fix: use resource allowlist generation

BUILD.gn

@@ -13,6 +13,7 @@ import("//third_party/ffmpeg/ffmpeg_options.gni")
 import("//tools/generate_library_loader/generate_library_loader.gni")
 import("//tools/grit/grit_rule.gni")
 import("//tools/grit/repack.gni")
+import("//tools/resources/generate_resource_allowlist.gni")
 import("//tools/v8_context_snapshot/v8_context_snapshot.gni")
 import("//v8/gni/snapshot_toolchain.gni")
 import("build/asar.gni")
@@ -723,6 +724,18 @@ source_set("electron_lib") {
   }
 }
 
+_electron_resource_allowlist = "$target_gen_dir/electron_resource_allowlist.txt"
+
+if (enable_resource_allowlist_generation) {
+  generate_resource_allowlist("resource_allowlist") {
+    deps = [ ":electron_framework+link_nested" ]
+    inputs = [
+      "$target_out_dir/electron_framework_shared_library/Electron Framework",
+    ]
+    output = _electron_resource_allowlist
+  }
+}
+
 electron_paks("packed_resources") {
   if (is_mac) {
     output_dir = "$root_gen_dir/electron_repack"
@@ -730,6 +743,11 @@ electron_paks("packed_resources") {
   } else {
     output_dir = root_out_dir
   }
+
+  if (enable_resource_allowlist_generation) {
+    repack_allowlist = _electron_resource_allowlist
+    deps = [ ":resource_allowlist" ]
+  }
 }
 
 if (is_mac) {
@@ -857,10 +875,11 @@ if (is_mac) {
     deps = [
       ":electron_angle_library",
       ":electron_framework_libraries",
-      ":electron_framework_resources",
       ":electron_swiftshader_library",
       ":electron_xibs",
     ]
+
+    bundle_deps = [ ":electron_framework_resources" ]
     if (!is_mas_build) {
       deps += [ ":electron_crashpad_helper" ]
     }
@@ -900,7 +919,7 @@ if (is_mac) {
       assert(defined(invoker.helper_name_suffix))
 
       output_name = electron_helper_name + invoker.helper_name_suffix
-      deps = [ ":electron_framework+link" ]
+      deps = [ ":electron_framework+link_nested" ]
       if (!is_mas_build) {
         deps += [ "//sandbox/mac:seatbelt" ]
       }

build/args/all.gn

@@ -35,3 +35,5 @@ is_cfi = false
 allow_runtime_configurable_key_storage = true
 
 enable_cet_shadow_stack = false
+
+enable_resource_allowlist_generation = true

electron_paks.gni

@@ -12,7 +12,7 @@ template("electron_repack_percent") {
     forward_variables_from(invoker,
                            [
                              "copy_data_to_bundle",
-                             "repack_whitelist",
+                             "repack_allowlist",
                              "visibility",
                            ])
 
@@ -49,7 +49,7 @@ template("electron_extra_paks") {
     forward_variables_from(invoker,
                            [
                              "copy_data_to_bundle",
-                             "repack_whitelist",
+                             "repack_allowlist",
                              "visibility",
                            ])
     output = "${invoker.output_dir}/resources.pak"
@@ -130,7 +130,7 @@ template("electron_paks") {
                              "copy_data_to_bundle",
                              "deps",
                              "output_dir",
-                             "repack_whitelist",
+                             "repack_allowlist",
                              "visibility",
                            ])
   }
@@ -143,7 +143,7 @@ template("electron_paks") {
                                "copy_data_to_bundle",
                                "deps",
                                "output_dir",
-                               "repack_whitelist",
+                               "repack_allowlist",
                                "visibility",
                              ])
     }
@@ -155,7 +155,7 @@ template("electron_paks") {
                              "copy_data_to_bundle",
                              "deps",
                              "output_dir",
-                             "repack_whitelist",
+                             "repack_allowlist",
                              "visibility",
                            ])
     if (defined(invoker.additional_extra_paks)) {
@@ -170,10 +170,10 @@ template("electron_paks") {
                              "deps",
                              "visibility",
                            ])
-    if (defined(invoker.locale_whitelist)) {
-      repack_whitelist = invoker.locale_whitelist
-    } else if (defined(invoker.repack_whitelist)) {
-      repack_whitelist = invoker.repack_whitelist
+    if (defined(invoker.locale_allowlist)) {
+      repack_allowlist = invoker.locale_allowlist
+    } else if (defined(invoker.repack_allowlist)) {
+      repack_allowlist = invoker.repack_allowlist
     }
 
