-
-
Notifications
You must be signed in to change notification settings - Fork 1.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[ERR] Auto-update raises access denied when acl is set to private for S3 #2355
Comments
Auto-update downloads file using public HTTP urls, not using API. Do you understand that your users will need to set credentials also? |
Yes, I understand this. I have aws cli credentials set up on my machine but auto update ignores them. Can you give me an advise on how to use aws module for auto updater instead of normal HTTPs. Thanks |
As far I see, you need to set https://www.npmjs.com/package/aws4 can be used to generate such header. Please try :)
|
Awesome man! Thanks for the help! I'll try it and report back |
OK here it is - the ultimate guide to having private s3 bucket, for anyone else who is interested in this. HOWTO: Main.js Step 1 - Import libraries
Step 2 - Set constants {
"build": {
"publish": {
"bucket": "BUCKET_NAME",
"path": "PATH/TO/FILES"
}
}
} Using it we define the following constants
Step 3 - Create signer
Step 4 - Update
Step 5 - Update
Hope this helps! |
@sProject I currently have a private S3 without all of this work. I simply have permissions set to getObject only for public but no write access. And have the aws credentials on my build laptop in my |
For us, hosting our tools (electron apps) on public accessible buckets is not an option. The given example didn't work with our region Solution: We use aws4 for request signing. and autoUpdater.on('checking-for-update', () => {
var opts = {
method: 'GET',
host: `${s3_bucket}.s3.amazonaws.com`,
path: latest_yml_path
};
signer.sign(opts);
autoUpdater.requestHeaders = opts.headers
}) becomes import * as aws4 from 'aws4';
import * as path from 'path'
const pkg = require('../../package');
autoUpdater.on('checking-for-update', () => {
const opts = {
service: 's3',
region: pkg.build.publish.region,
method: 'GET',
host: `s3-${pkg.build.publish.region}.amazonaws.com`,
path: path.join('/', pkg.build.publish.bucket, latest_yml_path)
};
aws4.sign(opts, {
accessKeyId: <AWS_ACCESS_KEY>,
secretAccessKey: <AWS_SECRET_ACCESS_KEY>
});
signer.sign(opts);
autoUpdater.requestHeaders = opts.headers
}) The same also works for the actual update. Question: Is there a way to write a custom Provider, or extends the existing GenericProvider to apply signing where it should actually happen |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
How come you have signer.sign(opts) after aws4.sign? Seems like you are signing with two different aws sdk versions? I'm having trouble with autoUpdater on my private repo:
Very reluctant to switch to a public repo... I've opened an issue here: |
sorry, my code had a bug, it's actually: import * as aws4 from 'aws4';
import * as path from 'path'
const pkg = require('../../package');
autoUpdater.on('checking-for-update', () => {
const opts = {
service: 's3',
region: pkg.build.publish.region,
method: 'GET',
host: `s3-${pkg.build.publish.region}.amazonaws.com`,
path: path.join('/', pkg.build.publish.bucket, latest_yml_path)
};
aws4.sign(opts, {
accessKeyId: <AWS_ACCESS_KEY>,
secretAccessKey: <AWS_SECRET_ACCESS_KEY>
});
// signer.sign(opts); --remove this line --
autoUpdater.requestHeaders = opts.headers
}) |
Thanks @marcolink ! Still having trouble with these blockmaps... |
Did you ever have trouble with the blockmap requests? I seem to need to create two more signing requests for the old blockmap and the new blockmap? Can I see your builder configs? |
Hi all, sorry to resurrect a closed issue (I can of course open a new one if preferred) but using the above configuration I receive the error: Error: net::ERR_TOO_MANY_REDIRECTS. Any ideas on what I might be doing wrong here? |
Referencing my above code - Error: net::ERR_TOO_MANY_REDIRECTS is the error in the development environment. When I build the app I get the following:
This leads me to believe I am constructing the opts object wrong. Super annoying! |
@JTInfinite, I was having the same SignatureDoesNotMatch issue with the code provided by @marcolink.
Change host and region following your values. |
I am having this exact issue but I didn't find a working solution. What is strange is that to find an existing version the Host is correctly set:
But to download the actual block map the host is not set anymore:
It seems like electron is copying signature information but not the Host information. Maybe this fix is not totally working: https://github.com/electron-userland/electron-builder/pull/4848/files Still searching where is the issue.... |
@Cyrillius : Did you try with exactly these options: region: "eu-west-1", I had to play around before finding these fields (less, more or distinct properties caused error). |
my options were:
with parameters:
and still have this kind of errors:
I have given up as on Linux platform there is no error and on windows it will the app completely but will work at the end. I tried your solution which is for me:
and still have this issue:
|
Does anthing worked on this ? |
Nowadays we still facing the same problem with version 6.1.4. |
Hi! I'm working on getting publishing for linux + auto update for AppImage to work with private s3 bucket and private AppImage. I have a very simple app that print its version... and that's about it. When I use S3Options and I set
acl
:public-read
everything works perfect. I'm also able to publish to the private s3 bucket and I'm able to setacl
:private
. However, I get an error access denied when I run the app and the app wants to check for updates. I have configured ~/.aws/credentials, I even tried setting env vars, nothing helps. Here is my logThe text was updated successfully, but these errors were encountered: