m/metamask-extension
1
0
Fork 0
mirror of https://github.com/kremalicious/metamask-extension.git synced 2024-11-22 01:47:00 +01:00
Code

Add applyLavaMoat build flag (#14583)

Browse Source 
Adds a new flag, `--apply-lavamoat`, to the main build script. The flag controls whether LavaMoat is actually applied to the output of the build process. The flag defaults to `true`, but we explicitly set it to `false` in the `start` package script. Meanwhile, the `start:lavamoat` script is modified such that it applies LavaMoat to the build output in development mode, but it no longer runs the build process itself under LavaMoat as there aren't very compelling reasons to do so.

This change is motivated by the fact that development builds do not have their own dedicated LavaMoat policies, which causes development builds to fail since #14537. The downside of this change is that LavaMoat-related failures will not be detected when running `yarn start`. @kumavis has plans for fixing this problem in a future major version of the `@lavamoat` suite.
This commit is contained in:
Erik Marks 2022-04-29 15:56:30 -07:00 committed by GitHub
parent 54a89f029e
commit 73a7ce9e39
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 27 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app/background.html
View File

@ -6,7 +6,7 @@
<body>
<script src="./globalthis.js" type="text/javascript" charset="utf-8"></script>
<script src="./sentry-install.js" type="text/javascript" charset="utf-8"></script>
{{@if(it.useLavamoat)}}
{{@if(it.applyLavaMoat)}}
<script src="./runtime-lavamoat.js" type="text/javascript" charset="utf-8"></script>
<script src="./lockdown-more.js" type="text/javascript" charset="utf-8"></script>
<script src="./policy-load.js" type="text/javascript" charset="utf-8"></script>

2
app/home.html
View File

@ -12,7 +12,7 @@
<div id="popover-content"></div>
<script src="./globalthis.js" type="text/javascript" charset="utf-8"></script>
<script src="./sentry-install.js" type="text/javascript" charset="utf-8"></script>
{{@if(it.useLavamoat)}}
{{@if(it.applyLavaMoat)}}
<script src="./runtime-lavamoat.js" type="text/javascript" charset="utf-8"></script>
<script src="./lockdown-more.js" type="text/javascript" charset="utf-8"></script>
<script src="./policy-load.js" type="text/javascript" charset="utf-8"></script>

2
app/notification.html
View File

@ -35,7 +35,7 @@
<div id="popover-content"></div>
<script src="./globalthis.js" type="text/javascript" charset="utf-8"></script>
<script src="./sentry-install.js" type="text/javascript" charset="utf-8"></script>
{{@if(it.useLavamoat)}}
{{@if(it.applyLavaMoat)}}
<script src="./runtime-lavamoat.js" type="text/javascript" charset="utf-8"></script>
<script src="./lockdown-more.js" type="text/javascript" charset="utf-8"></script>
<script src="./policy-load.js" type="text/javascript" charset="utf-8"></script>

2
app/popup.html
View File

@ -12,7 +12,7 @@
<div id="popover-content"></div>
<script src="./globalthis.js" type="text/javascript" charset="utf-8"></script>
<script src="./sentry-install.js" type="text/javascript" charset="utf-8"></script>
{{@if(it.useLavamoat)}}
{{@if(it.applyLavaMoat)}}
<script src="./runtime-lavamoat.js" type="text/javascript" charset="utf-8"></script>
<script src="./lockdown-more.js" type="text/javascript" charset="utf-8"></script>
<script src="./policy-load.js" type="text/javascript" charset="utf-8"></script>

8
development/build/index.js
View File

@ -57,6 +57,7 @@ defineAndRunBuildTasks();
function defineAndRunBuildTasks() {
const {
applyLavaMoat,
buildType,
entryTask,
isLavaMoat,
@ -89,6 +90,7 @@ function defineAndRunBuildTasks() {
const styleTasks = createStyleTasks({ livereload });
const scriptTasks = createScriptTasks({
applyLavaMoat,
browserPlatforms,
buildType,
ignoredFiles,
@ -170,6 +172,7 @@ function defineAndRunBuildTasks() {
function parseArgv() {
const NamedArgs = {
ApplyLavaMoat: 'apply-lavamoat',
BuildType: 'build-type',
BuildVersion: 'build-version',
LintFenceFiles: 'lint-fence-files',
@ -180,6 +183,7 @@ function parseArgv() {
const argv = minimist(process.argv.slice(2), {
boolean: [
NamedArgs.ApplyLavaMoat,
NamedArgs.LintFenceFiles,
NamedArgs.Lockdown,
NamedArgs.PolicyOnly,
@ -187,6 +191,7 @@ function parseArgv() {
],
string: [NamedArgs.BuildType, NamedArgs.BuildVersion],
default: {
[NamedArgs.ApplyLavaMoat]: true,
[NamedArgs.BuildType]: BuildType.main,
[NamedArgs.BuildVersion]: '0',
[NamedArgs.LintFenceFiles]: true,
@ -232,8 +237,11 @@ function parseArgv() {
const version = getVersion(buildType, buildVersion);
return {
// Should we apply LavaMoat to the build output?
applyLavaMoat: argv[NamedArgs.ApplyLavaMoat],
buildType,
entryTask,
// Is this process running in lavamoat-node?
isLavaMoat: process.argv[0].includes('lavamoat'),
policyOnly,
shouldIncludeLockdown: argv[NamedArgs.Lockdown],

