From 6d551f10fea9e7a43f5b53be03a1955afac5051a Mon Sep 17 00:00:00 2001 From: weizman Date: Wed, 18 Jan 2023 14:35:37 +0200 Subject: [PATCH] Update LavaMoat (core/lavapack) (#17061) --- .../async-done-npm-1.3.2-1f0a4a8997.patch | 43 ++++++++ development/build/index.js | 4 + development/build/static.js | 10 +- lavamoat/build-system/policy.json | 64 ++++++++++- package.json | 9 +- test/helpers/protect-intrinsics-helpers.js | 5 +- yarn.lock | 101 ++++++++++-------- 7 files changed, 180 insertions(+), 56 deletions(-) create mode 100644 .yarn/patches/async-done-npm-1.3.2-1f0a4a8997.patch diff --git a/.yarn/patches/async-done-npm-1.3.2-1f0a4a8997.patch b/.yarn/patches/async-done-npm-1.3.2-1f0a4a8997.patch new file mode 100644 index 000000000..39bd11c25 --- /dev/null +++ b/.yarn/patches/async-done-npm-1.3.2-1f0a4a8997.patch @@ -0,0 +1,43 @@ +diff --git a/index.js b/index.js +index e5be989387006f32a3ea450482a02b387970bcab..2dfa272e6e33dc01ec3b643553884bb29254011a 100644 +--- a/index.js ++++ b/index.js +@@ -1,7 +1,5 @@ + 'use strict'; + +-var domain = require('domain'); +- + var eos = require('end-of-stream'); + var p = require('process-nextick-args'); + var once = require('once'); +@@ -30,13 +28,7 @@ function tryCatch(fn, args) { + function asyncDone(fn, cb) { + cb = once(cb); + +- var d = domain.create(); +- d.once('error', onError); +- var domainBoundFn = d.bind(fn); +- + function done() { +- d.removeListener('error', onError); +- d.exit(); + return tryCatch(cb, arguments); + } + +@@ -52,7 +44,7 @@ function asyncDone(fn, cb) { + } + + function asyncRunner() { +- var result = domainBoundFn(done); ++ var result = fn(done); + + function onNext(state) { + onNext.state = state; +@@ -64,7 +56,6 @@ function asyncDone(fn, cb) { + + if (result && typeof result.on === 'function') { + // Assume node stream +- d.add(result); + eos(exhaust(result), eosConfig, done); + return; + } diff --git a/development/build/index.js b/development/build/index.js index eb93a6bde..ee85e29a0 100755 --- a/development/build/index.js +++ b/development/build/index.js @@ -9,6 +9,7 @@ const livereload = require('gulp-livereload'); const yargs = require('yargs/yargs'); const { hideBin } = require('yargs/helpers'); const { sync: globby } = require('globby'); +const lavapack = require('@lavamoat/lavapack'); const { getVersion } = require('../lib/get-version'); const { BuildType } = require('../lib/build-type'); const { TASKS, ENVIRONMENT } = require('./constants'); @@ -72,6 +73,9 @@ async function defineAndRunBuildTasks() { version, } = await parseArgv(); + // build lavamoat runtime file + await lavapack.buildRuntime({ scuttleGlobalThis: false }); + const browserPlatforms = ['firefox', 'chrome']; const browserVersionMap = getBrowserVersionMap(browserPlatforms, version); diff --git a/development/build/static.js b/development/build/static.js index 305b152a5..d018f8a99 100644 --- a/development/build/static.js +++ b/development/build/static.js @@ -80,7 +80,7 @@ module.exports = function createStaticAssetTasks({ return { dev, prod }; async function setupLiveCopy(target, browser) { - const pattern = target.pattern || '/**/*'; + const pattern = target.pattern === undefined ? '/**/*' : target.pattern; watch(target.src + pattern, (event) => { livereload.changed(event.path); performCopy(target, browser); @@ -89,16 +89,16 @@ module.exports = function createStaticAssetTasks({ } async function performCopy(target, browser) { - if (target.pattern) { + if (target.pattern === undefined) { await copyGlob( target.src, - `${target.src}${target.pattern}`, + `${target.src}`, `./dist/${browser}/${target.dest}`, ); } else { await copyGlob( target.src, - `${target.src}`, + `${target.src}${target.pattern}`, `./dist/${browser}/${target.dest}`, ); } @@ -196,10 +196,12 @@ function getCopyTargets(shouldIncludeLockdown, shouldIncludeSnow) { { src: getPathInsideNodeModules('@lavamoat/lavapack', 'src/runtime-cjs.js'), dest: `runtime-cjs.js`, + pattern: '', }, { src: getPathInsideNodeModules('@lavamoat/lavapack', 'src/runtime.js'), dest: `runtime-lavamoat.js`, + pattern: '', }, ]; diff --git a/lavamoat/build-system/policy.json b/lavamoat/build-system/policy.json index a85c9aa9f..a4b96d1e3 100644 --- a/lavamoat/build-system/policy.json +++ b/lavamoat/build-system/policy.json @@ -1025,22 +1025,25 @@ "builtin": { "assert": true, "buffer.Buffer.from": true, + "fs.promises.readFile": true, + "fs.promises.writeFile": true, "fs.readFileSync": true, "path.join": true, "path.relative": true }, "globals": { "__dirname": true, + "__filename.slice": true, "process.cwd": true, "setTimeout": true }, "packages": { "@lavamoat/lavapack>combine-source-map": true, + "@lavamoat/lavapack>lavamoat-core": true, "@lavamoat/lavapack>readable-stream": true, "@lavamoat/lavapack>umd": true, "browserify>JSONStream": true, "lavamoat>json-stable-stringify": true, - "lavamoat>lavamoat-core": true, "nyc>convert-source-map": true, "through2": true } @@ -1068,6 +1071,28 @@ "@lavamoat/lavapack>combine-source-map>inline-source-map>source-map": true } }, + "@lavamoat/lavapack>lavamoat-core": { + "builtin": { + "events": true, + "fs.existsSync": true, + "fs.readFileSync": true, + "fs.writeFileSync": true, + "path.extname": true, + "path.join": true + }, + "globals": { + "__dirname": true, + "console.error": true, + "console.warn": true, + "define": true + }, + "packages": { + "lavamoat>json-stable-stringify": true, + "lavamoat>lavamoat-core>merge-deep": true, + "lavamoat>lavamoat-tofu": true, + "nyc>process-on-spawn>fromentries": true + } + }, "@lavamoat/lavapack>readable-stream": { "builtin": { "buffer.Buffer": true, @@ -5307,9 +5332,6 @@ } }, "gulp>glob-watcher>async-done": { - "builtin": { - "domain.create": true - }, "globals": { "process.nextTick": true }, @@ -6062,8 +6084,8 @@ "setTimeout": true }, "packages": { - "@lavamoat/lavapack": true, "duplexify": true, + "lavamoat-browserify>@lavamoat/lavapack": true, "lavamoat-browserify>browser-resolve": true, "lavamoat-browserify>concat-stream": true, "lavamoat-browserify>readable-stream": true, @@ -6073,6 +6095,37 @@ "lavamoat>lavamoat-core": true } }, + "lavamoat-browserify>@lavamoat/lavapack": { + "builtin": { + "assert": true, + "buffer.Buffer.from": true, + "fs.promises.readFile": true, + "fs.promises.writeFile": true, + "fs.readFileSync": true, + "path.join": true, + "path.relative": true + }, + "globals": { + "__dirname": true, + "process.cwd": true, + "setTimeout": true + }, + "packages": { + "@lavamoat/lavapack>combine-source-map": true, + "@lavamoat/lavapack>umd": true, + "browserify>JSONStream": true, + "lavamoat-browserify>@lavamoat/lavapack>through2": true, + "lavamoat-browserify>readable-stream": true, + "lavamoat>json-stable-stringify": true, + "lavamoat>lavamoat-core": true, + "nyc>convert-source-map": true + } + }, + "lavamoat-browserify>@lavamoat/lavapack>through2": { + "packages": { + "lavamoat-browserify>readable-stream": true + } + }, "lavamoat-browserify>browser-resolve": { "builtin": { "fs.readFile": true, @@ -6191,6 +6244,7 @@ "events": true, "fs.existsSync": true, "fs.readFileSync": true, + "fs.writeFileSync": true, "path.extname": true, "path.join": true }, diff --git a/package.json b/package.json index e1c31ac36..ea88b8716 100644 --- a/package.json +++ b/package.json @@ -190,6 +190,9 @@ "improved-yarn-audit@^3.0.0": "patch:improved-yarn-audit@npm%3A3.0.0#./.yarn/patches/improved-yarn-audit-npm-3.0.0-3e37ee431a.patch", "lockfile-lint-api@^5.4.6": "patch:lockfile-lint-api@npm%3A5.4.6#./.yarn/patches/lockfile-lint-api-npm-5.4.6-dc86b73900.patch", "symbol-observable": "^2.0.3", + "async-done@~1.3.2": "patch:async-done@npm%3A1.3.2#./.yarn/patches/async-done-npm-1.3.2-1f0a4a8997.patch", + "async-done@^1.2.0": "patch:async-done@npm%3A1.3.2#./.yarn/patches/async-done-npm-1.3.2-1f0a4a8997.patch", + "async-done@^1.2.2": "patch:async-done@npm%3A1.3.2#./.yarn/patches/async-done-npm-1.3.2-1f0a4a8997.patch", "fast-json-patch@^3.1.1": "patch:fast-json-patch@npm%3A3.1.1#./.yarn/patches/fast-json-patch-npm-3.1.1-7e8bb70a45.patch" }, "dependencies": { @@ -347,7 +350,7 @@ "@babel/register": "^7.5.5", "@ethersproject/bignumber": "^5.7.0", "@lavamoat/allow-scripts": "^2.0.3", - "@lavamoat/lavapack": "^3.1.0", + "@lavamoat/lavapack": "^4.0.0", "@metamask/auto-changelog": "^2.1.0", "@metamask/eslint-config": "^9.0.0", "@metamask/eslint-config-jest": "^9.0.0", @@ -460,8 +463,8 @@ "js-yaml": "^4.1.0", "jsdom": "^11.2.0", "koa": "^2.7.0", - "lavamoat": "^6.2.0", - "lavamoat-browserify": "^15.2.0", + "lavamoat": "^6.3.0", + "lavamoat-browserify": "^15.5.0", "lavamoat-viz": "^6.0.9", "lockfile-lint": "^4.9.6", "loose-envify": "^1.4.0", diff --git a/test/helpers/protect-intrinsics-helpers.js b/test/helpers/protect-intrinsics-helpers.js index d3e046e08..b9ac11f2b 100644 --- a/test/helpers/protect-intrinsics-helpers.js +++ b/test/helpers/protect-intrinsics-helpers.js @@ -11,14 +11,17 @@ module.exports = { * @returns {Set} All global intrinsic property names. */ function getGlobalProperties() { + const comp = new Compartment().globalThis; + // These are Agoric inventions, and we don't care about them. const ignoreList = new Set([ 'Compartment', 'HandledPromise', 'StaticModuleRecord', + ...Object.getOwnPropertySymbols(comp), ]); - const namedIntrinsics = Reflect.ownKeys(new Compartment().globalThis); + const namedIntrinsics = Reflect.ownKeys(comp); return new Set( [ diff --git a/yarn.lock b/yarn.lock index 629ea6b0c..fb50021ca 100644 --- a/yarn.lock +++ b/yarn.lock @@ -3067,35 +3067,35 @@ __metadata: languageName: node linkType: hard -"@lavamoat/lavapack@npm:3.1.0": - version: 3.1.0 - resolution: "@lavamoat/lavapack@npm:3.1.0" +"@lavamoat/lavapack@npm:^3.3.0": + version: 3.3.0 + resolution: "@lavamoat/lavapack@npm:3.3.0" dependencies: JSONStream: ^1.3.5 combine-source-map: ^0.8.0 convert-source-map: ^1.7.0 json-stable-stringify: ^1.0.1 - lavamoat-core: ^12.2.0 + lavamoat-core: ^12.4.0 readable-stream: ^3.6.0 through2: ^4.0.2 umd: ^3.0.3 - checksum: 01d87fe76194591e3542171c6f7eccd0efadcbe27213af5d251480a5ca3cc95a77724de103995ee7c96a4b7e7a269c8dfe446a0a3028f8cf4952d7168817fa4a + checksum: 