Merge branch 'develop' into t3chguy/ci3

.github/workflows/build_and_deploy.yaml

@@ -39,16 +39,19 @@ on:
                 required: true
                 type: boolean
                 default: true
-concurrency: ${{ github.workflow }}
+concurrency:
+    group: ${{ github.workflow }}-${{ github.ref }}
+    cancel-in-progress: true
 env:
-    R2_BUCKET: "packages-element-io"
+    # XXX: UPDATE THIS BEFORE WHEN GOING LIVE
+    R2_BUCKET: "packages-element-io-test"
 jobs:
     prepare:
         uses: ./.github/workflows/build_prepare.yaml
         with:
             config: element.io/${{ inputs.mode || 'nightly' }}
             version: ${{ inputs.mode == 'release' && '' || 'develop' }}
-            nightly: ${{ inputs.mode != 'release' }}
+            calculate-nightly-versions: ${{ inputs.mode != 'release' }}
         secrets:
             CF_R2_ACCESS_KEY_ID: ${{ secrets.CF_R2_ACCESS_KEY_ID }}
             CF_R2_TOKEN: ${{ secrets.CF_R2_TOKEN }}
@@ -87,45 +90,30 @@ jobs:
         with:
             sign: true
             deploy-mode: true
-            base-url: https://packages.element.io/${{ inputs.mode == 'release' && 'desktop' || 'nightly' }}
+            # XXX: UPDATE THIS BEFORE WHEN GOING LIVE
+            base-url: https://packages-element-io-test.element.io/${{ inputs.mode == 'release' && 'desktop' || 'nightly' }}
             version: ${{ needs.prepare.outputs.macos-version }}
 
-    # We do not put this call into deploy-mode as we do not want it to add to the packages.element.io artifact
-    # We ship this build via reprepro only
     linux:
         if: github.event_name != 'workflow_dispatch' || inputs.linux
         needs: prepare
-        name: Linux (sqlcipher system)
+        name: Linux
         uses: ./.github/workflows/build_linux.yaml
+        secrets: inherit
         with:
-            config: element.io/${{ inputs.mode || 'nightly' }}
             sqlcipher: system
-            version: ${{ needs.prepare.outputs.linux-version }}
-
-    # We ship the static build via static tarball only
-    linux_static:
-        if: github.event_name != 'workflow_dispatch' || inputs.linux
-        needs: prepare
-        name: Linux (sqlcipher static)
-        uses: ./.github/workflows/build_linux.yaml
-        with:
             deploy-mode: true
-            config: element.io/${{ inputs.mode || 'nightly' }}
-            sqlcipher: static
             version: ${{ needs.prepare.outputs.linux-version }}
 
-    # This deploy job only handles Windows, macOS & linux_static as those are stateless and static.
-    # Linux will be deployed via reprepro after it, but we list it as a dependency to abort if it fails.
     deploy:
         needs:
             - macos
             - linux
-            - linux_static
             - windows_32bit
             - windows_64bit
         runs-on: ubuntu-latest
         name: Deploy
-        if: github.event_name != 'workflow_dispatch' || (inputs.deploy && (inputs.macos || inputs.windows_32bit || inputs.windows_64bit))
+        if: always() && (github.event != 'workflow_dispatch' || inputs.deploy)
         environment: packages.element.io
         steps:
             - name: Download artifacts
@@ -134,7 +122,18 @@ jobs:
                   name: packages.element.io
                   path: packages.element.io
 
+            - name: Deploy debian repo
+              if: github.event_name != 'workflow_dispatch' || inputs.linux
+              run: |
+                  mv packages.element.io/debian .
+                  aws s3 cp --recursive debian/ s3://$R2_BUCKET/debian --endpoint-url $R2_URL --region auto
+              env:
+                  AWS_ACCESS_KEY_ID: ${{ secrets.CF_R2_ACCESS_KEY_ID }}
+                  AWS_SECRET_ACCESS_KEY: ${{ secrets.CF_R2_TOKEN }}
+                  R2_URL: ${{ secrets.CF_R2_S3_API }}
+
             - name: Deploy artifacts
+              if: github.event_name != 'workflow_dispatch' || inputs.macos || inputs.windows_32bit || inputs.windows_64bit
               run: |
                   aws s3 cp --recursive packages.element.io/ s3://$R2_BUCKET/$DEPLOYMENT_DIR --endpoint-url $R2_URL --region auto
               env:
@@ -142,15 +141,3 @@ jobs:
                   AWS_SECRET_ACCESS_KEY: ${{ secrets.CF_R2_TOKEN }}
                   R2_URL: ${{ secrets.CF_R2_S3_API }}
                   DEPLOYMENT_DIR: ${{ inputs.mode == 'release' && 'desktop' || 'nightly' }}
-
-    reprepro:
-        needs:
-            - linux
-            # We queue this after the other deploy stage as we want to abort if that fails
-            - deploy
-        name: Run reprepro
-        if: github.event_name != 'workflow_dispatch' || (inputs.deploy && inputs.linux)
-        uses: ./.github/workflows/reprepro.yaml
-        secrets: inherit
-        with:
-            artifact-name: linux-sqlcipher-system

.github/workflows/build_and_test.yaml

@@ -31,7 +31,6 @@ jobs:
             matrix:
                 sqlcipher: [system, static]
         with:
-            config: ${{ github.event.pull_request.base.ref == 'develop' && 'element.io/nightly' || 'element.io/release' }}
             sqlcipher: ${{ matrix.sqlcipher }}
 
     macos:
@@ -80,7 +79,7 @@ jobs:
                   cache: "yarn"
 
             - name: Install Deps
-              run: "yarn install --frozen-lockfile"
+              run: "yarn install --pure-lockfile"
 
             - uses: actions/download-artifact@v3
               with:
@@ -92,7 +91,7 @@ jobs:
               if: matrix.prepare_cmd
 
             - name: Run tests
-              uses: coactions/setup-xvfb@b6b4fcfb9f5a895edadc3bc76318fae0ac17c8b3 # v1
+              uses: GabrielBB/xvfb-action@v1
               timeout-minutes: 5
               with:
                   run: "yarn test"

.github/workflows/build_keyring.yaml

@@ -1,53 +0,0 @@
-name: Build Keyring package
-on:
-    workflow_dispatch:
-        inputs:
-            deploy:
-                description: Deploy artifacts
-                required: true
-                type: boolean
-                default: true
-            fingerprint:
-                description: The expected gpg fingerprint
-                required: true
-                type: string
-concurrency: ${{ github.workflow }}
-jobs:
-    build:
-        name: Build Keyring package
-        runs-on: ubuntu-latest
-        steps:
-            - uses: actions/checkout@v3
-
-            - name: Prepare
-              run: |
-                  mkdir -p element-io-archive-keyring/usr/share/keyrings/
-                  cp packages.element.io/debian/element-io-archive-keyring.gpg element-io-archive-keyring/usr/share/keyrings/element-io-archive-keyring.gpg
-
-            - name: Check fingerprint
-              run: |
-                  gpg --import element-io-archive-keyring/usr/share/keyrings/element-io-archive-keyring.gpg
-                  gpg --fingerprint "$FINGERPRINT"
-              env:
-                  FINGERPRINT: ${{ inputs.fingerprint }}
-
-            - name: Build deb package
-              run: |
-                  chmod u=rw,go=r element-io-archive-keyring/usr/share/keyrings/element-io-archive-keyring.gpg
-                  dpkg-deb -Zxz --root-owner-group --build element-io-archive-keyring element-io-archive-keyring.deb
-
-            - name: Upload Artifact
-              uses: actions/upload-artifact@v3
-              with:
-                  name: element-io-archive-keyring
-                  path: "*.deb"
-                  retention-days: 1
-
-    reprepro:
-        needs: build
-        name: Run reprepro
-        if: inputs.deploy
-        uses: ./.github/workflows/reprepro.yaml
-        secrets: inherit
-        with:
-            artifact-name: element-io-archive-keyring

.github/workflows/build_linux.yaml

@@ -3,11 +3,18 @@
 # the correct cache scoping, and additional care must be taken to not run untrusted actions on the develop branch.
 on:
     workflow_call:
+        secrets:
+            GPG_PRIVATE_KEY:
+                required: false
+            GPG_PASSPHRASE:
+                required: false
+            CF_R2_ACCESS_KEY_ID:
+                required: false
+            CF_R2_TOKEN:
+                required: false
+            CF_R2_S3_API:
+                required: false
         inputs:
-            config:
-                type: string
-                required: true
-                description: "The config directory to use"
             version:
                 type: string
                 required: false
@@ -17,17 +24,13 @@ on:
                 required: true
                 description: "How to link sqlcipher, one of 'system' | 'static'"
             deploy-mode:
-                type: boolean
+                type: string
                 required: false
-                description: "Whether to arrange artifacts in the arrangement needed for deployment, skipping unrelated ones"
+                description: "Whether to arrange artifacts in the arrangement needed for deployment, skipping unrelated ones, this uses reprepro and requires 'packages.element.io' environment"
 jobs:
     build:
         runs-on: ubuntu-latest
-        container:
-            image: ghcr.io/vector-im/element-desktop-dockerbuild:${{ github.ref_name == 'master' && 'master' || 'develop' }}
-        defaults:
-            run:
-                shell: bash
+        environment: ${{ inputs.deploy-mode && 'packages.element.io' || '' }}
         steps:
             - uses: actions/checkout@v3
 
@@ -39,20 +42,27 @@ jobs:
               id: cache
               uses: actions/cache@v3
               with:
-                  key: ${{ runner.os }}-${{ inputs.sqlcipher }}-${{ hashFiles('hakDependencies.json', 'electronVersion') }}
+                  key: ${{ runner.os }}-${{ hashFiles('hakDependencies.json', 'electronVersion') }}
                   path: |
                       ./.hak
 
+            - name: Install Rust
+              if: steps.cache.outputs.cache-hit != 'true'
+              uses: actions-rs/toolchain@v1
+              with:
+                  toolchain: stable
+
+            - name: Install libsqlcipher-dev
+              if: steps.cache.outputs.cache-hit != 'true' && inputs.sqlcipher == 'system'
+              run: sudo apt-get install -y libsqlcipher-dev
+
             - uses: actions/setup-node@v3
               with:
                   cache: "yarn"
-              env:
-                  # Workaround for https://github.com/actions/setup-node/issues/317
-                  FORCE_COLOR: 0
 
             # Does not need branch matching as only analyses this layer
             - name: Install Deps
-              run: "yarn install --frozen-lockfile"
+              run: "yarn install --pure-lockfile"
 
             - name: Build Natives
               if: steps.cache.outputs.cache-hit != 'true'
@@ -66,72 +76,53 @@ jobs:
               run: |
                   echo "config-args=--nightly '${{ inputs.version }}'" >> $GITHUB_OUTPUT
 
-            - name: Generate debian files and arguments
-              id: debian
+            - name: Generate debian control file
               run: |
-                  if [ -f changelog.Debian ]; then
-                      echo "config-args=--deb-changelog changelog.Debian" >> $GITHUB_OUTPUT
-                  fi
-
-                  cp "$DIR/control.template" debcontrol
+                  cp element.io/${{ inputs.version && 'nightly' || 'release' }}/control.template debcontrol
+                  INPUT_VERSION="${{ inputs.version }}"
                   VERSION=${INPUT_VERSION:-$(cat package.json | jq -r .version)}
                   echo "Version: $VERSION" >> debcontrol
-              env:
-                  DIR: ${{ inputs.config }}
-                  INPUT_VERSION: ${{ inputs.version }}
 
             - name: Build App
               run: |
-                  npx ts-node scripts/generate-builder-config.ts \
-                      ${{ steps.nightly.outputs.config-args }} \
-                      ${{ steps.debian.outputs.config-args }} \
-                      --deb-custom-control=debcontrol
+                  scripts/generate-builder-config.ts ${{ steps.nightly.outputs.config-args }} --deb-custom-control=debcontrol
                   yarn build --publish never -l --config electron-builder.json
 
-            - name: Check ldd
-              run: |
-                  ldd dist/linux-unpacked/resources/app.asar.unpacked/node_modules/matrix-seshat/native/index.node
-                  if [ "$SQLCIPHER_STATIC" == "1" ]; then
-                      ldd dist/linux-unpacked/resources/app.asar.unpacked/node_modules/matrix-seshat/native/index.node | grep -v libsqlcipher.so.0
-                      ldd dist/linux-unpacked/resources/app.asar.unpacked/node_modules/matrix-seshat/native/index.node | grep libcrypto.so.1.1
-                  else
-                      ldd dist/linux-unpacked/resources/app.asar.unpacked/node_modules/matrix-seshat/native/index.node | grep libsqlcipher.so.0
-                      ldd dist/linux-unpacked/resources/app.asar.unpacked/node_modules/matrix-seshat/native/index.node | grep -v libcrypto.so.1.1
-                  fi
-              env:
-                  SQLCIPHER_STATIC: ${{ inputs.sqlcipher == 'static' && '1' || '' }}
-
-            - name: Stash deb package
+            - name: Load GPG key
               if: inputs.deploy-mode
-              uses: actions/upload-artifact@v3
+              uses: crazy-max/ghaction-import-gpg@111c56156bcc6918c056dbef52164cfa583dc549 # v5
               with:
-                  name: linux-sqlcipher-${{ inputs.sqlcipher }}-deb
-                  path: dist/*.deb
-                  retention-days: 1
+                  gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
+                  passphrase: ${{ secrets.GPG_PASSPHRASE }}
+                  fingerprint: 75741890063E5E9A46135D01C2850B265AC085BD
 
-            - name: Prepare artifacts for deployment
+            - name: Prepare artifacts for deployment (reprepro)
               if: inputs.deploy-mode
               run: |
-                  mv dist _dist
-                  mkdir -p "dist/install/linux/glibc-x86-64/"
-                  mv _dist/*.tar.gz "dist/install/linux/glibc-x86-64"
+                  # Clear out the template packages.element.io directory, it has a dedicated deploy workflow
+                  rm -R packages.element.io/*
 
-            # We don't wish to store the tarball for every nightly ever, so we only keep the latest
-            - name: "[Nightly] Strip version from tarball"
-              if: inputs.deploy-mode && inputs.version != ''
-              run: |
-                  mv dist/install/linux/glibc-x86-64/*.tar.gz "dist/install/linux/glibc-x86-64/element-desktop-nightly.tar.gz"
+                  # Install reprepro
+                  sudo apt-get install -y reprepro
 
-            - name: "[Release] Prepare release latest symlink"
-              if: inputs.deploy-mode && inputs.version == ''
-              shell: bash
-              run: |
-                  ln -s "$(find . -type f -iname "*.tar.gz" | xargs -0 -n1 -- basename)" "element-desktop.tar.gz"
-              working-directory: "dist/install/linux/glibc-x86-64"
+                  # Fetch reprepro database
+                  aws s3 cp --recursive s3://$R2_BUCKET debian/db/ --endpoint-url $R2_URL --region auto
+
+                  grep Codename debian/conf/distributions | sed -n 's/Codename: //p' | while read -r target ; do
+                      reprepro -b debian includedeb "$target" ./dist/*.deb
+                  done
+
+                  # Store reprepro database
+                  aws s3 cp --recursive debian/db/ s3://$R2_BUCKET --endpoint-url $R2_URL --region auto
+              env:
+                  R2_BUCKET: packages-element-io-db
+                  AWS_ACCESS_KEY_ID: ${{ secrets.CF_R2_ACCESS_KEY_ID }}
+                  AWS_SECRET_ACCESS_KEY: ${{ secrets.CF_R2_TOKEN }}
+                  R2_URL: ${{ secrets.CF_R2_S3_API }}
 
             - name: Upload Artifacts
               uses: actions/upload-artifact@v3
               with:
                   name: ${{ inputs.deploy-mode && 'packages.element.io' || format('linux-sqlcipher-{0}', inputs.sqlcipher) }}
-                  path: dist
+                  path: ${{ inputs.deploy-mode && 'packages.element.io' || 'dist' }}
                   retention-days: 1

.github/workflows/build_macos.yaml

@@ -24,7 +24,7 @@ on:
                 required: false
                 description: "Whether to sign & notarise the build, requires 'packages.element.io' environment"
             deploy-mode:
-                type: boolean
+                type: string
                 required: false
                 description: "Whether to arrange artifacts in the arrangement needed for deployment, skipping unrelated ones"
             base-url:
@@ -54,7 +54,6 @@ jobs:
               if: steps.cache.outputs.cache-hit != 'true'
               uses: actions-rs/toolchain@v1
               with:
-                  default: true
                   toolchain: stable
                   target: aarch64-apple-darwin
 
