1 files changed, 27 insertions, 45 deletions
diff --git a/.electron-builder.config.cjs b/.electron-builder.config.cjs
index aa7d9e0..4402088 100644
--- a/.electron-builder.config.cjs
+++ b/.electron-builder.config.cjs
@@ -1,6 +1,9 @@
 const { Arch } = require('electron-builder');
-const { flipFuses, FuseV1Options, FuseVersion } = require('@electron/fuses');
+const { FuseV1Options, FuseVersion } = require('@electron/fuses');
-const { join } = require('path');
+const burnFuses = require('./config/burnFuses.cjs');
+const enableWaylandAutoDetection = require('./config/enableWaylandAutoDetection.cjs');
 /**
 * @type {import('electron-builder').Configuration}
@@ -15,55 +18,34 @@ const config = {
    'packages/main/dist/**',
    'packages/preload/dist/**',
    'packages/renderer/dist/**',
-    'packages/service-inject/dist/**',
    'packages/service-preload/dist/**',
+    'locales/**',
    // Do not ship with source maps.
    '!**/*.map',
  ],
  afterPack(context) {
-    return burnFuses(context);
+    /*
+    * Enables chromium cookie encryption and disables options that could be
+    * used to execute arbitrary code in the main process to circumvent cookie encryption:
+    */
+    return burnFuses(context, {
+      version: FuseVersion.V1,
+      resetAdHocDarwinSignature:
+        context.electronPlatformName === 'darwin' && context.arch === Arch.arm64,
+      [FuseV1Options.RunAsNode]: false,
+      [FuseV1Options.EnableCookieEncryption]: true,
+      [FuseV1Options.EnableNodeOptionsEnvironmentVariable]: false,
+      [FuseV1Options.EnableNodeCliInspectArguments]: false,
+      // TODO: Revisit this: IF set to `true` the packaged app doesn't start up on macos (x86)
+      [FuseV1Options.EnableEmbeddedAsarIntegrityValidation]: false,
+      [FuseV1Options.OnlyLoadAppFromAsar]: true,
+    });
  },
+  async afterSign(context) {
+    if (context.electronPlatformName === 'linux') {
+      await enableWaylandAutoDetection(context);
+    }
+  }
 };
-/**
- * Hardens the shipped electron binary by burning some electron fuses.
- *
- * Enabled chromium cookie encryption and disables options that could be
- * used to execute arbitrary code in the main process to circumvent cookie encryption:
- * - Running the application as a plain node process is disabled.
- * - Setting options through the `NODE_OPTIONS` environment variable is disabled.
- * - Attaching a debugger through the `--inspect` family of options is disabled.
- * - Will onload load the application from the ASAR archive.
- *
- * @param {import('electron-builder').AfterPackContext} context The `electron-builder` context.
- * @return {Promise<void>} The promise to flip the fuses.
- * @see https://github.com/electron/fuses
- */
-async function burnFuses(context) {
-  /** @type {string} */
-  const ext =
-    {
-      darwin: '.app',
-      win32: '.exe',
-    }[context.electronPlatformName] || '';
-  const electronBinaryPath = join(
-    context.appOutDir,
-    `${context.packager.appInfo.productFilename}${ext}`,
-  );
-  /** @type {import('@electron/fuses').FuseConfig<boolean>} */
-  const fuseConfig = {
-    version: FuseVersion.V1,
-    resetAdHocDarwinSignature:
-      context.electronPlatformName === 'darwin' && context.arch === Arch.arm64,
-    [FuseV1Options.RunAsNode]: false,
-    [FuseV1Options.EnableCookieEncryption]: true,
-    [FuseV1Options.EnableNodeOptionsEnvironmentVariable]: false,
-    [FuseV1Options.EnableNodeCliInspectArguments]: false,
-    // TODO: Revisit this: IF set to 'true' the packaged app doesn't start up on macos (x86)
-    [FuseV1Options.EnableEmbeddedAsarIntegrityValidation]: false,
-    [FuseV1Options.OnlyLoadAppFromAsar]: true,
-  };
-  return flipFuses(electronBinaryPath, fuseConfig);
-}
 module.exports = config;

diff --git a/.electron-builder.config.cjs b/.electron-builder.config.cjs index aa7d9e0..4402088 100644 --- a/.electron-builder.config.cjs +++ b/.electron-builder.config.cjs
@@ -1,6 +1,9 @@
		1
1	const { Arch } = require('electron-builder');	2	const { Arch } = require('electron-builder');
2	const { flipFuses, FuseV1Options, FuseVersion } = require('@electron/fuses');	3	const { FuseV1Options, FuseVersion } = require('@electron/fuses');
3	const { join } = require('path');	4
		5	const burnFuses = require('./config/burnFuses.cjs');
		6	const enableWaylandAutoDetection = require('./config/enableWaylandAutoDetection.cjs');
4		7
5	/**	8	/**
6	* @type {import('electron-builder').Configuration}	9	* @type {import('electron-builder').Configuration}
@@ -15,55 +18,34 @@ const config = {
15	'packages/main/dist/**',	18	'packages/main/dist/**',
16	'packages/preload/dist/**',	19	'packages/preload/dist/**',
17	'packages/renderer/dist/**',	20	'packages/renderer/dist/**',
18	'packages/service-inject/dist/**',
19	'packages/service-preload/dist/**',	21	'packages/service-preload/dist/**',
		22	'locales/**',
20	// Do not ship with source maps.	23	// Do not ship with source maps.
