="https://element.io/" +arch="aarch64 x86_64" # same as electron +license="GPL-3.0-only" +depends=" + electron + font-inconsolata + font-inter + font-nunito + font-opensans + font-twemoji + " +makedepends=" + cargo + electron-dev + electron-tasje + jq + libsecret-dev + nodejs + npm + python3 + py3-setuptools + sqlcipher-dev + swc + yarn + " +source=" + https://github.com/vector-im/element-desktop/archive/refs/tags/v$pkgver/element-desktop-$pkgver.tar.gz + https://github.com/vector-im/element-web/archive/refs/tags/v$pkgver/element-web-$pkgver.tar.gz + + add-alpine-targets.patch + use-system-headers.patch + tasje-one-hak.patch + tasje-no-fuses.patch + no-source-maps.patch.web + use-system-fonts.patch.web + + element-desktop + " +options="net !check" # broken + +# secfixes: +# 1.11.30-r0: +# - CVE-2023-30609 +# 1.11.26-r0: +# - CVE-2023-28103 +# - CVE-2023-28427 +# 1.11.7-r0: +# - CVE-2022-39249 +# - CVE-2022-39250 +# - CVE-2022-39251 +# - CVE-2022-39236 +# 1.11.4-r0: +# - CVE-2022-36059 +# - CVE-2022-36060 + +# used by buildscripts (at least web's webpack) +export VERSION=$pkgver + +export CARGO_PROFILE_RELEASE_OPT_LEVEL=2 +export CARGO_PROFILE_RELEASE_STRIP="symbols" +export NODE_OPTIONS="--openssl-legacy-provider" + +prepare() { + default_prepare + + msg "Applying more patches" + for x in $source; do + case "$x" in + *.patch.web) + msg "$x" + patch -p1 -i "$srcdir"/$x -d "$srcdir"/element-web-$pkgver + ;; + esac + done + + rm -rf res/fonts + + ( + cd "$srcdir"/element-web-$pkgver + + msg "Fetch element-web dependencies" + yarn install --frozen-lockfile --ignore-scripts --ignore-engines + jq '.show_labs_settings = true' < config.sample.json > config.json + ) + + ln -s "$srcdir"/element-web-$pkgver/webapp webapp + + msg "Fetch element-desktop dependencies" + yarn install --frozen-lockfile --ignore-scripts +} + +build() { + ( + cd "$srcdir"/element-web-$pkgver + + msg "Build element-web" + NODE_ENV=production yarn build + ) + + msg "Build element-desktop" + + yarn asar-webapp + + # add "optional" native dependencies + # hak stands for hack + yarn run hak --target "$(uname -m)-alpine-linux-musl" + + # stripping in build because it gets into asar + strip node_modules/keytar/build/Release/keytar.node + + yarn build:ts + + yarn build:res + + # we need it as js to be of any use for tasje. + # fails with `yarn tsc`. https://github.com/electron-userland/electron-builder/issues/7961 + swc compile electron-builder.ts --out-file electron-builder.mjs + + yarn install --frozen-lockfile --ignore-scripts --production + + tasje -c electron-builder.mjs pack +} + +check() { + ( + cd "$srcdir"/element-web-$pkgver + + yarn test + ) +} + +package() { + local resources="dist/resources" + + install -Dm644 $resources/app.asar "$pkgdir"/usr/lib/element-desktop/app.asar + install -Dm644 webapp.asar "$pkgdir"/usr/lib/element-desktop/webapp.asar + + cp -r $resources/app.asar.unpacked "$pkgdir"/usr/lib/element-desktop/app.asar.unpacked + + install -Dm644 $resources/img/element.png "$pkgdir"/usr/lib/element-desktop/img/element.png + + install -Dm755 "$srcdir"/$pkgname "$pkgdir"/usr/bin/$pkgname + + install -Dm644 dist/$pkgname.desktop "$pkgdir"/usr/share/applications/$pkgname.desktop + while read -r size; do + install -Dm644 dist/icons/$size.png "$pkgdir"/usr/share/icons/hicolor/$size/apps/$pkgname.png + done < dist/icons/size-list +} + +sha512sums=" +3b382492694a036ab8e05e904f23e49d7126bf5842ab4b86183bb71e3ca3503bbe997a4e26c5ee2298740f0894e5f26d6dc31deb5f18caf9d4f78d30e1a591c8 element-desktop-1.11.89.tar.gz +55e4abf74bd19a06071d16a1e5d1130fc06c8937626e880bf54263598b7ad06311b164e3aa21dc2494b932e9e299f261030226744d746927b44b93b7831fd08b