@@ -64,7 +63,7 @@ jobs:
 
             # Does not need branch matching as only analyses this layer
             - name: Install Deps
-              run: "yarn install --frozen-lockfile"
+              run: "yarn install --pure-lockfile"
 
             - name: Build Natives
               if: steps.cache.outputs.cache-hit != 'true'
@@ -80,22 +79,15 @@ jobs:
             - name: "[Signed] Build App"
               if: inputs.sign != ''
               run: |
-                  scripts/generate-builder-config.ts ${{ steps.nightly.outputs.config-args }} --notarytool-team-id='${{ secrets.APPLE_TEAM_ID }}'
+                  scripts/generate-builder-config.ts ${{ steps.nightly.outputs.config-args }}
                   yarn build:universal --publish never --config electron-builder.json
               env:
-                  APPLE_ID: ${{ secrets.APPLE_ID }}
-                  APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
+                  NOTARIZE_APPLE_ID: ${{ secrets.APPLE_ID }}
+                  NOTARIZE_APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
+                  NOTARIZE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
                   CSC_KEY_PASSWORD: ${{ secrets.APPLE_CSC_KEY_PASSWORD }}
                   CSC_LINK: ${{ secrets.APPLE_CSC_LINK }}
 
-            - name: Check app was signed & notarised successfully
-              if: inputs.sign != ''
-              run: |
-                  hdiutil attach dist/*.dmg
-                  codesign -dv --verbose=4 /Volumes/Element*/*.app
-                  spctl -a -vvv -t install /Volumes/Element*/*.app
-                  hdiutil detach /Volumes/Element*
-
             - name: "[Unsigned] Build App"
               if: inputs.sign == ''
               run: |

.github/workflows/build_prepare.yaml

@@ -10,38 +10,37 @@ on:
                 type: string
                 required: false
                 description: "The version tag to fetch, or 'develop', will pick automatically if not passed"
-            nightly:
-                type: boolean
+            calculate-nightly-versions:
+                type: string
                 required: false
-                default: false
-                description: "Whether the build is a Nightly and to calculate the version strings new builds should use"
+                description: "Whether to calculate the version strings new Nightly builds should use"
         secrets:
-            # Required if `nightly` is set
+            # Required if `calculate-nightly-versions` is set
             CF_R2_ACCESS_KEY_ID:
                 required: false
-            # Required if `nightly` is set
+            # Required if `calculate-nightly-versions` is set
             CF_R2_TOKEN:
                 required: false
-            # Required if `nightly` is set
+            # Required if `calculate-nightly-versions` is set
             CF_R2_S3_API:
                 required: false
         outputs:
             macos-version:
-                description: "The version string the next macOS Nightly should use, only output for nightly"
+                description: "The version string the next macOS Nightly should use, only output for calculate-nightly-versions"
                 value: ${{ jobs.prepare.outputs.macos-version }}
             linux-version:
-                description: "The version string the next Linux Nightly should use, only output for nightly"
+                description: "The version string the next Linux Nightly should use, only output for calculate-nightly-versions"
                 value: ${{ jobs.prepare.outputs.linux-version }}
             win32-x64-version:
-                description: "The version string the next Windows x64 Nightly should use, only output for nightly"
+                description: "The version string the next Windows x64 Nightly should use, only output for calculate-nightly-versions"
                 value: ${{ jobs.prepare.outputs.win32-x64-version }}
             win32-x86-version:
-                description: "The version string the next Windows x86 Nightly should use, only output for nightly"
+                description: "The version string the next Windows x86 Nightly should use, only output for calculate-nightly-versions"
                 value: ${{ jobs.prepare.outputs.win32-x86-version }}
 jobs:
     prepare:
         name: Prepare
-        environment: ${{ inputs.nightly && 'packages.element.io' || '' }}
+        environment: ${{ inputs.calculate-nightly-versions && 'packages.element.io' || '' }}
         runs-on: ubuntu-latest
         outputs:
             macos-version: ${{ steps.versions.outputs.macos }}
@@ -56,7 +55,7 @@ jobs:
                   cache: "yarn"
 
             - name: Install Deps
-              run: "yarn install --frozen-lockfile"
+              run: "yarn install --pure-lockfile"
 
             - name: Fetch Element Web
               run: yarn run fetch --noverify -d ${{ inputs.config }} ${{ inputs.version }}
@@ -67,9 +66,19 @@ jobs:
                   yarn run --silent electron --version > electronVersion
                   cat package.json | jq -c .hakDependencies > hakDependencies.json
 
-            - name: "[Nightly] Calculate versions"
+            - uses: actions/upload-artifact@v3
+              with:
+                  name: webapp
+                  retention-days: 1
+                  path: |
+                      webapp.asar
+                      package.json
+                      electronVersion
+                      hakDependencies.json
+
+            - name: Calculate Nightly versions
               id: versions
-              if: inputs.nightly
+              if: inputs.calculate-nightly-versions
               run: |
                   MACOS=$(aws s3 cp s3://$R2_BUCKET/nightly/update/macos/releases.json - --endpoint-url $R2_URL --region auto | jq -r .currentRelease)
                   echo "macos=$(scripts/generate-nightly-version.ts --latest $MACOS)" >> $GITHUB_OUTPUT
@@ -84,44 +93,6 @@ jobs:
               env:
                   AWS_ACCESS_KEY_ID: ${{ secrets.CF_R2_ACCESS_KEY_ID }}
                   AWS_SECRET_ACCESS_KEY: ${{ secrets.CF_R2_TOKEN }}
-                  R2_BUCKET: "packages-element-io"
+                  # XXX: UPDATE THIS BEFORE WHEN GOING LIVE
+                  R2_BUCKET: "packages-element-io-test"
                   R2_URL: ${{ secrets.CF_R2_S3_API }}
-
-            - name: Check version
-              id: package
-              run: |
-                  echo "version=$(cat package.json | jq -r .version)" >> $GITHUB_OUTPUT
-
-            - name: "[Release] Fetch release"
-              id: release
-              if: ${{ !inputs.nightly && inputs.version != 'develop' }}
-              uses: cardinalby/git-get-release-action@cedef2faf69cb7c55b285bad07688d04430b7ada # v1
-              env:
-                  GITHUB_TOKEN: ${{ github.token }}
-              with:
-                  tag: v${{ steps.package.outputs.version }}
-
-            - name: "[Release] Write changelog"
-              if: ${{ !inputs.nightly && inputs.version != 'develop' }}
-              run: |
-                  TIME=$(date -d "$PUBLISHED_AT" -R)
-                  echo "element-desktop ($VERSION) default; urgency=medium" >> changelog.Debian
-                  echo "$BODY" | sed 's/^##/\n  */g;s/^\*/  */g' | perl -pe 's/\[.+?]\((.+?)\)/\1/g' >> changelog.Debian
-                  echo "" >> changelog.Debian
-                  echo " -- $ACTOR <support@element.io>  $TIME" >> changelog.Debian
-              env:
-                  ACTOR: ${{ github.actor }}
-                  VERSION: v${{ steps.package.outputs.version }}
-                  BODY: ${{ steps.release.outputs.body }}
-                  PUBLISHED_AT: ${{ steps.release.outputs.published_at }}
-
-            - uses: actions/upload-artifact@v3
-              with:
-                  name: webapp
-                  retention-days: 1
-                  path: |
-                      webapp.asar
-                      package.json
-                      electronVersion
-                      hakDependencies.json
-                      changelog.Debian

.github/workflows/build_windows.yaml

@@ -14,7 +14,7 @@ on:
             arch:
                 type: string
                 required: true
-                description: "The architecture to build for, one of 'x64' | 'x86' | 'arm64'"
+                description: "The architecture to build for, one of 'x64' | 'x86'"
             version:
                 type: string
                 required: false
@@ -24,15 +24,13 @@ on:
                 required: false
                 description: "Whether to sign & notarise the build, requires 'packages.element.io' environment"
             deploy-mode:
-                type: boolean
+                type: string
                 required: false
                 description: "Whether to arrange artifacts in the arrangement needed for deployment, skipping unrelated ones"
 jobs:
     build:
         runs-on: windows-latest
         environment: ${{ inputs.sign && 'packages.element.io' || '' }}
-        env:
-            SIGNTOOL_PATH: "C:/Program Files (x86)/Windows Kits/10/bin/10.0.22000.0/x86/signtool.exe"
         steps:
             - uses: kanga333/variable-mapper@master
               id: config
@@ -45,12 +43,6 @@ jobs:
                           "target": "x86_64-pc-windows-msvc",
                           "dir": "x64"
                         },
-                        "arm64": {
-                          "target": "aarch64-pc-windows-msvc",
-                          "build-args": "--arm64",
-                          "arch": "amd64_arm64",
-                          "dir": "arm64"
-                        },
                         "x86": {
                           "target": "i686-pc-windows-msvc",
                           "build-args": "--ia32",
@@ -68,14 +60,14 @@ jobs:
               id: cache
               uses: actions/cache@v3
               with:
-                  key: ${{ runner.os }}-${{ inputs.arch }}-${{ hashFiles('hakDependencies.json', 'electronVersion') }}
+                  key: ${{ runner.os }}-${{ hashFiles('hakDependencies.json', 'electronVersion') }}
                   path: |
                       ./.hak
 
             - name: Set up build tools
               uses: ilammy/msvc-dev-cmd@v1
               with:
-                  arch: ${{ steps.config.outputs.arch || inputs.arch }}
+                  arch: ${{ inputs.arch }}
 
             # ActiveTCL package on choco is from 2015,
             # this one is newer but includes more than we need
@@ -97,7 +89,6 @@ jobs:
               if: steps.cache.outputs.cache-hit != 'true'
               uses: actions-rs/toolchain@v1
               with:
-                  default: true
                   toolchain: stable
                   target: ${{ steps.config.outputs.target }}
 
@@ -107,7 +98,7 @@ jobs:
 
             # Does not need branch matching as only analyses this layer
             - name: Install Deps
-              run: "yarn install --frozen-lockfile"
+              run: "yarn install --pure-lockfile"
 
             - name: Build Natives
               if: steps.cache.outputs.cache-hit != 'true'
@@ -134,7 +125,7 @@ jobs:
                   $LogConfig | Set-Content -Path ${{ env.INSTALL_DIR }}/log4net.config
 
                   # Configure
-                  ${{ env.INSTALL_DIR }}/eSignerCKATool.exe config -mode product -user "${{ secrets.ESIGNER_USER_NAME }}" -pass "${{ secrets.ESIGNER_USER_PASSWORD }}" -totp "${{ secrets.ESIGNER_USER_TOTP }}" -key "${{ env.MASTER_KEY_FILE }}" -r
+                  ${{ env.INSTALL_DIR }}/eSignerCKATool.exe config -mode "${{ env.MODE }}" -user "${{ secrets.ESIGNER_USER_NAME }}" -pass "${{ secrets.ESIGNER_USER_PASSWORD }}" -totp "${{ secrets.ESIGNER_USER_TOTP }}" -key "${{ env.MASTER_KEY_FILE }}" -r
                   ${{ env.INSTALL_DIR }}/eSignerCKATool.exe unload
                   ${{ env.INSTALL_DIR }}/eSignerCKATool.exe load
 
@@ -147,6 +138,8 @@ jobs:
                   $SubjectName = ($CodeSigningCert.Subject -replace ", ?", "`n" | ConvertFrom-StringData).CN
                   echo "config-args=--signtool-thumbprint '$Thumbprint' --signtool-subject-name '$SubjectName'" >> $env:GITHUB_OUTPUT
               env:
+                  # XXX: UPDATE THIS BEFORE WHEN GOING LIVE
+                  MODE: sandbox
                   INSTALL_DIR: C:\Users\runneradmin\eSignerCKA
                   MASTER_KEY_FILE: C:\Users\runneradmin\eSignerCKA\master.key
 
@@ -161,11 +154,8 @@ jobs:
               run: |
                   yarn ts-node scripts/generate-builder-config.ts ${{ steps.nightly.outputs.config-args }} ${{ steps.esigner.outputs.config-args }}
                   yarn build --publish never -w --config electron-builder.json ${{ steps.config.outputs.build-args }}
-
-            - name: Check app was signed successfully
-              if: inputs.sign != ''
-              run: |
-                  . "$env:SIGNTOOL_PATH" verify /pa (get-item ./dist/squirrel-windows*/*.exe)
+              env:
+                  SIGNTOOL_PATH: "C:/Program Files (x86)/Windows Kits/10/bin/10.0.22000.0/x86/signtool.exe"
 
             - name: Prepare artifacts for deployment
               if: inputs.deploy-mode

.github/workflows/codeql.yml

@@ -1,51 +0,0 @@
-name: "CodeQL"
-
-on:
-  push:
-    branches: [ "develop", master, staging ]
-  pull_request:
-    # The branches below must be a subset of the branches above
-    branches: [ "develop" ]
-  schedule:
-    - cron: '19 9 * * 6'
-
-jobs:
-  analyze:
-    name: Analyze
-    runs-on: ubuntu-latest
-    permissions:
-      actions: read
-      contents: read
-      security-events: write
-
-    strategy:
-      fail-fast: false
-      matrix:
-        # We have a single C file for the rebrand_stub which we don't want/need to analyse
-        # but it prevents us from using the built-in CodeQL scanner
-        language: [ 'javascript' ]
-        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
-        # Use only 'java' to analyze code written in Java, Kotlin or both
-        # Use only 'javascript' to analyze code written in JavaScript, TypeScript or both
-        # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
-
-    steps:
-    - name: Checkout repository
-      uses: actions/checkout@v3
-
-    # Initializes the CodeQL tools for scanning.
-    - name: Initialize CodeQL
-      uses: github/codeql-action/init@v2
-      with:
-        languages: ${{ matrix.language }}
-        # If you wish to specify custom queries, you can do so here or in a config file.
-        # By default, queries listed here will override any specified in a config file.
-        # Prefix the list here with "+" to use these queries and those in the config file.
-
-        # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
-        # queries: security-extended,security-and-quality
-
-    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v2
-      with:
-        category: "/language:${{matrix.language}}"

.github/workflows/dockerbuild.yaml

@@ -1,43 +0,0 @@
-name: Dockerbuild
-on:
-    workflow_dispatch: {}
-    push:
-        branches: [master, develop]
-        paths:
-            - "dockerbuild/**"
-concurrency: ${{ github.workflow }}-${{ github.ref_name }}
-env:
-    REGISTRY: ghcr.io
-    IMAGE_NAME: ${{ github.repository }}-dockerbuild
-jobs:
-    build:
-        name: Docker Build
-        runs-on: ubuntu-latest
-        permissions:
-            contents: read
-            packages: write
-        steps:
-            - uses: actions/checkout@v3
-
-            - name: Log in to the Container registry
-              uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9
-              with:
-                  registry: ${{ env.REGISTRY }}
-                  username: ${{ github.actor }}
-                  password: ${{ secrets.GITHUB_TOKEN }}
-
-            - name: Extract metadata for Docker
-              id: meta
-              uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38
-              with:
-                  images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
-                  tags: |
-                      type=ref,event=branch
-
-            - name: Build and push Docker image
-              uses: docker/build-push-action@ad44023a93711e3deb337508980b4b5e9bcdc5dc
-              with:
-                  context: dockerbuild
-                  push: true
-                  tags: ${{ steps.meta.outputs.tags }}
-                  labels: ${{ steps.meta.outputs.labels }}

.github/workflows/packages_index.yaml

@@ -18,7 +18,7 @@ on:
 jobs:
     deploy:
         name: "Deploy"
-        if: github.event_name != 'workflow_run' || github.event.workflow_run.conclusion == 'success'
+        if: github.event != 'workflow_run' || github.event.workflow_run.conclusion == 'success'
         runs-on: ubuntu-latest
         environment: packages.element.io
         env:

.github/workflows/pull_request.yaml

@@ -2,6 +2,7 @@ name: Pull Request
 on:
     pull_request_target:
         types: [opened, edited, labeled, unlabeled, synchronize]
+concurrency: ${{ github.workflow }}-${{ github.event.pull_request.head.ref }}
 jobs:
     action:
         uses: matrix-org/matrix-js-sdk/.github/workflows/pull_request.yaml@develop

