Docs for verifying checksum manually

[strikeflare]

• Version:
  Electron Builder: ^20.39.0
  Electron Updater: ^4.0.6

• Target: Windows
  electron-builder build -c build/build-config.prod.yaml --win --ia32 --x64 -p always

There is already a closed issue 3119, which asks the same question but I don't understand how I can verify the checksum of an NSIS installer made by Electron-Builder manually.

If I have following checksum in latest.yml:
ZkkPBBqhX8vkq71iTcV+xvKyqcVCVVSpBDkQujDeMyzrp4tFCsW0KwTQBJXcJVuaxYyhCKNTA7t4RL0AhnyMrg==

And a NSIS installer myElectronInstaller.exe:

When I check the installer with OpenSSL:
openssl dgst -sha512 .\myElectronInstaller.exe

Or with Powershell:
Get-FileHash -Path .\resources\myElectronInstaller.exe -Algorithm SHA512

I will get a different result:
c4f0c2e3bb0add9f5ece7431901d7f09972661ec6e856c27c133be6a253223ed2b1ce4a1ac933383b7292547e6aec784286f31f183bba5762ad73fd99c299690

Is there any documentation how an user can verify the checksum? Or how Electron Auto Updater verifies the checksum after he has downloaded an update?

Thanks for helping me out.

[lihai]

here is the code that I found in electron-updater source, you can use this snippet to get the correct hash with base64 encoding.

function hashFile(file, algorithm = "sha512", encoding = "base64", options) {
return new Promise((resolve, reject) => {
const hash = crypto.createHash(algorithm);
hash.on("error", reject).setEncoding(encoding);
fs.createReadStream(file, Object.assign({}, options, {
highWaterMark: 1024 * 1024
/* better to use more memory but hash faster */

})).on("error", reject).on("end", () => {
  hash.end();
  console.log('hash done');
  resolve(hash.read());
}).pipe(hash, {
  end: false
});

});
}

[Nantris]

@lihai thanks a ton for this!

Here's complete and ready to use code based on that to log the checksum:

const path = require('path');
const fs = require('fs');
const crypto = require('crypto');

const YOUR_FILE_PATH = '';  //  POPULATE THIS

function hashFile(file, algorithm = 'sha512', encoding = 'base64', options) {
  return new Promise((resolve, reject) => {
    const hash = crypto.createHash(algorithm);
    hash.on('error', reject).setEncoding(encoding);
    fs.createReadStream(
      file,
      Object.assign({}, options, {
        highWaterMark: 1024 * 1024,
        /* better to use more memory but hash faster */
      })
    )
      .on('error', reject)
      .on('end', () => {
        hash.end();
        console.log('hash done');
        console.log(hash.read());
        resolve(hash.read());
      })
      .pipe(
        hash,
        {
          end: false,
        }
      );
  });
}

const installerPath = path.resolve(
  __dirname,
  YOUR_FILE_PATH
);

hashFile(installerPath);

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[Slach]

for google "how to extract sha512 from latest.yaml"
there is quick onliner receipe to extract

grep sha512 latest.yml | tail -n 1 | cut -d " " -f 2 | base64 -d |  hexdump -ve '1/1 "%.2x"'

[lyxxxh]

已解决 是我打包了同样的版本
只上传了软件, 但latest.yml我未重新上传。

过程

通过#3913 (comment) 提供的脚本。

我发现打包后的软件 hash 与 oss 的 latest.yml 不一致, 才意识到我忘记上传 latest.yml。

[sakirsensoy]

openssl dgst -sha512 -binary YOUR_FILE_PATH.(dmg or exe) | openssl base64