refactor: electron-builder config

Signed-off-by: Kristóf Marussy <kristof@marussy.com>

1 files changed, 19 insertions, 85 deletions

diff --git a/.electron-builder.config.cjs b/.electron-builder.config.cjs
index 3eef91c..4402088 100644
--- a/.electron-builder.config.cjs
+++ b/.electron-builder.config.cjs
@@ -1,90 +1,9 @@
-const { readFile, rename, writeFile  } = require('node:fs/promises');
-const path = require('node:path');
 
 const { Arch } = require('electron-builder');
-const { flipFuses, FuseV1Options, FuseVersion } = require('@electron/fuses');
+const { FuseV1Options, FuseVersion } = require('@electron/fuses');
 
-/**
- * Hardens the shipped electron binary by burning some electron fuses.
- *
- * Enabled chromium cookie encryption and disables options that could be
- * used to execute arbitrary code in the main process to circumvent cookie encryption:
- * - Running the application as a plain node process is disabled.
- * - Setting options through the `NODE_OPTIONS` environment variable is disabled.
- * - Attaching a debugger through the `--inspect` family of options is disabled.
- * - Will onload load the application from the ASAR archive.
- *
- * @param {import('electron-builder').AfterPackContext} context The `electron-builder` context.
- * @return {Promise<void>} The promise to flip the fuses.
- * @see https://github.com/electron/fuses
- */
-async function burnFuses(context) {
-  /** @type {string} */
-  const ext =
-    {
-      darwin: '.app',
-      win32: '.exe',
-    }[context.electronPlatformName] || '';
-  const electronBinaryPath = path.join(
-    context.appOutDir,
-    `${context.packager.appInfo.productFilename}${ext}`,
-  );
-  /** @type {import('@electron/fuses').FuseConfig<boolean>} */
-  const fuseConfig = {
-    version: FuseVersion.V1,
-    resetAdHocDarwinSignature:
-      context.electronPlatformName === 'darwin' && context.arch === Arch.arm64,
-    [FuseV1Options.RunAsNode]: false,
-    [FuseV1Options.EnableCookieEncryption]: true,
-    [FuseV1Options.EnableNodeOptionsEnvironmentVariable]: false,
-    [FuseV1Options.EnableNodeCliInspectArguments]: false,
-    // TODO: Revisit this: IF set to 'true' the packaged app doesn't start up on macos (x86)
-    [FuseV1Options.EnableEmbeddedAsarIntegrityValidation]: false,
-    [FuseV1Options.OnlyLoadAppFromAsar]: true,
-  };
-  return flipFuses(electronBinaryPath, fuseConfig);
-}
-
-/**
- * Adds a wrapper scripts that detects in wayland is in use and enabled it in chromium.
- *
- * The script in `build-heleprs/detect_wayland.sh` uses the `WAYLAND_DISPLAY` environmental
- * variable to detect whether wayland is in use.
- *
- * If wayland is in use, the script enables the wayland ozone backed for chromium
- * and pipewire screen sharing. Otherwise, the x11 ozone backend will be used.
- *
- * @param {import('electron-builder').AfterPackContext} context The `electron-builder` context.
- * @return {Promise<void>} The promise to add the wrapper script.
- * @see https://stackoverflow.com/a/45537237
- */
-async function enableWaylandAutoDetection(context) {
-  const { appOutDir, packager: { appInfo: { productName, productFilename } } } = context;
-  const electronBinaryPath = path.join(appOutDir, productFilename);
-  const newFilename = `${productFilename}-bin`;
-  const newElectronBinaryPath = path.join(appOutDir, newFilename);
-  await rename(electronBinaryPath, newElectronBinaryPath);
-  const wrapperScriptPath = path.join(__dirname, 'build-helpers/detect_wayland.sh');
-  const wrapperScriptTempate = await readFile(wrapperScriptPath, 'utf8');
-  const replacements = new Map([
-    ['PRODUCT_NAME', productName],
-    ['REAL_BINARY_NAME', newFilename],
-  ]);
-  const wrapperScript = wrapperScriptTempate.replaceAll(
-    /\{\{([^}]+)\}\}/g,
-    (_match, /** @type {string} */ variable) => {
-      const replacement = replacements.get(variable);
-      if (replacement === undefined) {
-        throw new Error(`Unknown variable: ${variable}`);
-      }
-      return replacement;
-    },
-  );
-  await writeFile(electronBinaryPath, wrapperScript, {
-    encoding: 'utf8',
-    mode: 0o755,
-  });
-}
+const burnFuses = require('./config/burnFuses.cjs');
+const enableWaylandAutoDetection = require('./config/enableWaylandAutoDetection.cjs');
 
 /**
  * @type {import('electron-builder').Configuration}
@@ -105,7 +24,22 @@ const config = {
     '!**/*.map',
   ],
   afterPack(context) {
-    return burnFuses(context);
+    /*
+    * Enables chromium cookie encryption and disables options that could be
+    * used to execute arbitrary code in the main process to circumvent cookie encryption:
+    */
+    return burnFuses(context, {
+      version: FuseVersion.V1,
+      resetAdHocDarwinSignature:
+        context.electronPlatformName === 'darwin' && context.arch === Arch.arm64,
+      [FuseV1Options.RunAsNode]: false,
+      [FuseV1Options.EnableCookieEncryption]: true,
+      [FuseV1Options.EnableNodeOptionsEnvironmentVariable]: false,
+      [FuseV1Options.EnableNodeCliInspectArguments]: false,
+      // TODO: Revisit this: IF set to `true` the packaged app doesn't start up on macos (x86)
+      [FuseV1Options.EnableEmbeddedAsarIntegrityValidation]: false,
+      [FuseV1Options.OnlyLoadAppFromAsar]: true,
+    });
   },
   async afterSign(context) {
     if (context.electronPlatformName === 'linux') {