.github/workflows/reprepro.yaml

@@ -1,91 +0,0 @@
-on:
-    workflow_call:
-        inputs:
-            artifact-name:
-                type: string
-                required: true
-                description: "The name of the artifact containing the debs to include"
-        secrets:
-            GPG_PRIVATE_KEY:
-                required: false
-            GPG_PASSPHRASE:
-                required: false
-            CF_R2_ACCESS_KEY_ID:
-                required: false
-            CF_R2_TOKEN:
-                required: false
-            CF_R2_S3_API:
-                required: false
-# Protect reprepro database using concurrency
-concurrency: reprepro
-jobs:
-    reprepro:
-        name: Deploy debian package
-        environment: packages.element.io
-        runs-on: ubuntu-latest
-        env:
-            R2_BUCKET: "packages-element-io"
-            R2_DB_BUCKET: packages-element-io-db
-            R2_URL: ${{ secrets.CF_R2_S3_API }}
-        steps:
-            - uses: actions/checkout@v3
-
-            - name: Download artifacts
-              uses: actions/download-artifact@v3
-              with:
-                  name: ${{ inputs.artifact-name }}
-                  path: dist
-
-            - name: Load GPG key
-              uses: crazy-max/ghaction-import-gpg@111c56156bcc6918c056dbef52164cfa583dc549 # v5
-              with:
-                  gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
-                  passphrase: ${{ secrets.GPG_PASSPHRASE }}
-                  fingerprint: 75741890063E5E9A46135D01C2850B265AC085BD
-
-            - name: Install reprepro
-              run: sudo apt-get install -y reprepro
-
-            - name: Fetch database
-              run: aws s3 cp --recursive s3://$R2_DB_BUCKET debian/db/ --endpoint-url $R2_URL --region auto
-              env:
-                  AWS_ACCESS_KEY_ID: ${{ secrets.CF_R2_ACCESS_KEY_ID }}
-                  AWS_SECRET_ACCESS_KEY: ${{ secrets.CF_R2_TOKEN }}
-
-            - name: Run reprepro
-              run: |
-                  grep Codename debian/conf/distributions | sed -n 's/Codename: //p' | while read -r target ; do
-                      reprepro -b debian includedeb "$target" ./dist/*.deb
-                  done
-
-            - name: Check repository works
-              run: |
-                  # Download signing keyring
-                  sudo wget -O /usr/share/keyrings/element-io-archive-keyring.gpg https://packages.element.io/debian/element-io-archive-keyring.gpg
-                  # Point apt at local apt repo
-                  echo "deb [signed-by=/usr/share/keyrings/element-io-archive-keyring.gpg] http://127.0.0.1:8000/debian/ default main" | sudo tee /etc/apt/sources.list.d/element-io.list
-
-                  # Start http server and fetch from it via apt
-                  python3 -m http.server 8000 --bind 127.0.0.1 &
-                  sudo apt-get update --allow-insecure-repositories
-                  killall python3
-
-                  # Validate the package in the repo quacks like the one we expect
-                  info=$(dpkg --info ../dist/*.deb)
-                  package=$(echo "$info" | grep "Package:" | sed -n 's/ Package: //p')
-                  version=$(echo "$info" | grep "Version:" | sed -n 's/ Version: //p')
-                  apt-cache show "$package" | grep "Version: $version"
-              working-directory: ./packages.element.io
-
-            - name: Deploy debian repo
-              run: |
-                  aws s3 cp --recursive packages.element.io/debian/ s3://$R2_BUCKET/debian --endpoint-url $R2_URL --region auto
-              env:
-                  AWS_ACCESS_KEY_ID: ${{ secrets.CF_R2_ACCESS_KEY_ID }}
-                  AWS_SECRET_ACCESS_KEY: ${{ secrets.CF_R2_TOKEN }}
-
-            - name: Store database
-              run: aws s3 cp --recursive debian/db/ s3://$R2_DB_BUCKET --endpoint-url $R2_URL --region auto
-              env:
-                  AWS_ACCESS_KEY_ID: ${{ secrets.CF_R2_ACCESS_KEY_ID }}
-                  AWS_SECRET_ACCESS_KEY: ${{ secrets.CF_R2_TOKEN }}

.github/workflows/static_analysis.yaml

@@ -16,7 +16,7 @@ jobs:
 
             # Does not need branch matching as only analyses this layer
             - name: Install Deps
-              run: "yarn install --frozen-lockfile"
+              run: "yarn install --pure-lockfile"
 
             - name: Typecheck
               run: "yarn run lint:types"
@@ -37,7 +37,7 @@ jobs:
 
             # Does not need branch matching as only analyses this layer
             - name: Install Deps
-              run: "yarn install --frozen-lockfile"
+              run: "yarn install --pure-lockfile"
 
             - name: Run Linter
               run: "yarn run lint:js"

CHANGELOG.md

@@ -1,123 +1,8 @@
-Changes in [1.11.29](https://github.com/vector-im/element-desktop/releases/tag/v1.11.29) (2023-04-11)
-=====================================================================================================
-
-## ✨ Features
- * Ship linux tarball with static sqlcipher ([\#597](https://github.com/vector-im/element-desktop/pull/597)). Fixes vector-im/element-web#18486.
- * Show recent room breadcrumbs on touchbar ([\#183](https://github.com/vector-im/element-desktop/pull/183)). Fixes vector-im/element-web#15998.
- * Clear electron data when logging out ([\#578](https://github.com/vector-im/element-desktop/pull/578)).
- * Send Electron crashpad reports to Sentry from Nightly ([\#579](https://github.com/vector-im/element-desktop/pull/579)). Fixes vector-im/element-web#18263.
- * Recommend element-io-archive-keyring from our Debian package ([\#566](https://github.com/vector-im/element-desktop/pull/566)).
- * Allow desktop app to expose recent rooms in UI integrations ([\#16940](https://github.com/vector-im/element-web/pull/16940)).
- * Add API params to mute audio and/or video in Jitsi calls by default ([\#24820](https://github.com/vector-im/element-web/pull/24820)). Contributed by @dhenneke.
- * Style mentions as pills in rich text editor ([\#10448](https://github.com/matrix-org/matrix-react-sdk/pull/10448)). Contributed by @alunturner.
- * Show room create icon if "UIComponent.roomCreation" is enabled ([\#10364](https://github.com/matrix-org/matrix-react-sdk/pull/10364)). Contributed by @maheichyk.
- * Mentions as links rte ([\#10463](https://github.com/matrix-org/matrix-react-sdk/pull/10463)). Contributed by @alunturner.
- * Better error handling in jump to date ([\#10405](https://github.com/matrix-org/matrix-react-sdk/pull/10405)). Contributed by @MadLittleMods.
- * Show "Invite" menu option if "UIComponent.sendInvites" is enabled. ([\#10363](https://github.com/matrix-org/matrix-react-sdk/pull/10363)). Contributed by @maheichyk.
- * Added `UserProfilesStore`, `LruCache` and user permalink profile caching ([\#10425](https://github.com/matrix-org/matrix-react-sdk/pull/10425)). Fixes vector-im/element-web#10559.
- * Mentions as links rte ([\#10422](https://github.com/matrix-org/matrix-react-sdk/pull/10422)). Contributed by @alunturner.
- * Implement MSC3952: intentional mentions ([\#9983](https://github.com/matrix-org/matrix-react-sdk/pull/9983)).
- * Implement MSC3973: Search users in the user directory with the Widget API ([\#10269](https://github.com/matrix-org/matrix-react-sdk/pull/10269)). Contributed by @dhenneke.
- * Permalinks to message are now displayed as pills ([\#10392](https://github.com/matrix-org/matrix-react-sdk/pull/10392)). Fixes vector-im/element-web#24751 and vector-im/element-web#24706.
- * Show search,dial,explore in filterContainer if "UIComponent.filterContainer" is enabled ([\#10381](https://github.com/matrix-org/matrix-react-sdk/pull/10381)). Contributed by @maheichyk.
- * Increase space panel collapse clickable area ([\#6084](https://github.com/matrix-org/matrix-react-sdk/pull/6084)). Fixes vector-im/element-web#17379. Contributed by @jaiwanth-v.
- * Add fallback for replies to Polls ([\#10380](https://github.com/matrix-org/matrix-react-sdk/pull/10380)). Fixes vector-im/element-web#24197. Contributed by @kerryarchibald.
- * Permalinks to rooms and users are now pillified ([\#10388](https://github.com/matrix-org/matrix-react-sdk/pull/10388)). Fixes vector-im/element-web#24825.
- * Poll history -  access poll history from room settings ([\#10356](https://github.com/matrix-org/matrix-react-sdk/pull/10356)). Contributed by @kerryarchibald.
- * Add API params to mute audio and/or video in Jitsi calls by default ([\#10376](https://github.com/matrix-org/matrix-react-sdk/pull/10376)). Contributed by @dhenneke.
- * Notifications: inline error message on notifications saving error ([\#10288](https://github.com/matrix-org/matrix-react-sdk/pull/10288)). Contributed by @kerryarchibald.
- * Support dynamic room predecessor in SpaceProvider ([\#10348](https://github.com/matrix-org/matrix-react-sdk/pull/10348)). Contributed by @andybalaam.
- * Support dynamic room predecessors for RoomProvider ([\#10346](https://github.com/matrix-org/matrix-react-sdk/pull/10346)). Contributed by @andybalaam.
- * Support dynamic room predecessors in OwnBeaconStore ([\#10339](https://github.com/matrix-org/matrix-react-sdk/pull/10339)). Contributed by @andybalaam.
- * Support dynamic room predecessors in ForwardDialog ([\#10344](https://github.com/matrix-org/matrix-react-sdk/pull/10344)). Contributed by @andybalaam.
- * Support dynamic room predecessors in SpaceHierarchy ([\#10341](https://github.com/matrix-org/matrix-react-sdk/pull/10341)). Contributed by @andybalaam.
- * Support dynamic room predecessors in AddExistingToSpaceDialog ([\#10342](https://github.com/matrix-org/matrix-react-sdk/pull/10342)). Contributed by @andybalaam.
- * Support dynamic room predecessors in leave-behaviour ([\#10340](https://github.com/matrix-org/matrix-react-sdk/pull/10340)). Contributed by @andybalaam.
- * Support dynamic room predecessors in StopGapWidgetDriver ([\#10338](https://github.com/matrix-org/matrix-react-sdk/pull/10338)). Contributed by @andybalaam.
- * Support dynamic room predecessors in WidgetLayoutStore ([\#10326](https://github.com/matrix-org/matrix-react-sdk/pull/10326)). Contributed by @andybalaam.
- * Support dynamic room predecessors in SpaceStore ([\#10332](https://github.com/matrix-org/matrix-react-sdk/pull/10332)). Contributed by @andybalaam.
- * Sync polls push rules on changes to account_data ([\#10287](https://github.com/matrix-org/matrix-react-sdk/pull/10287)). Contributed by @kerryarchibald.
- * Support dynamic room predecessors in BreadcrumbsStore ([\#10295](https://github.com/matrix-org/matrix-react-sdk/pull/10295)). Contributed by @andybalaam.
- * Improved a11y for Field feedback and Secure Phrase input ([\#10320](https://github.com/matrix-org/matrix-react-sdk/pull/10320)). Contributed by @Sebbones.
- * Support dynamic room predecessors in RoomNotificationStateStore ([\#10297](https://github.com/matrix-org/matrix-react-sdk/pull/10297)). Contributed by @andybalaam.
-
-## 🐛 Bug Fixes
- * Run build_linux in docker using an older glibc ([\#599](https://github.com/vector-im/element-desktop/pull/599)). Fixes vector-im/element-web#24981.
- * Use a newly generated access_token while joining Jitsi ([\#24646](https://github.com/vector-im/element-web/pull/24646)). Fixes vector-im/element-web#24687. Contributed by @emrahcom.
- * Fix cloudflare action pointing at commit hash instead of tag ([\#24777](https://github.com/vector-im/element-web/pull/24777)). Contributed by @justjanne.
- * Allow editing with RTE to overflow for autocomplete visibility ([\#10499](https://github.com/matrix-org/matrix-react-sdk/pull/10499)). Contributed by @alunturner.
- * Added auto focus to Github URL on opening of debug logs modal ([\#10479](https://github.com/matrix-org/matrix-react-sdk/pull/10479)). Contributed by @ShivamSpm.
- * Fix detection of encryption for all users in a room ([\#10487](https://github.com/matrix-org/matrix-react-sdk/pull/10487)). Fixes vector-im/element-web#24995.
- * Properly generate mentions when editing a reply with MSC3952 ([\#10486](https://github.com/matrix-org/matrix-react-sdk/pull/10486)). Fixes vector-im/element-web#24924. Contributed by @kerryarchibald.
- * Improve performance of rendering a room with many hidden events ([\#10131](https://github.com/matrix-org/matrix-react-sdk/pull/10131)). Contributed by @andybalaam.
- * Prevent future date selection in jump to date ([\#10419](https://github.com/matrix-org/matrix-react-sdk/pull/10419)). Fixes vector-im/element-web#20800. Contributed by @MadLittleMods.
- * Add aria labels to message search bar to improve accessibility ([\#10476](https://github.com/matrix-org/matrix-react-sdk/pull/10476)). Fixes vector-im/element-web#24921.
- * Fix decryption failure bar covering the timeline ([\#10360](https://github.com/matrix-org/matrix-react-sdk/pull/10360)). Fixes vector-im/element-web#24780 vector-im/element-web#24074 and vector-im/element-web#24183. Contributed by @luixxiul.
- * Improve profile picture settings accessibility ([\#10470](https://github.com/matrix-org/matrix-react-sdk/pull/10470)). Fixes vector-im/element-web#24919.
- * Handle group call redaction ([\#10465](https://github.com/matrix-org/matrix-react-sdk/pull/10465)).
- * Display relative timestamp for threads on the same calendar day ([\#10399](https://github.com/matrix-org/matrix-react-sdk/pull/10399)). Fixes vector-im/element-web#24841. Contributed by @kerryarchibald.
- * Fix timeline list and paragraph display issues ([\#10424](https://github.com/matrix-org/matrix-react-sdk/pull/10424)). Fixes vector-im/element-web#24602. Contributed by @alunturner.
- * Use unique keys for voice broadcast pips ([\#10457](https://github.com/matrix-org/matrix-react-sdk/pull/10457)). Fixes vector-im/element-web#24959.
- * Fix "show read receipts sent by other users" not applying to threads ([\#10445](https://github.com/matrix-org/matrix-react-sdk/pull/10445)). Fixes vector-im/element-web#24910.
- * Fix joining public rooms without aliases in search dialog ([\#10437](https://github.com/matrix-org/matrix-react-sdk/pull/10437)). Fixes vector-im/element-web#23937.
- * Add input validation for `m.direct` in `DMRoomMap` ([\#10436](https://github.com/matrix-org/matrix-react-sdk/pull/10436)). Fixes vector-im/element-web#24909.
- * Reduce height reserved for "collapse" button's line on IRC layout ([\#10211](https://github.com/matrix-org/matrix-react-sdk/pull/10211)). Fixes vector-im/element-web#24605. Contributed by @luixxiul.
- * Fix `creatorUserId is required` error when opening sticker picker ([\#10423](https://github.com/matrix-org/matrix-react-sdk/pull/10423)).
- * Fix block/inline Element descendants error noise in `NewRoomIntro.tsx` ([\#10412](https://github.com/matrix-org/matrix-react-sdk/pull/10412)). Contributed by @MadLittleMods.
- * Fix profile resizer to make first character of a line selectable in IRC layout ([\#10396](https://github.com/matrix-org/matrix-react-sdk/pull/10396)). Fixes vector-im/element-web#14764. Contributed by @luixxiul.
- * Ensure space between wrapped lines of room name on IRC layout ([\#10188](https://github.com/matrix-org/matrix-react-sdk/pull/10188)). Fixes vector-im/element-web#24742. Contributed by @luixxiul.
- * Remove unreadable alt attribute from the room status bar warning icon (nonsense to screenreaders) ([\#10402](https://github.com/matrix-org/matrix-react-sdk/pull/10402)). Contributed by @MadLittleMods.
- * Fix big date separators when jump to date is enabled ([\#10404](https://github.com/matrix-org/matrix-react-sdk/pull/10404)). Fixes vector-im/element-web#22969. Contributed by @MadLittleMods.
- * Fixes user authentication when registering via the module API ([\#10257](https://github.com/matrix-org/matrix-react-sdk/pull/10257)). Contributed by @maheichyk.
- * Handle more edge cases in Space Hierarchy ([\#10280](https://github.com/matrix-org/matrix-react-sdk/pull/10280)). Contributed by @justjanne.
- * Further improve performance with lots of hidden events ([\#10353](https://github.com/matrix-org/matrix-react-sdk/pull/10353)). Fixes vector-im/element-web#24480. Contributed by @andybalaam.
- * Respect user cancelling upload flow by dismissing spinner ([\#10373](https://github.com/matrix-org/matrix-react-sdk/pull/10373)). Fixes vector-im/element-web#24667.
- * When starting a DM, the end-to-end encryption status icon does now only appear if the DM can be encrypted ([\#10394](https://github.com/matrix-org/matrix-react-sdk/pull/10394)). Fixes vector-im/element-web#24397.
- * Fix `[object Object]` in feedback metadata ([\#10390](https://github.com/matrix-org/matrix-react-sdk/pull/10390)).
- * Fix pinned messages card saying nothing pinned while loading ([\#10385](https://github.com/matrix-org/matrix-react-sdk/pull/10385)). Fixes vector-im/element-web#24615.
- * Fix import e2e key dialog staying disabled after paste ([\#10375](https://github.com/matrix-org/matrix-react-sdk/pull/10375)). Fixes vector-im/element-web#24818.
- * Show all labs even if incompatible, with appropriate tooltip explaining requirements ([\#10369](https://github.com/matrix-org/matrix-react-sdk/pull/10369)). Fixes vector-im/element-web#24813.
- * Fix UIFeature.Registration not applying to all paths ([\#10371](https://github.com/matrix-org/matrix-react-sdk/pull/10371)). Fixes vector-im/element-web#24814.
- * Clicking on a user pill does now only open the profile in the right panel and no longer navigates to the home view. ([\#10359](https://github.com/matrix-org/matrix-react-sdk/pull/10359)). Fixes vector-im/element-web#24797.
- * Fix start DM with pending third party invite ([\#10347](https://github.com/matrix-org/matrix-react-sdk/pull/10347)). Fixes vector-im/element-web#24781.
- * Fix long display name overflowing reply tile on IRC layout ([\#10343](https://github.com/matrix-org/matrix-react-sdk/pull/10343)). Fixes vector-im/element-web#24738. Contributed by @luixxiul.
- * Display redacted body on ThreadView in the same way as normal messages ([\#9016](https://github.com/matrix-org/matrix-react-sdk/pull/9016)). Fixes vector-im/element-web#24729. Contributed by @luixxiul.
- * Handle more edge cases in ACL updates ([\#10279](https://github.com/matrix-org/matrix-react-sdk/pull/10279)). Contributed by @justjanne.
- * Allow parsing png files to fail if thumbnailing is successful ([\#10308](https://github.com/matrix-org/matrix-react-sdk/pull/10308)).
-
-Changes in [1.11.28](https://github.com/vector-im/element-desktop/releases/tag/v1.11.28) (2023-03-31)
-=====================================================================================================
-
-## 🐛 Bug Fixes
- * Fix broken lockfile. Fixes vector-im/element-web#25008.
-
-Changes in [1.11.27](https://github.com/vector-im/element-desktop/releases/tag/v1.11.27) (2023-03-31)
-=====================================================================================================
-
-## 🐛 Bug Fixes
- * Run build_linux in docker using an older glibc ([\#599](https://github.com/vector-im/element-desktop/pull/599)). Fixes vector-im/element-web#24981.
- * Fix detection of encryption for all users in a room ([\#10487](https://github.com/matrix-org/matrix-react-sdk/pull/10487)). Fixes vector-im/element-web#24995.
-
-Changes in [1.11.26](https://github.com/vector-im/element-desktop/releases/tag/v1.11.26) (2023-03-28)
-=====================================================================================================
-
-## 🔒 Security
- * Fixes for [CVE-2023-28427](https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=CVE-2023-28427) / GHSA-mwq8-fjpf-c2gr
- * Fixes for [CVE-2023-28103](https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=CVE-2023-28103) / GHSA-6g43-88cp-w5gv
-
-Changes in [1.11.25](https://github.com/vector-im/element-desktop/releases/tag/v1.11.25) (2023-03-15)
+Changes in [1.11.24](https://github.com/vector-im/element-desktop/releases/tag/v1.11.24) (2023-02-28)
 =====================================================================================================
 
