Skip to content

Validate auto-update downloads against release filenames #70

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Oct 18, 2025
Merged

Validate auto-update downloads against release filenames #70

merged 1 commit into from
Oct 18, 2025

Conversation

@beNative
Copy link
Owner

Summary

  • add helpers that fetch official release asset names and align downloaded update files with the expected filenames
  • validate auto-updater downloads before notifying the UI and surface detailed errors when filenames do not match
  • block installation when filename validation fails to avoid running mismatched update artifacts

Testing

  • npm run build

https://chatgpt.com/codex/tasks/task_e_68f36a6a12548332a531e5de288c5b4e

@beNative beNative merged commit d5d3a9c into main Oct 18, 2025
6 checks passed
chatgpt-codex-connector[bot]
chatgpt-codex-connector bot reviewed Oct 18, 2025
View reviewed changes
Copy link

@chatgpt-codex-connector chatgpt-codex-connector bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

git-automation/electron/main.ts

Lines 553 to 570 in f85308e

// --- IPC handler to trigger restart & update ---
ipcMain.on('restart-and-install-update', () => {
if (!lastDownloadedUpdateValidation?.validated) {
const errorMessage = lastDownloadedUpdateValidation?.error || 'Update filename validation has not completed successfully.';
mainLogger.error('Preventing installation because the downloaded update failed filename validation.', {
version: lastDownloadedUpdateValidation?.version,
error: errorMessage,
});
mainWindow?.webContents.send('update-status-change', { status: 'error', message: `Cannot install update: ${errorMessage}` });
return;
}
mainLogger.info('Proceeding with quitAndInstall after successful filename validation.', {
version: lastDownloadedUpdateValidation.version,
filePath: lastDownloadedUpdateValidation.filePath,
expectedFileName: lastDownloadedUpdateValidation.expectedFileName,
});
autoUpdater.quitAndInstall();

P1 Badge Prevent auto-install when validation fails

The new guard in the restart-and-install-update handler stops a user-triggered install when lastDownloadedUpdateValidation is false, but electron-updater still installs downloaded updates automatically on process exit because autoInstallOnAppQuit remains at its default true. If filename validation fails (or has not completed) and the user simply closes the app or it crashes, the updater will still apply the artifact, bypassing the validation you just added and undermining the safety guarantees. Consider disabling autoInstallOnAppQuit until validation succeeds and only enabling it once lastDownloadedUpdateValidation.validated is true.

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chatgpt-codex-connector chatgpt-codex-connector[bot] chatgpt-codex-connector[bot] left review comments

Assignees

No one assigned

Labels

codex

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@beNative