Loading pkgs/by-name/bi/bitwarden-desktop/dont-auto-setup-biometrics.patch +4 −4 Original line number Diff line number Diff line diff --git a/apps/desktop/src/platform/main/biometric/biometric.unix.main.ts b/apps/desktop/src/platform/main/biometric/biometric.unix.main.ts index e2428d9d12..de4e9e1e62 100644 --- a/apps/desktop/src/platform/main/biometric/biometric.unix.main.ts +++ b/apps/desktop/src/platform/main/biometric/biometric.unix.main.ts diff --git a/apps/desktop/src/key-management/biometrics/biometric.unix.main.ts b/apps/desktop/src/key-management/biometrics/biometric.unix.main.ts index 8962e7f3ec..a7291420f2 100644 --- a/apps/desktop/src/key-management/biometrics/biometric.unix.main.ts +++ b/apps/desktop/src/key-management/biometrics/biometric.unix.main.ts @@ -109,7 +109,7 @@ export default class BiometricUnixMain implements OsBiometricService { // The user needs to manually set up the polkit policy outside of the sandbox // since we allow access to polkit via dbus for the sandboxed clients, the authentication works from Loading pkgs/by-name/bi/bitwarden-desktop/package.nix +6 −19 Original line number Diff line number Diff line Loading @@ -35,19 +35,20 @@ let in buildNpmPackage rec { pname = "bitwarden-desktop"; version = "2024.9.0"; version = "2024.11.1"; src = fetchFromGitHub { owner = "bitwarden"; repo = "clients"; rev = "desktop-v${version}"; hash = "sha256-o5nRG2j73qheDOyeFfSga64D8HbTn1EUrCiN0W+Xn0w="; hash = "sha256-4QTQgW8k3EMf07Xqs2B+VXQOUPzoOgaNvoC02x4zvu8="; }; patches = [ ./electron-builder-package-lock.patch ./dont-auto-setup-biometrics.patch ./set-exe-path.patch # ensures `app.getPath("exe")` returns our wrapper, not ${electron}/bin/electron ./skip-afterpack.diff # this modifies bin/electron etc., but we wrap read-only bin/electron ourselves ]; postPatch = '' Loading @@ -62,7 +63,7 @@ in buildNpmPackage rec { makeCacheWritable = true; npmFlags = [ "--engine-strict" "--legacy-peer-deps" ]; npmWorkspace = "apps/desktop"; npmDepsHash = "sha256-L7/frKCNlq0xr6T+aSqyEQ44yrIXwcpdU/djrhCJNNk="; npmDepsHash = "sha256-YzhCyNMvfXGmgOpl3qWj1Pqd1hY8CJ9QLwQds5ZMnqg="; cargoDeps = rustPlatform.fetchCargoTarball { name = "${pname}-${version}"; Loading @@ -78,7 +79,7 @@ in buildNpmPackage rec { patches; patchFlags = [ "-p4" ]; sourceRoot = "${src.name}/${cargoRoot}"; hash = "sha256-y+6vaESiOeVrFJpZoOJ75onOpldqSsT2kqkMMzTDUmM="; hash = "sha256-aurjpVzWET30O+ysyE4ZzauMe8kHjOL169tfKUR1Vpg="; }; cargoRoot = "apps/desktop/desktop_native"; Loading @@ -103,20 +104,6 @@ in buildNpmPackage rec { libsecret ]; # node-argon2 builds with LTO, but that causes missing symbols. So disable it # and rebuild. Then we need to copy it into the build output for # electron-builder, as `apps/desktop/src/package.json` specifies `argon2` as # a dependency and electron-builder will otherwise install a fresh (and # broken) argon2. See https://github.com/ranisalt/node-argon2/pull/415 preConfigure = '' pushd node_modules/argon2 substituteInPlace binding.gyp --replace-fail '"-flto", ' "" "$npm_config_node_gyp" rebuild popd mkdir -p apps/desktop/build/node_modules cp -r ./{,apps/desktop/build/}node_modules/argon2 ''; preBuild = '' if [[ $(jq --raw-output '.devDependencies.electron' < package.json | grep -E --only-matching '^[0-9]+') != ${lib.escapeShellArg (lib.versions.major electron.version)} ]]; then echo 'ERROR: electron version mismatch' Loading Loading @@ -181,7 +168,7 @@ in buildNpmPackage rec { # Extract the polkit policy file from the multiline string in the source code. # This may break in the future but its better than copy-pasting it manually. mkdir -p $out/share/polkit-1/actions/ pushd apps/desktop/src/platform/main/biometric pushd apps/desktop/src/key-management/biometrics awk '/const polkitPolicy = `/{gsub(/^.