21	'!*/.map',	24	'!*/.map',
22	],	25	],
23	afterPack(context) {	26	afterPack(context) {
24	return burnFuses(context);	27	/*
		28	* Enables chromium cookie encryption and disables options that could be
		29	* used to execute arbitrary code in the main process to circumvent cookie encryption:
		30	*/
		31	return burnFuses(context, {
		32	version: FuseVersion.V1,
		33	resetAdHocDarwinSignature:
		34	context.electronPlatformName === 'darwin' && context.arch === Arch.arm64,
		35	[FuseV1Options.RunAsNode]: false,
		36	[FuseV1Options.EnableCookieEncryption]: true,
		37	[FuseV1Options.EnableNodeOptionsEnvironmentVariable]: false,
		38	[FuseV1Options.EnableNodeCliInspectArguments]: false,
		39	// TODO: Revisit this: IF set to `true` the packaged app doesn't start up on macos (x86)
		40	[FuseV1Options.EnableEmbeddedAsarIntegrityValidation]: false,
		41	[FuseV1Options.OnlyLoadAppFromAsar]: true,
		42	});
25	},	43	},
		44	async afterSign(context) {
		45	if (context.electronPlatformName === 'linux') {
		46	await enableWaylandAutoDetection(context);
		47	}
		48	}
26	};	49	};
27		50
28	/**
29	* Hardens the shipped electron binary by burning some electron fuses.
30	*
31	* Enabled chromium cookie encryption and disables options that could be
32	* used to execute arbitrary code in the main process to circumvent cookie encryption:
33	* - Running the application as a plain node process is disabled.
34	* - Setting options through the `NODE_OPTIONS` environment variable is disabled.
35	* - Attaching a debugger through the `--inspect` family of options is disabled.
36	* - Will onload load the application from the ASAR archive.
37	*
38	* @param {import('electron-builder').AfterPackContext} context The `electron-builder` context.
39	* @return {Promise<void>} The promise to flip the fuses.
40	* @see https://github.com/electron/fuses
41	*/
42	async function burnFuses(context) {
43	/** @type {string} */
44	const ext =
45	{
46	darwin: '.app',
47	win32: '.exe',
48	}[context.electronPlatformName] \|\| '';
49	const electronBinaryPath = join(
50	context.appOutDir,
51	`${context.packager.appInfo.productFilename}${ext}`,
52	);
53	/** @type {import('@electron/fuses').FuseConfig<boolean>} */
54	const fuseConfig = {
55	version: FuseVersion.V1,
56	resetAdHocDarwinSignature:
57	context.electronPlatformName === 'darwin' && context.arch === Arch.arm64,
58	[FuseV1Options.RunAsNode]: false,
59	[FuseV1Options.EnableCookieEncryption]: true,
60	[FuseV1Options.EnableNodeOptionsEnvironmentVariable]: false,
61	[FuseV1Options.EnableNodeCliInspectArguments]: false,
62	// TODO: Revisit this: IF set to 'true' the packaged app doesn't start up on macos (x86)
63	[FuseV1Options.EnableEmbeddedAsarIntegrityValidation]: false,
64	[FuseV1Options.OnlyLoadAppFromAsar]: true,
65	};
66	return flipFuses(electronBinaryPath, fuseConfig);
67	}
68
69	module.exports = config;	51	module.exports = config;