 ## ✨ Features
  * Remove experimental PWA support for Firefox and Safari ([\#24630](https://github.com/vector-im/element-web/pull/24630)).
- * Only allow to start a DM with one email if encryption by default is enabled ([\#10253](https://github.com/matrix-org/matrix-react-sdk/pull/10253)). Fixes vector-im/element-web#23133.
- * DM rooms are now encrypted if encryption by default is enabled and only inviting a single email address. Any action in the result DM room will be blocked until the other has joined. ([\#10229](https://github.com/matrix-org/matrix-react-sdk/pull/10229)).
- * Reduce bottom margin of ReplyChain on compact modern layout ([\#8972](https://github.com/matrix-org/matrix-react-sdk/pull/8972)). Fixes vector-im/element-web#22748. Contributed by @luixxiul.
- * Support for v2 of MSC3903 ([\#10165](https://github.com/matrix-org/matrix-react-sdk/pull/10165)). Contributed by @hughns.
- * When starting a DM, existing rooms with pending third-party invites will be reused. ([\#10256](https://github.com/matrix-org/matrix-react-sdk/pull/10256)). Fixes vector-im/element-web#23139.
- * Polls push rules: synchronise poll rules with message rules ([\#10263](https://github.com/matrix-org/matrix-react-sdk/pull/10263)). Contributed by @kerryarchibald.
- * New verification request toast button labels ([\#10259](https://github.com/matrix-org/matrix-react-sdk/pull/10259)).
- * Remove padding around integration manager iframe ([\#10148](https://github.com/matrix-org/matrix-react-sdk/pull/10148)).
  * Fix block code styling in rich text editor ([\#10246](https://github.com/matrix-org/matrix-react-sdk/pull/10246)). Contributed by @alunturner.
  * Poll history: fetch more poll history ([\#10235](https://github.com/matrix-org/matrix-react-sdk/pull/10235)). Contributed by @kerryarchibald.
  * Sort short/exact emoji matches before longer incomplete matches ([\#10212](https://github.com/matrix-org/matrix-react-sdk/pull/10212)). Fixes vector-im/element-web#23210. Contributed by @grimhilt.
@@ -129,30 +14,6 @@ Changes in [1.11.25](https://github.com/vector-im/element-desktop/releases/tag/v
  * Support joining non-peekable rooms via the module API ([\#10154](https://github.com/matrix-org/matrix-react-sdk/pull/10154)). Contributed by @maheichyk.
  * The "new login" toast does now display the same device information as in the settings. "No" does now open the device settings. "Yes, it was me" dismisses the toast. ([\#10200](https://github.com/matrix-org/matrix-react-sdk/pull/10200)).
  * Do not prompt for a password when doing a „reset all“ after login ([\#10208](https://github.com/matrix-org/matrix-react-sdk/pull/10208)).
-
-## 🐛 Bug Fixes
- * Fix macOS notarisation using keychain credentials ([\#557](https://github.com/vector-im/element-desktop/pull/557)).
- * Let electron-builder correctly set StartupWMClass ([\#526](https://github.com/vector-im/element-desktop/pull/526)). Fixes vector-im/element-web#13780.
- * Fix incorrect copy in space creation flow ([\#10296](https://github.com/matrix-org/matrix-react-sdk/pull/10296)). Fixes vector-im/element-web#24741.
- * Fix space settings dialog having rogue title tooltip ([\#10293](https://github.com/matrix-org/matrix-react-sdk/pull/10293)). Fixes vector-im/element-web#24740.
- * Show spinner when starting a DM from the user profile (right panel) ([\#10290](https://github.com/matrix-org/matrix-react-sdk/pull/10290)).
- * Reduce height of toggle on expanded view source event ([\#10283](https://github.com/matrix-org/matrix-react-sdk/pull/10283)). Fixes vector-im/element-web#22873. Contributed by @luixxiul.
- * Pillify http and non-prefixed matrix.to links ([\#10277](https://github.com/matrix-org/matrix-react-sdk/pull/10277)). Fixes vector-im/element-web#20844.
- * Fix some features not being configurable via `features` ([\#10276](https://github.com/matrix-org/matrix-react-sdk/pull/10276)).
- * Fix starting a DM from the right panel in some cases ([\#10278](https://github.com/matrix-org/matrix-react-sdk/pull/10278)). Fixes vector-im/element-web#24722.
- * Align info EventTile and normal EventTile on IRC layout ([\#10197](https://github.com/matrix-org/matrix-react-sdk/pull/10197)). Fixes vector-im/element-web#22782. Contributed by @luixxiul.
- * Fix blowout of waveform of the voice message player on narrow UI ([\#8861](https://github.com/matrix-org/matrix-react-sdk/pull/8861)). Fixes vector-im/element-web#22604. Contributed by @luixxiul.
- * Fix the hidden view source toggle on IRC layout ([\#10266](https://github.com/matrix-org/matrix-react-sdk/pull/10266)). Fixes vector-im/element-web#22872. Contributed by @luixxiul.
- * Fix buttons on the room header being compressed due to long room name ([\#10155](https://github.com/matrix-org/matrix-react-sdk/pull/10155)). Contributed by @luixxiul.
- * Use the room avatar as a placeholder in calls ([\#10231](https://github.com/matrix-org/matrix-react-sdk/pull/10231)).
- * Fix calls showing as 'connecting' after hangup ([\#10223](https://github.com/matrix-org/matrix-react-sdk/pull/10223)).
- * Prevent multiple Jitsi calls started at the same time ([\#10183](https://github.com/matrix-org/matrix-react-sdk/pull/10183)). Fixes vector-im/element-web#23009.
- * Make localization keys compatible with agglutinative and/or SOV type languages ([\#10159](https://github.com/matrix-org/matrix-react-sdk/pull/10159)). Contributed by @luixxiul.
-
-Changes in [1.11.24](https://github.com/vector-im/element-desktop/releases/tag/v1.11.24) (2023-02-28)
-=====================================================================================================
-
-## ✨ Features
  * Display "The sender has blocked you from receiving this message" error message instead of "Unable to decrypt message" ([\#10202](https://github.com/matrix-org/matrix-react-sdk/pull/10202)). Contributed by @florianduros.
  * Polls: show warning about undecryptable relations ([\#10179](https://github.com/matrix-org/matrix-react-sdk/pull/10179)). Contributed by @kerryarchibald.
  * Poll history: fetch last 30 days of polls ([\#10157](https://github.com/matrix-org/matrix-react-sdk/pull/10157)). Contributed by @kerryarchibald.
@@ -166,7 +27,12 @@ Changes in [1.11.24](https://github.com/vector-im/element-desktop/releases/tag/v
  * Render poll end events in timeline ([\#10027](https://github.com/matrix-org/matrix-react-sdk/pull/10027)). Contributed by @kerryarchibald.
 
 ## 🐛 Bug Fixes
+ * Let electron-builder correctly set StartupWMClass ([\#526](https://github.com/vector-im/element-desktop/pull/526)). Fixes vector-im/element-web#13780.
+ * Use the room avatar as a placeholder in calls ([\#10231](https://github.com/matrix-org/matrix-react-sdk/pull/10231)).
+ * Fix calls showing as 'connecting' after hangup ([\#10223](https://github.com/matrix-org/matrix-react-sdk/pull/10223)).
  * Stop access token overflowing the box ([\#10069](https://github.com/matrix-org/matrix-react-sdk/pull/10069)). Fixes vector-im/element-web#24023. Contributed by @sbjaj33.
+ * Prevent multiple Jitsi calls started at the same time ([\#10183](https://github.com/matrix-org/matrix-react-sdk/pull/10183)). Fixes vector-im/element-web#23009.
+ * Make localization keys compatible with agglutinative and/or SOV type languages ([\#10159](https://github.com/matrix-org/matrix-react-sdk/pull/10159)). Contributed by @luixxiul.
  * Add link to next file in the export ([\#10190](https://github.com/matrix-org/matrix-react-sdk/pull/10190)). Fixes vector-im/element-web#20272. Contributed by @grimhilt.
  * Ended poll tiles: add ended the poll message ([\#10193](https://github.com/matrix-org/matrix-react-sdk/pull/10193)). Fixes vector-im/element-web#24579. Contributed by @kerryarchibald.
  * Fix accidentally inverted condition for room ordering ([\#10178](https://github.com/matrix-org/matrix-react-sdk/pull/10178)). Fixes vector-im/element-web#24527. Contributed by @justjanne.

dockerbuild/Dockerfile

@@ -1,9 +1,8 @@
-# Docker image to facilitate building Element Desktop with native bits using a glibc version with broader compatibility
 FROM buildpack-deps:bionic-curl
 
 ENV DEBIAN_FRONTEND noninteractive
 
-RUN curl --proto "=https" -L https://yarnpkg.com/latest.tar.gz | tar xvz && mv yarn-* /yarn && ln -s /yarn/bin/yarn /usr/bin/yarn
+RUN curl -L https://yarnpkg.com/latest.tar.gz | tar xvz && mv yarn-* /yarn && ln -s /yarn/bin/yarn /usr/bin/yarn
 RUN apt-get -qq update && apt-get -qq dist-upgrade && \
   # add repo for git-lfs
   curl -s https://packagecloud.io/install/repositories/github/git-lfs/script.deb.sh | bash && \
@@ -15,8 +14,6 @@ RUN apt-get -qq update && apt-get -qq dist-upgrade && \
   apt-get -qq install --no-install-recommends qtbase5-dev bsdtar build-essential autoconf libssl-dev gcc-multilib g++-multilib lzip rpm python libcurl4 git git-lfs ssh unzip tcl \
   libsecret-1-dev libgnome-keyring-dev \
   libopenjp2-tools \
-  # Used by github actions \
-  jq grep \
   # Used by seshat (when not SQLCIPHER_STATIC) \
   libsqlcipher-dev && \
   # git-lfs
@@ -37,7 +34,7 @@ ENV FORCE_COLOR true
 ENV NODE_VERSION 16.18.1
 
 # this package is used for snapcraft and we should not clear apt list - to avoid apt-get update during snap build
-RUN curl --proto "=https" -L https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-x64.tar.gz | tar xz -C /usr/local --strip-components=1 && \
+RUN curl -L https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-x64.tar.gz | tar xz -C /usr/local --strip-components=1 && \
   unlink /usr/local/CHANGELOG.md && unlink /usr/local/LICENSE && unlink /usr/local/README.md && \
   # https://github.com/npm/npm/issues/4531
   npm config set unsafe-perm true

docs/updates.md

@@ -2,7 +2,7 @@ The Desktop app is capable of self-updating on macOS and Windows.
 The update server base url is configurable as `update_base_url` in config.json and can be served by a static file host,
 CDN or object storage.
 
-Currently all packaging & deployment is handled by [Github actions](https://github.com/vector-im/element-desktop/blob/develop/.github/workflows/build_and_deploy.yaml)
+Currently all packaging & deployment is handled by https://github.com/vector-im/element-builder/
 
 # Windows
 

docs/windows-requirements.md

@@ -1,14 +1,11 @@
 # Windows
 
-
 ## Requirements to build native modules
 
-We rely on Github Actions `windows-latest` plus a few extra utilities as per [the workflow](https://github.com/vector-im/element-desktop/blob/develop/.github/workflows/build_windows.yaml).
-
 If you want to build native modules, make sure that the following tools are installed on your system.
 
