keeweb
/
keeweb
mirror of https://github.com/keeweb/keeweb.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge branch 'master' into release-1.13 

# Conflicts:
#	Gruntfile.js
This commit is contained in:
antelle 2020-04-04 21:41:29 +02:00
parent c39933c051 0b31150a43
commit cb45eb4b3c
No known key found for this signature in database
GPG Key ID: 094A2F2D6136A4EE
10 changed files with 155 additions and 63 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
.github/actions/linux-build/Dockerfile vendored Normal file
View File

@ -0,0 +1,11 @@
FROM snapcore/snapcraft:stable
COPY entrypoint.sh /entrypoint.sh
RUN apt-get update
RUN apt-get install -y build-essential git-core unzip curl pkg-config rpm
RUN curl -sL https://deb.nodesource.com/setup_13.x | sudo -E bash -
RUN apt-get install -y nodejs
RUN npm i -g grunt-cli
ENTRYPOINT ["/entrypoint.sh"]

5
.github/actions/linux-build/action.yml vendored Normal file
View File

@ -0,0 +1,5 @@
name: 'Linux Build'
description: 'Build KeeWeb on Linux in Docker'
runs:
using: 'docker'
image: 'Dockerfile'

8
.github/actions/linux-build/entrypoint.sh vendored Executable file
View File

@ -0,0 +1,8 @@
#!/bin/bash -e
cd /github/workspace
npm ci
cd desktop
npm ci
cd /github/workspace
grunt desktop-linux

2
.github/workflows/deploy.yaml vendored
View File

@ -1,7 +1,7 @@
name: Deploy
on:
push:
branches: [ gh-pages ]
branches: [ 'gh-pages' ]
jobs:
publish:
runs-on: ubuntu-latest

66
Gruntfile.js
View File

@ -29,22 +29,7 @@ module.exports = function(grunt) {
const zipCommentPlaceholder =
zipCommentPlaceholderPart + '.'.repeat(512 - zipCommentPlaceholderPart.length);
const electronVersion = pkg.dependencies.electron.replace(/^\D/, '');
const skipCodeSigning = grunt.option('no-sign');
let codeSignConfig;
if (!skipCodeSigning) {
try {
codeSignConfig = require('../keys/codesign');
} catch (err) {
throw new Error(
'Unable to load code signing config from ../keys/codesign.\n' +
'This is needed for production builds targeting macOS.\n' +
'For development builds, run with the `--no-sign` arg to skip code signing,\n' +
'e.g. `npm start -- --no-sign`'
);
}
}
const getCodeSingConfig = () => require('./keys/codesign.json');
const webpackOptions = {
date,
@ -134,7 +119,7 @@ module.exports = function(grunt) {
nonull: true
},
'desktop-update': {
cwd: 'tmp/desktop/KeeWeb-darwin-x64/KeeWeb.app/Contents/Resources/',
cwd: 'tmp/desktop/keeweb-linux-x64/resources/',
src: 'app.asar',
dest: 'tmp/desktop/update/',
expand: true,
@ -166,12 +151,12 @@ module.exports = function(grunt) {
nonull: true
},
'electron-builder-dist-linux-rpm': {
src: `tmp/desktop/electron-builder/keeweb-${pkg.version}.x86_64.rpm`,
src: `tmp/desktop/electron-builder/KeeWeb-${pkg.version}.x86_64.rpm`,
dest: `dist/desktop/KeeWeb-${pkg.version}.linux.x86_64.rpm`,
nonull: true
},
'electron-builder-dist-linux-snap': {
src: `tmp/desktop/electron-builder/keeweb_${pkg.version}_amd64.snap`,
src: `tmp/desktop/electron-builder/KeeWeb_${pkg.version}_amd64.snap`,
dest: `dist/desktop/KeeWeb-${pkg.version}.linux.snap`,
nonull: true
},
@ -316,22 +301,24 @@ module.exports = function(grunt) {
appBundleId: 'net.antelle.keeweb',
appCategoryType: 'public.app-category.productivity',
extendInfo: 'package/osx/extend.plist',
...(codeSignConfig
? {
osxSign: {
identity: codeSignConfig.identities.app,
hardenedRuntime: true,
entitlements: 'package/osx/entitlements.mac.plist',
'entitlements-inherit': 'package/osx/entitlements.mac.plist',
'gatekeeper-assess': false
},
osxNotarize: {
appleId: codeSignConfig.appleId,
appleIdPassword: '@keychain:AC_PASSWORD',
ascProvider: codeSignConfig.teamId
}
}
: {}),
osxSign: {
get identity() {
return getCodeSingConfig().identities.app;
},
hardenedRuntime: true,
entitlements: 'package/osx/entitlements.mac.plist',
'entitlements-inherit': 'package/osx/entitlements.mac.plist',
'gatekeeper-assess': false
},
osxNotarize: {
get appleId() {
return getCodeSingConfig().appleId;
},
appleIdPassword: '@keychain:AC_PASSWORD',
get ascProvider() {
return getCodeSingConfig().teamId;
}
},
afterCopy: [
(buildPath, electronVersion, platform, arch, callback) => {
if (path.basename(buildPath) !== 'app') {
@ -389,6 +376,7 @@ module.exports = function(grunt) {
'electron-builder': {
linux: {
options: {
publish: 'never',
targets: 'linux',
prepackaged: 'tmp/desktop/keeweb-linux-x64',
config: {
@ -590,9 +578,13 @@ module.exports = function(grunt) {
},
'sign-exe': {
options: {
// algo: 'SHA256',
url: pkg.homepage,
...(codeSignConfig ? codeSignConfig.windows : {})
get vm() {
return getCodeSingConfig().windowsVM;
},
get certHash() {
return getCodeSingConfig().microsoftCertHash;
}
},
'win32-build-x64': {
options: {

