Claude Desktop 1.20186.1 (patch release 2)
This release provides Claude Desktop version 1.20186.1 pre-patched for Linux.
Installation Options
Arch Linux (AUR)
yay -S claude-desktop-binDebian/Ubuntu (APT Repository — recommended)
curl -fsSL https://patrickjaja.github.io/claude-desktop-bin/install.sh | sudo bash
sudo apt install claude-desktop-binDebian/Ubuntu (manual .deb)
# x86_64
sudo apt install ./claude-desktop-bin_1.20186.1-2_amd64.deb
# ARM64
sudo apt install ./claude-desktop-bin_1.20186.1-2_arm64.debFedora/RHEL (RPM Repository — recommended)
curl -fsSL https://patrickjaja.github.io/claude-desktop-bin/install-rpm.sh | sudo bash
sudo dnf install claude-desktop-binFedora/RHEL (manual .rpm)
# x86_64
sudo dnf install ./claude-desktop-bin-1.20186.1-2.x86_64.rpm
# ARM64
sudo dnf install ./claude-desktop-bin-1.20186.1-2.aarch64.rpmNixOS / Nix
nix run github:patrickjaja/claude-desktop-binAppImage (Any Distro)
# x86_64
chmod +x Claude_Desktop-1.20186.1-x86_64.AppImage
./Claude_Desktop-1.20186.1-x86_64.AppImage
# ARM64
chmod +x Claude_Desktop-1.20186.1-aarch64.AppImage
./Claude_Desktop-1.20186.1-aarch64.AppImageUpdate existing AppImage (delta download — only changed blocks):
appimageupdatetool Claude_Desktop-*-x86_64.AppImage # Or from within the AppImage: ./Claude_Desktop-*-x86_64.AppImage --appimage-update
Checksums
| File | SHA256 |
|---|---|
| Tarball (x86_64) | 51e9e69cfe029dc4ffec9b375838100953c6be4198af220039307a024fc7d667 |
| Tarball (aarch64) | ecd809a2125dfdd91c6df58bb21ce5521c90cb457657bd6ff23e1f1cc94daaec |
| AppImage (x86_64) | 77eaeb0553370257527a6f6df231d155a163d56566f236516bcf5fd760fb25de |
| AppImage (aarch64) | 5a3311401b8da01fb53f824ce03ee1bc5e5d4859f196d1b469cc4908fb89cb58 |
| Debian (amd64) | 9137aa39024190f4c32f89f009372ffe3a7cf8efc0e6d89c6f9bd5a36b8e7b3e |
| Debian (arm64) | 890224bda7185e381d059ccac85ff57d2d9238c435edb172f26ce3c828984cf8 |
| RPM (x86_64) | 8927077945629a487baf6ea12f09ed4761db0bc5748476437d23cb362502c10e |
| RPM (aarch64) | 714bff440f05607f5a4feca3c923de98ca0abeb36a2cc97c3579b86c4ab7b567 |
Changes since last release
Docs: how to reset a stuck Dispatch conversation
The Cowork/Dispatch troubleshooting section in the README now covers Dispatch sessions that stop responding: the conversation persists its state (including past errors) across restarts, so the fix is the ⋮ menu next to the Dispatch title -> Delete conversation (with screenshot).
RPM fixed for RHEL 9: bundled CU bridges no longer poison the package's glibc requirement
The RPM had been uninstallable on RHEL 9 / Rocky 9 since the gnome/kwin CU bridges were bundled (2026-07-06): rpm's automatic ELF dependency scan harvested the bridges' deliberate glibc-2.39 symbols and turned them into package-level requirements, while RHEL 9 ships glibc 2.34 (nothing provides libc.so.6(GLIBC_2.39)). The bridges are supposed to be inert on RHEL 9 - their sessions (KDE 6.6+, GNOME on PipeWire >= 1.0.5) do not exist there and X11/wlroots Computer Use uses the static bridges. The spec now excludes the bundled tree from the automatic requires/provides generators and declares runtime deps by hand, mirroring the official .deb's Depends (and our own .deb, which never had the problem). Verified: the fixed rpm installs and boots on rockylinux:9 and fedora:40; it carries no glibc auto-requires and no longer leaks bundled sonames (libffmpeg.so, ...) as provides.
