Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: Use update-alternatives instead of symlinks for #7500 #7501

Merged
merged 10 commits into from
Apr 7, 2023
Merged

fix: Use update-alternatives instead of symlinks for #7500 #7501

Show file tree
Hide file tree
Changes from 8 commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
93f81a1
Issue #7500: Use update-alternatives instead of symlinks to executabl…
markizano Mar 25, 2023
663a57d
Adding changeset.
markizano Mar 25, 2023
bb6dbe8
husky: This came as a side effect of trying to commit.
markizano Mar 25, 2023
33fac7b
Merge remote-tracking branch 'upstream/master' into update-alternatives
markizano Apr 4, 2023
bce9606
If you use optionalDependencies instead, npm install works on Linux w…
markizano Apr 5, 2023
67b0dd4
Adding the results of the test since they changed these files.
markizano Apr 5, 2023
1a45b6c
Revert change from bce960618d144e5e327b9d2213353f2ae3025c31
markizano Apr 7, 2023
6eff1a0
Updated changeset and proposed change to avoid errors and easier cons…
markizano Apr 7, 2023
4097817
We need to continue to consider if update-alternatives is not present…
markizano Apr 7, 2023
ea5c970
Update snapshot after running test suite.
markizano Apr 7, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
23 changes: 23 additions & 0 deletions .changeset/use-update-alternatives-93f81a.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
---
"app-builder-lib": patch
---

Use `update-alternatives` when available.

## What is changing?
Test for `update-alternatives` in DEB based installations and use this whenever possible.
In this way, middleware and downstream projects and users can specify binaries of their
own priority that would override this programs' configured executable.

## Why is this changing?
Personally, I don't want apps running as myself or a privileged user in my system.
For this. I have a shell that is executed to drop permissions first, then execute the
selected software.
Electron apps don't conform to this since they link directly rather than using a linking
system.

This change is to ensure that system is used before resorting to direct links.

## How should this be consumed?
Simply update as normal and this package will switch to using update-alternatives.
This will allow middleware and end-users to better control the active executable.
8 changes: 6 additions & 2 deletions packages/app-builder-lib/templates/linux/after-install.tpl
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,11 @@
#!/bin/bash

# Link to the binary
ln -sf '/opt/${sanitizedProductName}/${executable}' '/usr/bin/${executable}'
# Remove previous link if it doesn't use update-alternatives
if [ `readlink "/usr/bin/${executable}"` != "/etc/alternatives/${executable}" ]; then
rm -f "/usr/bin/${executable}"
fi

update-alternatives --install '/usr/bin/${executable}' '${executable}' '/opt/${sanitizedProductName}/${executable}' 100
Copy link
Collaborator

@mmaietta mmaietta Apr 7, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We still need this check, right?

if type update-alternatives 2>/dev/null >&1; then
   update-alternatives --install '/usr/bin/${executable}' '${executable}' '/opt/${sanitizedProductName}/${executable}' 100

else
    ln -sf '/opt/${sanitizedProductName}/${executable}' '/usr/bin/${executable}'
fi

Or is that covered by != "/etc/alternatives/${executable}"?


# SUID chrome-sandbox for Electron 5+
chmod 4755 '/opt/${sanitizedProductName}/chrome-sandbox' || true
Expand Down
6 changes: 5 additions & 1 deletion packages/app-builder-lib/templates/linux/after-remove.tpl
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,8 @@
#!/bin/bash

# Delete the link to the binary
rm -f '/usr/bin/${executable}'
if type update-alternatives >/dev/null 2>&1; then
update-alternatives --remove '${executable}' '/usr/bin/${executable}'
else
rm -f '/usr/bin/${executable}'
fi
6 changes: 5 additions & 1 deletion test/snapshots/linux/debTest.js.snap
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -533,7 +533,11 @@ exports[`executable path in postinst script 5`] = `
"#!/bin/bash

# Link to the binary
ln -sf '/opt/foo/Boo' '/usr/bin/Boo'
if type update-alternatives 2>/dev/null >&1; then
update-alternatives --install '/usr/bin/Boo' 'Boo' '/opt/foo/Boo' 100
else
ln -sf '/opt/foo/Boo' '/usr/bin/Boo'
fi

# SUID chrome-sandbox for Electron 5+
chmod 4755 '/opt/foo/chrome-sandbox' || true
Expand Down