     source_patterns = [
@@ -189,7 +189,10 @@ template("electron_paks") {
       "${root_gen_dir}/ui/strings/ax_strings_",
       "${root_gen_dir}/ui/strings/ui_strings_",
     ]
-    deps = [
+    if (!defined(deps)) {
+      deps = []
+    }
+    deps += [
       "//chrome/app:generated_resources",
       "//chrome/app/resources:locale_settings",
       "//chrome/app/resources:platform_locale_settings",

patches/chromium/.patches

@@ -108,3 +108,4 @@ build_disable_partition_alloc_on_mac.patch
 fix_non-client_mouse_tracking_and_message_bubbling_on_windows.patch
 build_make_libcxx_abi_unstable_false_for_electron.patch
 introduce_ozoneplatform_electron_can_call_x11_property.patch
+permit_resource_allowlist_generation_on_all_platforms.patch

patches/chromium/permit_resource_allowlist_generation_on_all_platforms.patch

@@ -0,0 +1,48 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Jeremy Rose <nornagon@nornagon.net>
+Date: Thu, 14 Apr 2022 13:06:02 -0700
+Subject: permit resource allowlist generation on all platforms
+
+This adds (somewhat shaky) support for resource allowlist generation on mac and
+linux. Or at least, removes some barriers to experimenting with same.
+
+
+diff --git a/build/toolchain/gcc_toolchain.gni b/build/toolchain/gcc_toolchain.gni
+index 84e83c0dc8eb41f3330adf6df95d11384fbbc98d..462b2586179e00aefae35034c1154e9399ba8cf7 100644
+--- a/build/toolchain/gcc_toolchain.gni
++++ b/build/toolchain/gcc_toolchain.gni
+@@ -48,9 +48,9 @@ if (enable_resource_allowlist_generation) {
+   assert(
+       !is_component_build,
+       "enable_resource_allowlist_generation=true requires is_component_build=false")
+-  assert(
+-      target_os == "android" || target_os == "win",
+-      "enable_resource_allowlist_generation=true does not work for target_os=$target_os")
++#  assert(
++#      target_os == "android" || target_os == "win",
++#      "enable_resource_allowlist_generation=true does not work for target_os=$target_os")
+ }
+ 
+ # This template defines a toolchain for something that works like gcc
+diff --git a/tools/resources/generate_resource_allowlist.py b/tools/resources/generate_resource_allowlist.py
+index 3fb5ca91e1b3096d650598a98af99f9eda4a1aff..e81c25504141fa6aec569905e78de21b50e4817c 100755
+--- a/tools/resources/generate_resource_allowlist.py
++++ b/tools/resources/generate_resource_allowlist.py
+@@ -123,7 +123,7 @@ def WriteResourceAllowlist(args):
+     with open(input, 'rb') as f:
+       magic = f.read(4)
+       chunk = f.read(60)
+-    if magic == b'\x7fELF':
++    if magic == b'\x7fELF' or magic == b'\xcf\xfa\xed\xfe':
+       func = GetResourceAllowlistELF
+     elif magic == b'Micr':
+       func = GetResourceAllowlistPDB
+@@ -139,7 +139,7 @@ def WriteResourceAllowlist(args):
+   if len(resource_ids) < 100:
+     raise Exception('Suspiciously few resources found. Likely an issue with '
+                     'the regular expression in this script. Found: ' +
+-                    ','.join(sorted(resource_ids)))
++                    ','.join(map(str, sorted(resource_ids))))
+   for id in sorted(resource_ids):
+     args.output.write(str(id) + '\n')
+