feat: add support for validating asar archives on macOS #30667
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
MarshallOfSound
added
no-backport
semver/minor
MarshallOfSound
force-pushed
the
validate-asar
branch
from
cc81420
to
e0e6015
Compare
nornagon
previously approved these changes
Aug 25, 2021
miniak
reviewed
Aug 26, 2021
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
MarshallOfSound
dismissed
nornagon’s stale review
implementation has changed substantially
…ntegrity was not loaded
nornagon
requested changes
Sep 7, 2021
itsananderson
approved these changes
Sep 9, 2021
|
Release Notes Persisted
|
|
I have automatically backported this PR to "15-x-y", please check out #30900 |
indutny-signal
added a commit
to indutny-signal/electron-builder
that referenced
this pull request
Dec 22, 2021
indutny-signal
added a commit
to indutny-signal/electron-builder
that referenced
this pull request
Dec 22, 2021
indutny-signal
added a commit
to indutny-signal/electron-builder
that referenced
this pull request
Dec 22, 2021
indutny-signal
added a commit
to indutny-signal/electron-builder
that referenced
this pull request
Jan 5, 2022
mmaietta
pushed a commit
to electron-userland/electron-builder
that referenced
this pull request
Jan 7, 2022
* feat(mac): ElectronAsarIntegrity in electron@15 See: electron/electron#30667 Fix: #6506 Fix: #6507
mmaietta
added a commit
to electron-userland/electron-builder
that referenced
this pull request
Jan 16, 2022
* Adding INPUTxxx and OUTPUTxxx CHARSETS to makensis Fixes: #4898 #6232 #6259 * Adding additional details to error console logging * Breaking change: Removing Bintray support since it was sunset. Ref: https://jfrog.com/blog/into-the-sunset-bintray-jcenter-gocenter-and-chartcenter/ * fix: force strip path separators for backslashes on Windows * fix: Force authentication for local Mac Squirrel update server * Breaking Change: Fail-fast for signature verification failures. Adding `-LiteralPath` to update file for injected wildcards * Adding changeset and eslint * Fix error: `-OUTPUTCHARSET is disabled for non Win32 platforms.` * feat(mac): ElectronAsarIntegrity in electron@15 (#6511) * feat(mac): ElectronAsarIntegrity in electron@15 See: electron/electron#30667 Fix: #6506 Fix: #6507 * fix(msi): MSI fails to install when deployed machine-wide via GPO (#6514) * fix(msi): MSI fails to install when deployed machine-wide via GPO * Disable advertised shortcuts, since MSIs with advertised Start Menu shortcuts that have a Shortcut Property fails to install when deployed machine-wide via GPO but works fine in all other contexts. This might be a bug in Windows or a misdiagnosis; see #6508 for more details. Closes #6508 * BREAKING CHANGE: Admins using advertisement must apply an MST to re-enable it. See #6508. * Don't set GitHub Releases draft title since it automatically pulls it from tag name. Fixes #3683 * feat(snap): add lzo to Snap compression options (also as new default) (#6201) * feat(msi): add fileAssociation support for MSI target (#6530) * fix(win): iconId sometimes containing invalid characters, and iconId config option being ignored. * fix(msi): change the fallback value for generated MSI Ids to a unique string for the product. * BREAKING CHANGE: remove MSI option `iconId` * fix: stabilizing tests by moving updater tests to its own node to explicitly segment env.___TOKEN integration tests from other standard unit tests * chore: synchronizing docs and schema plus prettier * Adding changset to set as alpha * Updating changeset documentation * feat(msi): support assisted installer for MSI target (#6550) * Add basic support for assisted installer, with UI to choose between per-user and per-machine. Supported config settings: runAfterFinish, perMachine, oneClick. Not supported: license (EULA), allowToChangeInstallationDirectory, etc. Also prevent oneClick's runAfterFinish from executing when installed silently. Co-authored-by: Fedor Indutny <79877362+indutny-signal@users.noreply.github.com> Co-authored-by: Alex Plumley <alex+git@aplum.ca> Co-authored-by: Mike Maietta <mmaietta@outlook.com> Co-authored-by: Omer Akram <om26er@gmail.com> Co-authored-by: Maximilian Federle <max.federle@gmail.com>
mergify bot
pushed a commit
to enso-org/enso
that referenced
this pull request
Apr 21, 2022
[ci no changelog needed] [Task link](https://www.pivotaltracker.com/story/show/181944234). It fixes the build issue on Mac OS 12.3.1 that is caused by removed `/usr/bin/python` executable. Also applied `enso-formatter` to the sources. # Important Notes We're basically updating for one major `electron-builder` release - from `v22` to `v23`. I didn't spot anything in the changelog that could affect us. See features + breaking changes excerpt: ``` Features: - feat(msi): add fileAssociation support for MSI target (electron-userland/electron-builder#6530) - feat(mac): ElectronAsarIntegrity in electron@15 - See: electron/electron#30667 (electron-userland/electron-builder#6506 electron-userland/electron-builder#6507) - feat(snap): add lzo to Snap compression options (also as new default) (electron-userland/electron-builder#6201) Upgraded app-builder-bin dependency required newer version of Go - feat(msi): support assisted installer for MSI target (electron-userland/electron-builder#6550) Breaking changes: - Removing Bintray support since it was sunset. Ref: https://jfrog.com/blog/into-the-sunset-bintray-jcenter-gocenter-and-chartcenter/ - Fail-fast for windows signature verification failures. Adding -LiteralPath to update file path to disregard injected wildcards - Force strip path separators for backslashes on Windows during update process - Authentication for local mac squirrel update server - Disabled advertised shortcuts, since MSIs with advertised Start Menu shortcuts that have a Shortcut Property fails to install when deployed machine-wide via GPO but works fine in all other contexts. Admins using advertisement must apply an MST to re-enable it. See electron-userland/electron-builder#6508. - Removing optional NSIS icon ID from config and generating it automatically to synchronize IDs with Advertised Shortcuts and future features ```
93 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is a fun one, the current trust model of a code signed Electron app on macOS is as follows.
OS --> Trusts
MyApp.appbecause code sign --> Loadsapp.asarbecause on diskThe
app.asarfile is not actually validated when it is loaded or when the app is launched (well it's validated once when you first launch the downloaded app but future modifications are ignored). With hardened runtime in macOS 10.14 theMyApp.appis validated every time it launches / runs but theapp.asarfile is not.In order to protect things like keychain secrets we need to be able to validate the
app.asarfile before loading it, there are a few ways to do this but the best one that works for both DDL and MAS versions of Electron and in theory can be extended to other platforms is what is described here. This PR adds two fuses to enforce this new behavior with the theory that one day both of these will become enabled by default in packaged apps.embedded_asar_integrity_validation- Validates the ASAR using the hash chain system outlined in the doc linked above. Any ASAR inside the primary app bundle will be validated, any ASAR loaded from outside the bundle will not be validatedonly_load_app_from_asar- Controls whether Electron searches through multiple paths (app.asar, app, default_app.asar) for your application or when this fuse is disabled Electron will only load your app fromapp.asar. Enabled by default.Notes: Added an Electron Fuse for enforcing code signatures on the
app.asarfile your application loads. Requires the latestasarmodule.