Package Details: owasp-threat-dragon v1.2-3

Git Clone URL: (read-only, click to copy)
Package Base: owasp-threat-dragon
Description: Electron Threat Modelling and diagramming tool by Mike Goodwin @ OWASP
Upstream URL:
Licenses: Apache-2.0
Conflicts: owasp-threat-dragon
Provides: owasp-threat-dragon
Submitter: ulidtko
Maintainer: ulidtko
Last Packager: ulidtko
Votes: 2
Popularity: 0.61
First Submitted: 2020-05-22 23:24 (UTC)
Last Updated: 2020-11-16 13:13 (UTC)

Dependencies (5)

Required by (0)

Sources (4)

Latest Comments

mynacol commented on 2021-11-20 11:50 (UTC)

@ulidtko I just looked at this package again. I cleaned the directories and reran makepkg -f without issues, just like the first time…

I guess you already have tried building again? The filesystem on this machine is ext4, maybe a more exotic one introduces problems? Otherwise idk

ulidtko commented on 2021-11-04 10:03 (UTC) (edited on 2021-11-04 10:05 (UTC) by ulidtko)

@mynacol thanks; patch LGTM. During testing it, I stumble again over the test suite failing during makepkg:

> threat-dragon-desktop@1.5.8 test
> ./node_modules/.bin/karma start --single-run --browsers Electron

(node:1082049) Warning: Accessing non-existent property 'VERSION' of module exports inside circular dependency
(Use `node --trace-warnings ...` to show where the warning was created)
03 11 2021 18:29:25.182:ERROR [framework.browserify]: bundle error
03 11 2021 18:29:25.188:ERROR [framework.browserify]: SyntaxError: Unexpected token, expected ; (2:11) while parsing file: /home/ulidtko/.cache/makepkg/owasp-threat-dragon/src/owasp-threat-dragon/td.desktop/test/core/threatmodels/test-model.json

The json file is there and well-formed, so the error message is nonsense. But the karma browserify step fails, of course failing the overall test-suite.

Curiously, the exact same command, npm test test:desktop:

  • is passing all-green when run directly in the git clone by hand;
  • is failing as above when run from PKGBUILD check() during makepkg.

The corresponding log section for a manual npm test test:desktop (which passes) looks like this:

> threat-dragon-desktop@1.5.8 test
> ./node_modules/.bin/karma start --single-run --browsers Electron

(node:1084144) Warning: Accessing non-existent property 'VERSION' of module exports inside circular dependency
(Use `node --trace-warnings ...` to show where the warning was created)
03 11 2021 18:39:14.219:INFO [framework.browserify]: bundle built
03 11 2021 18:39:14.300:INFO [karma-server]: Karma v6.3.4 server started at http://localhost:5858/
03 11 2021 18:39:14.301:INFO [launcher]: Launching browsers Electron with concurrency unlimited
03 11 2021 18:39:14.350:INFO [launcher]: Starting browser Electron
03 11 2021 18:39:16.251:INFO [Electron 9.4.4 (Node 12.14.1)]: Connected on socket 8uCYloXIptMhaBVcAAAB with id 76939034

The reason for this difference in behavior escapes me. I had captured Karma debug logs for both cases, and see quite a few differences in bundle load order and composition... though many files do match, exactly with hashes. Any ideas?..

mynacol commented on 2021-11-03 11:58 (UTC)

@ulidtko I cleaned up the PKGBUILD and updated the package to 1.5.8. I believe jq is now not needed anymore. The .desktop file is modified to be as similar as the one electron-builder produces (but only in packaged archives). I attach the patch below:

diff --git a/PKGBUILD b/PKGBUILD
index 0adade7..c6d8d38 100644
@@ -2,68 +2,41 @@

 # Maintainer: Max Ulidtko <>
 pkgdesc="Electron Threat Modelling and diagramming tool by Mike Goodwin @ OWASP"
 optdepends=('hunspell-en_US: spell checking')
-makedepends=('git' 'npm' 'jq')
+makedepends=('git' 'npm')
-        relax-coverage-thresholds.patch
-            '822d2385b2e781d105396ca2dea44990b65cbe2919b6c6afde67522be1ffcaab'
-            'ff6ea4a92aa33fe163e0618f89f334cbe8fee87e474baf769d2e921bc218b350'
-            '90e4d6d754d2cecc70cec11375e692ffd5e27cc310f269967dcb5c1df1f015e1')
-pkgver() {
-    cd "$srcdir/${pkgname}"
-    git describe --tags
-prepare() {
-    cd "$srcdir/${pkgname}"
-    patch -p1 -i "$srcdir/relax-coverage-thresholds.patch"
-prune_absolute_paths() {
-    # somehow, sshpk package hardcodes absolute paths into its package.json
-    for module in sshpk; do
-        local target="node_modules/${module}/package.json"
-        jq 'del(.man)' "$target" >tmp.json
-        mv tmp.json "$target"
-    done
+            '8831890784a933694822121391e09826c7479d3a2f5a72569576459335f553d4'
+            '4f1a64a0add6e3668e6236e561fe458d49aa8d0710bf9d68368f99b2adde6053')