10
build/tasks/grunt-sign-exe.js
View File

@ -43,14 +43,14 @@ module.exports = function(grunt) {
const cmd = 'VBoxManage';
const args = [
'guestcontrol',
opt.vmName,
opt.vm.name,
'--username',
opt.vmUser,
opt.vm.user,
'--password',
opt.vmPass,
opt.vm.pass,
'run',
opt.vmExec,
`sign /t ${timeServer} /d "${name}" /du ${opt.url} ${opt.vmShare}${fileNameWithoutFolder}`
opt.vm.exec,
`sign /t ${timeServer} /d "${name}" /du ${opt.url} ${opt.vm.share}${fileNameWithoutFolder}`
];
// the algo is not working: "/fd ${opt.algo}"
let res = spawnSync(cmd, args);

46
build/util/sign.js
View File

@ -1,6 +1,6 @@
const fs = require('fs');
const signer = require('pkcs11-smartcard-sign');
const keytar = require('keytar');
const crypto = require('crypto');
const verifyKey = fs.readFileSync('app/resources/public-key.pem');
const signerOptions = JSON.parse(fs.readFileSync('keys/keeweb-sign.json', 'utf8'));
@ -9,17 +9,45 @@ function getPin() {
if (getPin.pin) {
return Promise.resolve(getPin.pin);
}
return keytar.getPassword('keeweb.pin', 'keeweb').then(pass => {
if (pass) {
getPin.pin = pass;
return pass;
} else {
throw 'Cannot find PIN';
}
});
return require('keytar')
.getPassword('keeweb.pin', 'keeweb')
.then(pass => {
if (pass) {
getPin.pin = pass;
return pass;
} else {
throw 'Cannot find PIN';
}
});
}
function getPrivateKey(path) {
if (!getPrivateKey[path]) {
getPrivateKey[path] = fs.readFileSync(path);
}
return getPrivateKey[path];
}
module.exports = function sign(grunt, data) {
if (signerOptions.privateKey) {
return Promise.resolve().then(() => {
const algo = signerOptions.algo || 'sha256';
const sign = crypto.createSign(algo);
sign.update(data);
const signature = sign.sign(getPrivateKey(signerOptions.privateKey));
const verify = crypto.createVerify(algo);
verify.write(data);
verify.end();
if (verify.verify(verifyKey, signature)) {
return signature;
} else {
throw 'Validation error';
}
});
}
return getPin()
.then(pin => signer.sign({ data, verifyKey, pin, ...signerOptions }))
.catch(err => {