21
development/build/scripts.js
View File

@ -140,6 +140,7 @@ const noopWriteStream = through.obj((_file, _fileEncoding, callback) =>
module.exports = createScriptTasks;
function createScriptTasks({
applyLavaMoat,
browserPlatforms,
buildType,
ignoredFiles,
@ -180,6 +181,7 @@ function createScriptTasks({
const standardSubtask = createTask(
`${taskPrefix}:standardEntryPoints`,
createFactoredBuild({
applyLavaMoat,
browserPlatforms,
buildType,
devMode,
@ -343,6 +345,7 @@ function createScriptTasks({
}
function createFactoredBuild({
applyLavaMoat,
browserPlatforms,
buildType,
devMode,
@ -473,21 +476,21 @@ function createFactoredBuild({
groupSet,
commonSet,
browserPlatforms,
useLavamoat: true,
applyLavaMoat,
});
renderHtmlFile({
htmlName: 'notification',
groupSet,
commonSet,
browserPlatforms,
useLavamoat: true,
applyLavaMoat,
});
renderHtmlFile({
htmlName: 'home',
groupSet,
commonSet,
browserPlatforms,
useLavamoat: true,
applyLavaMoat,
});
break;
}
@ -497,7 +500,7 @@ function createFactoredBuild({
groupSet,
commonSet,
browserPlatforms,
useLavamoat: true,
applyLavaMoat,
});
break;
}
@ -507,7 +510,7 @@ function createFactoredBuild({
groupSet,
commonSet,
browserPlatforms,
useLavamoat: false,
applyLavaMoat: false,
});
break;
}
@ -858,11 +861,11 @@ function renderHtmlFile({
groupSet,
commonSet,
browserPlatforms,
useLavamoat,
applyLavaMoat,
}) {
if (useLavamoat === undefined) {
if (applyLavaMoat === undefined) {
throw new Error(
'build/scripts/renderHtmlFile - must specify "useLavamoat" option',
'build/scripts/renderHtmlFile - must specify "applyLavaMoat" option',
);
}
const htmlFilePath = `./app/${htmlName}.html`;
@ -870,7 +873,7 @@ function renderHtmlFile({
const jsBundles = [...commonSet.values(), ...groupSet.values()].map(
(label) => `./${label}.js`,
);
const htmlOutput = Sqrl.render(htmlTemplate, { jsBundles, useLavamoat });
const htmlOutput = Sqrl.render(htmlTemplate, { jsBundles, applyLavaMoat });
browserPlatforms.forEach((platform) => {
const dest = `./dist/${platform}/${htmlName}.html`;
// we dont have a way of creating async events atm

6
package.json
View File

@ -9,11 +9,11 @@
"scripts": {
"setup": "yarn install && yarn setup:postinstall",
"setup:postinstall": "yarn patch-package && yarn allow-scripts",
"start": "yarn build:dev dev",
"start:lavamoat": "yarn build dev",
"start": "yarn build:dev --apply-lavamoat=false",
"start:lavamoat": "yarn build:dev --apply-lavamoat=true",
"dist": "yarn build prod",
"build": "yarn lavamoat:build",
"build:dev": "node development/build/index.js",
"build:dev": "node development/build/index.js dev",
"start:test": "SEGMENT_HOST='https://api.segment.io' SEGMENT_WRITE_KEY='FAKE' yarn build testDev",
"benchmark:chrome": "SELENIUM_BROWSER=chrome node test/e2e/benchmark.js",
"benchmark:firefox": "SELENIUM_BROWSER=firefox node test/e2e/benchmark.js",