From 070d5fc6e8defb3af6e8c36e67e4f5c4334fc822 Mon Sep 17 00:00:00 2001 From: David Baker Date: Tue, 26 Nov 2019 15:24:43 +0000 Subject: [PATCH 1/7] Sign all of the Windows executable files We can actually just supply a custom signing module here to do our signing rather than manually signing things in the afterSign hook. This means all 4 executable files get signed (the main exe, the stub exe, Update.exe and the installer). --- package.json | 3 +- scripts/electron_afterSign.js | 52 --------------------------- scripts/electron_winSign.js | 66 +++++++++++++++++++++++++++++++++++ 3 files changed, 68 insertions(+), 53 deletions(-) create mode 100644 scripts/electron_winSign.js diff --git a/package.json b/package.json index 85607f7502..2b72545216 100644 --- a/package.json +++ b/package.json @@ -186,7 +186,8 @@ "win": { "target": { "target": "squirrel" - } + }, + "sign": "scripts/electron_winSign" }, "directories": { "buildResources": "electron_app/build", diff --git a/scripts/electron_afterSign.js b/scripts/electron_afterSign.js index 1f65438dd0..5952976abd 100644 --- a/scripts/electron_afterSign.js +++ b/scripts/electron_afterSign.js @@ -1,7 +1,4 @@ const { notarize } = require('electron-notarize'); -const { exec, execFile } = require('child_process'); -const fs = require('fs'); -const shellescape = require('shell-escape'); exports.default = async function(context) { const { electronPlatformName, appOutDir } = context; @@ -23,54 +20,5 @@ exports.default = async function(context) { appleId: userId, appleIdPassword: '@keychain:NOTARIZE_CREDS', }); - } else if (electronPlatformName === 'win32') { - // This signs the actual Riot executable - const appName = context.packager.appInfo.productFilename; - - // get the token passphrase from the keychain - const tokenPassphrase = await new Promise((resolve, reject) => { - execFile( - 'security', - ['find-generic-password', '-s', 'riot_signing_token', '-w'], - {}, - (err, stdout) => { - if (err) { - reject(err); - } else { - resolve(stdout.trim()); - } - }, - ); - }); - - return new Promise((resolve, reject) => { - let cmdLine = 'osslsigncode sign '; - if (process.env.OSSLSIGNCODE_SIGNARGS) { - cmdLine += process.env.OSSLSIGNCODE_SIGNARGS + ' '; - } - const tmpFile = 'tmp_' + Math.random().toString(36).substring(2, 15) + '.exe'; - cmdLine += shellescape([ - '-pass', tokenPassphrase, - '-in', `${appOutDir}/${appName}.exe`, - '-out', `${appOutDir}/${tmpFile}`, - ]); - - const signproc = exec(cmdLine, {}, (error, stdout) => { - console.log(stdout); - }); - signproc.on('exit', (code) => { - if (code !== 0) { - reject("osslsigncode failed with code " + code); - return; - } - fs.rename(`${appOutDir}/${tmpFile}`, `${appOutDir}/${appName}.exe`, (err) => { - if (err) { - reject(err); - } else { - resolve(); - } - }); - }); - }); } }; diff --git a/scripts/electron_winSign.js b/scripts/electron_winSign.js new file mode 100644 index 0000000000..9cd2d3f6a9 --- /dev/null +++ b/scripts/electron_winSign.js @@ -0,0 +1,66 @@ +const { exec, execFile } = require('child_process'); +const fs = require('fs'); +const path = require('path'); +const shellescape = require('shell-escape'); + +exports.default = async function(options) { + const inPath = options.path; + const appOutDir = path.dirname(inPath); + + // get the token passphrase from the keychain + const tokenPassphrase = await new Promise((resolve, reject) => { + execFile( + 'security', + ['find-generic-password', '-s', 'riot_signing_token', '-w'], + {}, + (err, stdout) => { + if (err) { + console.error("Couldn't find signing token in keychain", err); + // electron-builder seems to print '[object Object]' on the + // console whether you reject with an Error or a string... + reject(err); + } else { + resolve(stdout.trim()); + } + }, + ); + }); + + return new Promise((resolve, reject) => { + let cmdLine = 'osslsigncode sign '; + if (process.env.OSSLSIGNCODE_SIGNARGS) { + cmdLine += process.env.OSSLSIGNCODE_SIGNARGS + ' '; + } + const tmpFile = path.join( + appOutDir, + 'tmp_' + Math.random().toString(36).substring(2, 15) + '.exe', + ); + const args = [ + '-hash', options.hash, + '-pass', tokenPassphrase, + '-in', inPath, + '-out', tmpFile, + ]; + if (options.isNest) args.push('-nest'); + cmdLine += shellescape(args); + + const signproc = exec(cmdLine, {}, (error, stdout) => { + console.log(stdout); + }); + signproc.on('exit', (code) => { + if (code !