77f6588d38d53f0feba1856de409829969dc3592b9b4d1e722fd395a1eabae6a8983648e2929ef9243fd6ead6919683cb87e65433325601bafabcf8b46dc83be languageName: node linkType: hard -"@lavamoat/lavapack@patch:@lavamoat/lavapack@npm%3A3.1.0#./.yarn/patches/@lavamoat-lavapack-npm-3.1.0-34c65d233b.patch::locator=metamask-crx%40workspace%3A.": - version: 3.1.0 - resolution: "@lavamoat/lavapack@patch:@lavamoat/lavapack@npm%3A3.1.0#./.yarn/patches/@lavamoat-lavapack-npm-3.1.0-34c65d233b.patch::version=3.1.0&hash=8c39c8&locator=metamask-crx%40workspace%3A." +"@lavamoat/lavapack@npm:^4.0.0": + version: 4.0.0 + resolution: "@lavamoat/lavapack@npm:4.0.0" dependencies: JSONStream: ^1.3.5 combine-source-map: ^0.8.0 convert-source-map: ^1.7.0 json-stable-stringify: ^1.0.1 - lavamoat-core: ^12.2.0 + lavamoat-core: ^13.0.0 readable-stream: ^3.6.0 through2: ^4.0.2 umd: ^3.0.3 - checksum: cef044f3dfba68455ed1b17b80d58fa3fcbd42e5d576c0ed0fad126f27e15592ae69c213b4537626a053c8a2f5a0f6bcf80bbb3e7e7ab6722ea6743d4e54820c + checksum: 869718c26912216f158001cf2b9ae02611d47218123f2dec86b7e9ae08c5a288129994ec5f3e219737c4ad604f9d5e75e8c9204631474e4ea04d341613949b91 languageName: node linkType: hard @@ -8886,7 +8886,7 @@ __metadata: languageName: node linkType: hard -"async-done@npm:^1.2.0, async-done@npm:^1.2.2, async-done@npm:~1.3.2": +"async-done@npm:1.3.2": version: 1.3.2 resolution: "async-done@npm:1.3.2" dependencies: @@ -8898,6 +8898,18 @@ __metadata: languageName: node linkType: hard +"async-done@patch:async-done@npm%3A1.3.2#./.yarn/patches/async-done-npm-1.3.2-1f0a4a8997.patch::locator=metamask-crx%40workspace%3A.": + version: 1.3.2 + resolution: "async-done@patch:async-done@npm%3A1.3.2#./.yarn/patches/async-done-npm-1.3.2-1f0a4a8997.patch::version=1.3.2&hash=198701&locator=metamask-crx%40workspace%3A." + dependencies: + end-of-stream: ^1.1.0 + once: ^1.3.2 + process-nextick-args: ^2.0.0 + stream-exhaust: ^1.0.1 + checksum: cf43b3e1e8530a09144d6614f5b7f3429921cf338a1d36c07854cc381241cc22e001fcbf6a845a65bf76726653951ae12bba3ec221278508345629e47d880329 + languageName: node + linkType: hard + "async-each@npm:^1.0.1": version: 1.0.1 resolution: "async-each@npm:1.0.1" @@ -21384,63 +21396,65 @@ __metadata: languageName: node linkType: hard -"lavamoat-browserify@npm:^15.2.0": - version: 15.2.0 - resolution: "lavamoat-browserify@npm:15.2.0" +"lavamoat-browserify@npm:^15.5.0": + version: 15.5.0 + resolution: "lavamoat-browserify@npm:15.5.0" dependencies: "@babel/code-frame": ^7.16.7 "@lavamoat/aa": ^3.1.0 - "@lavamoat/lavapack": ^3.1.0 + "@lavamoat/lavapack": ^3.3.0 browser-resolve: ^2.0.0 concat-stream: ^2.0.0 convert-source-map: ^1.8.0 duplexify: ^4.1.1 json-stable-stringify: ^1.0.1 - lavamoat-core: ^12.2.0 + lavamoat-core: ^12.4.0 pify: ^4.0.1 readable-stream: ^3.6.0 source-map: ^0.7.3 through2: ^3.0.0 - checksum: 510e09ac05ac2b3492815b6ce9060255cd6d8cc372073c437dfc634818b729fd0cf87a00f70c96deeb15496d090c611248101d13c117a4454247464d9f0f1a91 + checksum: b9d4ccbe6dd09aa63145f89f99f0b3ac269930a5e419cc836659f8c6a7e26b78d2dd3722e44055e6436d2334b044c348895f512d134ee8b5dc4ee87adc890b6f languageName: node linkType: hard "lavamoat-core@npm:^10.0.1": - version: 10.0.1 - resolution: "lavamoat-core@npm:10.0.1" + version: 10.1.2 + resolution: "lavamoat-core@npm:10.1.2" dependencies: fromentries: ^1.2.0 json-stable-stringify: ^1.0.1 - lavamoat-tofu: ^5.1.3 + lavamoat-tofu: ^6.0.0 merge-deep: ^3.0.2 resolve: ^1.15.1 - checksum: 6d64663da2661ac550095e762ed71be2e99a58fa33bc7c9ae35a1cf7476d3cea8e08986dbb04c7decf9169e71b39c9377eaf8c8005a687e0a5675443aa124a40 + checksum: 848621677537df346536f049996940516ad24d723ffd0ba84c291b5d75975b77b344d4300a575cba4b821a52d3c8cb30cf8b7d14ca5ab46811ec382d62cf503c languageName: node linkType: hard -"lavamoat-core@npm:^12.2.0": - version: 12.2.0 - resolution: "lavamoat-core@npm:12.2.0" +"lavamoat-core@npm:^12.3.0, lavamoat-core@npm:^12.4.0": + version: 12.4.0 + resolution: "lavamoat-core@npm:12.4.0" dependencies: fromentries: ^1.2.0 json-stable-stringify: ^1.0.1 - lavamoat-tofu: ^6.0.1 + lavamoat-tofu: ^6.0.2 merge-deep: ^3.0.2 - checksum: 8aff8ba92fad737b1194aefa25f3e8a51055963c0d68a4c4eef6cf2f36155690c8ddc30d881e23c466d3084a420c5ddab3d82eedc5630eecfc714849ca2c0c75 + checksum: 432a8968035370feb51e50f35306e7f85015e3b56440dbd41b6d3eec7f4bc82c3d1f16c6a627549df2665499c49bcb6e55fa697bccc6839bac1de12804019c1d languageName: node linkType: hard -"lavamoat-tofu@npm:^5.1.3": - version: 5.1.3 - resolution: "lavamoat-tofu@npm:5.1.3" +"lavamoat-core@npm:^13.0.0": + version: 13.0.0 + resolution: "lavamoat-core@npm:13.0.0" dependencies: - "@babel/parser": ^7.10.1 - "@babel/traverse": ^7.10.1 - checksum: d8a04fb8db04a5a731ad02974f9e6d8771fb8679525745e3edf9e35b369aa4bc0c3df14fb49e9380594f24e5603fd8e06645675212611b4982977de1b9aab60b + fromentries: ^1.2.0 + json-stable-stringify: ^1.0.1 + lavamoat-tofu: ^6.0.2 + merge-deep: ^3.0.2 + checksum: afeb8014f8c21613e65eaff5676cc3cf893ff351de3930845c6141126f896a063456794806d6c9b9a97be92f444dc23aaa3f28bb4d35b8af20691dfd0296e59c languageName: node linkType: hard -"lavamoat-tofu@npm:^6.0.1": +"lavamoat-tofu@npm:^6.0.0, lavamoat-tofu@npm:^6.0.2": version: 6.0.2 resolution: "lavamoat-tofu@npm:6.0.2" dependencies: @@ -21466,9 +21480,9 @@ __metadata: languageName: node linkType: hard -"lavamoat@npm:^6.2.0": - version: 6.2.0 - resolution: "lavamoat@npm:6.2.0" +"lavamoat@npm:^6.3.0": + version: 6.4.0 + resolution: "lavamoat@npm:6.4.0" dependencies: "@babel/code-frame": ^7.10.4 "@babel/highlight": ^7.10.4 @@ -21476,15 +21490,16 @@ __metadata: bindings: ^1.5.0 htmlescape: ^1.1.1 json-stable-stringify: ^1.0.1 - lavamoat-core: ^12.2.0 - lavamoat-tofu: ^6.0.1 + lavamoat-core: ^12.3.0 + lavamoat-tofu: ^6.0.2 node-gyp-build: ^4.2.3 object.fromentries: ^2.0.2 resolve: ^1.17.0 yargs: ^16.0.0 bin: - lavamoat: src/index.js - checksum: 4824d5459647dfe8352ce913295fa6d01343e6715bf3da8dc27956bf5876ed466572d9d50b66401a8a7896168f969f3667b33721bb4e276441ee3bedf2192bca + lavamoat: src/cli.js + lavamoat-run-command: src/run-command.js + checksum: 5a058b0b62fa4d6baa477775dc03433c0064e7ab0f14f4a540aa033154c3484cd9b59ec66e2968e387087c24531b09cbd6a70a3a11f4b52e3b4519cd3672c54c languageName: node linkType: hard @@ -22746,7 +22761,7 @@ __metadata: "@keystonehq/bc-ur-registry-eth": ^0.12.1 "@keystonehq/metamask-airgapped-keyring": ^0.6.1 "@lavamoat/allow-scripts": ^2.0.3 - "@lavamoat/lavapack": ^3.1.0 + "@lavamoat/lavapack": ^4.0.0 "@lavamoat/snow": ^1.3.0 "@material-ui/core": ^4.11.0 "@metamask/address-book-controller": ^1.0.0 @@ -22946,8 +22961,8 @@ __metadata: jsonschema: ^1.2.4 koa: ^2.7.0 labeled-stream-splicer: ^2.0.2 - lavamoat: ^6.2.0 - lavamoat-browserify: ^15.2.0 + lavamoat: ^6.3.0 + lavamoat-browserify: ^15.5.0 lavamoat-viz: ^6.0.9 localforage: ^1.9.0 lockfile-lint: ^4.9.6