From b39bdb54496945b99123adc7589b9066e7888c06 Mon Sep 17 00:00:00 2001
From: David Byers <david.byers@liu.se>
Date: Sat, 20 Feb 2021 14:59:42 +0100
Subject: [PATCH] Add chrome build to pipeline.
---
.gitlab-ci.yml | 56 +++++++++++++++++++++-
scripts/crxbuild.sh | 114 ++++++++++++++++++++++++++++++++++++++++++++
site/index.html | 8 ++--
3 files changed, 172 insertions(+), 6 deletions(-)
create mode 100644 scripts/crxbuild.sh
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index cfef1b0..5a3694c 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -87,7 +87,6 @@ prepare:release:
# Build for Edge
#
-
.build:edge:
stage: build
image: python:3.7-stretch
@@ -113,6 +112,7 @@ build:edge:beta:
when: always
- changes:
- shared/**/*
+ - firefox/**/*
- edge/**/*
when: always
- when: never
@@ -124,6 +124,48 @@ build:edge:release:
<<: *release_rules
+#
+# Build for Chrome
+#
+
+.build:chrome:
+ stage: build
+ image: python:3.7-stretch
+ script:
+ - apt-get -y update
+ - apt-get -y install zip
+ - cd build/chrome
+ - zip -r ../../safelinks-cleaner-edge-$VARIANT.zip *
+ artifacts:
+ paths:
+ - safelinks-cleaner-edge-$VARIANT.zip
+
+build:chrome:beta:
+ extends: .build:chrome
+ variables:
+ VARIANT: beta
+ rules:
+ - if: '$CI_COMMIT_BRANCH != "master"'
+ when: never
+ - if: "$CI_COMMIT_MESSAGE =~ /#release/"
+ when: never
+ - if: '$CI_COMMIT_MESSAGE =~ /#force-build:(all|chrome)/'
+ when: always
+ - changes:
+ - shared/**/*
+ - firefox/**/*
+ - chrome/**/*
+ - edge/**/*
+ when: always
+ - when: never
+
+build:chrome:release:
+ extends: .build:chrome
+ variables:
+ VARIANT: release
+ <<: *release_rules
+
+
#
# Build for Firefox
#
@@ -211,6 +253,9 @@ build:thunderbird:release:
<<: *release_rules
+
+
+
# ========================================================================
# Stage: collect/deploy
#
@@ -235,6 +280,7 @@ pages:
- cp safelinks-cleaner-firefox-beta.xpi .public
- cp safelinks-cleaner-thunderbird-beta.xpi .public
- cp safelinks-cleaner-edge-beta.zip .public
+ - cp safelinks-cleaner-edge-chrome.zip .public
- mv .public public
- ls -lR public
needs:
@@ -252,6 +298,10 @@ pages:
job: build:edge:beta
ref: $CI_COMMIT_REF_NAME
artifacts: true
+ - project: $CI_PROJECT_PATH
+ job: build:chrome:beta
+ ref: $CI_COMMIT_REF_NAME
+ artifacts: true
<<: *beta_rules
artifacts:
paths:
@@ -272,6 +322,8 @@ upload:
curl --header "JOB-TOKEN: ${CI_JOB_TOKEN}" --upload-file safelinks-cleaner-thunderbird-release.xpi ${PACKAGE_REGISTRY_URL}/
- |
curl --header "JOB-TOKEN: ${CI_JOB_TOKEN}" --upload-file safelinks-cleaner-edge-release.zip ${PACKAGE_REGISTRY_URL}/
+ - |
+ curl --header "JOB-TOKEN: ${CI_JOB_TOKEN}" --upload-file safelinks-cleaner-chrome-release.zip ${PACKAGE_REGISTRY_URL}/
<<: *release_rules
@@ -282,5 +334,5 @@ release:
- VERSION=$(cat version)
- PACKAGE_REGISTRY_URL="${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/${CI_PROJECT_NAME}/${VERSION}"
- |
- release-cli create --name "Release $VERSION" --description "Release $VERSION" --tag-name "release-$VERSION" --assets-link "{\"name\":\"safelinks-cleaner-thunderbird-release.xpi\",\"url\":\"${PACKAGE_REGISTRY_URL}/safelinks-cleaner-thunderbird-release.xpi\"}" --assets-link "{\"name\":\"safelinks-cleaner-firefox-release.xpi\",\"url\":\"${PACKAGE_REGISTRY_URL}/safelinks-cleaner-firefox-release.xpi\"}" --assets-link "{\"name\":\"safelinks-cleaner-edge-release.zip\",\"url\":\"${PACKAGE_REGISTRY_URL}/safelinks-cleaner-edge-release.zip\"}"
+ release-cli create --name "Release $VERSION" --description "Release $VERSION" --tag-name "release-$VERSION" --assets-link "{\"name\":\"safelinks-cleaner-thunderbird-release.xpi\",\"url\":\"${PACKAGE_REGISTRY_URL}/safelinks-cleaner-thunderbird-release.xpi\"}" --assets-link "{\"name\":\"safelinks-cleaner-firefox-release.xpi\",\"url\":\"${PACKAGE_REGISTRY_URL}/safelinks-cleaner-firefox-release.xpi\"}" --assets-link "{\"name\":\"safelinks-cleaner-edge-release.zip\",\"url\":\"${PACKAGE_REGISTRY_URL}/safelinks-cleaner-edge-release.zip\"} --assets-link "{\"name\":\"safelinks-cleaner-chrome-release.zip\",\"url\":\"${PACKAGE_REGISTRY_URL}/safelinks-cleaner-chrome-release.zip\"}"
