diff options
Diffstat (limited to '.electron-builder.config.cjs')
-rw-r--r-- | .electron-builder.config.cjs | 69 |
1 files changed, 69 insertions, 0 deletions
diff --git a/.electron-builder.config.cjs b/.electron-builder.config.cjs new file mode 100644 index 0000000..5238c69 --- /dev/null +++ b/.electron-builder.config.cjs | |||
@@ -0,0 +1,69 @@ | |||
1 | // @ts-check | ||
2 | |||
3 | const { Arch } = require('electron-builder'); | ||
4 | const { flipFuses, FuseV1Options, FuseVersion } = require('@electron/fuses'); | ||
5 | const { join } = require('path'); | ||
6 | |||
7 | /** | ||
8 | * @type {import('electron-builder').Configuration} | ||
9 | * @see https://www.electron.build/configuration/configuration | ||
10 | */ | ||
11 | const config = { | ||
12 | directories: { | ||
13 | output: 'dist', | ||
14 | buildResources: 'buildResources', | ||
15 | }, | ||
16 | files: [ | ||
17 | 'packages/main/dist/**', | ||
18 | 'packages/preload/dist/**', | ||
19 | 'packages/renderer/dist/**', | ||
20 | 'packages/service-inject/dist/**', | ||
21 | 'packages/service-preload/dist/**', | ||
22 | // Do not ship with source maps. | ||
23 | '!**/*.map', | ||
24 | ], | ||
25 | afterPack(context) { | ||
26 | return burnFuses(context); | ||
27 | }, | ||
28 | }; | ||
29 | |||
30 | /** | ||
31 | * Hardens the shipped electron binary by burning some electron fuses. | ||
32 | * | ||
33 | * Enabled chromium cookie encryption and disables options that could be | ||
34 | * used to execute arbitrary code in the main process to circumvent cookie encryption: | ||
35 | * - Running the application as a plain node process is disabled. | ||
36 | * - Setting options through the `NODE_OPTIONS` environment variable is disabled. | ||
37 | * - Attaching a debugger through the `--inspect` family of options is disabled. | ||
38 | * - Embedded ASAR integrity validation is enabled. | ||
39 | * - Will onload load the application from the ASAR archive. | ||
40 | * | ||
41 | * @param {import('electron-builder').AfterPackContext} context The `electron-builder` context. | ||
42 | * @return {Promise<void>} The promise to flip the fuses. | ||
43 | * @see https://github.com/electron/fuses | ||
44 | */ | ||
45 | async function burnFuses(context) { | ||
46 | /** @type {string} */ | ||
47 | const ext = { | ||
48 | darwin: '.app', | ||
49 | win32: '.exe', | ||
50 | }[context.electronPlatformName] || ''; | ||
51 | const electronBinaryPath = join( | ||
52 | context.appOutDir, | ||
53 | `${context.packager.appInfo.productFilename}${ext}` | ||
54 | ); | ||
55 | /** @type {import('@electron/fuses').FuseConfig<boolean>} */ | ||
56 | const fuseConfig = { | ||
57 | version: FuseVersion.V1, | ||
58 | resetAdHocDarwinSignature: context.electronPlatformName === 'darwin' && context.arch === Arch.arm64, | ||
59 | [FuseV1Options.RunAsNode]: false, | ||
60 | [FuseV1Options.EnableCookieEncryption]: true, | ||
61 | [FuseV1Options.EnableNodeOptionsEnvironmentVariable]: false, | ||
62 | [FuseV1Options.EnableNodeCliInspectArguments]: false, | ||
63 | [FuseV1Options.EnableEmbeddedAsarIntegrityValidation]: true, | ||
64 | [FuseV1Options.OnlyLoadAppFromAsar]: true, | ||
65 | }; | ||
66 | return flipFuses(electronBinaryPath, fuseConfig); | ||
67 | } | ||
68 | |||
69 | module.exports = config; | ||