diff --git a/.github/workflows/build-desktop.yml b/.github/workflows/build-desktop.yml index f651af9dd7d..3f4a8cf7183 100644 --- a/.github/workflows/build-desktop.yml +++ b/.github/workflows/build-desktop.yml @@ -311,154 +311,6 @@ jobs: path: apps/desktop/dist/com.bitwarden.desktop.flatpak if-no-files-found: error - linux-arm64: - name: Linux ARM64 Build - # Note, before updating the ubuntu version of the workflow, ensure the snap base image - # is equal or greater than the new version. Otherwise there might be GLIBC version issues. - # The snap base for desktop is defined in `apps/desktop/electron-builder.json` - # We intentionally keep this runner on the oldest supported OS in GitHub Actions - # for maximum compatibility across GLIBC versions - runs-on: ubuntu-22.04-arm - needs: setup - env: - _PACKAGE_VERSION: ${{ needs.setup.outputs.package_version }} - _NODE_VERSION: ${{ needs.setup.outputs.node_version }} - NODE_OPTIONS: --max_old_space_size=4096 - defaults: - run: - working-directory: apps/desktop - steps: - - name: Check out repo - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - with: - ref: ${{ github.event.pull_request.head.sha }} - persist-credentials: false - - - name: Set up Node - uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0 - with: - cache: 'npm' - cache-dependency-path: '**/package-lock.json' - node-version: ${{ env._NODE_VERSION }} - - - name: Cache Rust dependencies - uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1 - with: - workspaces: | - apps/desktop/desktop_native -> target - cache-targets: "true" - - - name: Set up environment - run: | - sudo apt-get update - sudo apt-get -y install pkg-config libxss-dev rpm musl-dev musl-tools flatpak flatpak-builder squashfs-tools ruby ruby-dev rubygems build-essential - sudo gem install --no-document fpm - - - name: Set up Snap - run: sudo snap install snapcraft --classic - - - name: Install snaps required by snapcraft in destructive mode - run: | - sudo snap install core22 - sudo snap install gtk-common-themes - sudo snap install gnome-3-28-1804 - - - name: Print environment - run: | - node --version - npm --version - snap --version - snapcraft --version - - - name: Install Node dependencies - run: npm ci - working-directory: ./ - - - name: Download SDK Artifacts - if: ${{ inputs.sdk_branch != '' }} - uses: bitwarden/gh-actions/download-artifacts@main - with: - github_token: ${{ secrets.GITHUB_TOKEN }} - workflow: build-wasm-internal.yml - workflow_conclusion: success - branch: ${{ inputs.sdk_branch }} - artifacts: sdk-internal - repo: bitwarden/sdk-internal - path: ../sdk-internal - if_no_artifact_found: fail - - - name: Override SDK - if: ${{ inputs.sdk_branch != '' }} - working-directory: ./ - run: | - ls -l ../ - npm link ../sdk-internal - - - name: Cache Native Module - uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 - id: cache - with: - path: | - apps/desktop/desktop_native/napi/*.node - apps/desktop/desktop_native/dist/* - ${{ env.RUNNER_TEMP }}/.cargo/registry - ${{ env.RUNNER_TEMP }}/.cargo/git - key: rust-${{ runner.os }}-${{ runner.arch }}-${{ hashFiles('apps/desktop/desktop_native/**/*') }} - - - name: Build Native Module - if: steps.cache.outputs.cache-hit != 'true' - working-directory: apps/desktop/desktop_native - env: - PKG_CONFIG_ALLOW_CROSS: true - PKG_CONFIG_ALL_STATIC: true - TARGET: musl - run: | - rustup target add aarch64-unknown-linux-musl - node build.js --target=aarch64-unknown-linux-musl --release - - - name: Check index.d.ts generated - if: github.event_name == 'pull_request' && steps.cache.outputs.cache-hit != 'true' - working-directory: apps/desktop/desktop_native - run: | - if ! git diff --quiet --name-only -- napi/index.d.ts; then - echo "NAPI index.d.ts doesn't match, make sure to regenerate it and commit it" - exit 1 - fi - - - name: Build application - env: - # Snapcraft environment variables to bypass LXD requirement on ARM64 - SNAPCRAFT_BUILD_ENVIRONMENT: host - USE_SYSTEM_FPM: true - run: npm run dist:lin:arm64 - - - name: Upload .snap artifact - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 - with: - name: bitwarden_${{ env._PACKAGE_VERSION }}_arm64.snap - path: apps/desktop/dist/bitwarden_${{ env._PACKAGE_VERSION }}_arm64.snap - if-no-files-found: error - - - name: Upload tar.gz artifact - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 - with: - name: bitwarden_${{ env._PACKAGE_VERSION }}_arm64.tar.gz - path: apps/desktop/dist/bitwarden_desktop_arm64.tar.gz - if-no-files-found: error - - - name: Build flatpak - working-directory: apps/desktop - run: | - sudo flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo - sudo npm run pack:lin:flatpak - - - name: Upload flatpak artifact - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 - with: - name: com.bitwarden.desktop-arm64.flatpak - path: apps/desktop/dist/com.bitwarden.desktop.flatpak - if-no-files-found: error - windows: name: Windows Build runs-on: windows-2022 diff --git a/apps/desktop/scripts/after-pack.js b/apps/desktop/scripts/after-pack.js index 7cb329b2ff9..5fc42f31ac3 100644 --- a/apps/desktop/scripts/after-pack.js +++ b/apps/desktop/scripts/after-pack.js @@ -30,15 +30,6 @@ async function run(context) { fse.copyFileSync(wrapperScript, wrapperBin); fse.chmodSync(wrapperBin, "755"); console.log("Copied memory-protection wrapper script"); - - // TEST: Set SUID on chrome-sandbox during build - const chromeSandbox = path.join(appOutDir, "chrome-sandbox"); - if (fse.existsSync(chromeSandbox)) { - fse.chmodSync(chromeSandbox, "4755"); - console.log("✓ Set SUID permissions on chrome-sandbox (mode 4755)"); - } else { - console.warn("⚠ chrome-sandbox not found at:", chromeSandbox); - } } if (["darwin", "mas"].includes(context.electronPlatformName)) {