CI: pipeline now boots the packages on Debian 12, RHEL 9 (Rocky) and a real Wayland session
The install-and-boot test matrix previously proxied whole distro families (ubuntu:22.04 for all deb targets, fedora:40 for all rpm targets) and ran every boot under Xvfb, i.e. X11 only. Three gates added, each prototyped locally against real containers before landing:
- debian:12: apt install of the .deb + structural asserts + 15s boot - real Debian coverage instead of the Ubuntu proxy.
- rockylinux:9: dnf install of the .rpm + boot - pins the actual RHEL 9 glibc-2.34 floor and permanently guards the requires-filter fix above.
- Wayland boot (ubuntu:24.04): a headless weston compositor plus
--ozone-platform=waylandboots the installed package on a genuine Wayland display - the first automated coverage of the Wayland code path; catches ozone/wayland init regressions the Xvfb tests cannot see.
smoke-test.sh gained SMOKE_WAYLAND=1 (boot on a caller-provided Wayland socket instead of Xvfb) and SMOKE_TIMEOUT_SECONDS (default 15), and now kills the whole process group so no orphaned Electron processes outlive the test.
Layout refactor: packages now ship the official install tree verbatim - 4 repackaging patches removed
All packages (AUR, deb, rpm, AppImage, Nix) now install the official .deb's usr/lib/claude-desktop/ tree byte-identical except for the patched resources/app.asar, our four CU bridge binaries added to resources/, and the entrypoint binary renamed to claude. Electron auto-loads the exe-adjacent resources/app.asar (the official build's OnlyLoadAppFromAsar fuse permits nothing else), so the launcher no longer passes the asar on the command line and process.resourcesPath / app.isPackaged behave exactly as on the stock Anthropic .deb. Verified up front: the EnableEmbeddedAsarIntegrityValidation fuse is on but not enforced on Linux (a modified asar boots), and an instrumented boot of the verbatim tree confirmed correct resourcesPath, isPackaged: true, and clean argv.
This deletes the entire "repackaging fixes" patch group - patches that existed only to compensate for our previous split layout (app.asar + a locales/ resource dir decoupled from the binary, asar passed via argv):
fix_locale_paths- the blanket rewrite of everyprocess.resourcesPathin the bundle is unnecessary when the asar sits at its upstream position. This also removes a standing hazard: every new upstreamresourcesPathconsumer was silently redirected (the class behind #140).fix_0_node_host- existed only to repair sidecar paths the blanket rewrite corrupted.fix_asar_folder_dropandfix_asar_workspace_cwd- the asar path no longer appears in argv, so it can no longer be treated as a dropped folder or workspace cwd (#24; the #191 sanitizer class is gone with it).
Other consequences: locale JSONs, ion-dist, virtiofsd, cowork-linux-helper and the smol images stay at their upstream resources/ locations (the i18n mirror-into-asar step is gone); the CU bridges resolve via plain process.resourcesPath; CLAUDE_APP_ASAR is deprecated and ignored by the launcher (a warning explains why); the smoke test boots the finished tree directly. On NixOS, package.nix now merges the nixpkgs Electron dist and our resources/ into one directory so the same exe-adjacent autoload applies (the bundled Electron still cannot run on NixOS). Per-profile installs already mirrored resources/ as a sibling symlink of the per-profile binary, so profiles work unchanged. Remaining patch count: 41.
README rewritten fact-based: every patch now states the upstream gap it closes
The Patches section was audited against all 45 patch sources and restructured into four groups - value-adds, Linux fixes (macOS/Windows gates + Linux environment quirks), repackaging fixes (needed only because we relocate app.asar), and regression guards (assert-only, previously unlisted). Each entry now explains why the patch exists on the official Linux build; historical narrative (MSIX-era references, retirement anecdotes) was removed. Also corrected stale claims: CI polls every 2 hours (not daily), the .jsonc flag template is CI-sync-checked (not regenerated per release), only the Computer Use and Buddy gates are forced directly, upstream gates Computer Use to macOS/Windows (not macOS-only), and the primary-monitor limitation now mentions switch_display retargeting.
Simplification: 14 GrowthBook rollout forces retired - flags now follow Anthropic's rollout, with .jsonc opt-in
Since the growthbookOverrides config landed (2026-07-11), users can flip any store-read feature flag themselves in ~/.config/Claude/claude-desktop-bin.jsonc. That made a whole class of our patches redundant: forces that merely bypassed Anthropic's server-side rollout for flags that have no platform gate. A full trace of every forced flag through the v1.20186.1 bundle confirmed all 14 of them read from the feature store (so the .jsonc override reaches them), none is gated on process.platform, and none is compensated elsewhere - so they now behave exactly as upstream ships them.
