LedgerHQ · thesan · Dec 4, 2024 · Dec 20, 2024 · Jan 7, 2025 · Dec 20, 2024
@@ -7,6 +7,7 @@ protocols:
 
 beforePack: scripts/beforePack.js
 afterSign: scripts/notarize.js
+afterPack: scripts/afterPack.js
 
 directories:
   buildResources: "build-nightly"
@@ -18,6 +19,7 @@ mac:
   entitlements: build-nightly/mac/entitlements.plist
   entitlementsInherit: build-nightly/mac/entitlements.plist
   icon: build-nightly/icon.icns
+  mergeASARs: false
   target:
     - target: dmg
       arch:

@@ -6,11 +6,13 @@ protocols:
     - ledgerlive
 
 beforePack: scripts/beforePack.js
+afterPack: scripts/afterPack.js
 
 mac:
   artifactName: ${name}-${version}-${os}.${ext}
   category: public.app-category.wallet
   # singleArchFiles: "**/*"
+  mergeASARs: false
   target:
     - target: dmg
       arch:

@@ -7,13 +7,15 @@ protocols:
 
 beforePack: scripts/beforePack.js
 afterSign: scripts/notarize.js
+afterPack: scripts/afterPack.js
 
 mac:
   artifactName: ${name}-${version}-${os}.${ext}
   category: public.app-category.wallet
   hardenedRuntime: true
   entitlements: build/mac/entitlements.plist
   entitlementsInherit: build/mac/entitlements.plist
+  mergeASARs: false
   target:
     - target: dmg
       arch:

@@ -7,13 +7,15 @@ protocols:
 
 beforePack: scripts/beforePack.js
 afterSign: scripts/notarize.js
+afterPack: scripts/afterPack.js
 
 mac:
   artifactName: ${name}-${version}-${os}.${ext}
   category: public.app-category.wallet
   hardenedRuntime: true
   entitlements: build/mac/entitlements.plist
   entitlementsInherit: build/mac/entitlements.plist
+  mergeASARs: false
   target:
     - target: dmg
       arch:

diff --git a/apps/ledger-live-desktop/package.json b/apps/ledger-live-desktop/package.json
@@ -17,7 +17,7 @@
   "scripts": {
     "start:prod": "electron ./.webpack/main.bundle.js",
     "start": "cross-env NODE_ENV=development node ./tools/main.js",
-    "build": "cross-env CSC_IDENTITY_AUTO_DISCOVERY=false STAGING=1 node ./tools/dist --nosign -v",
+    "build": "cross-env STAGING=1 node ./tools/dist --nonotarize -v",
     "build:js": "cross-env NODE_ENV=production node ./tools/main.js build",
     "build:testing": "cross-env NODE_ENV=production TESTING=1 node ./tools/main.js build",
     "build:staging": "cross-env NODE_ENV=production STAGING=1 node ./tools/main.js build",
@@ -100,7 +100,6 @@
     "chart.js": "2.9.4",
     "color": "4.2.3",
     "dotenv": "16.4.5",
-    "electron-app-universal-protocol-client": "1.3.0",
     "electron-context-menu": "3.6.1",
     "electron-store": "8.2.0",
     "electron-updater": "6.1.8",
@@ -160,6 +159,7 @@
     "xstate": "4.38.3"
   },
   "devDependencies": {
+    "@electron/fuses": "1.8.0",
     "@electron/notarize": "2.3.2",
     "@jest/globals": "29.7.0",
     "@ledgerhq/esbuild-utils": "workspace:*",
@@ -210,8 +210,8 @@
     "chalk": "4.1.2",
     "cross-env": "7.0.3",
     "debug": "4.3.4",
-    "electron": "32.0.2",
-    "electron-builder": "24.13.3",
+    "electron": "32.2.8",
+    "electron-builder": "25.1.8",
     "electron-devtools-installer": "3.2.1",
     "eslint-plugin-jest": "27.9.0",
     "eslint-plugin-react": "7.34.1",