element-web-1.11.89.tar.gz +4747893ed3e43d3074e9afe1cdd668a6be0de073d439205fe8c38c5e0f4091cc76e3cd15d98818bea5139add29501d8d07e83c58e9da230a4ce5bb538d388f80 add-alpine-targets.patch +755b17f7b828eb6920c06a6950ad4e14c32c99d22e9c05fcef7a081b5d2034adb03db3958aa5209c99fb7201f4d888c2383fc9864c5e743dd33f8b5c4925acd7 use-system-headers.patch +92e69817fdc71f60c5c7dcbd3c7b13428cc18141cf5f27720326390f6817bec85fb1c60f8016b3a8fa275f601b16f646cda12b5e379a349368eef2f801b4de7a tasje-one-hak.patch +876d40639305d5258089069a01e218a2f14c32efccc3130f06398e8b4cd63bc740909162954a58ee11b909dc5b3e87c3383d73727aa13aa2d7093c9c63f04057 tasje-no-fuses.patch +ec635fde026f7fce8e8cc57960b5b9dcec4418416d4867ed47711422d48f068bb58a3c9ceb7715efc9c177beca3788da6b0babc9b689ea8c0724a0395f2b85f8 no-source-maps.patch.web +aaf46476bac403aa5204aa265fcf0654fad4c149fd74d0ec4273c051a5549943384cae3cdd62c5b78fdedfed55c11ecceb898b886e44165cbe7e30953a095cf9 use-system-fonts.patch.web +afc588311dc3b566a754e3e7fe6b37b99a06d47b8bbce0ed9acca8ef308fdab0bd1d41b406199e5cbdd86bdce695ff847cd8668857a235cbdc292ad8b899c063 element-desktop +" diff --git a/backports/element-desktop/add-alpine-targets.patch b/backports/element-desktop/add-alpine-targets.patch new file mode 100644 index 0000000..87e1148 --- /dev/null +++ b/backports/element-desktop/add-alpine-targets.patch @@ -0,0 +1,52 @@ +--- a/scripts/hak/target.ts ++++ b/scripts/hak/target.ts +@@ -29,8 +29,10 @@ + | "i686-unknown-linux-gnu" + | "x86_64-unknown-linux-musl" + | "x86_64-unknown-linux-gnu" ++ | "x86_64-alpine-linux-musl" + | "aarch64-unknown-linux-musl" + | "aarch64-unknown-linux-gnu" ++ | "aarch64-alpine-linux-musl" + | "powerpc64le-unknown-linux-musl" + | "powerpc64le-unknown-linux-gnu"; + +@@ -112,6 +114,13 @@ + libC: MUSL, + }; + ++const x8664AlpineLinuxMusl: LinuxTarget = { ++ id: "x86_64-alpine-linux-musl", ++ platform: "linux", ++ arch: "x64", ++ libC: MUSL, ++}; ++ + const i686UnknownLinuxGnu: LinuxTarget = { + id: "i686-unknown-linux-gnu", + platform: "linux", +@@ -140,6 +149,13 @@ + libC: MUSL, + }; + ++const aarch64AlpineLinuxMusl: LinuxTarget = { ++ id: "aarch64-alpine-linux-musl", ++ platform: "linux", ++ arch: "arm64", ++ libC: MUSL, ++}; ++ + const powerpc64leUnknownLinuxGnu: LinuxTarget = { + id: "powerpc64le-unknown-linux-gnu", + platform: "linux", +@@ -167,8 +183,10 @@ + "i686-unknown-linux-gnu": i686UnknownLinuxGnu, + "x86_64-unknown-linux-musl": x8664UnknownLinuxMusl, + "x86_64-unknown-linux-gnu": x8664UnknownLinuxGnu, ++ "x86_64-alpine-linux-musl": x8664AlpineLinuxMusl, + "aarch64-unknown-linux-musl": aarch64UnknownLinuxMusl, + "aarch64-unknown-linux-gnu": aarch64UnknownLinuxGnu, ++ "aarch64-alpine-linux-musl": aarch64AlpineLinuxMusl, + "powerpc64le-unknown-linux-musl": powerpc64leUnknownLinuxMusl, + "powerpc64le-unknown-linux-gnu": powerpc64leUnknownLinuxGnu, + }; diff --git a/backports/element-desktop/element-desktop b/backports/element-desktop/element-desktop new file mode 100755 index 0000000..de3c5b2 --- /dev/null +++ b/backports/element-desktop/element-desktop @@ -0,0 +1,3 @@ +#!/bin/sh + +exec electron /usr/lib/element-desktop/app.asar "$@" diff --git a/backports/element-desktop/no-source-maps.patch.web b/backports/element-desktop/no-source-maps.patch.web new file mode 100644 index 0000000..86b3bac --- /dev/null +++ b/backports/element-desktop/no-source-maps.patch.web @@ -0,0 +1,18 @@ +--- ./webpack.config.js.orig ++++ ./webpack.config.js +@@ -102,15 +102,6 @@ + } + + const development = {}; +- if (devMode) { +- // Embedded source maps for dev builds, can't use eval-source-map due to CSP +- development["devtool"] = "inline-source-map"; +- } else { +- // High quality