 -   [Git for Windows](https://git-scm.com/download/win)
--   [Node 16](https://nodejs.org)
+-   [Node 14](https://nodejs.org)
 -   [Python 3](https://www.python.org/downloads/) (if you type 'python' into command prompt it will offer to install it from the windows store)
 -   [Strawberry Perl](https://strawberryperl.com/)
 -   [Rustup](https://rustup.rs/)

element-io-archive-keyring/DEBIAN/control

@@ -1,7 +0,0 @@
-Package: element-io-archive-keyring
-Architecture: all
-Section: contrib/meta
-Maintainer: support@element.io
-Priority: optional
-Version: 1.1
-Description: The packages.element.io repository keyring

element.io/nightly/control.template

@@ -4,7 +4,7 @@ Vendor: support@element.io
 Architecture: amd64
 Maintainer: support@element.io
 Depends: libgtk-3-0, libnotify4, libnss3, libxss1, libxtst6, xdg-utils, libatspi2.0-0, libuuid1, libsecret-1-0, libasound2, libgbm1
-Recommends: libsqlcipher0, element-io-archive-keyring
+Recommends: libsqlcipher0
 Section: net
 Priority: extra
 Homepage: https://element.io/

element.io/release/conf_distributions

@@ -0,0 +1,81 @@
+Origin: riot.im
+Codename: default
+Architectures: amd64 i386 source
+Components: main
+SignWith: D7B0B66941D01538
+Tracking: minimal
+
+Origin: riot.im
+Suite: oldoldstable
+Codename: jessie
+Architectures: amd64 i386 source
+Components: main
+SignWith: D7B0B66941D01538
+Tracking: minimal
+
+Origin: riot.im
+Suite: oldstable
+Codename: stretch
+Architectures: amd64 i386 source
+Components: main
+SignWith: D7B0B66941D01538
+Tracking: minimal
+
+Origin: riot.im
+Suite: stable
+Codename: buster
+Architectures: amd64 i386 source
+Components: main
+SignWith: D7B0B66941D01538
+Tracking: minimal
+
+Origin: riot.im
+Suite: testing
+Codename: bullseye
+Architectures: amd64 i386 source
+Components: main
+SignWith: D7B0B66941D01538
+Tracking: minimal
+
+Origin: riot.im
+Suite: unstable
+Codename: sid
+Architectures: amd64 i386 source
+Components: main
+SignWith: D7B0B66941D01538
+Tracking: minimal
+
+Origin: riot.im
+Codename: xenial
+Architectures: amd64 i386 source
+Components: main
+SignWith: D7B0B66941D01538
+Tracking: minimal
+
+Origin: riot.im
+Codename: bionic
+Architectures: amd64 i386 source
+Components: main
+SignWith: D7B0B66941D01538
+Tracking: minimal
+
+Origin: riot.im
+Codename: cosmic
+Architectures: amd64 i386 source
+Components: main
+SignWith: D7B0B66941D01538
+Tracking: minimal
+
+Origin: riot.im
+Codename: disco
+Architectures: amd64 i386 source
+Components: main
+SignWith: D7B0B66941D01538
+Tracking: minimal
+
+Origin: riot.im
+Codename: eoan
+Architectures: amd64 i386 source
+Components: main
+SignWith: D7B0B66941D01538
+Tracking: minimal

element.io/release/control.template

@@ -4,7 +4,7 @@ Vendor: support@element.io
 Architecture: amd64
 Maintainer: support@element.io
 Depends: libgtk-3-0, libnotify4, libnss3, libxss1, libxtst6, xdg-utils, libatspi2.0-0, libuuid1, libsecret-1-0, libasound2, libgbm1
-Recommends: libsqlcipher0, element-io-archive-keyring
+Recommends: libsqlcipher0
 Replaces: riot-desktop (<< 1.7.0), riot-web (<< 1.7.0)
 Breaks: riot-desktop (<< 1.7.0), riot-web (<< 1.7.0)
 Section: net

hak/matrix-seshat/build.ts

@@ -22,15 +22,6 @@ import fsExtra from "fs-extra";
 import HakEnv from "../../scripts/hak/hakEnv";
 import { DependencyInfo } from "../../scripts/hak/dep";
 
-type WinConfiguration =
-    | "VC-WIN32"
-    | "VC-WIN64A"
-    | "VC-WIN64-ARM"
-    | "VC-WIN64-CLANGASM-ARM"
-    | "VC-CLANG-WIN64-CLANGASM-ARM"
-    | "VC-WIN32-HYBRIDCRT"
-    | "VC-WIN64A-HYBRIDCRT";
-
 export default async function (hakEnv: HakEnv, moduleInfo: DependencyInfo): Promise<void> {
     if (hakEnv.isWin()) {
         await buildOpenSslWin(hakEnv, moduleInfo);
@@ -45,18 +36,7 @@ async function buildOpenSslWin(hakEnv: HakEnv, moduleInfo: DependencyInfo): Prom
     const version = moduleInfo.cfg.dependencies.openssl;
     const openSslDir = path.join(moduleInfo.moduleTargetDotHakDir, `openssl-${version}`);
 
-    let openSslArch: WinConfiguration;
-    switch (hakEnv.getTargetArch()) {
-        case "x64":
-            openSslArch = "VC-WIN64A";
-            break;
-        case "ia32":
-            openSslArch = "VC-WIN32";
-            break;
-        case "arm64":
-            openSslArch = "VC-WIN64-ARM";
-            break;
-    }
+    const openSslArch = hakEnv.getTargetArch() === "x64" ? "VC-WIN64A" : "VC-WIN32";
 
     console.log("Building openssl in " + openSslDir);
     await new Promise<void>((resolve, reject) => {

package.json

@@ -2,7 +2,7 @@
   "name": "element-desktop",
   "productName": "Element",
   "main": "lib/electron-main.js",
-  "version": "1.11.29",
+  "version": "1.11.24",
   "description": "A feature-rich client for Matrix.org",
   "author": "Element",
   "repository": {
@@ -11,9 +11,6 @@
   },
   "license": "Apache-2.0",
   "files": [],
-  "engines": {
-    "node": ">=16.0.0"
-  },
   "scripts": {
     "i18n": "matrix-gen-i18n",
     "prunei18n": "matrix-prune-i18n",
@@ -55,10 +52,8 @@
     "test": "jest"
   },
   "dependencies": {
-    "@sentry/electron": "^4.3.0",
     "auto-launch": "^5.0.5",
     "counterpart": "^0.18.6",
-    "electron-clear-data": "^1.0.5",
     "electron-store": "^8.0.2",
     "electron-window-state": "^5.0.3",
     "minimist": "^1.2.6",
@@ -70,7 +65,7 @@
     "@babel/core": "^7.18.10",
     "@babel/preset-env": "^7.18.10",
     "@babel/preset-typescript": "^7.18.6",
-    "@electron/asar": "^3.2.3",
+    "@electron/asar": "^3.2.0",
     "@electron/notarize": "^1.2.3",
     "@types/auto-launch": "^5.0.1",
     "@types/counterpart": "^0.18.1",
@@ -78,30 +73,31 @@
     "@types/jest": "^29.0.0",
     "@types/minimist": "^1.2.1",
     "@types/mkdirp": "^1.0.2",
-    "@types/node": "16.18.23",
+    "@types/node": "16.18.12",
     "@types/pacote": "^11.1.1",
+    "@types/rimraf": "^3.0.2",
     "@types/tar": "^6.1.3",
     "@typescript-eslint/eslint-plugin": "^5.42.0",
     "@typescript-eslint/parser": "^5.42.0",
     "allchange": "^1.0.6",
-    "app-builder-lib": "24.0.0",
+    "app-builder-lib": "^22.14.10",
     "babel-jest": "^29.0.0",
     "chokidar": "^3.5.2",
     "detect-libc": "^1.0.3",
-    "electron": "^24.0.0",
-    "electron-builder": "24.0.0",
-    "electron-builder-squirrel-windows": "24.1.2",
-    "electron-devtools-installer": "^3.2.0",
+    "electron": "^23.0.0",
+    "electron-builder": "^23.6.0",
+    "electron-builder-squirrel-windows": "^23.6.0",
+    "electron-devtools-installer": "^3.1.1",
     "eslint": "^8.26.0",
     "eslint-config-google": "^0.14.0",
     "eslint-config-prettier": "^8.5.0",
     "eslint-plugin-import": "^2.25.4",
     "eslint-plugin-matrix-org": "^1.0.0",
-    "eslint-plugin-unicorn": "^46.0.0",
+    "eslint-plugin-unicorn": "^45.0.0",
     "expect-playwright": "^0.8.0",
     "find-npm-prefix": "^1.0.2",
     "fs-extra": "^11.0.0",
-    "glob": "^9.0.0",
+    "glob": "^8.0.0",
     "jest": "^29.0.0",
     "matrix-web-i18n": "^1.3.0",
     "mkdirp": "^2.0.0",
@@ -109,18 +105,18 @@
     "pacote": "^15.0.0",
     "playwright": "^1.25.0",
     "prettier": "^2.8.1",
-    "rimraf": "^4.4.1",
+    "rimraf": "^3.0.2",
     "tar": "^6.1.2",
     "ts-jest": "^29.0.0",
     "ts-node": "^10.9.1",
-    "typescript": "5.0.3"
+    "typescript": "4.9.5"
   },
   "hakDependencies": {
     "matrix-seshat": "^2.3.3",
     "keytar": "^7.9.0"
   },
   "resolutions": {
-    "@types/node": "16.18.23"
+    "@types/node": "16.18.12"
   },
   "build": {
     "appId": "im.riot.app",
@@ -150,18 +146,19 @@
     },
     "mac": {
       "category": "public.app-category.social-networking",
-      "darkModeSupport": true,
-      "gatekeeperAssess": true
+      "darkModeSupport": true
     },
     "win": {
       "target": [
         "squirrel"
-      ]
+      ],
+      "sign": "scripts/electron_winSign"
     },
     "directories": {
       "output": "dist"
     },
     "afterPack": "scripts/electron_afterPack",
+    "afterSign": "scripts/electron_afterSign",
     "protocols": [
       {
         "name": "element",

packages.element.io/debian/element-io-archive-keyring.asc

@@ -24,69 +24,35 @@ zj97Y0WRPkAagJzeesIx/M4pjYg9zDIZ22NWT9d7KAZemLVtREwWM4zKYEI0Hpid
 GxR8jQ1rCc9RMVdO6xuhnVwUD/JyNEgtRKbBJX9qIH2Z30rvIg7ev9MJG6g52cDy
 +inNdxh4u4vpqQjjLTBraRalUe/4S4I8EaUFya91RWDLrEcmgdYfrqXbLMAEcPWS
 cYQdjW3ADEy47rGQ2SeaZweLuHGVx68hCcJx5E0X7eE32R8uaRjmEzgvU+wZKo0y
-HFbLsQok8v7NqoqtiQJUBBMBCgA+AhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheA
-FiEEEtTNYAwiQKn0qCBx17C2aUHQFTgFAmQTZtMFCRoqUzwACgkQ17C2aUHQFTje
-kRAAl0NkH0roj3qvjvAdZUU3vN+5ju68MddDaThuMEhrIO4OZKEVoD0iEiQT1p5n
-PS06NkISzXOXRJ4TSlZ/r0U8o5HSfGwYmczyVpwiQYdbGdjMYPt0E/WTnPV59iKv
-BmYeN/cUyo3WuPGRP0suA86XkMO73buHEx8/srQE1EFeDsBGruyIqRTGq9lLCi0P
-ozyal+vjwrWd7D8MwQRu4YGnk7eCaHek+pSI3DZDxoRs2NqPPx8wT5O3manTBLjQ
-HX24+VjOof6EhsOr6uGXIRpK7gK6olJj8gyEWpuz3R3Y2usWPK+n/nHFc+/YBS7w
-y6uy+2aur4sjSqgCzNnI+o2GlDX+a1cB+urz1apQAOCRSZycGKuVXRYDFbIGi71V
-sTq2x7qM0cbCu4bAU/rWxJaYrVo2xtBywiM2bjTrYty8Dyi59WqnsWuWxCbN5mB7
-6sGuomL13yZF3eHhzKQjJiK7xpPJXHu2iizFems9JlH0e5MtyXp9vcPBEJyyuYR5
-Q3HatbnkGccRe+W08CR3k3nzdStCXIxDb47Eo62I3D/q/SgXlFEDaiLtR+PAkNvX
-i4NXnGGE/+yH9ISGYax/jRTjRVpMUfSbgUbAP/5X2X54qShVtz0hDOIiCWX+DXMV
-d9LYXoBs0isS7bKvZ0qu775knyaLGZKkxHcYFtseF4SmAvC5AY0EXLUW1AEMAM9q
-UTv+E/SS3tp+EWhj+wbI7/jrgEDg7OgxpALbx3gkkJ3Tu6mfKPVosYd9jI7pNcLV
-yo5Da1OEQ3JN8k6FUND1gKOoPObhLlVH3W03O9g1k4QjBFE80PaOmeawLPCuchEc
-0iKiMcFlGc90LTXNzHigLWbXeoOIVJQ06L+4OUBe05/ynTNWc/KloZMbsxQFTxGa
-TLKC8b5noCo0M6wMv+cgLmZ/bOYsmopWQR5edaFYERWAh2vzjS+L96NuWZVHFqeX
-IZUVj/kJaDKWYbHEHQ6Hm/PtKOkrkfmk40Gjjcra0SOdTWOZZNfu2QdijzDJBLTi
-47feqHTUUudiXUjSp5t/AHKzzyL/KGv1p/Fxdp7nFMtQ/M+n7pZggLFF0njX/fPC
-XIps0u/I1DO/jeSJFg1HdhzjgXW0cyrVPLeRxrtB7TMZdd4hJjd9QDjMqODRLxuL
-fJ87ln8XGkyGMn60BwOiJWtdnCxcKx0ydBHQpWPMgCYK4kjs5Se6O4AH1oxhIQAR
-AQABiQPyBBgBCgAmAhsCFiEEEtTNYAwiQKn0qCBx17C2aUHQFTgFAmB32hQFCQeF
-KkABwMD0IAQZAQoAHRYhBHV0GJAGPl6aRhNdAcKFCyZawIW9BQJctRbUAAoJEMKF
-CyZawIW9oNgMAM9UE2bvm5m0Q84zYK2jEBJqts8MvPxRzLoUK06hKk12ABkVMhIU
-BJZ8E7qH/3DlzNPejBAPjfVX3nRAEca3vrdUUgtyRnRSXiugYZ6yadxFQhkutz5Q
-AGKCKseYJ2e+j2zlSzNPGJ3Sa4xsN4tvVGYjS2REPOWT9OuQcN/ushStyqE+qG1H
-Rvvkx+iwRqjBU36RL0+rIW1eysoH+Iz+CO9WcQR8hUNor6VzoQFup8kswJrnPrcJ
-ISoxSFY/SpcagDtkzoDNqmXMJOvloH11AE1TndJSjfk7NuVBKpHSDK4Jiu84e2Ky
-NN2utQ2whvKORQ5zlSanHOz1eZj3gPkV93F4Au9hyzaEwRBY+gg1XHzunW1aPCeY
-/NcabarT3mAv7Kw5Lk54o5o8Q9Z9R7s1R39Yncaq+0+IX748wQMGI8GbmDCt+Dw1
-33E2hGe1Fmg4okNwnb+GEfn7jM9bng7xnjEFo4aNtZhMzErD8z2xGYci9dVxCZZ0
-+EI4g/VdCd0mgAkQ17C2aUHQFTiWlBAAriFfozLR6F+5egSX0FkTRP4cIW/CAfrF
-SgCOhxkTDuXe53ozg6i4hqg4MT8WqCaD+QVePDKX9VBENqUzOLpqM8zpPcA6G/53
-ah400kJKiKVBSwnADMwcOdxu3usYBvlKh4UQp3C7TuVdEhU+GOYL4KBZPbg6y/x2
-Y4KPrSMFoZ0oSeaZ1Dwqr6HaTbWgjYhNiGNAE9ynGPRFIglAdUcFgXeGAhlJY54S
-DqhzH7cEtHYicQXAQr8Yz2JeTBNp2vncDJo8Bw5No55JBgrJreidAMjUsWFTlecu
-DphfU8qkpAy2i7IzvtHGpeTtAyxjRL3Lyu94fkArkii7kgVyleyVU3LDrdQUaJRB
-YqdhQwSbXgrPP/gQ5UIM+MxjhSP2uSGs1HY5zV+q0U0Mx9tAqnE/omUgedMVFFiR
-tb3z+gcC9V6TKxirb0JWDkyNWo/Dp6T/+c4+6IVdrV1Hewye2w/5q0bmKYEg2ZFH
-NDQdrkKdfhrQ8ThmdPAs88MPPQenZF/5fkCApsJEDqz47SO6ooFzB2n+VZox+bYp
-IGMspqV/rng16goIeHXHnz3o0znFWmVR4j4b8XKAbhfAoG7DjTxkuVKAXsN3TYEw
-qm2MuQiucAQbxpu9xEiB/ar5DBfcfwSPEjCeDcEZgIE/Utbe6Uitx8n3r8+Rkbwx
-i5IIIgfM2QGJA/IEGAEKACYCGwIWIQQS1M1gDCJAqfSoIHHXsLZpQdAVOAUCZBNm
-+gUJCyC3JgHAwPQgBBkBCgAdFiEEdXQYkAY+XppGE10BwoULJlrAhb0FAly1FtQA
-CgkQwoULJlrAhb2g2AwAz1QTZu+bmbRDzjNgraMQEmq2zwy8/FHMuhQrTqEqTXYA
-GRUyEhQElnwTuof/cOXM096MEA+N9VfedEARxre+t1RSC3JGdFJeK6BhnrJp3EVC
-GS63PlAAYoIqx5gnZ76PbOVLM08YndJrjGw3i29UZiNLZEQ85ZP065Bw3+6yFK3K
-oT6obUdG++TH6LBGqMFTfpEvT6shbV7Kygf4jP4I71ZxBHyFQ2ivpXOhAW6nySzA
-muc+twkhKjFIVj9KlxqAO2TOgM2qZcwk6+WgfXUATVOd0lKN+Ts25UEqkdIMrgmK
-7zh7YrI03a61DbCG8o5FDnOVJqcc7PV5mPeA+RX3cXgC72HLNoTBEFj6CDVcfO6d
-bVo8J5j81xptqtPeYC/srDkuTnijmjxD1n1HuzVHf1idxqr7T4hfvjzBAwYjwZuY
-MK34PDXfcTaEZ7UWaDiiQ3Cdv4YR+fuMz1ueDvGeMQWjho21mEzMSsPzPbEZhyL1
-1XEJlnT4QjiD9V0J3SaACRDXsLZpQdAVOLR+EACQWO84JbUqSVkInAPJ+dsWXq9Z
-cm1GwwipsoaDkZSDWZMX2Yj2TKVbeqEDNuBC5/KFSwyBKB3edBUy8onrYqRdLx0q
-qQj2PFRFo4Iz3si+6iBEGQtK5OZXjBkuDuzxcNRlp9Sooquf5n9dLaXQWj6IfH5u
-Vlpkf/EoCKEuWqRHpn/NpN4Goc+m4ZPU6eJiJr5RMnv4lHgJyn03IZRbltqEL0gB
-OEOxUEhVJvkknw5aTTZrr8OHnh614Duq1asrrU5jaowGWMnfeOPyT0oDgmnUzg0k
-PrNkhro/SbSWxzVpC+dapVIg4udGyU03XgXP6C1psKfdBMoZoMzSX1E5aItS5yr9
-KGyUUwQh0m0kzzUD1tVJU0QmLpTow/O2IaV+c1iPOB5AZ4fXyBq8X/NuWDmN42Jh
-zgtjQyb97wy9/ABqQn5fy1KNAjN4yOIHri/UY+y0OuU27g4mSfJCBEA+H9mt8Cgv
-CB0xdYaDfjc1uq9UoEAteuY4bso9KpB84UtJetEOxQWYJe7LVRiha037wTOpxgD2
-JhHPU8f//FocQXkZNxOeNSWQLM/U5d2X9ISjOZGRyctk3VHKWv45v0bOs6NnT4tU
-SaV+98JeB1eVCmOrKvgmxoNGK+n9kdtbrGb9kLfMarAvx1/GTHC6b9oQ50bQ6Igk
-KOQ1/miIFEhO+ksiqQ==
-=OOgy
+HFbLsQok8v7NqoqtuQGNBFy1FtQBDADPalE7/hP0kt7afhFoY/sGyO/464BA4Ozo
+MaQC28d4JJCd07upnyj1aLGHfYyO6TXC1cqOQ2tThENyTfJOhVDQ9YCjqDzm4S5V
+R91tNzvYNZOEIwRRPND2jpnmsCzwrnIRHNIiojHBZRnPdC01zcx4oC1m13qDiFSU
+NOi/uDlAXtOf8p0zVnPypaGTG7MUBU8RmkyygvG+Z6AqNDOsDL/nIC5mf2zmLJqK
+VkEeXnWhWBEVgIdr840vi/ejblmVRxanlyGVFY/5CWgylmGxxB0Oh5vz7SjpK5H5
+pONBo43K2tEjnU1jmWTX7tkHYo8wyQS04uO33qh01FLnYl1I0qebfwBys88i/yhr
+9afxcXae5xTLUPzPp+6WYICxRdJ41/3zwlyKbNLvyNQzv43kiRYNR3Yc44F1tHMq
+1Ty3kca7Qe0zGXXeISY3fUA4zKjg0S8bi3yfO5Z/FxpMhjJ+tAcDoiVrXZwsXCsd
+MnQR0KVjzIAmCuJI7OUnujuAB9aMYSEAEQEAAYkD8gQYAQoAJgIbAhYhBBLUzWAM
+IkCp9KggcdewtmlB0BU4BQJgd9oUBQkHhSpAAcDA9CAEGQEKAB0WIQR1dBiQBj5e
+mkYTXQHChQsmWsCFvQUCXLUW1AAKCRDChQsmWsCFvaDYDADPVBNm75uZtEPOM2Ct
+oxASarbPDLz8Ucy6FCtOoSpNdgAZFTISFASWfBO6h/9w5czT3owQD431V950QBHG
+t763VFILckZ0Ul4roGGesmncRUIZLrc+UABigirHmCdnvo9s5UszTxid0muMbDeL
+b1RmI0tkRDzlk/TrkHDf7rIUrcqhPqhtR0b75MfosEaowVN+kS9PqyFtXsrKB/iM
+/gjvVnEEfIVDaK+lc6EBbqfJLMCa5z63CSEqMUhWP0qXGoA7ZM6AzaplzCTr5aB9
+dQBNU53SUo35OzblQSqR0gyuCYrvOHtisjTdrrUNsIbyjkUOc5Umpxzs9XmY94D5
+FfdxeALvYcs2hMEQWPoINVx87p1tWjwnmPzXGm2q095gL+ysOS5OeKOaPEPWfUe7
+NUd/WJ3GqvtPiF++PMEDBiPBm5gwrfg8Nd9xNoRntRZoOKJDcJ2/hhH5+4zPW54O
+8Z4xBaOGjbWYTMxKw/M9sRmHIvXVcQmWdPhCOIP1XQndJoAJENewtmlB0BU4lpQQ
+AK4hX6My0ehfuXoEl9BZE0T+HCFvwgH6xUoAjocZEw7l3ud6M4OouIaoODE/Fqgm
+g/kFXjwyl/VQRDalMzi6ajPM6T3AOhv+d2oeNNJCSoilQUsJwAzMHDncbt7rGAb5
+SoeFEKdwu07lXRIVPhjmC+CgWT24Osv8dmOCj60jBaGdKEnmmdQ8Kq+h2k21oI2I
+TYhjQBPcpxj0RSIJQHVHBYF3hgIZSWOeEg6ocx+3BLR2InEFwEK/GM9iXkwTadr5
+3AyaPAcOTaOeSQYKya3onQDI1LFhU5XnLg6YX1PKpKQMtouyM77RxqXk7QMsY0S9
+y8rveH5AK5Iou5IFcpXslVNyw63UFGiUQWKnYUMEm14Kzz/4EOVCDPjMY4Uj9rkh
+rNR2Oc1fqtFNDMfbQKpxP6JlIHnTFRRYkbW98/oHAvVekysYq29CVg5MjVqPw6ek
+//nOPuiFXa1dR3sMntsP+atG5imBINmRRzQ0Ha5CnX4a0PE4ZnTwLPPDDz0Hp2Rf
++X5AgKbCRA6s+O0juqKBcwdp/lWaMfm2KSBjLKalf654NeoKCHh1x5896NM5xVpl
+UeI+G/FygG4XwKBuw408ZLlSgF7Dd02BMKptjLkIrnAEG8abvcRIgf2q+QwX3H8E
+jxIwng3BGYCBP1LW3ulIrcfJ96/PkZG8MYuSCCIHzNkB
+=JVma
 -----END PGP PUBLIC KEY BLOCK-----

