From 38ccd77b81c215d930baba4013c04ee4e0232101 Mon Sep 17 00:00:00 2001 From: Michael Telatynski <7t3chguy@gmail.com> Date: Tue, 28 Mar 2023 16:08:51 +0100 Subject: [PATCH 1/3] Backport packaging scripts to master --- .github/workflows/build_and_deploy.yaml | 13 ++- .github/workflows/build_and_test.yaml | 3 +- .github/workflows/build_keyring.yaml | 53 ++++++++++ .github/workflows/build_linux.yaml | 23 ++++- .github/workflows/build_macos.yaml | 8 +- .github/workflows/build_prepare.yaml | 78 +++++++++----- .github/workflows/build_windows.yaml | 19 ++-- .github/workflows/packages_index.yaml | 2 +- .github/workflows/reprepro.yaml | 7 +- element-io-archive-keyring/DEBIAN/control | 7 ++ hak/matrix-seshat/build.ts | 22 +++- .../debian/element-io-archive-keyring.asc | 96 ++++++++++++------ .../debian/element-io-archive-keyring.gpg | Bin 2577 -> 2577 bytes scripts/hak/target.ts | 9 ++ 14 files changed, 254 insertions(+), 86 deletions(-) create mode 100644 .github/workflows/build_keyring.yaml create mode 100644 element-io-archive-keyring/DEBIAN/control diff --git a/.github/workflows/build_and_deploy.yaml b/.github/workflows/build_and_deploy.yaml index 7744910..0adc19c 100644 --- a/.github/workflows/build_and_deploy.yaml +++ b/.github/workflows/build_and_deploy.yaml @@ -41,15 +41,14 @@ on: default: true concurrency: ${{ github.workflow }} env: - # XXX: UPDATE THIS BEFORE WHEN GOING LIVE - R2_BUCKET: "packages-element-io-test" + R2_BUCKET: "packages-element-io" jobs: prepare: uses: ./.github/workflows/build_prepare.yaml with: config: element.io/${{ inputs.mode || 'nightly' }} version: ${{ inputs.mode == 'release' && '' || 'develop' }} - calculate-nightly-versions: ${{ inputs.mode != 'release' }} + nightly: ${{ inputs.mode != 'release' }} secrets: CF_R2_ACCESS_KEY_ID: ${{ secrets.CF_R2_ACCESS_KEY_ID }} CF_R2_TOKEN: ${{ secrets.CF_R2_TOKEN }} @@ -88,8 +87,7 @@ jobs: with: sign: true deploy-mode: true - # XXX: UPDATE THIS BEFORE WHEN GOING LIVE - base-url: https://packages-element-io-test.element.io/${{ inputs.mode == 'release' && 'desktop' || 'nightly' }} + base-url: https://packages.element.io/${{ inputs.mode == 'release' && 'desktop' || 'nightly' }} version: ${{ needs.prepare.outputs.macos-version }} linux: @@ -98,6 +96,7 @@ jobs: name: Linux uses: ./.github/workflows/build_linux.yaml with: + config: element.io/${{ inputs.mode || 'nightly' }} sqlcipher: system version: ${{ needs.prepare.outputs.linux-version }} @@ -111,7 +110,7 @@ jobs: - windows_64bit runs-on: ubuntu-latest name: Deploy - if: github.event != 'workflow_dispatch' || (inputs.deploy && (inputs.macos || inputs.windows_32bit || inputs.windows_64bit)) + if: github.event_name != 'workflow_dispatch' || (inputs.deploy && (inputs.macos || inputs.windows_32bit || inputs.windows_64bit)) environment: packages.element.io steps: - name: Download artifacts @@ -135,7 +134,7 @@ jobs: # We queue this after the other deploy stage as we want to abort if that fails - deploy name: Run reprepro - if: github.event != 'workflow_dispatch' || (inputs.deploy && inputs.linux) + if: github.event_name != 'workflow_dispatch' || (inputs.deploy && inputs.linux) uses: ./.github/workflows/reprepro.yaml secrets: inherit with: diff --git a/.github/workflows/build_and_test.yaml b/.github/workflows/build_and_test.yaml index 451fc5a..429be35 100644 --- a/.github/workflows/build_and_test.yaml +++ b/.github/workflows/build_and_test.yaml @@ -31,6 +31,7 @@ jobs: matrix: sqlcipher: [system, static] with: + config: ${{ github.event.pull_request.base.ref == 'develop' && 'element.io/nightly' || 'element.io/release' }} sqlcipher: ${{ matrix.sqlcipher }} macos: @@ -91,7 +92,7 @@ jobs: if: matrix.prepare_cmd - name: Run tests - uses: GabrielBB/xvfb-action@v1 + uses: coactions/setup-xvfb@b6b4fcfb9f5a895edadc3bc76318fae0ac17c8b3 # v1 timeout-minutes: 5 with: run: "yarn test" diff --git a/.github/workflows/build_keyring.yaml b/.github/workflows/build_keyring.yaml new file mode 100644 index 0000000..5eb6abd --- /dev/null +++ b/.github/workflows/build_keyring.yaml @@ -0,0 +1,53 @@ +name: Build Keyring package +on: + workflow_dispatch: + inputs: + deploy: + description: Deploy artifacts + required: true + type: boolean + default: true + fingerprint: + description: The expected gpg fingerprint + required: true + type: string +concurrency: ${{ github.workflow }} +jobs: + build: + name: Build Keyring package + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + + - name: Prepare + run: | + mkdir -p element-io-archive-keyring/usr/share/keyrings/ + cp packages.element.io/debian/element-io-archive-keyring.gpg element-io-archive-keyring/usr/share/keyrings/element-io-archive-keyring.gpg + + - name: Check fingerprint + run: | + gpg --import element-io-archive-keyring/usr/share/keyrings/element-io-archive-keyring.gpg + gpg --fingerprint "$FINGERPRINT" + env: + FINGERPRINT: ${{ inputs.fingerprint }} + + - name: Build deb package + run: | + chmod u=rw,go=r element-io-archive-keyring/usr/share/keyrings/element-io-archive-keyring.gpg + dpkg-deb -Zxz --root-owner-group --build element-io-archive-keyring element-io-archive-keyring.deb + + - name: Upload Artifact + uses: actions/upload-artifact@v3 + with: + name: element-io-archive-keyring + path: "*.deb" + retention-days: 1 + + reprepro: + needs: build + name: Run reprepro + if: inputs.deploy + uses: ./.github/workflows/reprepro.yaml + secrets: inherit + with: + artifact-name: element-io-archive-keyring diff --git a/.github/workflows/build_linux.yaml b/.github/workflows/build_linux.yaml index 5d58924..b0c245b 100644 --- a/.github/workflows/build_linux.yaml +++ b/.github/workflows/build_linux.yaml @@ -4,6 +4,10 @@ on: workflow_call: inputs: + config: + type: string + required: true + description: "The config directory to use" version: type: string required: false @@ -34,6 +38,7 @@ jobs: if: steps.cache.outputs.cache-hit != 'true' uses: actions-rs/toolchain@v1 with: + default: true toolchain: stable - name: Install libsqlcipher-dev @@ -60,16 +65,26 @@ jobs: run: | echo "config-args=--nightly '${{ inputs.version }}'" >> $GITHUB_OUTPUT - - name: Generate debian control file + - name: Generate debian files and arguments + id: debian run: | - cp element.io/${{ inputs.version && 'nightly' || 'release' }}/control.template debcontrol - INPUT_VERSION="${{ inputs.version }}" + if [ -f changelog.Debian ]; then + echo "config-args=--deb-changelog changelog.Debian" >> $GITHUB_OUTPUT + fi + + cp "$DIR/control.template" debcontrol VERSION=${INPUT_VERSION:-$(cat package.json | jq -r .version)} echo "Version: $VERSION" >> debcontrol + env: + DIR: ${{ inputs.config }} + INPUT_VERSION: ${{ inputs.version }} - name: Build App run: | - scripts/generate-builder-config.ts ${{ steps.nightly.outputs.config-args }} --deb-custom-control=debcontrol + scripts/generate-builder-config.ts \ + ${{ steps.nightly.outputs.config-args }} \ + ${{ steps.debian.outputs.config-args }} \ + --deb-custom-control=debcontrol yarn build --publish never -l --config electron-builder.json - name: Upload Artifacts diff --git a/.github/workflows/build_macos.yaml b/.github/workflows/build_macos.yaml index 31ddf4b..e032f12 100644 --- a/.github/workflows/build_macos.yaml +++ b/.github/workflows/build_macos.yaml @@ -54,6 +54,7 @@ jobs: if: steps.cache.outputs.cache-hit != 'true' uses: actions-rs/toolchain@v1 with: + default: true toolchain: stable target: aarch64-apple-darwin @@ -79,12 +80,11 @@ jobs: - name: "[Signed] Build App" if: inputs.sign != '' run: | - scripts/generate-builder-config.ts ${{ steps.nightly.outputs.config-args }} + scripts/generate-builder-config.ts ${{ steps.nightly.outputs.config-args }} --notarytool-team-id='${{ secrets.APPLE_TEAM_ID }}' yarn build:universal --publish never --config electron-builder.json env: - NOTARIZE_APPLE_ID: ${{ secrets.APPLE_ID }} - NOTARIZE_APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }} - NOTARIZE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} + APPLE_ID: ${{ secrets.APPLE_ID }} + APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }} CSC_KEY_PASSWORD: ${{ secrets.APPLE_CSC_KEY_PASSWORD }} CSC_LINK: ${{ secrets.APPLE_CSC_LINK }} diff --git a/.github/workflows/build_prepare.yaml b/.github/workflows/build_prepare.yaml index a0c2430..65fec26 100644 --- a/.github/workflows/build_prepare.yaml +++ b/.github/workflows/build_prepare.yaml @@ -10,37 +10,38 @@ on: type: string required: false description: "The version tag to fetch, or 'develop', will pick automatically if not passed" - calculate-nightly-versions: - type: string + nightly: + type: boolean required: false - description: "Whether to calculate the version strings new Nightly builds should use" + default: false + description: "Whether the build is a Nightly and to calculate the version strings new builds should use" secrets: - # Required if `calculate-nightly-versions` is set + # Required if `nightly` is set CF_R2_ACCESS_KEY_ID: required: false - # Required if `calculate-nightly-versions` is set + # Required if `nightly` is set CF_R2_TOKEN: required: false - # Required if `calculate-nightly-versions` is set + # Required if `nightly` is set CF_R2_S3_API: required: false outputs: macos-version: - description: "The version string the next macOS Nightly should use, only output for calculate-nightly-versions" + description: "The version string the next macOS Nightly should use, only output for nightly" value: ${{ jobs.prepare.outputs.macos-version }} linux-version: - description: "The version string the next Linux Nightly should use, only output for calculate-nightly-versions" + description: "The version string the next Linux Nightly should use, only output for nightly" value: ${{ jobs.prepare.outputs.linux-version }} win32-x64-version: - description: "The version string the next Windows x64 Nightly should use, only output for calculate-nightly-versions" + description: "The version string the next Windows x64 Nightly should use, only output for nightly" value: ${{ jobs.prepare.outputs.win32-x64-version }} win32-x86-version: - description: "The version string the next Windows x86 Nightly should use, only output for calculate-nightly-versions" + description: "The version string the next Windows x86 Nightly should use, only output for nightly" value: ${{ jobs.prepare.outputs.win32-x86-version }} jobs: prepare: name: Prepare - environment: ${{ inputs.calculate-nightly-versions && 'packages.element.io' || '' }} + environment: ${{ inputs.nightly && 'packages.element.io' || '' }} runs-on: ubuntu-latest outputs: macos-version: ${{ steps.versions.outputs.macos }} @@ -66,19 +67,9 @@ jobs: yarn run --silent electron --version > electronVersion cat package.json | jq -c .hakDependencies > hakDependencies.json - - uses: actions/upload-artifact@v3 - with: - name: webapp - retention-days: 1 - path: | - webapp.asar - package.json - electronVersion - hakDependencies.json - - - name: Calculate Nightly versions + - name: "[Nightly] Calculate versions" id: versions - if: inputs.calculate-nightly-versions + if: inputs.nightly run: | MACOS=$(aws s3 cp s3://$R2_BUCKET/nightly/update/macos/releases.json - --endpoint-url $R2_URL --region auto | jq -r .currentRelease) echo "macos=$(scripts/generate-nightly-version.ts --latest $MACOS)" >> $GITHUB_OUTPUT @@ -93,6 +84,43 @@ jobs: env: AWS_ACCESS_KEY_ID: ${{ secrets.CF_R2_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.CF_R2_TOKEN }} - # XXX: UPDATE THIS BEFORE WHEN GOING LIVE - R2_BUCKET: "packages-element-io-test" + R2_BUCKET: "packages-element-io" R2_URL: ${{ secrets.CF_R2_S3_API }} + + - name: Check version + id: package + run: | + echo "version=$(cat package.json | jq -r .version)" >> $GITHUB_OUTPUT + + - name: "[Release] Fetch release" + id: release + if: ${{ !inputs.nightly && inputs.version != 'develop' }} + uses: cardinalby/git-get-release-action@cedef2faf69cb7c55b285bad07688d04430b7ada # v1 + env: + GITHUB_TOKEN: ${{ github.token }} + with: + tag: v${{ steps.package.outputs.version }} + + - name: "[Release] Write changelog" + if: ${{ !inputs.nightly && inputs.version != 'develop' }} + run: | + TIME=$(date -d "$PUBLISHED_AT" -R) + echo "element-desktop ($VERSION) default; urgency=medium" >> changelog.Debian + echo "$BODY" | sed 's/^##/\n */g;s/^\*/ */g' | perl -pe 's/\[.+?]\((.+?)