[PM-8395] [POC] Introduce wrapper script to prevent renderer coredumps in desktop linux (#9395)

* Add wrapper script to protect from coredumps and re-enable process reload

* Allow args passthrough and clean up after-pack script
This commit is contained in:
Bernd Schoolmann 2024-07-24 19:17:11 +02:00 committed by GitHub
parent 5a2db79235
commit b07d7ee1c6
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 38 additions and 5 deletions

View File

@ -12,6 +12,7 @@
"app": "build"
},
"afterSign": "scripts/after-sign.js",
"afterPack": "scripts/after-pack.js",
"asarUnpack": ["**/*.node"],
"files": [
"**/*",

View File

@ -0,0 +1,8 @@
#!/bin/sh
# disable core dumps
ulimit -c 0
APP_PATH=$(dirname "$0")
# pass through all args
$APP_PATH/bitwarden-app "$@"

View File

@ -0,0 +1,26 @@
/* eslint-disable @typescript-eslint/no-var-requires, no-console */
require("dotenv").config();
const path = require("path");
const fse = require("fs-extra");
exports.default = run;
async function run(context) {
console.log("## After pack");
console.log(context);
if (context.electronPlatformName === "linux") {
console.log("Creating memory-protection wrapper script");
const appOutDir = context.appOutDir;
const oldBin = path.join(appOutDir, context.packager.executableName);
const newBin = path.join(appOutDir, "bitwarden-app");
fse.moveSync(oldBin, newBin);
console.log("Moved binary to bitwarden-app");
const wrapperScript = path.join(__dirname, "../resources/memory-dump-wrapper.sh");
const wrapperBin = path.join(appOutDir, context.packager.executableName);
fse.copyFileSync(wrapperScript, wrapperBin);
fse.chmodSync(wrapperBin, "755");
console.log("Copied memory-protection wrapper script");
}
}

View File

@ -53,11 +53,9 @@ export class WindowMain {
this.win.setBackgroundColor(await this.getBackgroundColor());
// By default some linux distro collect core dumps on crashes which gets written to disk.
if (!isLinux()) {
const crashEvent = once(this.win.webContents, "render-process-gone");
this.win.webContents.forcefullyCrashRenderer();
await crashEvent;
}
this.win.webContents.reloadIgnoringCache();
// FIXME: Verify that this floating promise is intentional. If it is, add an explanatory comment and ensure there is proper error handling.