packages.element.io/debian/riot-im-archive-keyring.asc.bak

@@ -0,0 +1,65 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQINBFy1FpcBEADemFRfa16qbsgvnEq5TPhFOssXfSLG4eGBrU0O6adDwv6QyE53
+fivsepaZ21xLXP8KdfJBe40XmsYDLk6I+1cQIoKLCDhN/omaCivJ0QwsHKFqdhsD
+0mmGpRzN1nNXOV856tcWsj25T4V2ttPumvCV/ArITta0X2GPbF2oYKbKjE93uZWR
+xogqHrD7QVzjlDvU6+gQ/TzIA/k0cG/LlOqhHTrR/VMvSzE9LDn2YoWaC2Hk2NZE
+Uby788vombTgPhTrCUmQwDsaXYUfILLhaiAdCqNc3aMcNjc3VX1YjJG0pArx9V2N
+RPMR2UZQzSLgthEz/om9k7x9A9RG85Jo2AAmjrpIl4NRawpKP+uXtIdr4huCzWT4
+r8e1DiMORKRvRPzua/kf+i8vjKWy16KRD5N6rNOTjfoSQxkQTgh9fvLgJUAJ+UnL
+gLKXaijyyIisQ6O2zaI5jJMuSzBG129xpdCeNB0Vmfuy8fBGttTg+OoP1mhnQtDA
+mh7k5EefFKDoKKgt2m+C6nlLr7pG9EA5qMHbQikmZo33phi/yIIU0w8RahueC7A1
+rCvDla+lr9Y2o0Y+2VGTqkc37WadiCcF6DZ/rKMoajgafbJV3QsVBdD0rraqLfvK
+/+UfbbJuZdxb7LtBMGL35ENrVfFNZDiEFJs0eumDCk/KLGBVlL25PH6kIwARAQAB
+tCNyaW90LmltIHBhY2thZ2VzIDxwYWNrYWdlc0ByaW90LmltPokCVAQTAQoAPhYh
+BBLUzWAMIkCp9KggcdewtmlB0BU4BQJctRaXAhsDBQkJZgGABQsJCAcCBhUKCQgL
+AgQWAgMBAh4BAheAAAoJENewtmlB0BU49RsP/2wqPjk4VDhAf10oP2HWyE98nfGm
+SriZFQgewbvgwWzXMdIkGpKGxOsl6SFIgVALPGNE/NBbCjn899l207UMqJt0ylZ1
+9YZgoKwJwZBNDAGPxWgqCUnxZJwZ2iBOPq4jYyn/why91H55T0fICyF0ZDUJUj0C
+b5P5lASeNJaAxweQ6rqAhVQFSD64t1yR/3sMISRHXl6j12ko6wQmZgZf8VR0NrrP
+4EF8892/bpSbM9SsZdCSRvyiRFuPATz6z8+jQIUnVmlHILPH/efuwkbPh4MAsQRg
+xpVzSwCIurp2zc7R3s03DB2K4Ox8xlawsvYQUVPcEg4EOUK4MC0Zly+dOVUmVzm3
+zj97Y0WRPkAagJzeesIx/M4pjYg9zDIZ22NWT9d7KAZemLVtREwWM4zKYEI0Hpid
+5y4uaKaOh7hCNswnorOovNQ/wnDG0X7wiI9+iSR/mfo84OyYYzGnz3aPEjrKuOtM
+GxR8jQ1rCc9RMVdO6xuhnVwUD/JyNEgtRKbBJX9qIH2Z30rvIg7ev9MJG6g52cDy
++inNdxh4u4vpqQjjLTBraRalUe/4S4I8EaUFya91RWDLrEcmgdYfrqXbLMAEcPWS
+cYQdjW3ADEy47rGQ2SeaZweLuHGVx68hCcJx5E0X7eE32R8uaRjmEzgvU+wZKo0y
+HFbLsQok8v7NqoqtiQEzBBABCgAdFiEEQlNDQm4FMsm53u1sih+T1XW16NUFAly1
+FzMACgkQih+T1XW16NUl8AgAnuMyOfLRynXceH/kF8atQZ8nty8+1CgQhHNRreFu
+Q2hm2VkM0xn0QvISkLX5yPwXVNeRyW0xIwwOwgP4Gu91fYujgUv/P2bPIuQlAqrZ
+XMvR8IZ9xLUiS1xCktlZYzyg/36ZFd6bcYkxfplJ86yLHya8vy7oyAKr7Po13K1l
+qxPANte/Ak4DfoejfjnzwnMza0dfKh7XjqHRzkVXeQhGsgVoWPssGKsEyI3HDI4J
+zvpPajSMSWHcbjKQSk2QqwEwjg5ITEBs3PCmKLkKR7qq7+tKU/iIrPJ72BqMluCK
+UE+9s5RvcXkDHmEgnE2NBOLGJ4ZcsajGxs7DjGNYlnMG9bkBjQRctRbUAQwAz2pR
+O/4T9JLe2n4RaGP7Bsjv+OuAQODs6DGkAtvHeCSQndO7qZ8o9Wixh32Mjuk1wtXK
+jkNrU4RDck3yToVQ0PWAo6g85uEuVUfdbTc72DWThCMEUTzQ9o6Z5rAs8K5yERzS
+IqIxwWUZz3QtNc3MeKAtZtd6g4hUlDTov7g5QF7Tn/KdM1Zz8qWhkxuzFAVPEZpM
+soLxvmegKjQzrAy/5yAuZn9s5iyailZBHl51oVgRFYCHa/ONL4v3o25ZlUcWp5ch
+lRWP+QloMpZhscQdDoeb8+0o6SuR+aTjQaONytrRI51NY5lk1+7ZB2KPMMkEtOLj
+t96odNRS52JdSNKnm38AcrPPIv8oa/Wn8XF2nucUy1D8z6fulmCAsUXSeNf988Jc
+imzS78jUM7+N5IkWDUd2HOOBdbRzKtU8t5HGu0HtMxl13iEmN31AOMyo4NEvG4t8
+nzuWfxcaTIYyfrQHA6Ila12cLFwrHTJ0EdClY8yAJgriSOzlJ7o7gAfWjGEhABEB
+AAGJA/IEGAEKACYWIQQS1M1gDCJAqfSoIHHXsLZpQdAVOAUCXLUW1AIbAgUJA8Jn
+AAHACRDXsLZpQdAVOMD0IAQZAQoAHRYhBHV0GJAGPl6aRhNdAcKFCyZawIW9BQJc
+tRbUAAoJEMKFCyZawIW9oNgMAM9UE2bvm5m0Q84zYK2jEBJqts8MvPxRzLoUK06h
+Kk12ABkVMhIUBJZ8E7qH/3DlzNPejBAPjfVX3nRAEca3vrdUUgtyRnRSXiugYZ6y
+adxFQhkutz5QAGKCKseYJ2e+j2zlSzNPGJ3Sa4xsN4tvVGYjS2REPOWT9OuQcN/u
+shStyqE+qG1HRvvkx+iwRqjBU36RL0+rIW1eysoH+Iz+CO9WcQR8hUNor6VzoQFu
+p8kswJrnPrcJISoxSFY/SpcagDtkzoDNqmXMJOvloH11AE1TndJSjfk7NuVBKpHS
+DK4Jiu84e2KyNN2utQ2whvKORQ5zlSanHOz1eZj3gPkV93F4Au9hyzaEwRBY+gg1
+XHzunW1aPCeY/NcabarT3mAv7Kw5Lk54o5o8Q9Z9R7s1R39Yncaq+0+IX748wQMG
+I8GbmDCt+Dw133E2hGe1Fmg4okNwnb+GEfn7jM9bng7xnjEFo4aNtZhMzErD8z2x
+GYci9dVxCZZ0+EI4g/VdCd0mgExeEACPH4USF03wP8EcSSKs6DXtCHPv+PqEMD6w
+0AckI2scEKQ0b45xY4ASEytQlHDpZ+HQLJ22JJ2WT9z+ZL6KC2mAafW5GTpyL6Vl
+WbikiN4V2ueIV3Z1sW9m5342RmqM7OKum2F2phrWfauQxRxwp+bCU7TfbF+PNedb
+dqsyXNLUdgM01GnjTL5sWNp3GJPC22RBjC1Ssc9+e+sde2/HkoBbpCd0xc7wN6cP
+O+SpGJSkWnvOfEnBLGwk8fLZz3wfwVZe8A8tmPMrQNievnPvoz2urkkFYaZ8bOLt
+YRK/3RtALnz4fpuwqOwNdPOGbXVhXPQZ7euJ7pCuIbCbcYxYJJd1UdFMnFB/YkXB
+s/O7TOQzoIEGlNBLzg8d6rnm+Hg8o/PrKwLqYTgvrjSm2DbbP0T38tlgxM2JNP9+
+AELqcgvafnaq0H+jGvM2gCu70Jv0qfzuK9BYiR4kOAq9vT2D8doWDOF4yX71KT81
+ntz4qHNRyf7foTIDpxQ1QgYGtpJ3yjp4tcoElFbHBDIZ6TcPh4xP8Yw8AkvvsnYG
+ARxZDEF+FfH6mikEJSoa6++byxdkmVuQzTj0ZSNev4Z68MF1NhV3vZP2GjQte14v
+v+o35cEMLqEybxi6EPBLbl1B841zDty55Jp6QjK9uAxcCLHZiN5ffK6lKvdRBhT0
+l91/+ZrRJQ==
+=kDqh
+-----END PGP PUBLIC KEY BLOCK-----