\)/\1/g' >> changelog.Debian + echo "" >> changelog.Debian + echo " -- ${{ github.actor }} $TIME" >> changelog.Debian + env: + VERSION: v${{ steps.package.outputs.version }} + BODY: ${{ steps.release.outputs.body }} + PUBLISHED_AT: ${{ steps.release.outputs.published_at }} + + - uses: actions/upload-artifact@v3 + with: + name: webapp + retention-days: 1 + path: | + webapp.asar + package.json + electronVersion + hakDependencies.json + changelog.Debian diff --git a/.github/workflows/build_windows.yaml b/.github/workflows/build_windows.yaml index 4afbf93..6acee52 100644 --- a/.github/workflows/build_windows.yaml +++ b/.github/workflows/build_windows.yaml @@ -14,7 +14,7 @@ on: arch: type: string required: true - description: "The architecture to build for, one of 'x64' | 'x86'" + description: "The architecture to build for, one of 'x64' | 'x86' | 'arm64'" version: type: string required: false @@ -45,6 +45,12 @@ jobs: "target": "x86_64-pc-windows-msvc", "dir": "x64" }, + "arm64": { + "target": "aarch64-pc-windows-msvc", + "build-args": "--arm64", + "arch": "amd64_arm64", + "dir": "arm64" + }, "x86": { "target": "i686-pc-windows-msvc", "build-args": "--ia32", @@ -62,14 +68,14 @@ jobs: id: cache uses: actions/cache@v3 with: - key: ${{ runner.os }}-${{ hashFiles('hakDependencies.json', 'electronVersion') }} + key: ${{ runner.os }}-${{ inputs.arch }}-${{ hashFiles('hakDependencies.json', 'electronVersion') }} path: | ./.hak - name: Set up build tools uses: ilammy/msvc-dev-cmd@v1 with: - arch: ${{ inputs.arch }} + arch: ${{ steps.config.outputs.arch || inputs.arch }} # ActiveTCL package on choco is from 2015, # this one is newer but includes more than we need @@ -91,6 +97,7 @@ jobs: if: steps.cache.outputs.cache-hit != 'true' uses: actions-rs/toolchain@v1 with: + default: true toolchain: stable target: ${{ steps.config.outputs.target }} @@ -127,7 +134,7 @@ jobs: $LogConfig | Set-Content -Path ${{ env.INSTALL_DIR }}/log4net.config # Configure - ${{ env.INSTALL_DIR }}/eSignerCKATool.exe config -mode "${{ env.MODE }}" -user "${{ secrets.ESIGNER_USER_NAME }}" -pass "${{ secrets.ESIGNER_USER_PASSWORD }}" -totp "${{ secrets.ESIGNER_USER_TOTP }}" -key "${{ env.MASTER_KEY_FILE }}" -r + ${{ env.INSTALL_DIR }}/eSignerCKATool.exe config -mode product -user "${{ secrets.ESIGNER_USER_NAME }}" -pass "${{ secrets.ESIGNER_USER_PASSWORD }}" -totp "${{ secrets.ESIGNER_USER_TOTP }}" -key "${{ env.MASTER_KEY_FILE }}" -r ${{ env.INSTALL_DIR }}/eSignerCKATool.exe unload ${{ env.INSTALL_DIR }}/eSignerCKATool.exe load @@ -140,8 +147,6 @@ jobs: $SubjectName = ($CodeSigningCert.Subject -replace ", ?", "`n" | ConvertFrom-StringData).CN echo "config-args=--signtool-thumbprint '$Thumbprint' --signtool-subject-name '$SubjectName'" >> $env:GITHUB_OUTPUT env: - # XXX: UPDATE THIS BEFORE WHEN GOING LIVE - MODE: sandbox INSTALL_DIR: C:\Users\runneradmin\eSignerCKA MASTER_KEY_FILE: C:\Users\runneradmin\eSignerCKA\master.key @@ -159,8 +164,6 @@ jobs: - name: Check app was signed successfully if: inputs.sign != '' - # XXX: UPDATE THIS BEFORE WHEN GOING LIVE - continue-on-error: true run: | . "$env:SIGNTOOL_PATH" verify /pa (get-item ./dist/squirrel-windows*/*.exe) diff --git a/.github/workflows/packages_index.yaml b/.github/workflows/packages_index.yaml index bd3ecb4..ec0f091 100644 --- a/.github/workflows/packages_index.yaml +++ b/.github/workflows/packages_index.yaml @@ -18,7 +18,7 @@ on: jobs: deploy: name: "Deploy" - if: github.event != 'workflow_run' || github.event.workflow_run.conclusion == 'success' + if: github.event_name != 'workflow_run' || github.event.workflow_run.conclusion == 'success' runs-on: ubuntu-latest environment: packages.element.io env: diff --git a/.github/workflows/reprepro.yaml b/.github/workflows/reprepro.yaml index a929c54..12765b4 100644 --- a/.github/workflows/reprepro.yaml +++ b/.github/workflows/reprepro.yaml @@ -24,8 +24,7 @@ jobs: environment: packages.element.io runs-on: ubuntu-latest env: - # XXX: UPDATE THIS BEFORE WHEN GOING LIVE - R2_BUCKET: "packages-element-io-test" + R2_BUCKET: "packages-element-io" R2_DB_BUCKET: packages-element-io-db R2_URL: ${{ secrets.CF_R2_S3_API }} steps: @@ -64,10 +63,10 @@ jobs: # Download signing keyring sudo wget -O /usr/share/keyrings/element-io-archive-keyring.gpg https://packages.element.io/debian/element-io-archive-keyring.gpg # Point apt at local apt repo - echo "deb [signed-by=/usr/share/keyrings/element-io-archive-keyring.gpg] http://localhost:8000/debian/ default main" | sudo tee /etc/apt/sources.list.d/element-io.list + echo "deb [signed-by=/usr/share/keyrings/element-io-archive-keyring.gpg] http://127.0.0.1:8000/debian/ default main" | sudo tee /etc/apt/sources.list.d/element-io.list # Start http server and fetch from it via apt - python3 -m http.server 8000 & + python3 -m http.server 8000 --bind 127.0.0.1 & sudo apt-get update --allow-insecure-repositories killall python3 diff --git a/element-io-archive-keyring/DEBIAN/control b/element-io-archive-keyring/DEBIAN/control new file mode 100644 index 0000000..d75b438 --- /dev/null +++ b/element-io-archive-keyring/DEBIAN/control @@ -0,0 +1,7 @@ +Package: element-io-archive-keyring +Architecture: all +Section: contrib/meta +Maintainer: support@element.io +Priority: optional +Version: 1.1 +Description: The packages.element.io repository keyring diff --git a/hak/matrix-seshat/build.ts b/hak/matrix-seshat/build.ts index 422b1dc..5a41d89 100644 --- a/hak/matrix-seshat/build.ts +++ b/hak/matrix-seshat/build.ts @@ -22,6 +22,15 @@ import fsExtra from "fs-extra"; import HakEnv from "../../scripts/hak/hakEnv"; import { DependencyInfo } from "../../scripts/hak/dep"; +type WinConfiguration = + | "VC-WIN32" + | "VC-WIN64A" + | "VC-WIN64-ARM" + | "VC-WIN64-CLANGASM-ARM" + | "VC-CLANG-WIN64-CLANGASM-ARM" + | "VC-WIN32-HYBRIDCRT" + | "VC-WIN64A-HYBRIDCRT"; + export default async function (hakEnv: HakEnv, moduleInfo: DependencyInfo): Promise { if (hakEnv.isWin()) { await buildOpenSslWin(hakEnv, moduleInfo); @@ -36,7 +45,18 @@ async function buildOpenSslWin(hakEnv: HakEnv, moduleInfo: DependencyInfo): Prom const version = moduleInfo.cfg.dependencies.openssl; const openSslDir = path.join(moduleInfo.moduleTargetDotHakDir, `openssl-${version}`); - const openSslArch = hakEnv.getTargetArch() === "x64" ? "VC-WIN64A" : "VC-WIN32"; + let openSslArch: WinConfiguration; + switch (hakEnv.getTargetArch()) { + case "x64": + openSslArch = "VC-WIN64A"; + break; + case "ia32": + openSslArch = "VC-WIN32"; + break; + case "arm64": + openSslArch = "VC-WIN64-ARM"; + break; + } console.log("Building openssl in " + openSslDir); await new Promise((resolve, reject) => { diff --git a/packages.element.io/debian/element-io-archive-keyring.asc b/packages.element.io/debian/element-io-archive-keyring.asc index 36e73b6..923760c 100644 --- a/packages.element.io/debian/element-io-archive-keyring.asc +++ b/packages.element.io/debian/element-io-archive-keyring.asc @@ -24,35 +24,69 @@ zj97Y0WRPkAagJzeesIx/M4pjYg9zDIZ22NWT9d7KAZemLVtREwWM4zKYEI0Hpid GxR8jQ1rCc9RMVdO6xuhnVwUD/JyNEgtRKbBJX9qIH2Z30rvIg7ev9MJG6g52cDy +inNdxh4u4vpqQjjLTBraRalUe/4S4I8EaUFya91RWDLrEcmgdYfrqXbLMAEcPWS cYQdjW3ADEy47rGQ2SeaZweLuHGVx68hCcJx5E0X7eE32R8uaRjmEzgvU+wZKo0y -HFbLsQok8v7NqoqtuQGNBFy1FtQBDADPalE7/hP0kt7afhFoY/sGyO/464BA4Ozo -MaQC28d4JJCd07upnyj1aLGHfYyO6TXC1cqOQ2tThENyTfJOhVDQ9YCjqDzm4S5V -R91tNzvYNZOEIwRRPND2jpnmsCzwrnIRHNIiojHBZRnPdC01zcx4oC1m13qDiFSU -NOi/uDlAXtOf8p0zVnPypaGTG7MUBU8RmkyygvG+Z6AqNDOsDL/nIC5mf2zmLJqK -VkEeXnWhWBEVgIdr840vi/ejblmVRxanlyGVFY/5CWgylmGxxB0Oh5vz7SjpK5H5 -pONBo43K2tEjnU1jmWTX7tkHYo8wyQS04uO33qh01FLnYl1I0qebfwBys88i/yhr -9afxcXae5xTLUPzPp+6WYICxRdJ41/3zwlyKbNLvyNQzv43kiRYNR3Yc44F1tHMq -1Ty3kca7Qe0zGXXeISY3fUA4zKjg0S8bi3yfO5Z/FxpMhjJ+tAcDoiVrXZwsXCsd -MnQR0KVjzIAmCuJI7OUnujuAB9aMYSEAEQEAAYkD8gQYAQoAJgIbAhYhBBLUzWAM -IkCp9KggcdewtmlB0BU4BQJgd9oUBQkHhSpAAcDA9CAEGQEKAB0WIQR1dBiQBj5e -mkYTXQHChQsmWsCFvQUCXLUW1AAKCRDChQsmWsCFvaDYDADPVBNm75uZtEPOM2Ct -oxASarbPDLz8Ucy6FCtOoSpNdgAZFTISFASWfBO6h/9w5czT3owQD431V950QBHG -t763VFILckZ0Ul4roGGesmncRUIZLrc+UABigirHmCdnvo9s5UszTxid0muMbDeL -b1RmI0tkRDzlk/TrkHDf7rIUrcqhPqhtR0b75MfosEaowVN+kS9PqyFtXsrKB/iM -/gjvVnEEfIVDaK+lc6EBbqfJLMCa5z63CSEqMUhWP0qXGoA7ZM6AzaplzCTr5aB9 -dQBNU53SUo35OzblQSqR0gyuCYrvOHtisjTdrrUNsIbyjkUOc5Umpxzs9XmY94D5 -FfdxeALvYcs2hMEQWPoINVx87p1tWjwnmPzXGm2q095gL+ysOS5OeKOaPEPWfUe7 -NUd/WJ3GqvtPiF++PMEDBiPBm5gwrfg8Nd9xNoRntRZoOKJDcJ2/hhH5+4zPW54O -8Z4xBaOGjbWYTMxKw/M9sRmHIvXVcQmWdPhCOIP1XQndJoAJENewtmlB0BU4lpQQ -AK4hX6My0ehfuXoEl9BZE0T+HCFvwgH6xUoAjocZEw7l3ud6M4OouIaoODE/Fqgm -g/kFXjwyl/VQRDalMzi6ajPM6T3AOhv+d2oeNNJCSoilQUsJwAzMHDncbt7rGAb5 -SoeFEKdwu07lXRIVPhjmC+CgWT24Osv8dmOCj60jBaGdKEnmmdQ8Kq+h2k21oI2I -TYhjQBPcpxj0RSIJQHVHBYF3hgIZSWOeEg6ocx+3BLR2InEFwEK/GM9iXkwTadr5 -3AyaPAcOTaOeSQYKya3onQDI1LFhU5XnLg6YX1PKpKQMtouyM77RxqXk7QMsY0S9 -y8rveH5AK5Iou5IFcpXslVNyw63UFGiUQWKnYUMEm14Kzz/4EOVCDPjMY4Uj9rkh -rNR2Oc1fqtFNDMfbQKpxP6JlIHnTFRRYkbW98/oHAvVekysYq29CVg5MjVqPw6ek -//nOPuiFXa1dR3sMntsP+atG5imBINmRRzQ0Ha5CnX4a0PE4ZnTwLPPDDz0Hp2Rf -+X5AgKbCRA6s+O0juqKBcwdp/lWaMfm2KSBjLKalf654NeoKCHh1x5896NM5xVpl -UeI+G/FygG4XwKBuw408ZLlSgF7Dd02BMKptjLkIrnAEG8abvcRIgf2q+QwX3H8E -jxIwng3BGYCBP1LW3ulIrcfJ96/PkZG8MYuSCCIHzNkB -=JVma +HFbLsQok8v7NqoqtiQJUBBMBCgA+AhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheA +FiEEEtTNYAwiQKn0qCBx17C2aUHQFTgFAmQTZtMFCRoqUzwACgkQ17C2aUHQFTje +kRAAl0NkH0roj3qvjvAdZUU3vN+5ju68MddDaThuMEhrIO4OZKEVoD0iEiQT1p5n +PS06NkISzXOXRJ4TSlZ/r0U8o5HSfGwYmczyVpwiQYdbGdjMYPt0E/WTnPV59iKv +BmYeN/cUyo3WuPGRP0suA86XkMO73buHEx8/srQE1EFeDsBGruyIqRTGq9lLCi0P +ozyal+vjwrWd7D8MwQRu4YGnk7eCaHek+pSI3DZDxoRs2NqPPx8wT5O3manTBLjQ +HX24+VjOof6EhsOr6uGXIRpK7gK6olJj8gyEWpuz3R3Y2usWPK+n/nHFc+/YBS7w +y6uy+2aur4sjSqgCzNnI+o2GlDX+a1cB+urz1apQAOCRSZycGKuVXRYDFbIGi71V +sTq2x7qM0cbCu4bAU/rWxJaYrVo2xtBywiM2bjTrYty8Dyi59WqnsWuWxCbN5mB7 +6sGuomL13yZF3eHhzKQjJiK7xpPJXHu2iizFems9JlH0e5MtyXp9vcPBEJyyuYR5 +Q3HatbnkGccRe+W08CR3k3nzdStCXIxDb47Eo62I3D/q/SgXlFEDaiLtR+PAkNvX +i4NXnGGE/+yH9ISGYax/jRTjRVpMUfSbgUbAP/5X2X54qShVtz0hDOIiCWX+DXMV +d9LYXoBs0isS7bKvZ0qu775knyaLGZKkxHcYFtseF4SmAvC5AY0EXLUW1AEMAM9q +UTv+E/SS3tp+EWhj+wbI7/jrgEDg7OgxpALbx3gkkJ3Tu6mfKPVosYd9jI7pNcLV +yo5Da1OEQ3JN8k6FUND1gKOoPObhLlVH3W03O9g1k4QjBFE80PaOmeawLPCuchEc +0iKiMcFlGc90LTXNzHigLWbXeoOIVJQ06L+4OUBe05/ynTNWc/KloZMbsxQFTxGa +TLKC8b5noCo0M6wMv+cgLmZ/bOYsmopWQR5edaFYERWAh2vzjS+L96NuWZVHFqeX +IZUVj/kJaDKWYbHEHQ6Hm/PtKOkrkfmk40Gjjcra0SOdTWOZZNfu2QdijzDJBLTi +47feqHTUUudiXUjSp5t/AHKzzyL/KGv1p/Fxdp7nFMtQ/M+n7pZggLFF0njX/fPC +XIps0u/I1DO/jeSJFg1HdhzjgXW0cyrVPLeRxrtB7TMZdd4hJjd9QDjMqODRLxuL +fJ87ln8XGkyGMn60BwOiJWtdnCxcKx0ydBHQpWPMgCYK4kjs5Se6O4AH1oxhIQAR +AQABiQPyBBgBCgAmAhsCFiEEEtTNYAwiQKn0qCBx17C2aUHQFTgFAmB32hQFCQeF +KkABwMD0IAQZAQoAHRYhBHV0GJAGPl6aRhNdAcKFCyZawIW9BQJctRbUAAoJEMKF +CyZawIW9oNgMAM9UE2bvm5m0Q84zYK2jEBJqts8MvPxRzLoUK06hKk12ABkVMhIU +BJZ8E7qH/3DlzNPejBAPjfVX3nRAEca3vrdUUgtyRnRSXiugYZ6yadxFQhkutz5Q +AGKCKseYJ2e+j2zlSzNPGJ3Sa4xsN4tvVGYjS2REPOWT9OuQcN/ushStyqE+qG1H +Rvvkx+iwRqjBU36RL0+rIW1eysoH+Iz+CO9WcQR8hUNor6VzoQFup8kswJrnPrcJ +ISoxSFY/SpcagDtkzoDNqmXMJOvloH11AE1TndJSjfk7NuVBKpHSDK4Jiu84e2Ky +NN2utQ2whvKORQ5zlSanHOz1eZj3gPkV93F4Au9hyzaEwRBY+gg1XHzunW1aPCeY +/NcabarT3mAv7Kw5Lk54o5o8Q9Z9R7s1R39Yncaq+0+IX748wQMGI8GbmDCt+Dw1 +33E2hGe1Fmg4okNwnb+GEfn7jM9bng7xnjEFo4aNtZhMzErD8z2xGYci9dVxCZZ0 ++EI4g/VdCd0mgAkQ17C2aUHQFTiWlBAAriFfozLR6F+5egSX0FkTRP4cIW/CAfrF +SgCOhxkTDuXe53ozg6i4hqg4MT8WqCaD+QVePDKX9VBENqUzOLpqM8zpPcA6G/53 +ah400kJKiKVBSwnADMwcOdxu3usYBvlKh4UQp3C7TuVdEhU+GOYL4KBZPbg6y/x2 +Y4KPrSMFoZ0oSeaZ1Dwqr6HaTbWgjYhNiGNAE9ynGPRFIglAdUcFgXeGAhlJY54S +DqhzH7cEtHYicQXAQr8Yz2JeTBNp2vncDJo8Bw5No55JBgrJreidAMjUsWFTlecu +DphfU8qkpAy2i7IzvtHGpeTtAyxjRL3Lyu94fkArkii7kgVyleyVU3LDrdQUaJRB +YqdhQwSbXgrPP/gQ5UIM+MxjhSP2uSGs1HY5zV+q0U0Mx9tAqnE/omUgedMVFFiR +tb3z+gcC9V6TKxirb0JWDkyNWo/Dp6T/+c4+6IVdrV1Hewye2w/5q0bmKYEg2ZFH +NDQdrkKdfhrQ8ThmdPAs88MPPQenZF/5fkCApsJEDqz47SO6ooFzB2n+VZox+bYp +IGMspqV/rng16goIeHXHnz3o0znFWmVR4j4b8XKAbhfAoG7DjTxkuVKAXsN3TYEw +qm2MuQiucAQbxpu9xEiB/ar5DBfcfwSPEjCeDcEZgIE/Utbe6Uitx8n3r8+Rkbwx +i5IIIgfM2QGJA/IEGAEKACYCGwIWIQQS1M1gDCJAqfSoIHHXsLZpQdAVOAUCZBNm ++gUJCyC3JgHAwPQgBBkBCgAdFiEEdXQYkAY+XppGE10BwoULJlrAhb0FAly1FtQA +CgkQwoULJlrAhb2g2AwAz1QTZu+bmbRDzjNgraMQEmq2zwy8/FHMuhQrTqEqTXYA +GRUyEhQElnwTuof/cOXM096MEA+N9VfedEARxre+t1RSC3JGdFJeK6BhnrJp3EVC +GS63PlAAYoIqx5gnZ76PbOVLM08YndJrjGw3i29UZiNLZEQ85ZP065Bw3+6yFK3K +oT6obUdG++TH6LBGqMFTfpEvT6shbV7Kygf4jP4I71ZxBHyFQ2ivpXOhAW6nySzA +muc+twkhKjFIVj9KlxqAO2TOgM2qZcwk6+WgfXUATVOd0lKN+Ts25UEqkdIMrgmK +7zh7YrI03a61DbCG8o5FDnOVJqcc7PV5mPeA+RX3cXgC72HLNoTBEFj6CDVcfO6d +bVo8J5j81xptqtPeYC/srDkuTnijmjxD1n1HuzVHf1idxqr7T4hfvjzBAwYjwZuY +MK34PDXfcTaEZ7UWaDiiQ3Cdv4YR+fuMz1ueDvGeMQWjho21mEzMSsPzPbEZhyL1 +1XEJlnT4QjiD9V0J3SaACRDXsLZpQdAVOLR+EACQWO84JbUqSVkInAPJ+dsWXq9Z +cm1GwwipsoaDkZSDWZMX2Yj2TKVbeqEDNuBC5/KFSwyBKB3edBUy8onrYqRdLx0q +qQj2PFRFo4Iz3si+6iBEGQtK5OZXjBkuDuzxcNRlp9Sooquf5n9dLaXQWj6IfH5u +Vlpkf/EoCKEuWqRHpn/NpN4Goc+m4ZPU6eJiJr5RMnv4lHgJyn03IZRbltqEL0gB +OEOxUEhVJvkknw5aTTZrr8OHnh614Duq1asrrU5jaowGWMnfeOPyT0oDgmnUzg0k +PrNkhro/SbSWxzVpC+dapVIg4udGyU03XgXP6C1psKfdBMoZoMzSX1E5aItS5yr9 +KGyUUwQh0m0kzzUD1tVJU0QmLpTow/O2IaV+c1iPOB5AZ4fXyBq8X/NuWDmN42Jh +zgtjQyb97wy9/ABqQn5fy1KNAjN4yOIHri/UY+y0OuU27g4mSfJCBEA+H9mt8Cgv +CB0xdYaDfjc1uq9UoEAteuY4bso9KpB84UtJetEOxQWYJe7LVRiha037wTOpxgD2 +JhHPU8f//FocQXkZNxOeNSWQLM/U5d2X9ISjOZGRyctk3VHKWv45v0bOs6NnT4tU +SaV+98JeB1eVCmOrKvgmxoNGK+n9kdtbrGb9kLfMarAvx1/GTHC6b9oQ50bQ6Igk +KOQ1/miIFEhO+ksiqQ== +=OOgy -----END PGP PUBLIC KEY BLOCK----- diff --git a/packages.element.io/debian/element-io-archive-keyring.gpg b/packages.element.io/debian/element-io-archive-keyring.gpg index fe7e26b545494fee91417cf9c6175d8d3fa940cb..6fbeecc63f411824f62d29d8b3e48c3a43f8e333 100644 GIT binary patch delta 1124 zcmV-q1e^Pj6p<9LJ^~v88v_Lk2?z%Q1{Dek2nzxP76JnS0v-VZ7l4yK0vUf~6K2x| z2^uO>JOBy_5ZAD_X+h8xINp&E0GC5#A4=$tdasV~9c4u~yx+Nw?z}PALuoi}Fi2}4 z?ha(36`(yL5+oDWo@YHRIyOQQ&2yJTo)bz|f3HP6qmj~lY#5o$@>ZN8L5Euz*vw%2 zbQATHob`G3BCiH!9yj+C%8h^4xbcxcOD+S>mypA|-MfbqA3w6R1k^!Z4!