 build() {
     cd "$srcdir/${pkgname}"
     npm install --no-audit --no-progress --no-fund
-    npm install --no-audit --no-progress --no-fund \
-        electron@"$(</usr/lib/electron5/version)"
-    prune_absolute_paths
-    npm run-script pretest
-    npm run-script build-content
-    npx electron-builder build --linux --dir \
-        --config electron-builder.json \
-        -c.electronDist=/usr/lib/electron5 \
-        -c.electronVersion="$(</usr/lib/electron5/version)"
+    npm run build
+    cd "td.desktop"
+    npx electron-builder build --dir \
+        --config=electron-builder.json \
+        -c.electronDist=/usr/lib/electron9 \
+        -c.electronVersion="$(</usr/lib/electron9/version)"

 check() {
     cd "$srcdir/${pkgname}"
-    npm test
+    npm test test:desktop
     rm -rf coverage

@@ -72,10 +45,10 @@ package() {
     install -Dm644 -t "${pkgdir}/usr/share/applications" "threat-dragon.desktop"
     install -Dm644 -t "${pkgdir}/usr/share/licenses/${pkgname}" "${pkgname}"/LICENSE.txt

-    cd "${pkgname}"
+    cd "${pkgname}/td.desktop"
     install -Dm644 "installers/linux-unpacked/resources/app.asar" "${pkgdir}/usr/share/${pkgname}.asar"

-    cd content/icons/png
+    cd public/content/icons/png
     for res in *x*.png; do
         install -Dm644 "$res" \
diff --git a/relax-coverage-thresholds.patch b/relax-coverage-thresholds.patch
deleted file mode 100644
index 8c5cc46..0000000
--- a/relax-coverage-thresholds.patch
+++ /dev/null
@@ -1,19 +0,0 @@
-I've honestly no idea why coverage goes down in makepkg build.
-When tried manually via npx karma start, it passes the all-90+ mark somehow.
-diff --git i/karma.conf.js w/karma.conf.js
-index 77b45bb..752a454 100644
---- i/karma.conf.js
-+++ w/karma.conf.js
-@@ -54,8 +54,8 @@ module.exports = function(config) {
-     //config for threshhold reporter
-     thresholdReporter: {
-       statements: 90,
--      branches: 90,
--      functions: 90,
-+      branches: 85,
-+      functions: 85,
-       lines: 90
-     },
diff --git a/threat-dragon b/threat-dragon
index 1bc5d76..919b12a 100755
--- a/threat-dragon
+++ b/threat-dragon
@@ -1,2 +1,2 @@
-exec electron5 /usr/share/owasp-threat-dragon.asar "$@"
+exec electron9 /usr/share/owasp-threat-dragon.asar "$@"
diff --git a/threat-dragon.desktop b/threat-dragon.desktop
index fd3b59d..2d1f102 100644
--- a/threat-dragon.desktop
+++ b/threat-dragon.desktop
@@ -1,9 +1,9 @@
 [Desktop Entry]
 Name=OWASP Threat Dragon
-Comment=Electron Desktop app
+Exec=threat-dragon %U
+Comment=OWASP Threat Dragon desktop version

Kaiya commented on 2021-10-23 09:53 (UTC) (edited on 2021-10-23 09:57 (UTC) by Kaiya)

Sorry, I forgot to turn on notifications, thanks for maintaining :) Works atm

ulidtko commented on 2020-11-16 13:20 (UTC)

@Kaiya, OK I've reproduced the error locally and fixed it. Please give it another try! Sorry for the issues, and thanks for letting me know they existed.

ulidtko commented on 2020-11-16 12:57 (UTC)

@Kaiya I've added jq to makedepends, thanks. Which missing node-module, could you show the error message?

Kaiya commented on 2020-11-16 09:33 (UTC)

Can you please add jq to the dependencies? Also, after installing jq the installation aborted due to a missing node-module. I'd therefore rather clone the package from github, but I appreciate its existence in AUR :)