scripts/electron_afterSign.js

@@ -0,0 +1,40 @@
+const { notarize } = require("@electron/notarize");
+
+let warned = false;
+exports.default = async function (context) {
+    const { electronPlatformName, appOutDir } = context;
+    const appId = context.packager.info.appInfo.id;
+
+    if (electronPlatformName === "darwin") {
+        const appName = context.packager.appInfo.productFilename;
+
+        const notarizeToolCredentials = {};
+        if (process.env.NOTARIZE_KEYCHAIN_PROFILE) {
+            notarizeToolCredentials.keychainProfile = process.env.NOTARIZE_KEYCHAIN_PROFILE;
+            notarizeToolCredentials.keychain = process.env.NOTARIZE_KEYCHAIN;
+        } if (process.env.NOTARIZE_APPLE_ID && process.env.NOTARIZE_APPLE_ID_PASSWORD && process.env.NOTARIZE_TEAM_ID) {
+            notarizeToolCredentials.appleId = process.env.NOTARIZE_APPLE_ID;
+            notarizeToolCredentials.appleIdPassword = process.env.NOTARIZE_APPLE_ID_PASSWORD;
+            notarizeToolCredentials.teamId = process.env.NOTARIZE_TEAM_ID;
+        } else {
+            if (!warned) {
+                console.log("*****************************************");
+                console.log("*   This build will NOT be notarised.   *");
+                console.log("* Provide NOTARIZE_KEYCHAIN_PROFILE or  *");
+                console.log("* NOTARIZE_APPLE_ID, NOTARIZE_TEAM_ID   *");
+                console.log("* and NOTARIZE_APPLE_ID_PASSWORD        *");
+                console.log("*****************************************");
+                warned = true;
+            }
+            return;
+        }
+
+        console.log("Notarising macOS app. This may be some time.");
+        return await notarize({
+            tool: "notarytool",
+            appBundleId: appId,
+            appPath: `${appOutDir}/${appName}.app`,
+            ...notarizeToolCredentials,
+        });
+    }
+};

scripts/electron_winSign.js

@@ -0,0 +1,78 @@
+const { execFile } = require("child_process");
+
+// Loosely based on computeSignToolArgs from app-builder-lib/src/codeSign/windowsCodeSign.ts
+function computeSignToolArgs(options, keyContainer) {
+    const args = [];
+
+    if (process.env.ELECTRON_BUILDER_OFFLINE !== "true") {
+        const timestampingServiceUrl = options.options.timeStampServer || "http://timestamp.digicert.com";
+        args.push(
+            options.isNest || options.hash === "sha256" ? "/tr" : "/t",
+            options.isNest || options.hash === "sha256"
+                ? options.options.rfc3161TimeStampServer || "http://timestamp.comodoca.com/rfc3161"
+                : timestampingServiceUrl,
+        );
+    }
+
+    args.push("/kc", keyContainer);
+    // To use the hardware token (this should probably be less hardcoded)
+    args.push("/csp", "eToken Base Cryptographic Provider");
+    // The certificate file. Somehow this appears to be the only way to specify
+    // the cert that works. If you specify the subject name or hash, it will
+    // say it can't associate the private key to the certificate.
+    // TODO: Find a way to pass this through from the electron-builder config
+    // so we don't have to hard-code this here
+    // fwiw https://stackoverflow.com/questions/17927895/automate-extended-validation-ev-code-signing
+    // is about the most useful resource on automating code signing...
+    args.push("/f", "element.io\\New_Vector_Ltd.pem");
+
+    if (options.hash !== "sha1") {
+        args.push("/fd", options.hash);
+        if (process.env.ELECTRON_BUILDER_OFFLINE !== "true") {
+            args.push("/td", "sha256");
+        }
+    }
+
+    // msi does not support dual-signing
+    if (options.isNest) {
+        args.push("/as");
+    }
+
+    // https://github.com/electron-userland/electron-builder/issues/2875#issuecomment-387233610
+    args.push("/debug");
+    // must be last argument
+    args.push(options.path);
+
+    return args;
+}
+
+let warned = false;
+exports.default = async function (options) {
+    const keyContainer = process.env.SIGNING_KEY_CONTAINER;
+    if (keyContainer === undefined) {
+        if (!warned) {
+            console.warn(
+                "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!\n" +
+                    "! Skipping Windows signing.          !\n" +
+                    "! SIGNING_KEY_CONTAINER not defined. !\n" +
+                    "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!",
+            );
+            warned = true;
+        }
+        return;
+    }
+
+    return new Promise((resolve, reject) => {
+        const args = ["sign"].concat(computeSignToolArgs(options, keyContainer));
+
+        execFile("signtool", args, {}, (error, stdout) => {
+            if (error) {
+                console.error("signtool failed with code " + error);
+                reject("signtool failed with code " + error);
+                console.log(stdout);
+            } else {
+                resolve();
+            }
+        });
+    });
+};

scripts/fetch-package.ts

@@ -4,7 +4,7 @@ import * as path from "path";
 import { createWriteStream, promises as fs } from "fs";
 import * as childProcess from "child_process";
 import tar from "tar";
-import * as asar from "@electron/asar";
+import * as asar from "asar";
 import fetch from "node-fetch";
 import { promises as stream } from "stream";
 

scripts/fetchdep.sh

@@ -10,6 +10,7 @@ defbranch="$3"
 
 rm -r "$defrepo" || true
 
+# A function that clones a branch of a repo based on the org, repo and branch
 clone() {
     org=$1
     repo=$2
@@ -22,20 +23,56 @@ clone() {
     fi
 }
 
-# Try the PR author's branch in case it exists on the deps as well.
-# If BUILDKITE_BRANCH is set, it will contain either:
-#   * "branch" when the author's branch and target branch are in the same repo
-#   * "author:branch" when the author's branch is in their fork
-# We can split on `:` into an array to check.
-BUILDKITE_BRANCH_ARRAY=(${BUILDKITE_BRANCH//:/ })
-if [[ "${#BUILDKITE_BRANCH_ARRAY[@]}" == "1" ]]; then
-    clone $deforg $defrepo $BUILDKITE_BRANCH
-elif [[ "${#BUILDKITE_BRANCH_ARRAY[@]}" == "2" ]]; then
-    clone ${BUILDKITE_BRANCH_ARRAY[0]} $defrepo ${BUILDKITE_BRANCH_ARRAY[1]}
+# A function that gets info about a PR from the GitHub API based on its number
+getPRInfo() {
+    number=$1
+    if [ -n "$number" ]; then
+        echo "Getting info about a PR with number $number"
+
+        apiEndpoint="https://api.github.com/repos/${REPOSITORY:-"vector-im/element-desktop"}/pulls/"
+        apiEndpoint+=$number
+
+        head=$(curl $apiEndpoint | jq -r '.head.label')
+    fi
+}
+
+# Some CIs don't give us enough info, so we just get the PR number and ask the
+# GH API for more info - "fork:branch". Some give us this directly.
+if [ -n "$BUILDKITE_BRANCH" ]; then
+    # BuildKite
+    head=$BUILDKITE_BRANCH
+elif [ -n "$PR_NUMBER" ]; then
+    # GitHub
+    getPRInfo $PR_NUMBER
+elif [ -n "$REVIEW_ID" ]; then
+    # Netlify
+    getPRInfo $REVIEW_ID
 fi
+
+# for forks, $head will be in the format "fork:branch", so we split it by ":"
+# into an array. On non-forks, this has the effect of splitting into a single
+# element array given ":" shouldn't appear in the head - it'll just be the
+# branch name. Based on the results, we clone.
+BRANCH_ARRAY=(${head//:/ })
+TRY_ORG=$deforg
+TRY_BRANCH=${BRANCH_ARRAY[0]}
+if [[ "$head" == *":"* ]]; then
+    # ... but only match that fork if it's a real fork
+    if [ "${BRANCH_ARRAY[0]}" != "matrix-org" ]; then
+        TRY_ORG=${BRANCH_ARRAY[0]}
+    fi
+    TRY_BRANCH=${BRANCH_ARRAY[1]}
+fi
+clone ${TRY_ORG} $defrepo ${TRY_BRANCH}
+
 # Try the target branch of the push or PR.
-clone $deforg $defrepo $BUILDKITE_PULL_REQUEST_BASE_BRANCH
-# Try the current branch from Jenkins.
-clone $deforg $defrepo `"echo $GIT_BRANCH" | sed -e 's/^origin\///'`
+if [ -n "$GITHUB_BASE_REF" ]; then
+    clone $deforg $defrepo $GITHUB_BASE_REF
+elif [ -n "$BUILDKITE_PULL_REQUEST_BASE_BRANCH" ]; then
+    clone $deforg $defrepo $BUILDKITE_PULL_REQUEST_BASE_BRANCH
+fi
+
+# Try HEAD which is the branch name in Netlify (not BRANCH which is pull/xxxx/head for PR builds)
+clone $deforg $defrepo $HEAD
 # Use the default branch as the last resort.
 clone $deforg $defrepo $defbranch

scripts/generate-builder-config.ts

@@ -7,9 +7,6 @@
  * On Windows:
  *  Prefixes the nightly version with `0.0.1-nightly.` as it breaks if it is not semver
  *
- * On macOS:
- *   Passes --notarytool-team-id to build.mac.notarize.notarize if specified
- *
  * On Linux:
  *  Replaces spaces in the product name with dashes as spaces in paths can cause issues
  *  Passes --deb-custom-control to build.deb.fpm if specified
@@ -18,7 +15,6 @@
 import parseArgs from "minimist";
 import fsProm from "fs/promises";
 import * as os from "os";
-import { Configuration } from "app-builder-lib";
 
 const ELECTRON_BUILDER_CFG_FILE = "electron-builder.json";
 
@@ -29,23 +25,54 @@ const argv = parseArgs<{
     "nightly"?: string;
     "signtool-thumbprint"?: string;
     "signtool-subject-name"?: string;
-    "notarytool-team-id"?: string;
     "deb-custom-control"?: string;
-    "deb-changelog"?: string;
 }>(process.argv.slice(2), {
-    string: [
-        "nightly",
-        "deb-custom-control",
-        "deb-changelog",
-        "signtool-thumbprint",
-        "signtool-subject-name",
-        "notarytool-team-id",
-    ],
+    string: ["nightly", "deb-custom-control", "signtool-thumbprint", "signtool-subject-name"],
 });
 
-type DeepWriteable<T> = { -readonly [P in keyof T]: DeepWriteable<T[P]> };
+interface File {
+    from: string;
+    to: string;
+}
 
-interface PackageBuild extends DeepWriteable<Omit<Configuration, "extraMetadata">> {
+interface PackageBuild {
+    appId: string;
+    asarUnpack: string;
+    files: Array<string | File>;
+    extraResources: Array<string | File>;
+    linux: {
+        target: string;
+        category: string;
+        maintainer: string;
+        desktop: {
+            StartupWMClass: string;
+        };
+    };
+    mac: {
+        category: string;
+        darkModeSupport: boolean;
+    };
+    win: {
+        target: {
+            target: string;
+        };
+        sign?: string;
+        signingHashAlgorithms?: string[];
+        certificateSubjectName?: string;
+        certificateSha1?: string;
+    };
+    deb?: {
+        fpm?: string[];
+    };
+    directories: {
+        output: string;
+    };
+    afterPack: string;
+    afterSign: string;
+    protocols: Array<{
+        name: string;
+        schemes: string[];
+    }>;
     extraMetadata?: {
         productName?: string;
         name?: string;
@@ -87,15 +114,10 @@ async function main(): Promise<number | void> {
     }
 
     if (argv["signtool-thumbprint"] && argv["signtool-subject-name"]) {
-        cfg.win!.signingHashAlgorithms = ["sha256"];
-        cfg.win!.certificateSubjectName = argv["signtool-subject-name"];
-        cfg.win!.certificateSha1 = argv["signtool-thumbprint"];
-    }
-
-    if (argv["notarytool-team-id"]) {
-        cfg.mac!.notarize = {
-            teamId: argv["notarytool-team-id"],
-        };
+        delete cfg.win.sign;
+        cfg.win.signingHashAlgorithms = ["sha256"];
+        cfg.win.certificateSubjectName = argv["signtool-subject-name"];
+        cfg.win.certificateSha1 = argv["signtool-thumbprint"];
     }
 
     if (os.platform() === "linux") {
@@ -103,15 +125,10 @@ async function main(): Promise<number | void> {
         // https://github.com/vector-im/element-web/issues/13171
         cfg.extraMetadata!.productName = cfg.extraMetadata!.productName!.replace(/ /g, "-");
 
-        cfg.deb = {
-            fpm: [],
-        };
-
         if (argv["deb-custom-control"]) {
-            cfg.deb.fpm!.push(`--deb-custom-control=${argv["deb-custom-control"]}`);
-        }
-        if (argv["deb-changelog"]) {
-            cfg.deb.fpm!.push(`--deb-changelog=${argv["deb-changelog"]}`);
+            cfg.deb = {
+                fpm: [`--deb-custom-control=${argv["deb-custom-control"]}`],
+            };
         }
     }
 

scripts/hak/clean.ts

@@ -21,7 +21,33 @@ import { DependencyInfo } from "./dep";
 import HakEnv from "./hakEnv";
 
 export default async function clean(hakEnv: HakEnv, moduleInfo: DependencyInfo): Promise<void> {
-    await rimraf(moduleInfo.moduleDotHakDir);
-    await rimraf(path.join(hakEnv.dotHakDir, "links", moduleInfo.name));
-    await rimraf(path.join(hakEnv.projectRoot, "node_modules", moduleInfo.name));
+    await new Promise<void>((resolve, reject) => {
+        rimraf(moduleInfo.moduleDotHakDir, (err?: Error | null) => {
+            if (err) {
+                reject(err);
+            } else {
+                resolve();
+            }
+        });
+    });
+
+    await new Promise<void>((resolve, reject) => {
+        rimraf(path.join(hakEnv.dotHakDir, "links", moduleInfo.name), (err?: Error | null) => {
+            if (err) {
+                reject(err);
+            } else {
+                resolve();
+            }
+        });
+    });
+
+    await new Promise<void>((resolve, reject) => {
+        rimraf(path.join(hakEnv.projectRoot, "node_modules", moduleInfo.name), (err?: Error | null) => {
+            if (err) {
+                reject(err);
+            } else {
+                resolve();
+            }
+        });
+    });
 }

scripts/hak/copy.ts

@@ -18,7 +18,7 @@ import path from "path";
 import fsProm from "fs/promises";
 import childProcess from "child_process";
 import rimraf from "rimraf";
-import { glob } from "glob";
+import glob from "glob";
 import mkdirp from "mkdirp";
 
 import HakEnv from "./hakEnv";
@@ -33,7 +33,11 @@ export default async function copy(hakEnv: HakEnv, moduleInfo: DependencyInfo):
         try {
             await mkdirp(moduleInfo.moduleOutDir);
             process.chdir(moduleInfo.moduleOutDir);
-            await rimraf(moduleInfo.cfg.prune);
+            await new Promise<void>((resolve, reject) => {
+                rimraf(moduleInfo.cfg.prune, {}, (err) => {
+                    err ? reject(err) : resolve();
+                });
+            });
         } finally {
             process.chdir(oldCwd);
         }
@@ -43,8 +47,18 @@ export default async function copy(hakEnv: HakEnv, moduleInfo: DependencyInfo):
         // If there are multiple moduleBuildDirs, singular moduleBuildDir
         // is the same as moduleBuildDirs[0], so we're just listing the contents
         // of the first one.
-        const files = await glob(moduleInfo.cfg.copy, {
-            cwd: moduleInfo.moduleBuildDir,
+        const files = await new Promise<string[]>((resolve, reject) => {
+            glob(
+                moduleInfo.cfg.copy,
+                {
+                    nosort: true,
+                    silent: true,
+                    cwd: moduleInfo.moduleBuildDir,
+                },
+                (err, files) => {
+                    err ? reject(err) : resolve(files);
+                },
+            );
         });
 
         if (moduleInfo.moduleBuildDirs.length > 1) {

scripts/hak/target.ts

@@ -25,7 +25,6 @@ export type TargetId =
     | "universal-apple-darwin"
     | "i686-pc-windows-msvc"
     | "x86_64-pc-windows-msvc"
-    | "aarch64-pc-windows-msvc"
     | "i686-unknown-linux-musl"
     | "i686-unknown-linux-gnu"
     | "x86_64-unknown-linux-musl"
@@ -99,13 +98,6 @@ const x8664PcWindowsMsvc: WindowsTarget = {
     vcVarsArch: "amd64",
 };
 
-const aarch64WindowsMsvc: WindowsTarget = {
-    id: "aarch64-pc-windows-msvc",
-    platform: "win32",
-    arch: "arm64",
-    vcVarsArch: "arm64",
-};
-
 const x8664UnknownLinuxGnu: LinuxTarget = {
     id: "x86_64-unknown-linux-gnu",
     platform: "linux",
@@ -170,7 +162,6 @@ export const TARGETS: Record<TargetId, Target> = {
     // Windows
     "i686-pc-windows-msvc": i686PcWindowsMsvc,
     "x86_64-pc-windows-msvc": x8664PcWindowsMsvc,
-    "aarch64-pc-windows-msvc": aarch64WindowsMsvc,
     // Linux
     "i686-unknown-linux-musl": i686UnknownLinuxMusl,
     "i686-unknown-linux-gnu": i686UnknownLinuxGnu,

scripts/set-version.ts

@@ -6,7 +6,7 @@
  */
 
 import { promises as fs } from "fs";
-import * as asar from "@electron/asar";
+import * as asar from "asar";
 import * as childProcess from "child_process";
 
 export async function versionFromAsar(): Promise<string> {

scripts/tsconfig.json

@@ -9,7 +9,7 @@
         "strict": true,
         "lib": ["es2019", "dom"]
     },
-    "include": ["../src/@types", "./**/*.ts"],
+    "include": ["./**/*.ts"],
     "ts-node": {
         "transpileOnly": true
     }

src/@types/glob.d.ts

@@ -1,6 +0,0 @@
-import { GlobOptions } from "glob";
-
-declare module "glob" {
-    // Workaround for @electron/asar importing IOptions instead of GlobOptions
-    export type IOptions = GlobOptions;
-}

src/electron-main.ts

@@ -19,8 +19,7 @@ limitations under the License.
 