@@ -0,0 +1,23 @@
+/* eslint-disable @typescript-eslint/no-var-requires */
+const path = require("path");
+const { flipFuses, FuseVersion, FuseV1Options } = require("@electron/fuses");
+
+exports.default = function (context) {
+  const { appOutDir, electronPlatformName, packager } = context;
+  const ext = { darwin: ".app", win32: ".exe" }[electronPlatformName];
+  if (!ext) return; // ASAR integrity check is only supported on mac and windows
+
+  const electronBinaryPath = path.join(appOutDir, packager.appInfo.productFilename + ext);
+
+  return flipFuses(electronBinaryPath, {
+    version: FuseVersion.V1,
+    [FuseV1Options.RunAsNode]: true,
+    [FuseV1Options.EnableCookieEncryption]: false,
+    [FuseV1Options.EnableNodeOptionsEnvironmentVariable]: true,
+    [FuseV1Options.EnableNodeCliInspectArguments]: true,
+    [FuseV1Options.EnableEmbeddedAsarIntegrityValidation]: true,
+    [FuseV1Options.OnlyLoadAppFromAsar]: true,
+    [FuseV1Options.LoadBrowserProcessSpecificV8Snapshot]: false,
+    [FuseV1Options.GrantFileProtocolExtraPrivileges]: true,
+  });
+};
@@ -14,7 +14,7 @@ import debounce from "lodash/debounce";
 import sentry from "~/sentry/main";
 import { SettingsState } from "~/renderer/reducers/settings";
 import { User } from "~/renderer/storage";
-import electronAppUniversalProtocolClient from "electron-app-universal-protocol-client";
+// import electronAppUniversalProtocolClient from "electron-app-universal-protocol-client";
 
 Store.initRenderer();
 
@@ -168,18 +168,18 @@ app.on("ready", async () => {
     }, 300),
   );
 
-  if (__DEV__) {
-    electronAppUniversalProtocolClient.on("request", requestUrl => {
-      // Handle the request
-      const win = getMainWindow();
-      if (win) win.webContents.send("deep-linking", requestUrl);
-    });
+  // if (__DEV__) {
+  //   electronAppUniversalProtocolClient.on("request", requestUrl => {
+  //     // Handle the request
+  //     const win = getMainWindow();
+  //     if (win) win.webContents.send("deep-linking", requestUrl);
+  //   });
 
-    await electronAppUniversalProtocolClient.initialize({
-      protocol: "ledgerlive",
-      mode: "development",
-    });
-  }
+  //   await electronAppUniversalProtocolClient.initialize({
+  //     protocol: "ledgerlive",
+  //     mode: "development",
+  //   });
+  // }
 
   await clearSessionCache(window.webContents.session);
 });

@@ -122,9 +122,8 @@ const buildTasks = args => [
       } else if (args.pre) {
         commands.push("--config");
         commands.push("electron-builder-pre.yml");
-      } else if (args.nosign) {
-        commands.push("--config");
-        commands.push("electron-builder-nosign.yml");
+      } else if (args.nonotarize) {
+        commands.push("--config", "electron-builder-nonotarize.yml");
         commands.push("-c.afterSign='lodash/noop'");
         commands.push("--publish", "never");
       }
@@ -242,7 +241,7 @@ yargs
           type: "boolean",
           describe: "make it a release build",
         })
-        .option("nosign", {
+        .option("nonotarize", {
           type: "boolean",
         })
         .option("dirty", {

diff --git a/package.json b/package.json
@@ -200,6 +200,8 @@
       "blake2"
     ],
     "overrides": {
+      "@electron/rebuild": "3.7.1",
+      "tiny-secp256k1": "1.1.7",
       "stellar-base>sodium-native": "^3.2.1",
       "remove-flow-types-loader>flow-remove-types": "^2",
       "remove-flow-types-loader>loader-utils": "*",
@@ -210,6 +212,7 @@
       "@ethersproject/providers>ws": "7.5.10"
     },
     "patchedDependencies": {
+      "[email protected]": "patches/[email protected]",
       "[email protected]": "patches/[email protected]",
       "[email protected]": "patches/[email protected]",
       "[email protected]": "patches/[email protected]",

diff --git a/patches/[email protected] b/patches/[email protected]
@@ -0,0 +1,14 @@
+diff --git a/binding.gyp b/binding.gyp
+index a9dc5f897da27c7dd9d25f82f12cdb04272a1db6..adc5fda8909a0a18460a87a04eea00e5a7eae4d0 100644
+--- a/binding.gyp
++++ b/binding.gyp
+@@ -87,7 +87,8 @@
+             ]
+           }
+         }
+-      ]
++      ],
++      ['OS=="win"', { 'defines': ['NOMINMAX'] } ]
+     ]
+   }]
+ }