bitwarden/browser
1
0
Fork 0
mirror of https://github.com/bitwarden/browser synced 2025-12-12 06:13:38 +00:00
Code Issues Releases Wiki Activity

[PM-7846] Implement a rust based native messaging proxy and IPC system (#9894)

Browse Source 
* [PM-7846] Implement a rust based native messaging proxy and IPC system

* Only build desktop_proxy

* Bundle the desktop_proxy file

* Make sys deps optional for the proxy

* Restore accidentally deleted after-sign

* Update native cache to contain dist folder

* Add some test logging

* Native module cache seems very aggressive

* Fix invalid directory

* Fix debug print

* Remove cache force

* Remove cache debug code

* Only log to file in debug builds

* Place the binary in the correct place for mac and make sure it's signed

* Fix platform paths

* Test unsigned appx

* Revert "Test unsigned appx"

This reverts commit e47535440a.

* Fix comment

* Remove logs

* Use debug builds in native code, and test private path on MacOS

* Add connected message

* Update IPC API comments

* Update linux to also use XDG_ dir

* Update main.rs comment

* Improve docs and split some tasks spawned into separate functions

* Update send docs and return number of elements sent

* Mark `listen` as async to ensure it runs in a tokio context, handle errors better

* Add log on client channel closed

* Move binary to MacOS folder, and sign it manually so it gets the correct entitlements

* Fix some review comments

* Run prettier

* Added missing zbus_polkit dep

* Extract magic number and increase it to match spec

* Comment fix

* Use Napi object, combine nativeBinding export, always log to file

* Missed one comment

* Remove unnecessary generics

* Correct comment

* Select only codesigning identities

* Filter certificates

* Also add local dev cert

* Remove log

* Fix package ID

* debug_assert won't run the pop() in release mode

* Better error messages

* Fix review comments

* Remove unnecessary comment

* Update napi generated TS file

* Temporary fix for DDG
This commit is contained in:
Daniel García
2024-09-05 12:54:24 +02:00
committed by GitHub
parent 196729fe94
commit 55874b72bf
30 changed files with 1241 additions and 349 deletions
Download Patch File Download Diff File Expand all files Collapse all files

61
apps/desktop/scripts/after-pack.js
View File

@@ -1,5 +1,6 @@
/* eslint-disable @typescript-eslint/no-var-requires, no-console */
require("dotenv").config();
const child_process = require("child_process");
const path = require("path");
const fse = require("fs-extra");
@@ -8,7 +9,8 @@ exports.default = run;
async function run(context) {
console.log("## After pack");
console.log(context);
// console.log(context);
if (context.electronPlatformName === "linux") {
console.log("Creating memory-protection wrapper script");
const appOutDir = context.appOutDir;
@@ -23,4 +25,61 @@ async function run(context) {
fse.chmodSync(wrapperBin, "755");
console.log("Copied memory-protection wrapper script");
}
if (["darwin", "mas"].includes(context.electronPlatformName)) {
const identities = getIdentities(process.env.CSC_NAME ?? "");
if (identities.length === 0) {
throw new Error("No valid identities found");
}
const id = identities[0].id;
console.log("Signing proxy binary before the main bundle, using identity", id);
const appName = context.packager.appInfo.productFilename;
const appPath = `${context.appOutDir}/${appName}.app`;
const proxyPath = path.join(appPath, "Contents", "MacOS", "desktop_proxy");
const packageId = "com.bitwarden.desktop";
const entitlementsName = "entitlements.desktop_proxy.plist";
const entitlementsPath = path.join(__dirname, "..", "resources", entitlementsName);
child_process.execSync(
`codesign -s ${id} -i ${packageId} -f --timestamp --options runtime --entitlements ${entitlementsPath} ${proxyPath}`,
);
}
}
// Partially based on electron-builder code:
// https://github.com/electron-userland/electron-builder/blob/master/packages/app-builder-lib/src/macPackager.ts
// https://github.com/electron-userland/electron-builder/blob/master/packages/app-builder-lib/src/codeSign/macCodeSign.ts
const appleCertificatePrefixes = [
"Developer ID Application:",
// "Developer ID Installer:",
// "3rd Party Mac Developer Application:",
// "3rd Party Mac Developer Installer:",
"Apple Development:",
];
function getIdentities(csc_name) {
const ids = child_process
.execSync("/usr/bin/security find-identity -v -p codesigning")
.toString();
return ids
.split("\n")
.filter((line) => {
for (const prefix of appleCertificatePrefixes) {
if (line.includes(prefix)) {
return true;
}
}
return false;
})
.filter((line) => line.includes(csc_name))
.map((line) => {
const split = line.trim().split(" ");
const id = split[1];
const name = split.slice(2).join(" ").replace(/"/g, "");
return { id, name };
});
}