 // Squirrel on windows starts the app with various flags as hooks to tell us when we've been installed/uninstalled etc.
 import "./squirrelhooks";
-import { app, BrowserWindow, Menu, autoUpdater, protocol, dialog, Input } from "electron";
-import * as Sentry from "@sentry/electron/main";
+import { app, BrowserWindow, Menu, autoUpdater, protocol, dialog } from "electron";
 import AutoLaunch from "auto-launch";
 import path from "path";
 import windowStateKeeper from "electron-window-state";
@@ -39,11 +38,18 @@ import webContentsHandler from "./webcontents-handler";
 import * as updater from "./updater";
 import { getProfileFromDeeplink, protocolInit } from "./protocol";
 import { _t, AppLocalization } from "./language-helper";
+import Input = Electron.Input;
 
 const argv = minimist(process.argv, {
     alias: { help: "h" },
 });
 
+// Things we need throughout the file but need to be created
+// async to are initialised in setupGlobals()
+let asarPath: string;
+let resPath: string;
+let iconPath: string;
+
 if (argv["help"]) {
     console.log("Options:");
     console.log("  --profile-dir {path}: Path to where to store the profile.");
@@ -113,32 +119,28 @@ async function tryPaths(name: string, root: string, rawPaths: string[]): Promise
 
 const homeserverProps = ["default_is_url", "default_hs_url", "default_server_name", "default_server_config"] as const;
 
-let asarPathPromise: Promise<string> | undefined;
-// Get the webapp resource file path, memoizes result
-function getAsarPath(): Promise<string> {
-    if (!asarPathPromise) {
-        asarPathPromise = tryPaths("webapp", __dirname, [
-            // If run from the source checkout, this will be in the directory above
-            "../webapp.asar",
-            // but if run from a packaged application, electron-main.js will be in
-            // a different asar file, so it will be two levels above
-            "../../webapp.asar",
-            // also try without the 'asar' suffix to allow symlinking in a directory
-            "../webapp",
-            // from a packaged application
-            "../../webapp",
-        ]);
-    }
+// Find the webapp resources and set up things that require them
+async function setupGlobals(): Promise<void> {
+    // find the webapp asar.
+    asarPath = await tryPaths("webapp", __dirname, [
+        // If run from the source checkout, this will be in the directory above
+        "../webapp.asar",
+        // but if run from a packaged application, electron-main.js will be in
+        // a different asar file so it will be two levels above
+        "../../webapp.asar",
+        // also try without the 'asar' suffix to allow symlinking in a directory
+        "../webapp",
+        // from a packaged application
+        "../../webapp",
+    ]);
 
-    return asarPathPromise;
-}
-
-// Loads the config from asar, and applies a config.json from userData atop if one exists
-// Writes config to `global.vectorConfig`. Does nothing if `global.vectorConfig` is already set.
-async function loadConfig(): Promise<void> {
-    if (global.vectorConfig) return;
-
-    const asarPath = await getAsarPath();
+    // we assume the resources path is in the same place as the asar
+    resPath = await tryPaths("res", path.dirname(asarPath), [
+        // If run from the source checkout
+        "res",
+        // if run from packaged application
+        "",
+    ]);
 
     try {
         // eslint-disable-next-line @typescript-eslint/no-var-requires
@@ -166,7 +168,7 @@ async function loadConfig(): Promise<void> {
                 .reduce((obj, key) => {
                     obj[key] = global.vectorConfig[key];
                     return obj;
-                }, {} as Omit<Partial<(typeof global)["vectorConfig"]>, keyof typeof homeserverProps>);
+                }, {} as Omit<Partial<typeof global["vectorConfig"]>, keyof typeof homeserverProps>);
         }
 
         global.vectorConfig = Object.assign(global.vectorConfig, localConfig);
@@ -184,41 +186,13 @@ async function loadConfig(): Promise<void> {
 
         // Could not load local config, this is expected in most cases.
     }
-}
-
-// Configure Electron Sentry and crashReporter using sentry.dsn in config.json if one is present.
-async function configureSentry(): Promise<void> {
-    await loadConfig();
-    const { dsn, environment } = global.vectorConfig.sentry || {};
-    if (dsn) {
-        console.log(`Enabling Sentry with dsn=${dsn} environment=${environment}`);
-        Sentry.init({
-            dsn,
-            environment,
-            // We don't actually use this IPC, but we do not want Sentry injecting preloads
-            ipcMode: Sentry.IPCMode.Classic,
-        });
-    }
-}
-
-// Set up globals for Tray and AutoLaunch
-async function setupGlobals(): Promise<void> {
-    const asarPath = await getAsarPath();
-    await loadConfig();
-
-    // we assume the resources path is in the same place as the asar
-    const resPath = await tryPaths("res", path.dirname(asarPath), [
-        // If run from the source checkout
-        "res",
-        // if run from packaged application
-        "",
-    ]);
 
     // The tray icon
     // It's important to call `path.join` so we don't end up with the packaged asar in the final path.
     const iconFile = `element.${process.platform === "win32" ? "ico" : "png"}`;
+    iconPath = path.join(resPath, "img", iconFile);
     global.trayConfig = {
-        icon_path: path.join(resPath, "img", iconFile),
+        icon_path: iconPath,
         brand: global.vectorConfig.brand || "Element",
     };
 
@@ -232,9 +206,9 @@ async function setupGlobals(): Promise<void> {
     });
 }
 
-// Look for an auto-launcher under 'Riot' and if we find one,
-// port its enabled/disabled-ness over to the new 'Element' launcher
 async function moveAutoLauncher(): Promise<void> {
+    // Look for an auto-launcher under 'Riot' and if we find one, port it's
+    // enabled/disabled-ness over to the new 'Element' launcher
     if (!global.vectorConfig.brand || global.vectorConfig.brand === "Element") {
         const oldLauncher = new AutoLaunch({
             name: "Riot",
@@ -287,8 +261,6 @@ const warnBeforeExit = (event: Event, input: Input): void => {
     }
 };
 
-configureSentry();
-
 // handle uncaught errors otherwise it displays
 // stack traces in popup dialogs, which is terrible (which
 // it will do any time the auto update poke fails, and there's
@@ -350,10 +322,7 @@ if (global.store.get("disableHardwareAcceleration", false) === true) {
 }
 
 app.on("ready", async () => {
-    let asarPath: string;
-
     try {
-        asarPath = await getAsarPath();
         await setupGlobals();
         await moveAutoLauncher();
     } catch (e) {
@@ -453,7 +422,7 @@ app.on("ready", async () => {
         // https://www.electronjs.org/docs/faq#the-font-looks-blurry-what-is-this-and-what-can-i-do
         backgroundColor: "#fff",
 
-        icon: global.trayConfig.icon_path,
+        icon: iconPath,
         show: false,
         autoHideMenuBar: global.store.get("autoHideMenuBar", true),
 

src/i18n/strings/cs.json

@@ -1,47 +0,0 @@
-{
-    "Add to dictionary": "Přidat do slovníku",
-    "Failed to save image": "Chyba při ukládání obrázku",
-    "The image failed to save": "Obrázek se nepodařilo uložit",
-    "Save image as...": "Uložit obrázek jako...",
-    "Copy link address": "Kopírovat adresu odkazu",
-    "Copy image address": "Kopírovat adresu obrázku",
-    "Copy email address": "Kopírovat e-mailovou adresu",
-    "Copy image": "Kopírovat obrázek",
-    "File": "Soubor",
-    "Bring All to Front": "Přenést vše do popředí",
-    "Zoom": "Lupa",
-    "Stop Speaking": "Zastavit nahrávání hlasu",
-    "Start Speaking": "Spustit nahrávání hlasu",
-    "Speech": "Řeč",
-    "Unhide": "Zrušit skrytí",
-    "Hide Others": "Skrýt ostatní",
-    "Hide": "Skrýt",
-    "Services": "Služby",
-    "About": "O aplikaci",
-    "Element Help": "Nápověda aplikace Element",
-    "Help": "Nápověda",
-    "Close": "Zavřít",
-    "Minimize": "Minimalizovat",
-    "Window": "Okno",
-    "Toggle Developer Tools": "Přepnout zobrazení nástrojů pro vývojáře",
-    "Toggle Full Screen": "Přepnout zobrazení celé obrazovky",
-    "Preferences": "Předvolby",
-    "Zoom Out": "Oddálit",
-    "Zoom In": "Přiblížit",
-    "Actual Size": "Aktuální velikost",
-    "View": "Zobrazit",
-    "Select All": "Vybrat vše",
-    "Delete": "Smazat",
-    "Paste and Match Style": "Vložit a přizpůsobit styl",
-    "Paste": "Vložit",
-    "Copy": "Kopírovat",
-    "Cut": "Vyjmout",
-    "Redo": "Znovu",
-    "Undo": "Zpět",
-    "Edit": "Úpravy",
-    "Quit": "Ukončit",
-    "Show/Hide": "Zobrazit/Skrýt",
-    "Are you sure you want to quit?": "Opravdu chcete ukončit aplikaci?",
-    "Close %(brand)s": "Zavřít %(brand)s",
-    "Cancel": "Zrušit"
-}

src/i18n/strings/it.json

@@ -14,7 +14,7 @@
     "Hide Others": "Nascondi gli altri",
     "Hide": "Nascondi",
     "Services": "Servizi",
-    "About": "Informazioni su",
+    "About": "Al riguardo",
     "Element Help": "Aiuto di Element",
     "Help": "Aiuto",
     "Close": "Chiudi",
@@ -29,7 +29,7 @@
     "View": "Vedi",
     "Select All": "Seleziona tutto",
     "Delete": "Elimina",
-    "Paste and Match Style": "Incolla e adegua lo stile",
+    "Paste and Match Style": "Incolla e abbina lo stile",
     "Paste": "Incolla",
     "Copy": "Copia",
     "Cut": "Taglia",

src/i18n/strings/ko.json

@@ -1,12 +0,0 @@
-{
-    "File": "파일",
-    "Copy email address": "이메일 주소 복사",
-    "Paste": "붙여넣기",
-    "Hide": "숨기기",
-    "Preferences": "환경설정",
-    "Undo": "실행 취소",
-    "Edit": "수정",
-    "Quit": "종료",
-    "Delete": "삭제",
-    "Cancel": "취소"
-}

src/i18n/strings/uk.json

@@ -1 +0,0 @@
-{}

src/i18n/strings/zh_Hant.json

@@ -1,6 +1,6 @@
 {
     "Bring All to Front": "全部移至最前",
-    "Add to dictionary": "新增到字典",
+    "Add to dictionary": "加入至字典",
     "The image failed to save": "儲存圖片失敗",
     "Failed to save image": "儲存圖片失敗",
     "Save image as...": "另存圖片為...",
@@ -17,8 +17,8 @@
     "Hide": "隱藏",
     "Services": "服務",
     "About": "關於",
-    "Element Help": "Element 說明",
-    "Help": "說明",
+    "Element Help": "Element 協助",
+    "Help": "協助",
     "Close": "關閉",
     "Minimize": "最小化",
     "Window": "視窗",
@@ -38,9 +38,9 @@
     "Redo": "取消復原",
     "Undo": "復原",
     "Edit": "編輯",
-    "Quit": "離開",
+    "Quit": "退出",
     "Show/Hide": "顯示/隱藏",
-    "Are you sure you want to quit?": "您確定要離開嗎？",
+    "Are you sure you want to quit?": "您確定要退出嗎？",
     "Cancel": "取消",
     "Copy image address": "複製圖片地址",
     "Close %(brand)s": "關閉 %(brand)s"

src/ipc.ts

@@ -14,8 +14,7 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 
-import { app, autoUpdater, desktopCapturer, ipcMain, powerSaveBlocker, TouchBar, nativeImage } from "electron";
-import { relaunchApp } from "electron-clear-data";
+import { app, autoUpdater, desktopCapturer, ipcMain, powerSaveBlocker } from "electron";
 
 import IpcMainEvent = Electron.IpcMainEvent;
 import { recordSSOSession } from "./protocol";
@@ -187,64 +186,6 @@ ipcMain.on("ipcCall", async function (_ev: IpcMainEvent, payload) {
             }));
             break;
 
-        case "clearStorage":
-            global.store.clear();
-            global.mainWindow.webContents.session.flushStorageData();
-            await global.mainWindow.webContents.session.clearStorageData();
-            relaunchApp();
-            break;
-
-        case "breadcrumbs": {
-            if (process.platform === "darwin") {
-                const { TouchBarPopover, TouchBarButton } = TouchBar;
-
-                const recentsBar = new TouchBar({
-                    items: args[0].map((r: { roomId: string; avatarUrl: string | null; initial: string }) => {
-                        const defaultColors = ["#0DBD8B", "#368bd6", "#ac3ba8"];
-                        let total = 0;
-                        for (let i = 0; i < r.roomId.length; ++i) {
-                            total += r.roomId.charCodeAt(i);
-                        }
-
-                        const button = new TouchBarButton({
-                            label: r.initial,
-                            backgroundColor: defaultColors[total % defaultColors.length],
-                            click: (): void => {
-                                global.mainWindow?.loadURL(`vector://vector/webapp/#/room/${r.roomId}`);
-                            },
-                        });
-                        if (r.avatarUrl) {
-                            fetch(r.avatarUrl)
-                                .then((resp) => {
-                                    if (!resp.ok) return;
-                                    return resp.arrayBuffer();
-                                })
-                                .then((arrayBuffer) => {
-                                    if (!arrayBuffer) return;
-                                    const buffer = Buffer.from(arrayBuffer);
-                                    button.icon = nativeImage.createFromBuffer(buffer);
-                                    button.label = "";
-                                    button.backgroundColor = "";
-                                });
-                        }
-                        return button;
-                    }),
-                });
-
-                const touchBar = new TouchBar({
-                    items: [
-                        new TouchBarPopover({
-                            label: "Recents",
-                            showCloseButton: true,
-                            items: recentsBar,
-                        }),
-                    ],
-                });
-                global.mainWindow.setTouchBar(touchBar);
-            }
-            break;
-        }
-
         default:
             global.mainWindow.webContents.send("ipcReply", {
                 id: payload.id,

test/launch-test.ts

@@ -23,7 +23,7 @@ import { ElectronApplication, Page } from "playwright-core";
 
 describe("App launch", () => {
     const artifactsPath = path.join(process.cwd(), "test_artifacts");
-    if (!fs.existsSync(artifactsPath)) fs.mkdirSync(artifactsPath);
+    fs.mkdirSync(artifactsPath);
 
     const tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), "element-desktop-tests"));
     console.log("Using temp profile directory: ", tmpDir);