Auto-Updater may fail for signed electron apps #116

* Update metadata with info for signed windows build

Jenkinsfile

@@ -132,6 +132,7 @@ spec:
                         unstash 'win'
                         script {
                             signInstaller('exe', 'winsign')
+                            updateMetadata('../dist/TheiaBlueprint.exe', '../dist/latest.yml')
                             uploadInstaller('windows')
                         }
                     }
@@ -203,6 +204,10 @@ def notarizeInstaller(String ext) {
     }
 }
 
+def updateMetadata(String executable, String yaml) {
+    sh "yarn electron update:checksum -e ${executable} -y ${yaml}"
+}
+
 def uploadInstaller(String platform) {
     if (env.BRANCH_NAME == releaseBranch) {
         def packageJSON = readJSON file: "package.json"

applications/electron/package.json

@@ -79,6 +79,8 @@
   },
   "devDependencies": {
     "@theia/cli": "1.14.0",
+    "@types/js-yaml": "^3.12.0",
+    "@types/yargs": "^17.0.2",
     "@wdio/cli": "^6.10.2",
     "@wdio/local-runner": "^6.10.2",
     "@wdio/mocha-framework": "^6.8.0",
@@ -90,10 +92,13 @@
     "electron-builder": "^22.8.0",
     "electron-chromedriver": "9.0.0",
     "electron-mocha": "^9.3.2",
+    "js-yaml": "^3.12.0",
     "mocha": "^8.2.1",
     "rimraf": "^2.7.1",
+    "ts-node": "^10.0.0",
     "wdio-chromedriver-service": "^6.0.4",
-    "webdriverio": "^6.10.2"
+    "webdriverio": "^6.10.2",
+    "yargs": "^17.0.1"
   },
   "scripts": {
     "prepare": "yarn build && yarn download:plugins",
@@ -107,6 +112,7 @@
     "package": "yarn clean:dist && electron-builder -c.mac.identity=null --publish never",
     "deploy": "yarn clean:dist && electron-builder -c.mac.identity=null --publish always",
     "package:preview": "yarn clean:dist && electron-builder --dir",
+    "update:checksum": "ts-node scripts/update-checksum.ts",
     "download:plugins": "theia download:plugins",
     "test": "mocha --timeout 60000 \"./test/*.spec.js\""
   },

applications/electron/scripts/update-checksum.ts

@@ -0,0 +1,97 @@
+/********************************************************************************
+ * Copyright (C) 2021 EclipseSource and others.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0 which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the Eclipse
+ * Public License v. 2.0 are satisfied: GNU General Public License, version 2
+ * with the GNU Classpath Exception which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ ********************************************************************************/
+import * as crypto from 'crypto';
+import * as fs from 'fs';
+import * as jsyaml from 'js-yaml';
+import * as path from 'path';
+import { hideBin } from 'yargs/helpers';
+import yargs from 'yargs/yargs';
+
+
+const argv = yargs(hideBin(process.argv))
+    .option('executable', { alias: 'e', type: 'string', default: '../dist/TheiaBlueprint.AppImage', desription: 'The executable for which the checksum needs to be updated' })
+    .option('yaml', { alias: 'y', type: 'string', default: '../dist/latest-linux.yml', desription: 'The yaml file where the checksum needs to be updated' })
+    .version(false)
+    .wrap(120)
+    .parseSync();
+
+execute();
+
+async function execute(): Promise<void> {
+    const executable = argv.executable;
+    const yaml = argv.yaml;
+
+    const executablePath = path.resolve(
+        __dirname,
+        executable
+    );
+
+    const yamlPath = path.resolve(
+        __dirname,
+        yaml
+    );
+
+    console.log('Exe: ' + executablePath + '; Yaml: ' + yamlPath)
+
+    const hash = await hashFile(executablePath, 'sha512', 'base64', {});
+    const size = fs.statSync(executablePath).size
+
+    const yamlContents: string = fs.readFileSync(yamlPath, { encoding: 'utf8' })
+    const latestYaml: any = jsyaml.safeLoad(yamlContents);
+    latestYaml.sha512 = hash;
+    for (const file of latestYaml.files) {
+        file.sha512 = hash;
+        file.size = size;
+    }
+
+    //line width -1 to avoid adding >- on long strings like a hash
+    const newYamlContents = jsyaml.dump(latestYaml, { lineWidth: -1 });
+    fs.writeFileSync(yamlPath, newYamlContents);
+}
+
+function hashFile(file: fs.PathLike, algorithm = 'sha512', encoding: BufferEncoding = 'base64', options: string | {
+    flags?: string;
+    encoding?: BufferEncoding;
+    fd?: number;
+    mode?: number;
+    autoClose?: boolean;
+    emitClose?: boolean;
+    start?: number;
+    end?: number;
+    highWaterMark?: number;
+}): Promise<any> {
+    return new Promise((resolve, reject) => {
+        const hash = crypto.createHash(algorithm);
+        hash.on('error', reject).setEncoding(encoding);
+        fs.createReadStream(
+            file,
+            Object.assign({}, options, {
+                highWaterMark: 1024 * 1024,
+            })
+        )
+            .on('error', reject)
+            .on('end', () => {
+                hash.end();
+                resolve(hash.read());
+            })
+            .pipe(
+                hash,
+                {
+                    end: false,
+                }
+            );
+    });
+}