== 0) { + console.error("osslsigncode failed with code " + code); + reject("osslsigncode failed with code " + code); + return; + } + fs.rename(tmpFile, inPath, (err) => { + if (err) { + console.error("Error renaming file", err); + reject(err); + } else { + resolve(); + } + }); + }); + }); +}; From 57c3e8f4daa1c2c19c86aa1964ad1425edfbb7e0 Mon Sep 17 00:00:00 2001 From: "J. Ryan Stinnett" Date: Mon, 25 Nov 2019 14:29:28 +0000 Subject: [PATCH 2/7] Clarify that cross-signing is in development Expand on the development state of cross-signing in the labs docs. Fixes https://github.com/vector-im/riot-web/issues/11492 --- docs/labs.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/docs/labs.md b/docs/labs.md index 70e12bce3e..12a6e7d4e2 100644 --- a/docs/labs.md +++ b/docs/labs.md @@ -66,8 +66,11 @@ An implementation of [MSC2241](https://github.com/matrix-org/matrix-doc/pull/224 This also includes a new implementation of the user & member info panel, designed to share more code between showing community members & room members. Built on top of this new panel is also a new UX for verification from the member panel. -## Cross-signing (`feature_cross_signing`) +## Cross-signing (in development) (`feature_cross_signing`) Cross-signing ([MSC1756](https://github.com/matrix-org/matrix-doc/pull/1756)) improves the device verification experience by allowing you to verify a user instead of verifying each of their devices. + +This feature is still in development and will be landing in several chunks in +the coming weeks. From c6520f0e65f59b528d0483d9f6e3c4dade85d807 Mon Sep 17 00:00:00 2001 From: "J. Ryan Stinnett" Date: Mon, 25 Nov 2019 16:25:19 +0000 Subject: [PATCH 3/7] Remove timeframe --- docs/labs.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/docs/labs.md b/docs/labs.md index 12a6e7d4e2..8889f929a0 100644 --- a/docs/labs.md +++ b/docs/labs.md @@ -72,5 +72,4 @@ Cross-signing ([MSC1756](https://github.com/matrix-org/matrix-doc/pull/1756)) improves the device verification experience by allowing you to verify a user instead of verifying each of their devices. -This feature is still in development and will be landing in several chunks in -the coming weeks. +This feature is still in development and will be landing in several chunks. From 10c5485373a3eae245d53fa16c498ad0511137bb Mon Sep 17 00:00:00 2001 From: RiotRobot Date: Wed, 27 Nov 2019 10:44:15 +0000 Subject: [PATCH 4/7] Upgrade to JS SDK 2.4.5 and React SDK 1.7.4 --- package.json | 4 ++-- yarn.lock | 18 +++++++++--------- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/package.json b/package.json index 2b72545216..369f86ac15 100644 --- a/package.json +++ b/package.json @@ -74,8 +74,8 @@ "gemini-scrollbar": "github:matrix-org/gemini-scrollbar#91e1e566", "gfm.css": "^1.1.2", "highlight.js": "^9.13.1", - "matrix-js-sdk": "2.4.4", - "matrix-react-sdk": "1.7.3", + "matrix-js-sdk": "2.4.5", + "matrix-react-sdk": "1.7.4", "modernizr": "^3.6.0", "olm": "https://packages.matrix.org/npm/olm/olm-3.1.4.tgz", "prop-types": "^15.7.2", diff --git a/yarn.lock b/yarn.lock index 3dd0fdeaf9..075cb9e3ba 100644 --- a/yarn.lock +++ b/yarn.lock @@ -5960,10 +5960,10 @@ math-random@^1.0.1: resolved "https://registry.yarnpkg.com/math-random/-/math-random-1.0.4.tgz#5dd6943c938548267016d4e34f057583080c514c" integrity sha512-rUxjysqif/BZQH2yhd5Aaq7vXMSx9NdEsQcyA07uEzIvxgI7zIr33gGsh+RU0/XjmQpCW7RsVof1vlkvQVCK5A== -matrix-js-sdk@2.4.4: - version "2.4.4" - resolved "https://registry.yarnpkg.com/matrix-js-sdk/-/matrix-js-sdk-2.4.4.tgz#d5e2d6fbe938c4275a1423a5f09330d33517ce3f" - integrity sha512-wSaRFvhWvwEzVaEkyBGo5ReumvaM5OrC1MJ6SVlyoLwH/WRPEXcUlu+rUNw5TFVEAH4TAVHXf/SVRBiR0j5nSQ== +matrix-js-sdk@2.4.5: + version "2.4.5" + resolved "https://registry.yarnpkg.com/matrix-js-sdk/-/matrix-js-sdk-2.4.5.tgz#0a02f0a3e18c59a393b34b8d6ebc54226cce6465" + integrity sha512-Mh0fPoiqyXRksFNYS4/2s20xAklmYVIgSms3qFvLhno32LN43NizUoAMBYYGtyjt8BQi+U77lbNL0s5f2V7gPQ== dependencies: another-json "^0.2.0" babel-runtime "^6.26.0" @@ -5984,10 +5984,10 @@ matrix-mock-request@^1.2.3: bluebird "^3.5.0" expect "^1.20.2" -matrix-react-sdk@1.7.3: - version "1.7.3" - resolved "https://registry.yarnpkg.com/matrix-react-sdk/-/matrix-react-sdk-1.7.3.tgz#f3f64dc77eea64b77ba3d574847bc03146d421a3" - integrity sha512-XSZSj4GWhxhoEoCIHGyMwBKdmcHJrKB9hToHJQTI0OL/x8+ErTLVAgJYW8hvR16l5lXGzSsYWDOfQOTbKK1tLQ== +matrix-react-sdk@1.7.4: + version "1.7.4" + resolved "https://registry.yarnpkg.com/matrix-react-sdk/-/matrix-react-sdk-1.7.4.tgz#06c50b20519ec4de3976b9a6b80eca70d8ef9809" + integrity sha512-AHiCr0zSDh2cHQF/CiT9ez7F9B+uFQ+XIfTGFbeI22MfY61Vhye8UIVwP7cOMFJ7Ow+wE6470iiscg+boBbRyg== dependencies: babel-plugin-syntax-dynamic-import "^6.18.0" babel-runtime "^6.26.0" @@ -6020,7 +6020,7 @@ matrix-react-sdk@1.7.3: linkifyjs "^2.1.6" lodash "^4.17.14" lolex "4.2" - matrix-js-sdk "2.4.4" + matrix-js-sdk "2.4.5" optimist "^0.6.1" pako "^1.0.5" png-chunks-extract "^1.0.0" From 1a6af40d0d0b2ddaf6d356ee2e58ce3c3ef7d7c3 Mon Sep 17 00:00:00 2001 From: RiotRobot Date: Wed, 27 Nov 2019 10:45:54 +0000 Subject: [PATCH 5/7] v1.5.5 --- electron_app/package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/electron_app/package.json b/electron_app/package.json index 69e810c454..3338f6159d 100644 --- a/electron_app/package.json +++ b/electron_app/package.json @@ -2,7 +2,7 @@ "name": "riot-web", "productName": "Riot", "main": "src/electron-main.js", - "version": "1.5.4", + "version": "1.5.5", "description": "A feature-rich client for Matrix.org", "author": "New Vector Ltd.", "dependencies": { From 8f9c336f62978822c8c10d6442d184ba543c593a Mon Sep 17 00:00:00 2001 From: RiotRobot Date: Wed, 27 Nov 2019 10:48:52 +0000 Subject: [PATCH 6/7] Prepare changelog for v1.5.5 --- CHANGELOG.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index ae57e90de7..322f327f02 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,12 @@ +Changes in [1.5.5](https://github.com/vector-im/riot-web/releases/tag/v1.5.5) (2019-11-27) +========================================================================================== +[Full Changelog](https://github.com/vector-im/riot-web/compare/v1.5.4...v1.5.5) + +* Upgrade to JS SDK 2.5.4 to relax identity server discovery and E2EE debugging +* Upgrade to React SDK 1.7.4 to fix override behaviour of themes +* Clarify that cross-signing is in development +* Sign all of the Windows executable files + Changes in [1.5.4](https://github.com/vector-im/riot-web/releases/tag/v1.5.4) (2019-11-25) ========================================================================================== [Full Changelog](https://github.com/vector-im/riot-web/compare/v1.5.4-rc.2...v1.5.4) From d56b73e220cbea5491e4b0ad993d2ae76cfd17f2 Mon Sep 17 00:00:00 2001 From: RiotRobot Date: Wed, 27 Nov 2019 10:48:52 +0000 Subject: [PATCH 7/7] v1.5.5 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 369f86ac15..c14e47504a 100644 --- a/package.json +++ b/package.json @@ -2,7 +2,7 @@ "name": "riot-web", "productName": "Riot", "main": "electron_app/src/electron-main.js", - "version": "1.5.4", + "version": "1.5.5", "description": "A feature-rich client for Matrix.org", "author": "New Vector Ltd.", "repository": {