*`/, ""); print; str=1; next} str{if (/`;/) str=0; gsub(/`;/, ""); print}' biometric.unix.main.ts > $out/share/polkit-1/actions/com.bitwarden.Bitwarden.policy popd Loading pkgs/by-name/bi/bitwarden-desktop/skip-afterpack.diff 0 → 100644 +39 −0 Original line number Diff line number Diff line diff --git a/apps/desktop/scripts/after-pack.js b/apps/desktop/scripts/after-pack.js index fd16cd5ffb..05a2325ee1 100644 --- a/apps/desktop/scripts/after-pack.js +++ b/apps/desktop/scripts/after-pack.js @@ -13,25 +13,6 @@ async function run(context) { console.log("## After pack"); // console.log(context); - if (context.packager.platform.nodeName !== "darwin" || context.arch === builder.Arch.universal) { - await addElectronFuses(context); - } - - if (context.electronPlatformName === "linux") { - console.log("Creating memory-protection wrapper script"); - const appOutDir = context.appOutDir; - const oldBin = path.join(appOutDir, context.packager.executableName); - const newBin = path.join(appOutDir, "bitwarden-app"); - fse.moveSync(oldBin, newBin); - console.log("Moved binary to bitwarden-app"); - - const wrapperScript = path.join(__dirname, "../resources/memory-dump-wrapper.sh"); - const wrapperBin = path.join(appOutDir, context.packager.executableName); - fse.copyFileSync(wrapperScript, wrapperBin); - fse.chmodSync(wrapperBin, "755"); - console.log("Copied memory-protection wrapper script"); - } - if (["darwin", "mas"].includes(context.electronPlatformName)) { const is_mas = context.electronPlatformName === "mas"; const is_mas_dev = context.targets.some((e) => e.name === "mas-dev"); @@ -140,6 +121,8 @@ function getIdentities() { * @param {import("electron-builder").AfterPackContext} context */ async function addElectronFuses(context) { + return; + const platform = context.packager.platform.nodeName; const ext = { Loading
pkgs/by-name/bi/bitwarden-desktop/dont-auto-setup-biometrics.patch +4 −4 Original line number Diff line number Diff line diff --git a/apps/desktop/src/platform/main/biometric/biometric.unix.main.ts b/apps/desktop/src/platform/main/biometric/biometric.unix.main.ts index e2428d9d12..de4e9e1e62 100644 --- a/apps/desktop/src/platform/main/biometric/biometric.unix.main.ts +++ b/apps/desktop/src/platform/main/biometric/biometric.unix.main.ts diff --git a/apps/desktop/src/key-management/biometrics/biometric.unix.main.ts b/apps/desktop/src/key-management/biometrics/biometric.unix.main.ts index 8962e7f3ec..a7291420f2 100644 --- a/apps/desktop/src/key-management/biometrics/biometric.unix.main.ts +++ b/apps/desktop/src/key-management/biometrics/biometric.unix.main.ts @@ -109,7 +109,7 @@ export default class BiometricUnixMain implements OsBiometricService { // The user needs to manually set up the polkit policy outside of the sandbox // since we allow access to polkit via dbus for the sandboxed clients, the authentication works from Loading
pkgs/by-name/bi/bitwarden-desktop/package.nix +6 −19 Original line number Diff line number Diff line Loading @@ -35,19 +35,20 @@ let in buildNpmPackage rec { pname = "bitwarden-desktop"; version = "2024.9.0"; version = "2024.11.1"; src = fetchFromGitHub { owner = "bitwarden"; repo = "clients"; rev = "desktop-v${version}"; hash = "sha256-o5nRG2j73qheDOyeFfSga64D8HbTn1EUrCiN0W+Xn0w="; hash = "sha256-4QTQgW8k3EMf07Xqs2B+VXQOUPzoOgaNvoC02x4zvu8="; }; patches = [ ./electron-builder-package-lock.patch ./dont-auto-setup-biometrics.patch ./set-exe-path.patch # ensures `app.getPath("exe")` returns our wrapper, not ${electron}/bin/electron ./skip-afterpack.diff # this modifies bin/electron etc., but we wrap read-only bin/electron ourselves ]; postPatch = '' Loading @@ -62,7 +63,7 @@ in buildNpmPackage rec { makeCacheWritable = true; npmFlags = [ "--engine-strict" "--legacy-peer-deps" ]; npmWorkspace = "apps/desktop"; npmDepsHash = "sha256-L7/frKCNlq0xr6T+aSqyEQ44yrIXwcpdU/djrhCJNNk="; npmDepsHash = "sha256-YzhCyNMvfXGmgOpl3qWj1Pqd1hY8CJ9QLwQds5ZMnqg="; cargoDeps = rustPlatform.fetchCargoTarball { name = "${pname}-${version}"; Loading @@ -78,7 +79,7 @@ in buildNpmPackage rec { patches; patchFlags = [ "-p4" ]; sourceRoot = "${src.name}/${cargoRoot}"; hash = "sha256-y+6vaESiOeVrFJpZoOJ75onOpldqSsT2kqkMMzTDUmM="; hash = "sha256-aurjpVzWET30O+ysyE4ZzauMe8kHjOL169tfKUR1Vpg="; }; cargoRoot = "apps/desktop/desktop_native"; Loading @@ -103,20 +104,6 @@ in buildNpmPackage rec { libsecret ]; # node-argon2 builds with LTO, but that causes missing symbols. So disable it # and rebuild. Then we need to copy it into the build output for # electron-builder, as `apps/desktop/src/package.json` specifies `argon2` as # a dependency and electron-builder will otherwise install a fresh (and # broken) argon2. See https://github.com/ranisalt/node-argon2/pull/415 preConfigure = '' pushd node_modules/argon2 substituteInPlace binding.gyp --replace-fail '"-flto", ' "" "$npm_config_node_gyp" rebuild popd mkdir -p apps/desktop/build/node_modules cp -r ./{,apps/desktop/build/}node_modules/argon2 ''; preBuild = '' if [[ $(jq --raw-output '.devDependencies.electron' < package.json | grep -E --only-matching '^[0-9]+') != ${lib.escapeShellArg (lib.versions.major electron.version)} ]]; then echo 'ERROR: electron version mismatch' Loading Loading @@ -181,7 +168,7 @@ in buildNpmPackage rec { # Extract the polkit policy file from the multiline string in the source code. # This may break in the future but its better than copy-pasting it manually. mkdir -p $out/share/polkit-1/actions/ pushd apps/desktop/src/platform/main/biometric pushd apps/desktop/src/key-management/biometrics awk '/const polkitPolicy = `/{gsub(/^.*`/, ""); print; str=1; next} str{if (/`;/) str=0; gsub(/`;/, ""); print}' biometric.unix.main.ts > $out/share/polkit-1/actions/com.bitwarden.Bitwarden.policy popd Loading
pkgs/by-name/bi/bitwarden-desktop/skip-afterpack.diff 0 → 100644 +39 −0 Original line number Diff line number Diff line diff --git a/apps/desktop/scripts/after-pack.js b/apps/desktop/scripts/after-pack.js index fd16cd5ffb..05a2325ee1 100644 --- a/apps/desktop/scripts/after-pack.js +++ b/apps/desktop/scripts/after-pack.js @@ -13,25 +13,6 @@ async function run(context) { console.log("## After pack"); // console.log(context); - if (context.packager.platform.nodeName !== "darwin" || context.arch === builder.Arch.universal) { - await addElectronFuses(context); - } - - if (context.electronPlatformName === "linux") { - console.log("Creating memory-protection wrapper script"); - const appOutDir = context.appOutDir; - const oldBin = path.join(appOutDir, context.packager.executableName); - const newBin = path.join(appOutDir, "bitwarden-app"); - fse.moveSync(oldBin, newBin); - console.log("Moved binary to bitwarden-app"); - - const wrapperScript = path.join(__dirname, "../resources/memory-dump-wrapper.sh"); - const wrapperBin = path.join(appOutDir, context.packager.executableName); - fse.copyFileSync(wrapperScript, wrapperBin); - fse.chmodSync(wrapperBin, "755"); - console.log("Copied memory-protection wrapper script"); - } - if (["darwin", "mas"].includes(context.electronPlatformName)) { const is_mas = context.electronPlatformName === "mas"; const is_mas_dev = context.targets.some((e) => e.name === "mas-dev"); @@ -140,6 +121,8 @@ function getIdentities() { * @param {import("electron-builder").AfterPackContext} context */ async function addElectronFuses(context) { + return; + const platform = context.packager.platform.nodeName; const ext = {