30
grunt.entrypoints.js
View File

@ -22,6 +22,36 @@ module.exports = function(grunt) {
'build-desktop'
]);
// prettier-ignore
grunt.registerTask('desktop-linux', 'Build desktop apps on linux', [
'gitinfo',
'clean:desktop',
'build-desktop-app-content',
'build-desktop-executables-linux',
'build-desktop-update',
'build-desktop-archives-linux',
'build-desktop-dist-linux'
]);
// prettier-ignore
grunt.registerTask('desktop-darwin', 'Build desktop apps on macos', [
'gitinfo',
'clean:desktop',
'build-desktop-app-content',
'build-desktop-executables-darwin',
'build-desktop-dist-darwin'
]);
// prettier-ignore
grunt.registerTask('desktop-win32', 'Build desktop apps on windows', [
'gitinfo',
'clean:desktop',
'build-desktop-app-content',
'build-desktop-executables-win32',
'build-desktop-archives-win32',
'build-desktop-dist-win32'
]);
// prettier-ignore
grunt.registerTask('cordova', 'Build cordova app', [
'default',

36
grunt.tasks.js
View File

@ -34,19 +34,37 @@ module.exports = function(grunt) {
'validate-desktop-update'
]);
grunt.registerTask('build-desktop-executables', [
'electron',
'sign-exe:win32-build-x64',
'sign-exe:win32-build-ia32',
'copy:desktop-windows-helper-ia32',
'copy:desktop-windows-helper-x64',
grunt.registerTask('build-desktop-executables-linux', [
'electron:linux',
'chmod:linux-desktop-x64'
]);
grunt.registerTask('build-desktop-archives', [
grunt.registerTask('build-desktop-executables-darwin', ['electron:darwin']);
grunt.registerTask('build-desktop-executables-win32', [
'electron:win32',
'sign-exe:win32-build-x64',
'sign-exe:win32-build-ia32',
'copy:desktop-windows-helper-ia32',
'copy:desktop-windows-helper-x64'
]);
grunt.registerTask('build-desktop-executables', [
'build-desktop-executables-linux',
'build-desktop-executables-darwin',
'build-desktop-executables-win32'
]);
grunt.registerTask('build-desktop-archives-linux', ['compress:linux-x64']);
grunt.registerTask('build-desktop-archives-win32', [
'compress:win32-x64',
'compress:win32-ia32',
'compress:linux-x64'
'compress:win32-ia32'
]);
grunt.registerTask('build-desktop-archives', [
'build-desktop-archives-linux',
'build-desktop-archives-win32'
]);
grunt.registerTask('build-desktop-dist-darwin', ['appdmg']);

4
package.json
View File

@ -95,11 +95,11 @@
},
"scripts": {
"start": "grunt",
"test": "grunt test --no-sign",
"test": "grunt test",
"postinstall": "cd desktop && npm install",
"build-beta": "grunt --beta && cp dist/index.html ../keeweb-beta/index.html && cd ../keeweb-beta && git add index.html && git commit -a -m 'beta' && git push origin master",
"electron": "cross-env ELECTRON_DISABLE_SECURITY_WARNINGS=1 electron desktop --htmlpath=http://localhost:8085",
"dev": "grunt dev --no-sign",
"dev": "grunt dev",
"babel-helpers": "babel-external-helpers -l 'slicedToArray,toConsumableArray,defineProperty,typeof' -t global > app/lib/babel-helpers.js"
},
"author": {