}mP?1-rp z#;e&&3M~(#Jers5^}^_1a9Ghr<1pWXm_Ogl!)9mL&k(`*xHXjA23gox0$Ka z1h~*0eYp8p&Y}KqEch>41`*nv)vuo+UpiPucv?ham91**aa@| z%d4{cX0ES`BTA?O%-P8LjfRvp{%cnO`s(x5s!#ynkx87K7^{_C76TQs28+E_u{yTL zx{T4r!n=mRQ~K7#mYA(tHpb9$!Xq|rH0xsAybmb3^=hZFYnH?&&E{Zx>cOs}V)fr9 zMcv`y%%meGBD=%XD?(h1LvN16qpgVCKkEG`7nD&0Y9j4N%CbLTh!U2D@eh>hVSnoI`wJJ$j z2%H1S`P&v=uUT?!M#BiHvWA0^l!IB57uksROr=|Tp#wJHLg(^@OALW19o}>mGV+P* zVx(O!9V)2^_B>QYqk=Qu$iC_zL>UW8a&@o>~-r_`vTtDok7T`i^1T0V$; zer{G;WPkA}2%TBJv&f6b)c2BFWU;gi(q;$kMgQ8Ih@lz0iseK#SLTb9~{FGvA6 zL$OduRVMi)pAK40HfyiLhn^m_;5(|-t1GQeV`_{BSjpdbIG zB+oSi*40T7$Qry~^KMu2putXhJ$`LHM*}=#)C#H>HU%0 qTdZdNkhjcgurJ47#!PU!Z`u&&M$qVpBq-!H{%8n@6i80`OCqUccN>-f delta 1125 zcmV-r1e*Ji6p<9LJ_05dAp{cC&0q{7K&kYoAaU2QwrN4o6*vU~T(uUL0viJb2?=Ha zfRjN27=Hi?2@uz?wrN4o6*%=95C3c`J~=p4I6!}0C_iD=$WMHo@uo_+nH2~g!MotW zY}YZ;BpQ;2#Oo#LAxMEx3p`^){LotpIsEt8cGI;CsGD@kR(17;V4$oC!H`W10guIK zDhWyPWSkk=AWlB6BV#H5!W_NSetAzv$O|EKWPddYQau81llhbco-~$##|Mz=x`2gL z1xP-)w_K6`dki5YM_yi|*J&v01SVz%U-49QHoDK?L45PwziyP9Gt{hQ(2_>{qC{Jd z0X+K8&!a$vCst`kAhXB)=kCHr&xeBmu>@eom2*n~h`PFV&Cb!@%{L4kis0;g##XSh z_J0sjQ``~`1UW*uFfAFEFP%A6CRaJP&Odu&MUg&08i1VMdcraM&MA$EJw1WB!8Lu zJmBn@V=<@Cc8?M|%DC%H8x(wv4QmO{QGYR4PU{7zyxshl5vC`jcvdTOt|i`kl81iX9tV8ah1ofAqm29F%6BIZv zQ|uWkjWQfo%drY1^8U@LimkJZ1hoMQV0YRS1qla*DnPSK2EqYO80HJ$ zpjkb*I?McaV}g%=ts@1YohV7>nbbTguc6vawV;iNO^9Pa6Wpg5^hF{GKy^n2fp>-i z8A)TF5)P1#*?_l~Z!Vt<)4~ltE&r zVM7F)UJB1Y_z>kn4EW4rg(LR4A*|GPIn7_H(M=4;+d!&uKcZzIdD9gXSdq28^ZEw@ z^Iw*W zb;qAQ=+imHT4hn02fL_CQO@T0~ZH&1Hu5bh!#+$vwNP+#T r`3x7_e*}*bFrE#;8GwO5Qr6z-NUg`o_pi^9k-RYoi;@T;2h7<4acu>q diff --git a/scripts/hak/target.ts b/scripts/hak/target.ts index 2d0fa71..4b0f992 100644 --- a/scripts/hak/target.ts +++ b/scripts/hak/target.ts @@ -25,6 +25,7 @@ export type TargetId = | "universal-apple-darwin" | "i686-pc-windows-msvc" | "x86_64-pc-windows-msvc" + | "aarch64-pc-windows-msvc" | "i686-unknown-linux-musl" | "i686-unknown-linux-gnu" | "x86_64-unknown-linux-musl" @@ -98,6 +99,13 @@ const x8664PcWindowsMsvc: WindowsTarget = { vcVarsArch: "amd64", }; +const aarch64WindowsMsvc: WindowsTarget = { + id: "aarch64-pc-windows-msvc", + platform: "win32", + arch: "arm64", + vcVarsArch: "arm64", +}; + const x8664UnknownLinuxGnu: LinuxTarget = { id: "x86_64-unknown-linux-gnu", platform: "linux", @@ -162,6 +170,7 @@ export const TARGETS: Record = { // Windows "i686-pc-windows-msvc": i686PcWindowsMsvc, "x86_64-pc-windows-msvc": x8664PcWindowsMsvc, + "aarch64-pc-windows-msvc": aarch64WindowsMsvc, // Linux "i686-unknown-linux-musl": i686UnknownLinuxMusl, "i686-unknown-linux-gnu": i686UnknownLinuxGnu, From 201000da3977c17e13033de1d14e5d9e07547506 Mon Sep 17 00:00:00 2001 From: Michael Telatynski <7t3chguy@gmail.com> Date: Tue, 28 Mar 2023 16:38:57 +0100 Subject: [PATCH 2/3] Backport more build config to master --- scripts/generate-builder-config.ts | 85 ++++++++++++------------------ 1 file changed, 35 insertions(+), 50 deletions(-) diff --git a/scripts/generate-builder-config.ts b/scripts/generate-builder-config.ts index eb98b7f..1ba707b 100755 --- a/scripts/generate-builder-config.ts +++ b/scripts/generate-builder-config.ts @@ -7,6 +7,9 @@ * On Windows: * Prefixes the nightly version with `0.0.1-nightly.