59 lines
2.7 KiB
Diff
59 lines
2.7 KiB
Diff
we can't do fuses because we ship one binary in the electron package.
|
|
and we can't import them here, since they are in devDependencies, which are uninstalled at this stage.
|
|
|
|
--- ./electron-builder.ts.orig
|
|
+++ ./electron-builder.ts
|
|
@@ -1,8 +1,7 @@
|
|
import * as os from "os";
|
|
import * as fs from "fs";
|
|
import * as path from "path";
|
|
-import { Arch, Configuration as BaseConfiguration, AfterPackContext } from "electron-builder";
|
|
-import { flipFuses, FuseVersion, FuseV1Options } from "@electron/fuses";
|
|
+import { Configuration as BaseConfiguration } from "electron-builder";
|
|
|
|
/**
|
|
* This script has different outputs depending on your os platform.
|
|
@@ -54,43 +53,6 @@
|
|
const config: Writable<Configuration> = {
|
|
appId: "im.riot.app",
|
|
asarUnpack: "**/*.node",
|
|
- afterPack: async (context: AfterPackContext) => {
|
|
- if (context.electronPlatformName !== "darwin" || context.arch === Arch.universal) {
|
|
- // Burn in electron fuses for proactive security hardening.
|
|
- // On macOS, we only do this for the universal package, as the constituent arm64 and amd64 packages are embedded within.
|
|
- const ext = (<Record<string, string>>{
|
|
- darwin: ".app",
|
|
- win32: ".exe",
|
|
- linux: "",
|
|
- })[context.electronPlatformName];
|
|
-
|
|
- let executableName = context.packager.appInfo.productFilename;
|
|
- if (context.electronPlatformName === "linux") {
|
|
- // Linux uses the package name as the executable name
|
|
- executableName = context.packager.appInfo.name;
|
|
- }
|
|
-
|
|
- const electronBinaryPath = path.join(context.appOutDir, `${executableName}${ext}`);
|
|
- console.log(`Flipping fuses for: ${electronBinaryPath}`);
|
|
-
|
|
- await flipFuses(electronBinaryPath, {
|
|
- version: FuseVersion.V1,
|
|
- resetAdHocDarwinSignature: context.electronPlatformName === "darwin" && context.arch === Arch.universal,
|
|
-
|
|
- [FuseV1Options.EnableCookieEncryption]: true,
|
|
- [FuseV1Options.OnlyLoadAppFromAsar]: true,
|
|
-
|
|
- [FuseV1Options.RunAsNode]: false,
|
|
- [FuseV1Options.EnableNodeOptionsEnvironmentVariable]: false,
|
|
- [FuseV1Options.EnableNodeCliInspectArguments]: false,
|
|
-
|
|
- // Mac app crashes on arm for us when `LoadBrowserProcessSpecificV8Snapshot` is enabled
|
|
- [FuseV1Options.LoadBrowserProcessSpecificV8Snapshot]: false,
|
|
- // https://github.com/electron/fuses/issues/7
|
|
- [FuseV1Options.EnableEmbeddedAsarIntegrityValidation]: false,
|
|
- });
|
|
- }
|
|
- },
|
|
files: [
|
|
"package.json",
|
|
"lib/**",
|