The docs (https://www.atom.pe/docs/api/sandbox-option/) say we should be using the browser-native `window.open` implementation, but in practice that appears very much false. Electron, no matter our set of options, appears to always make a hit to the ipcRenderer with `window.open` calls, causing the calling code to explode due to the sandbox making that impossible.
By using `app.enableSandbox()`, it puts the sandbox in place over all BrowserWindow objects, including the temporary ones which empirically are being created for `window.open`. We do not need to specify `sandbox: true` to the BrowserWindow with this approach, though uncommenting and therefore reintroducing the flag causes our lovely ipcRenderer error again.
As far as I can tell, the sandbox does actually get applied to the window though the fact that `sandbox: true` still does things despite the docs saying otherwise leaves me a bit uncomfortable.
Fixes https://github.com/vector-im/riot-web/issues/13719
Since Xenial has the oldest glibc (2.23) of all the active distributions, this
attempts to construct a build image based on that. The Dockerfile here was built
by recursively expanding the `FROM` lines until reaching
`buildpack-deps:bionic-curl` and then changing that to `xenial`. Everything else
is the same.
Part of https://github.com/vector-im/riot-web/issues/13553
Each build command via Docker for Linux builds creates a separate writable layer
from scratch, so anything shared between commands needs to persist on the host.
This adds the container's GPG keys, so that the riot-web GPG key can be
imported in one step and verified in the next.
Fixes https://github.com/vector-im/riot-web/issues/13545
This adds a default Linux distribution which we'll suggest everyone uses going
forward to simplify packaging since the bytes are all the same anyway.
Part of https://github.com/vector-im/riot-web/issues/13367