` as it breaks if it is not semver * + * On macOS: + * Passes --notarytool-team-id to build.mac.notarize.notarize if specified and removes build.mac.afterSign + * * On Linux: * Replaces spaces in the product name with dashes as spaces in paths can cause issues * Passes --deb-custom-control to build.deb.fpm if specified @@ -15,6 +18,7 @@ import parseArgs from "minimist"; import fsProm from "fs/promises"; import * as os from "os"; +import { Configuration } from "app-builder-lib"; const ELECTRON_BUILDER_CFG_FILE = "electron-builder.json"; @@ -25,54 +29,23 @@ const argv = parseArgs<{ "nightly"?: string; "signtool-thumbprint"?: string; "signtool-subject-name"?: string; + "notarytool-team-id"?: string; "deb-custom-control"?: string; + "deb-changelog"?: string; }>(process.argv.slice(2), { - string: ["nightly", "deb-custom-control", "signtool-thumbprint", "signtool-subject-name"], + string: [ + "nightly", + "deb-custom-control", + "deb-changelog", + "signtool-thumbprint", + "signtool-subject-name", + "notarytool-team-id", + ], }); -interface File { - from: string; - to: string; -} +type DeepWriteable = { -readonly [P in keyof T]: DeepWriteable }; -interface PackageBuild { - appId: string; - asarUnpack: string; - files: Array; - extraResources: Array; - linux: { - target: string; - category: string; - maintainer: string; - desktop: { - StartupWMClass: string; - }; - }; - mac: { - category: string; - darkModeSupport: boolean; - }; - win: { - target: { - target: string; - }; - sign?: string; - signingHashAlgorithms?: string[]; - certificateSubjectName?: string; - certificateSha1?: string; - }; - deb?: { - fpm?: string[]; - }; - directories: { - output: string; - }; - afterPack: string; - afterSign: string; - protocols: Array<{ - name: string; - schemes: string[]; - }>; +interface PackageBuild extends DeepWriteable> { extraMetadata?: { productName?: string; name?: string; @@ -114,10 +87,17 @@ async function main(): Promise { } if (argv["signtool-thumbprint"] && argv["signtool-subject-name"]) { - delete cfg.win.sign; - cfg.win.signingHashAlgorithms = ["sha256"]; - cfg.win.certificateSubjectName = argv["signtool-subject-name"]; - cfg.win.certificateSha1 = argv["signtool-thumbprint"]; + delete cfg.win!.sign; + cfg.win!.signingHashAlgorithms = ["sha256"]; + cfg.win!.certificateSubjectName = argv["signtool-subject-name"]; + cfg.win!.certificateSha1 = argv["signtool-thumbprint"]; + } + + if (argv["notarytool-team-id"]) { + delete cfg.afterSign; + cfg.mac!.notarize = { + teamId: argv["notarytool-team-id"], + }; } if (os.platform() === "linux") { @@ -125,10 +105,15 @@ async function main(): Promise { // https://github.com/vector-im/element-web/issues/13171 cfg.extraMetadata!.productName = cfg.extraMetadata!.productName!.replace(/ /g, "-"); + cfg.deb = { + fpm: [], + }; + if (argv["deb-custom-control"]) { - cfg.deb = { - fpm: [`--deb-custom-control=${argv["deb-custom-control"]}`], - }; + cfg.deb.fpm!.push(`--deb-custom-control=${argv["deb-custom-control"]}`); + } + if (argv["deb-changelog"]) { + cfg.deb.fpm!.push(`--deb-changelog=${argv["deb-changelog"]}`); } } From 62e6851250309b7586776d9c59c8f13e9df8a68e Mon Sep 17 00:00:00 2001 From: Andy Balaam Date: Tue, 28 Mar 2023 17:32:29 +0100 Subject: [PATCH 3/3] Backport package.json changes from develop --- package.json | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/package.json b/package.json index 612005a..e015d8b 100644 --- a/package.json +++ b/package.json @@ -11,6 +11,9 @@ }, "license": "Apache-2.0", "files": [], + "engines": { + "node": ">=16.0.0" + }, "scripts": { "i18n": "matrix-gen-i18n", "prunei18n": "matrix-prune-i18n", @@ -52,8 +55,10 @@ "test": "jest" }, "dependencies": { + "@sentry/electron": "^4.3.0", "auto-launch": "^5.0.5", "counterpart": "^0.18.6", + "electron-clear-data": "^1.0.5", "electron-store": "^8.0.2", "electron-window-state": "^5.0.3", "minimist": "^1.2.6", @@ -80,20 +85,21 @@ "@typescript-eslint/eslint-plugin": "^5.42.0", "@typescript-eslint/parser": "^5.42.0", "allchange": "^1.0.6", - "app-builder-lib": "^22.14.10", + "app-builder-lib": "24.0.0", + "asar": "^3.2.0", "babel-jest": "^29.0.0", "chokidar": "^3.5.2", "detect-libc": "^1.0.3", "electron": "^23.0.0", - "electron-builder": "^23.6.0", - "electron-builder-squirrel-windows": "^23.6.0", - "electron-devtools-installer": "^3.1.1", + "electron-builder": "24.0.0", + "electron-builder-squirrel-windows": "24.0.0", + "electron-devtools-installer": "^3.2.0", "eslint": "^8.26.0", "eslint-config-google": "^0.14.0", "eslint-config-prettier": "^8.5.0", "eslint-plugin-import": "^2.25.4", "eslint-plugin-matrix-org": "^1.0.0", - "eslint-plugin-unicorn": "^45.0.0", + "eslint-plugin-unicorn": "^46.0.0", "expect-playwright": "^0.8.0", "find-npm-prefix": "^1.0.2", "fs-extra": "^11.0.0",