fix: Use update-alternatives instead of symlinks for #7500 (#7501)

* Issue #7500: Use update-alternatives instead of symlinks to executable if available. Where possible, use `update-alternatives` instead to avoid hardcoding links in Linux. This will allow for downstream users to specify paths to their own executables with higher priority if they wish. Backward compatibility is preserved by still using the symlinking route if the command `update-alternatives` is not available.
electron-userland · Apr 7, 2023 · e83dc81 · e83dc81
1 parent cd7b79f
commit e83dc81
Show file tree

Hide file tree

Showing 4 changed files with 46 additions and 5 deletions.
diff --git a/.changeset/use-update-alternatives-93f81a.md b/.changeset/use-update-alternatives-93f81a.md
@@ -0,0 +1,23 @@
+---
+"app-builder-lib": patch
+---
+
+Use `update-alternatives` when available.
+
+## What is changing?
+Test for `update-alternatives` in DEB based installations and use this whenever possible.
+In this way, middleware and downstream projects and users can specify binaries of their
+own priority that would override this programs' configured executable.
+
+## Why is this changing?
+Personally, I don't want apps running as myself or a privileged user in my system.
+For this. I have a shell that is executed to drop permissions first, then execute the
+selected software.
+Electron apps don't conform to this since they link directly rather than using a linking
+system.
+
+This change is to ensure that system is used before resorting to direct links.
+
+## How should this be consumed?
+Simply update as normal and this package will switch to using update-alternatives.
+This will allow middleware and end-users to better control the active executable.
diff --git a/packages/app-builder-lib/templates/linux/after-install.tpl b/packages/app-builder-lib/templates/linux/after-install.tpl
@@ -1,7 +1,14 @@
 #!/bin/bash
 
-# Link to the binary
-ln -sf '/opt/${sanitizedProductName}/${executable}' '/usr/bin/${executable}'
+if type update-alternatives 2>/dev/null >&1; then
+    # Remove previous link if it doesn't use update-alternatives
+    if [ -L '/usr/bin/${executable}' -a -e '/usr/bin/${executable}' -a "`readlink '/usr/bin/${executable}'`" != '/etc/alternatives/${executable}' ]; then
+      rm -f '/usr/bin/${executable}'
+    fi
+    update-alternatives --install '/usr/bin/${executable}' '${executable}' '/opt/${sanitizedProductName}/${executable}' 100
+else
+    ln -sf '/opt/${sanitizedProductName}/${executable}' '/usr/bin/${executable}'
+fi
 
 # SUID chrome-sandbox for Electron 5+
 chmod 4755 '/opt/${sanitizedProductName}/chrome-sandbox' || true

diff --git a/packages/app-builder-lib/templates/linux/after-remove.tpl b/packages/app-builder-lib/templates/linux/after-remove.tpl
@@ -1,4 +1,8 @@
 #!/bin/bash
 
 # Delete the link to the binary
-rm -f '/usr/bin/${executable}'
+if type update-alternatives >/dev/null 2>&1; then
+    update-alternatives --remove '${executable}' '/usr/bin/${executable}'
+else
+    rm -f '/usr/bin/${executable}'
+fi
diff --git a/test/snapshots/linux/debTest.js.snap b/test/snapshots/linux/debTest.js.snap
@@ -538,8 +538,15 @@ exports[`executable path in postinst script 4`] = `"Test Application (test quite
 exports[`executable path in postinst script 5`] = `
 "#!/bin/bash
 
-# Link to the binary
-ln -sf '/opt/foo/Boo' '/usr/bin/Boo'
+if type update-alternatives 2>/dev/null >&1; then
+    # Remove previous link if it doesn't use update-alternatives
+    if [ -L '/usr/bin/Boo' -a -e '/usr/bin/Boo' -a \\"\`readlink '/usr/bin/Boo'\`\\" != '/etc/alternatives/Boo' ]; then
+      rm -f '/usr/bin/Boo'
+    fi
+    update-alternatives --install '/usr/bin/Boo' 'Boo' '/opt/foo/Boo' 100
+else
+    ln -sf '/opt/foo/Boo' '/usr/bin/Boo'
+fi
 
 # SUID chrome-sandbox for Electron 5+
 chmod 4755 '/opt/foo/chrome-sandbox' || true