diff options
author | Kristóf Marussy <kristof@marussy.com> | 2021-12-25 03:03:30 +0100 |
---|---|---|
committer | Kristóf Marussy <kristof@marussy.com> | 2021-12-25 03:06:04 +0100 |
commit | a85c8af24a7ce6706357964116cae0067b1f2a73 (patch) | |
tree | 2fe77773df9df6e025b0e521116e0473d767f96b | |
parent | chore: Bump dependency versions (diff) | |
download | sophie-a85c8af24a7ce6706357964116cae0067b1f2a73.tar.gz sophie-a85c8af24a7ce6706357964116cae0067b1f2a73.tar.zst sophie-a85c8af24a7ce6706357964116cae0067b1f2a73.zip |
feat: Fuse the electron binary
Disables some node flags in production and enables cookie encryption.
-rw-r--r-- | .electron-builder.config.js | 32 | ||||
-rw-r--r-- | package.json | 1 | ||||
-rw-r--r-- | yarn.lock | 14 |
3 files changed, 47 insertions, 0 deletions
diff --git a/.electron-builder.config.js b/.electron-builder.config.js index e0f59e7..4ff94d7 100644 --- a/.electron-builder.config.js +++ b/.electron-builder.config.js | |||
@@ -1,5 +1,9 @@ | |||
1 | // @ts-check | 1 | // @ts-check |
2 | 2 | ||
3 | const { Arch } = require('electron-builder'); | ||
4 | const { flipFuses, FuseV1Options, FuseVersion } = require('@electron/fuses'); | ||
5 | const { join } = require('path'); | ||
6 | |||
3 | if (process.env.VITE_APP_VERSION === undefined) { | 7 | if (process.env.VITE_APP_VERSION === undefined) { |
4 | const now = new Date; | 8 | const now = new Date; |
5 | process.env.VITE_APP_VERSION = `${now.getUTCFullYear() - 2000}.${now.getUTCMonth() + 1}.${now.getUTCDate()}-${now.getUTCHours() * 60 + now.getUTCMinutes()}`; | 9 | process.env.VITE_APP_VERSION = `${now.getUTCFullYear() - 2000}.${now.getUTCMonth() + 1}.${now.getUTCDate()}-${now.getUTCHours() * 60 + now.getUTCMinutes()}`; |
@@ -20,6 +24,34 @@ const config = { | |||
20 | extraMetadata: { | 24 | extraMetadata: { |
21 | version: process.env.VITE_APP_VERSION, | 25 | version: process.env.VITE_APP_VERSION, |
22 | }, | 26 | }, |
27 | /** | ||
28 | * @param {import('electron-builder').AfterPackContext} context The `electron-builder` context. | ||
29 | * @return {Promise<void>} The promise to flip the fuses. | ||
30 | * @see https://github.com/electron-userland/electron-builder/issues/6365 | ||
31 | */ | ||
32 | afterPack(context) { | ||
33 | /** @type {string} */ | ||
34 | const ext = { | ||
35 | darwin: '.app', | ||
36 | win32: '.exe', | ||
37 | }[context.electronPlatformName] || ''; | ||
38 | const electronBinaryPath = join( | ||
39 | context.appOutDir, | ||
40 | `${context.packager.appInfo.productFilename}${ext}` | ||
41 | ); | ||
42 | /** @type {import('@electron/fuses').FuseConfig<boolean>} */ | ||
43 | const fuseConfig = { | ||
44 | version: FuseVersion.V1, | ||
45 | resetAdHocDarwinSignature: context.electronPlatformName === 'darwin' && context.arch === Arch.arm64, | ||
46 | [FuseV1Options.RunAsNode]: false, | ||
47 | [FuseV1Options.EnableCookieEncryption]: true, | ||
48 | [FuseV1Options.EnableNodeOptionsEnvironmentVariable]: false, | ||
49 | [FuseV1Options.EnableNodeCliInspectArguments]: false, | ||
50 | [FuseV1Options.EnableEmbeddedAsarIntegrityValidation]: true, | ||
51 | [FuseV1Options.OnlyLoadAppFromAsar]: true, | ||
52 | }; | ||
53 | return flipFuses(electronBinaryPath, fuseConfig); | ||
54 | }, | ||
23 | }; | 55 | }; |
24 | 56 | ||
25 | module.exports = config; | 57 | module.exports = config; |
diff --git a/package.json b/package.json index 488c717..8335b57 100644 --- a/package.json +++ b/package.json | |||
@@ -40,6 +40,7 @@ | |||
40 | "packages/shared" | 40 | "packages/shared" |
41 | ], | 41 | ], |
42 | "devDependencies": { | 42 | "devDependencies": { |
43 | "@electron/fuses": "^1.5.0", | ||
43 | "@typescript-eslint/eslint-plugin": "^5.8.0", | 44 | "@typescript-eslint/eslint-plugin": "^5.8.0", |
44 | "@typescript-eslint/parser": "^5.8.0", | 45 | "@typescript-eslint/parser": "^5.8.0", |
45 | "cross-env": "^7.0.3", | 46 | "cross-env": "^7.0.3", |
@@ -335,6 +335,19 @@ __metadata: | |||
335 | languageName: node | 335 | languageName: node |
336 | linkType: hard | 336 | linkType: hard |
337 | 337 | ||
338 | "@electron/fuses@npm:^1.5.0": | ||
339 | version: 1.5.0 | ||
340 | resolution: "@electron/fuses@npm:1.5.0" | ||
341 | dependencies: | ||
342 | chalk: ^4.1.1 | ||
343 | fs-extra: ^9.0.1 | ||
344 | minimist: ^1.2.5 | ||
345 | bin: | ||
346 | electron-fuses: dist/bin.js | ||
347 | checksum: 2e3106bf18e8e1f5ce7eae18220252fbf85e883f4a3c0457dc81e0e5b00db290a2eecf8a1e9d79518c26471a06d16bb4c754f4945c45c4eb7ea93d73ef1acf59 | ||
348 | languageName: node | ||
349 | linkType: hard | ||
350 | |||
338 | "@electron/get@npm:^1.13.0": | 351 | "@electron/get@npm:^1.13.0": |
339 | version: 1.13.1 | 352 | version: 1.13.1 |
340 | resolution: "@electron/get@npm:1.13.1" | 353 | resolution: "@electron/get@npm:1.13.1" |
@@ -4957,6 +4970,7 @@ __metadata: | |||
4957 | version: 0.0.0-use.local | 4970 | version: 0.0.0-use.local |
4958 | resolution: "sophie@workspace:." | 4971 | resolution: "sophie@workspace:." |
4959 | dependencies: | 4972 | dependencies: |
4973 | "@electron/fuses": ^1.5.0 | ||
4960 | "@typescript-eslint/eslint-plugin": ^5.8.0 | 4974 | "@typescript-eslint/eslint-plugin": ^5.8.0 |
4961 | "@typescript-eslint/parser": ^5.8.0 | 4975 | "@typescript-eslint/parser": ^5.8.0 |
4962 | cross-env: ^7.0.3 | 4976 | cross-env: ^7.0.3 |