source maps in separate .map files which include the source. This doesn't bulk up the .js +- // payload file size, which is nice for performance but also necessary to get the bundle to a small enough +- // size that sentry will accept the upload. +- development["devtool"] = "source-map"; +- } + + // Resolve the directories for the js-sdk for later use. We resolve these early, so we + // don't have to call them over and over. We also resolve to the package.json instead of the src diff --git a/backports/element-desktop/tasje-no-fuses.patch b/backports/element-desktop/tasje-no-fuses.patch new file mode 100644 index 0000000..efbfc52 --- /dev/null +++ b/backports/element-desktop/tasje-no-fuses.patch @@ -0,0 +1,59 @@ +we can't do fuses because we ship one binary in the electron package. +and we can't import them here, since they are in devDependencies, which are uninstalled at this stage. + +--- ./electron-builder.ts.orig ++++ ./electron-builder.ts +@@ -1,8 +1,7 @@ + import * as os from "os"; + import * as fs from "fs"; + import * as path from "path"; +-import { Arch, Configuration as BaseConfiguration, AfterPackContext } from "electron-builder"; +-import { flipFuses, FuseVersion, FuseV1Options } from "@electron/fuses"; ++import { Configuration as BaseConfiguration } from "electron-builder"; + + /** + * This script has different outputs depending on your os platform. +@@ -54,43 +53,6 @@ + const config: Writable = { + appId: "im.riot.app", + asarUnpack: "**/*.node", +- afterPack: async (context: AfterPackContext) => { +- if (context.electronPlatformName !== "darwin" || context.arch === Arch.universal) { +- // Burn in electron fuses for proactive security hardening. +- // On macOS, we only do this for the universal package, as the constituent arm64 and amd64 packages are embedded within. +- const ext = (>{ +- darwin: ".app", +- win32: ".exe", +- linux: "", +- })[context.electronPlatformName]; +- +- let executableName = context.packager.appInfo.productFilename; +- if (context.electronPlatformName === "linux") { +- // Linux uses the package name as the executable name +- executableName = context.packager.appInfo.name; +- } +- +- const electronBinaryPath = path.join(context.appOutDir, `${executableName}${ext}`); +- console.log(`Flipping fuses for: ${electronBinaryPath}`); +- +- await flipFuses(electronBinaryPath, { +- version: FuseVersion.V1, +- resetAdHocDarwinSignature: context.electronPlatformName === "darwin" && context.arch === Arch.universal, +- +- [FuseV1Options.EnableCookieEncryption]: true, +- [FuseV1Options.OnlyLoadAppFromAsar]: true, +- +- [FuseV1Options.RunAsNode]: false, +- [FuseV1Options.EnableNodeOptionsEnvironmentVariable]: false, +- [FuseV1Options.EnableNodeCliInspectArguments]: false, +- +- // Mac app crashes on arm for us when `LoadBrowserProcessSpecificV8Snapshot` is enabled +- [FuseV1Options.LoadBrowserProcessSpecificV8Snapshot]: false, +- // https://github.com/electron/fuses/issues/7 +- [FuseV1Options.EnableEmbeddedAsarIntegrityValidation]: false, +- }); +- } +- }, + files: [ + "package.json", + "lib/**", diff --git a/backports/element-desktop/tasje-one-hak.patch b/backports/element-desktop/tasje-one-hak.patch new file mode 100644 index 0000000..a855eee --- /dev/null +++ b/backports/element-desktop/tasje-one-hak.patch @@ -0,0 +1,20 @@ +directories in .hak/hakModules are already symlinked inside node_modules, +and as such are already being copied by default. this makes tasje fail with: +``` +thread 'main' panicked at 'called `Result::unwrap()` on an `Err` value: +FileAlreadyWritten("/node_modules/keytar/package.json")', src/main.rs:200:18 +``` + +--- ./electron-builder.ts.orig ++++ ./electron-builder.ts +@@ -74,10 +74,6 @@ + }, + files: [ + "package.json", +- { +- from: ".hak/hakModules", +- to: "node_modules", +- }, + "lib/**", + ], + extraResources: [ diff --git a/backports/element-desktop/use-system-fonts.patch.web b/backports/element-desktop/use-system-fonts.patch.web new file mode 100644 index 0000000..855fdea --- /dev/null +++ b/backports/element-desktop/use-system-fonts.patch.web @@ -0,0 +1,79 @@ +--- a/src/vector/jitsi/index.pcss ++++ b/src/vector/jitsi/index.pcss +@@ -14,7 +14,7 @@ + font-family: "Nunito"; + font-style: normal; + font-weight: 400; +- src: url("$(res)/fonts/Nunito/Nunito-Regular.ttf") format("truetype"); ++ src: local("Nunito Regular"); + } + + $dark-fg: #edf3ff; +--- a/res/themes/light/css/_fonts.pcss ++++ b/res/themes/light/css/_fonts.pcss +@@ -5,16 +5,16 @@ + @font-face { + font-family: "Twemoji"; + font-weight: 400; +- src: url("$(res)/fonts/Twemoji_Mozilla/TwemojiMozilla-colr.woff2") format("woff2"); ++ src: local("Twemoji"); + } + /* For at least Chrome on Windows 10, we have to explictly add extra weights for the emoji to appear in bold messages, etc. */ + @font-face { + font-family: "Twemoji"; + font-weight: 600; +- src: url("$(res)/fonts/Twemoji_Mozilla/TwemojiMozilla-colr.woff2") format("woff2"); ++ src: local("Twemoji"); + } + @font-face { + font-family: "Twemoji"; + font-weight: 700; +- src: url("$(res)/fonts/Twemoji_Mozilla/TwemojiMozilla-colr.woff2") format("woff2"); ++ src: local("Twemoji"); + } +--- a/res/themes/legacy-light/css/_fonts.pcss ++++ b/res/themes/legacy-light/css/_fonts.pcss +@@ -23,17 +23,17 @@ + font-family: "Nunito"; + font-style: normal; + font-weight: 400; +- src: url("$(res)/fonts/Nunito/Nunito-Regular.ttf") format("truetype"); ++ src: local("Nunito Regular"); + } + @font-face { + font-family: "Nunito"; + font-style: normal; + font-weight: 600; +- src: url("$(res)/fonts/Nunito/Nunito-SemiBold.ttf") format("truetype"); ++ src: local("Nunito SemiBold"); + } + @font-face { + font-family: "Nunito"; + font-style: normal; + font-weight: 700; +- src: url("$(res)/fonts/Nunito/Nunito-Bold.ttf") format("truetype"); ++ src: local("Nunito Bold"); + } +--- ./src/theme.ts.orig ++++ ./src/theme.ts +@@ -7,20 +7,6 @@ + Please see LICENSE files in the repository root for full details. + */ + +-import "@fontsource/inter/400.css"; +-import "@fontsource/inter/400-italic.css"; +-import "@fontsource/inter/500.css"; +-import "@fontsource/inter/500-italic.css"; +-import "@fontsource/inter/600.css"; +-import "@fontsource/inter/600-italic.css"; +-import "@fontsource/inter/700.css"; +-import "@fontsource/inter/700-italic.css"; +- +-import "@fontsource/inconsolata/latin-ext-400.css"; +-import "@fontsource/inconsolata/latin-400.css"; +-import "@fontsource/inconsolata/latin-ext-700.css"; +-import "@fontsource/inconsolata/latin-700.css"; +- + import { logger } from "matrix-js-sdk/src/logger"; + + import { _t } from "./languageHandler"; diff --git a/backports/element-desktop/use-system-headers.patch b/backports/element-desktop/use-system-headers.patch new file mode 100644 index 0000000..6ea957b --- /dev/null +++ b/backports/element-desktop/use-system-headers.patch @@ -0,0 +1,15 @@ +--- a/scripts/hak/hakEnv.ts ++++ b/scripts/hak/hakEnv.ts +@@ -101,11 +101,10 @@ + ...process.env, + npm_config_arch: this.target.arch, + npm_config_target_arch: this.target.arch, +- npm_config_disturl: "https://electronjs.org/headers", ++ npm_config_nodedir: "/usr/include/electron/node_headers", + npm_config_runtime: this.runtime, + npm_config_target: this.runtimeVersion, + npm_config_build_from_source: "true", +- npm_config_devdir: path.join(os.homedir(), ".electron-gyp"), + }; + } +