From cf9a611a49dbcc3b8437465f02e082be59761818 Mon Sep 17 00:00:00 2001 From: Mark Lee Date: Thu, 2 May 2019 12:49:01 -0700 Subject: [PATCH 1/3] feat: always set browser-sandbox for Electron >= 5.0.0 --- package.json | 3 ++- src/index.js | 2 ++ src/yaml.js | 27 +++++++++++++++++---------- test/yaml.js | 12 ++++++++++-- 4 files changed, 31 insertions(+), 13 deletions(-) diff --git a/package.json b/package.json index d21f6a1..5242420 100644 --- a/package.json +++ b/package.json @@ -44,7 +44,7 @@ "dependencies": { "cross-spawn-promise": "^0.10.1", "debug": "^4.1.1", - "electron-installer-common": "^0.6.1", + "electron-installer-common": "electron-userland/electron-installer-common#separate-sandbox-helper-function", "fs-extra": "^7.0.1", "js-yaml": "^3.10.0", "lodash.filter": "^4.6.0", @@ -52,6 +52,7 @@ "lodash.pull": "^4.1.0", "nodeify": "^1.0.1", "pify": "^4.0.1", + "semver": "^6.0.0", "tmp-promise": "^1.0.3", "which": "^1.3.0", "yargs": "^13.2.2" diff --git a/src/index.js b/src/index.js index b6e24a9..ba1177a 100644 --- a/src/index.js +++ b/src/index.js @@ -29,6 +29,7 @@ const copyIcon = require('./icon') const { copyLauncher } = require('./launcher') const createYamlFromTemplate = require('./yaml') const defaultArgsFromApp = require('./default_args') +const { updateSandboxHelperPermissions } = require('electron-installer-common') class SnapCreator { prepareOptions (userSupplied) { @@ -88,6 +89,7 @@ class SnapCreator { const snapMetaDir = path.join(snapDir, 'snap') const snapGuiDir = path.join(snapMetaDir, 'gui') return fs.ensureDir(snapGuiDir) + .then(() => updateSandboxHelperPermissions(this.packageDir)) .then(() => createDesktopFile(snapGuiDir, this.config)) .then(() => copyIcon(snapGuiDir, this.config)) .then(() => copyLauncher(snapDir, this.config)) diff --git a/src/yaml.js b/src/yaml.js index d1dae68..8147a08 100644 --- a/src/yaml.js +++ b/src/yaml.js @@ -21,6 +21,7 @@ const fs = require('fs-extra') const merge = require('lodash.merge') const path = require('path') const pull = require('lodash.pull') +const semver = require('semver') const yaml = require('js-yaml') const { createDesktopLaunchCommand } = require('./launcher') @@ -117,13 +118,16 @@ class SnapcraftYAML { } transformFeatures () { + if (semver.satisfies(this.electronVersion, '>= 5.0.0') && !this.features.browserSandbox) { + this.features.browserSandbox = true + } for (const feature of Object.keys(this.features)) { this.transformFeature(feature) } } transformBrowserSandbox () { - debug('Replacing brower-support plug with browser-sandbox') + debug('Replacing browser-support plug with browser-sandbox') pull(this.app.plugs, 'browser-support') this.app.plugs.push('browser-sandbox') if (!this.data.plugs) { @@ -133,7 +137,7 @@ class SnapcraftYAML { 'allow-sandbox': true, interface: 'browser-support' } - console.warn('This setting will trigger a manual review in the Snap store.') + console.warn('The browser-sandbox feature will trigger a manual review in the Snap store.') } transformMPRIS () { @@ -157,14 +161,13 @@ class SnapcraftYAML { this.parts.organize = {} this.parts.organize[path.basename(packageDir)] = this.data.name - return common.readElectronVersion(packageDir) - .then(version => this.updateDependencies(version)) + return this.updateDependencies() } - updateDependencies (version) { - this.parts.after[0] = common.getGTKDepends(version, DEPENDENCY_MAP) - this.parts['stage-packages'] = this.parts['stage-packages'].concat(common.getGConfDepends(version, DEPENDENCY_MAP)) - .concat(common.getUUIDDepends(version, DEPENDENCY_MAP)) + updateDependencies () { + this.parts.after[0] = common.getGTKDepends(this.electronVersion, DEPENDENCY_MAP) + this.parts['stage-packages'] = this.parts['stage-packages'].concat(common.getGConfDepends(this.electronVersion, DEPENDENCY_MAP)) + .concat(common.getUUIDDepends(this.electronVersion, DEPENDENCY_MAP)) return this.data } @@ -192,8 +195,12 @@ class SnapcraftYAML { this.renameSubtree(this.data.apps, 'electronApp', this.appName) this.validateSummary() this.app.command = createDesktopLaunchCommand(this.data) - this.transformFeatures() - return this.transformParts(packageDir) + return common.readElectronVersion(packageDir) + .then(electronVersion => { + this.electronVersion = electronVersion + this.transformFeatures() + return this.transformParts(packageDir) + }) } write (filename) { diff --git a/test/yaml.js b/test/yaml.js index 6947893..16c5108 100644 --- a/test/yaml.js +++ b/test/yaml.js @@ -83,7 +83,7 @@ test('setting both audio and alsa prefers alsa', t => ) test('browserSandbox feature', t => - createYaml(t, { name: 'electronAppName', features: { 'browserSandbox': true } }) + createYaml(t, { name: 'electronAppName', features: { browserSandbox: true } }) .then(snapcraftYaml => { util.assertNotIncludes(t, snapcraftYaml.apps.electronAppName.plugs, 'browser-support', 'browser-support is not in app plugs') util.assertIncludes(t, snapcraftYaml.apps.electronAppName.plugs, 'browser-sandbox', 'browser-sandbox is in app plugs') @@ -91,8 +91,16 @@ test('browserSandbox feature', t => }) ) +test('browserSandbox is always on for Electron >= 5.0.0', t => + createYaml(t, { name: 'electronAppName' }, '5.0.0') + .then(snapcraftYaml => { + util.assertNotIncludes(t, snapcraftYaml.apps.electronAppName.plugs, 'browser-support', 'browser-support is not in app plugs') + return util.assertIncludes(t, snapcraftYaml.apps.electronAppName.plugs, 'browser-sandbox', 'browser-sandbox is in app plugs') + }) +) + test('browserSandbox feature with custom plugs', t => - createYaml(t, { name: 'electronAppName', appPlugs: ['foobar'], features: { 'browserSandbox': true }, plugs: { foobar: { interface: 'dbus', name: 'com.example.foobar' } } }) + createYaml(t, { name: 'electronAppName', appPlugs: ['foobar'], features: { browserSandbox: true }, plugs: { foobar: { interface: 'dbus', name: 'com.example.foobar' } } }) .then(snapcraftYaml => { util.assertIncludes(t, snapcraftYaml.apps.electronAppName.plugs, 'browser-sandbox', 'browser-sandbox is in app plugs') util.assertIncludes(t, snapcraftYaml.apps.electronAppName.plugs, 'foobar', 'foobar is in app plugs') From 29997caaa91348f0c91d46783b8ed96d5280d682 Mon Sep 17 00:00:00 2001 From: Mark Lee Date: Thu, 2 May 2019 21:03:25 -0700 Subject: [PATCH 2/3] Use released package --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 5242420..6f562a7 100644 --- a/package.json +++ b/package.json @@ -44,7 +44,7 @@ "dependencies": { "cross-spawn-promise": "^0.10.1", "debug": "^4.1.1", - "electron-installer-common": "electron-userland/electron-installer-common#separate-sandbox-helper-function", + "electron-installer-common": "^0.6.3", "fs-extra": "^7.0.1", "js-yaml": "^3.10.0", "lodash.filter": "^4.6.0", From 2aed946919669b3e37b14917b986e459cc422856 Mon Sep 17 00:00:00 2001 From: Mark Lee Date: Thu, 2 May 2019 21:10:33 -0700 Subject: [PATCH 3/3] Add docs --- docs/api.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/docs/api.md b/docs/api.md index ab81746..d894d34 100644 --- a/docs/api.md +++ b/docs/api.md @@ -149,8 +149,9 @@ Available features: * `audio` - PulseAudio support * `alsa` - ALSA support *(replaces `audio` support if both are specified)* -* `browserSandbox` - [web browser functionality](https://github.com/snapcore/snapd/wiki/Interfaces#browser-support) - (e.g., Brave) +* `browserSandbox` - [web browser functionality](https://github.com/snapcore/snapd/wiki/Interfaces#browser-support). + This is enabled by default when using Electron ≥ 5.0.0, due to the + [setuid sandbox support](https://github.com/electron/electron/pull/17269). * `mpris` - [MPRIS](https://specifications.freedesktop.org/mpris-spec/latest/) support. If enabled, the interface name must be specified as the feature value. * `passwords` - Access the secret service (e.g., GNOME Keyring)