Conversation
Lemonexe
added
dependencies
|
All alerts resolved. Learn more about Socket for GitHub. This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored. Ignoring alerts on:
|
| '!node_modules/ajv/lib', | ||
| '!node_modules/blake-hash/**/{build,src}', | ||
| '!node_modules/usb/**/{libusb,libusb_config,src}', | ||
| '!node_modules/@trezor/**', // prevent inclusion of @trezor/suite-desktop, which would recurse |
There was a problem hiding this comment.
This is how the recursive hell looks like – app.asar.unpacked would contain the entire trezor suite 😅
https://github.com/user-attachments/assets/94d5cc72-6ed6-4f39-a5c2-e438ffa15ef0
When I fixed that, I noticed that the artifacts are +23 MB larger, but I confirmed that this is not fault of electron-builder ✔️ , it's our JS build that has grown, probably due to dependencies. Images have grown +3 MB.
There was a problem hiding this comment.
Cool, maybe you could add a comment that these modules are already bundled by Webpack into the dist folder.
There was a problem hiding this comment.
Added, and I cleaned up some of the exclusions, which are no longer necessary. By comparing the app.asar, I identified only those that are useful. 4eb9500
| icon: 'build/static/images/desktop/512x512.icns', | ||
| artifactName: 'Trezor-Suite-${version}-mac-${arch}.${ext}', | ||
| hardenedRuntime: true, | ||
| hardenedRuntime: isCodesignBuild, |
There was a problem hiding this comment.
lest the installed app crashes with
$ "/Applications/Trezor Suite.app/Contents/MacOS/Trezor Suite"
Termination Reason: Namespace DYLD, Code 1 Library missing
Library not loaded: @rpath/Electron Framework.framework/Electron Framework
Referenced from: <4C4C44E4-5555-3144-A158-EDA204878E47> /Applications/Trezor Suite.app/Contents/MacOS/Trezor Suite
Reason: tried: '/Applications/Trezor Suite.app/Contents/Frameworks/Electron Framework.framework/Electron Framework' (code signature in <4C4C44A0-5555-3144-A1EB-8E38D66573A7> '/Applications/Trezor Suite.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Electron Framework' not valid for use in process: mapping process and mapped file (non-platform) have different Team IDs), '/Applications/Trezor Suite.app/Contents/Frameworks/Electron Framework.framework/Electron Framework' (code signature in <4C4C44A0-5555-3144-A1EB-8E38D66573A7> '/Applications/Trezor Suite.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Electron Framework' not valid for use in process: mapping process and mapped file (non-platform) have different Team IDs)
(terminated at launch; ignore backtrace)
| + } | ||
| } | ||
| } | ||
| async signApp(packContext, isAsar) { |
There was a problem hiding this comment.
I made an upstream PR in electron-userland/electron-builder#9481
Lemonexe
force-pushed
the
chore/bump-electron-builder
branch
from
6f1ede5 to
8278ad7
Compare
|
✅ Previously successful run of [Test] PR Suite Web e2e tests workflow has been found. |
|
✅ Previously successful run of [Test] PR Suite Desktop e2e tests workflow has been found. |
|
@SocketSecurity ignore npm/electron-updater@6.7.3 |
Lemonexe
force-pushed
the
chore/bump-electron-builder
branch
from
8278ad7 to
13bdba8
Compare
| */ | ||
| if (electronPlatformName !== 'win32') { | ||
| // As of Electron 39, ASAR integrity is not supported on Linux, so we set the appropriate fuses for Windows and macOS | ||
| if (electronPlatformName !== 'win32' && electronPlatformName !== 'darwin') { |
There was a problem hiding this comment.
I confirmed that it is working on 🍎 :
$ npx @electron/fuses read --app "/Applications/Trezor Suite.app"
Analyzing app: Trezor Suite.app
Fuse Version: v1
RunAsNode is Enabled
EnableCookieEncryption is Disabled
EnableNodeOptionsEnvironmentVariable is Enabled
EnableNodeCliInspectArguments is Enabled
EnableEmbeddedAsarIntegrityValidation is Enabled
OnlyLoadAppFromAsar is Enabled
LoadBrowserProcessSpecificV8Snapshot is Disabled
GrantFileProtocolExtraPrivileges is Enabled
| '!node_modules/ajv/lib', | ||
| '!node_modules/blake-hash/**/{build,src}', | ||
| '!node_modules/usb/**/{libusb,libusb_config,src}', | ||
| '!node_modules/@trezor/**', // prevent inclusion of @trezor/suite-desktop, which would recurse |
There was a problem hiding this comment.
Cool, maybe you could add a comment that these modules are already bundled by Webpack into the dist folder.
Lemonexe
force-pushed
the
chore/bump-electron-builder
branch
from
13bdba8 to
475887e
Compare
Lemonexe
force-pushed
the
chore/bump-electron-builder
branch
from
475887e to
4eb9500
Compare
Lemonexe
force-pushed
the
chore/bump-electron-builder
branch
from
4eb9500 to
d105ec8
Compare
2 participants
Description
electron-builder, but I don't think it's really a bug).electronorelectron-builder).filesin electron builder config, as some exclusions were no longer necessaryCI build desktop apps OK ✔️
Notes for QA
I briefly verified on Linux x64, Windows 11 x64 and macOS ARM, both locally built & CI builds ✔️
Related Issue
Resolve #18919
Resolve #17057
🔍🖥️ Suite web test results: View in Currents
🔍🖥️ Suite desktop test results: View in Currents