<<: *release_rules
diff --git a/scripts/crxbuild.sh b/scripts/crxbuild.sh
new file mode 100644
index 0000000..2b3071c
--- /dev/null
+++ b/scripts/crxbuild.sh
@@ -0,0 +1,114 @@
+#!/bin/bash
+
+set -eu
+
+usage() {
+ cat <<EOF
+Usage: makecrx.sh --key PEMFILE --source PATH --output FILE
+
+--key Private key file
+--source Source directory
+--output Output file
+EOF
+ exit 1
+}
+
+fatal() {
+ echo "$*" >&2
+ exit 1
+}
+
+cleanup() {
+ echo "$TMPDIR"
+# rm -rf "$TMPDIR"
+}
+
+swap_bytes () {
+ echo "${1:6:2}${1:4:2}${1:2:2}${1:0:2}"
+}
+
+while [ $# -gt 0 ] ; do
+ case "$1" in
+ --output|-o)
+ OUTPUT_FILE="$2"
+ shift
+ ;;
+ --source|-s)
+ SOURCE_DIR="$2"
+ shift
+ ;;
+ --key|-k)
+ KEY_FILE="$2"
+ shift
+ ;;
+ --)
+ shift
+ break
+ ;;
+ -h|--help)
+ usage
+ ;;
+ -*)
+ usage
+ ;;
+ *)
+ break
+ ;;
+ esac
+ shift
+done
+
+[ $# -eq 0 ] || usage
+[ "$OUTPUT_FILE" ] || usage
+[ "$SOURCE_DIR" ] || usage
+[ "$KEY_FILE" ] || usage
+
+TMPDIR="$(mktemp -d)"
+trap cleanup EXIT
+
+openssl rsa -in "$KEY_FILE" -pubout -outform der 2>/dev/null | \
+ openssl dgst -sha256 -binary -out "$TMPDIR/extension.id"
+truncate -s 16 "$TMPDIR/extension.id"
+
+(cd "$SOURCE_DIR" && zip -qr -9 -X "$TMPDIR/extension.zip" .)
+
+(
+ printf "CRX3 SignedData"
+ echo "00 12 00 00 00 0A 10" | xxd -r -p
+ cat "$TMPDIR/extension.id" "$TMPDIR/extension.zip"
+) | openssl dgst -sha256 -binary -sign "$KEY_FILE" > "$TMPDIR/extension.sig"
+
+openssl rsa -pubout -outform DER < "$KEY_FILE" > "$TMPDIR/extension.pub" 2>/dev/null
+
+
+
+
+crmagic_hex="43 72 32 34" # Cr24
+version_hex="03 00 00 00" # 3
+header_length="45 02 00 00"
+header_chunk_1="12 AC 04 0A A6 02"
+header_chunk_2="12 80 02"
+header_chunk_3="82 F1 04 12 0A 10"
+(
+ echo "$crmagic_hex $version_hex $header_length $header_chunk_1" | xxd -r -p
+ cat "$TMPDIR/extension.pub"
+ echo "$header_chunk_2" | xxd -r -p
+ cat "$TMPDIR/extension.sig"
+ echo "$header_chunk_3" | xxd -r -p
+ cat "$TMPDIR/extension.id" "$TMPDIR/extension.zip"
+) > "$OUTPUT_FILE"
+
+
+#
+#
+# crmagic_hex="4372 3234" # Cr24
+# version_hex="0200 0000" # 2
+# pub_len_hex=$(swap_bytes $(printf '%08x\n' $(ls -l "$TMPDIR/extension.pub" | awk '{print $5}')))
+# sig_len_hex=$(swap_bytes $(printf '%08x\n' $(ls -l "$TMPDIR/extension.sig" | awk '{print $5}')))
+#
+# (
+# echo "$crmagic_hex $version_hex $pub_len_hex $sig_len_hex" | xxd -r -p
+# cat "$TMPDIR/extension.pub" "$TMPDIR/extension.sig" "$TMPDIR/extension.zip"
+# ) > "$OUTPUT_FILE"
+#
+#
diff --git a/site/index.html b/site/index.html
index 1acf485..a87217d 100644
--- a/site/index.html
+++ b/site/index.html
@@ -28,9 +28,9 @@
<div class="tagline">
Browser and mail extension that cleans up the display of
links mangled by Microsoft Defender for Office 365 Safe
- Links. Download the stable extension using your browser or
- mail program, or join the beta crowd here.
- <br />
+ Links. Install the stable extension using your browser or
+ mail reader, or if you're comfortable using the developer
+ mode of your software,get one of the beta versions. <br />
<span class="small">Most recent build: %VERSION% (%BUILDDATE% UTC)</span>
</div><!--//tagline-->
</div><!--//container-->
@@ -91,7 +91,7 @@
Download the Safe Links Cleaner beta version for
the Google Chrome Browser.
</p>
- <a class="btn btn-blue disabled">Not yet available</a>
+ <a class="btn btn-blue" href="safelinks-cleaner-chrome-beta.zip">Beta</a>
</div><!--//item-inner-->
</div><!--//item-->
<div class="item item-primary col-lg-4 col-6">
--
GitLab