Removed: fix_imagine_linux.nim entirely (Imagine/Visualize MCP server, 3444158716 + 3516166472), and 12 flag sub-patches from enable_local_agent_mode.nim: coworkKappa 123929380, coworkArtifacts 2940196192, chillingSlothPool 1992087837, toolResultFormatting 2192324205, deterministicSorting 2800354941, pluginEnabledState 4274871493, claudePreview 2976814254, canLaunchCodeSession 2067027393, canSaveSkill 3246569822, suggestSkillsEnabled 245679952, consolidateMemoryV2 1824824999, coworkOnboarding 2114777685. All 14 are now listed (commented out, with descriptions) in the .jsonc template - if a feature you relied on disappears because Anthropic's rollout has it off for you, uncomment its line to get it back.
What stays: the platform-enablement core of enable_local_agent_mode (Code-tab/Cowork platform gates, capability merger, preference defaults, regression guards), the Computer Use gate (2486083521 gets a Linux branch so a remote flag flip cannot disable CU), and the Buddy BLE Linux force (2358734848, which preserves the user's hardware toggle) - those cover features upstream gates by platform, which a flag override cannot express. For 3p/enterprise deployments nothing changes at all: upstream itself force-enables several of these flags in deployment mode.
v1.20186.1: four patches re-fitted after the upstream bump (#192)
Upstream released v1.20186.1 (full re-minify; the code-split main bundle grew from ~45 to 82 chunks) and the auto-release failed on four patches. All four were upstream refactors of our anchor sites, not upstreamed features - every patch stays active:
fix_computer_use_linux(4 sub-patches): the CU lock field was renamedholder->exclusiveHolderandacquire()restructured into an early-return shape; the screenshot intro-note seed re-anchored past a new takeover-approval flow in the tool wrapper; thehandleToolCallisEnabled ternary arms became method calls (n.isComputerUseEnabled()). 36/36 sub-patches apply.fix_builtin_mcp_open_url_handler: the 82-chunk split introduced a second, unrelated module usingsafeStorage.decryptString, breaking the bundle-global "exactly one electron var" discovery. The scan is now scoped to the chunk containing the msal-cache-get injection site (still fails loud on any ambiguity).fix_asar_folder_drop: the second-instance argv loop gained a leading directory-collector block; folded into the pattern.fix_imagine_linux: thehasImagineflag read became a member call (o.isFeatureEnabled("3444158716")); the callee matcher now accepts dotted paths. The flag ID itself is unchanged.
The parallel audits confirmed a mechanical bump otherwise: the capability map is identical (41 keys), no new platform gates, no new native modules, no new PORTABLE Linux opportunities, Electron unchanged at 42.5.1. Notable upstream changes: a new "heavy work" utility process that computes Claude Code usage stats from ~/.claude/projects, and agent-sdk 0.3.202 -> 0.3.205. GrowthBook delta: +3602629573 (process kill-switch), -1295378343 (CLI stream robustness) - the overrides template and docs catalog are updated; a new launch async feature override (flag 2976814254) is already force-enabled by the existing Code/Cowork enablement patch. ion-dist grew 102 -> 128 MB from three new code-split chunks, no structural changes.
Code tab fixed: Local sessions failed with "__cdb_sanitizeCwd is not defined" (#191)
On the v1.19367.0 packages, every Code-tab Local session failed - as "Trust check couldn't be completed" when picking a folder, or "Something went wrong: __cdb_sanitizeCwd is not defined" when sending a message. Chat was unaffected.
Root cause was ours, a consequence of the code-split re-plumbing above: fix_asar_workspace_cwd injects a path-sanitizer helper at the top of the bundle and rewrites five LocalSessions/startCodeSession bridge call sites to use it. On the staged concatenation both live in one file, but after the split-back the injection point (the index.js loader stub) and the call sites (two index.chunk-*.js files) are separate CommonJS modules - the module-scoped var helper was invisible to the chunks, and every bridge call threw ReferenceError on its first statement. That is also why main.log stayed silent: checkTrust died before reaching its own log line. The helper is now defined on globalThis; the stub's top level runs before it requires any chunk, so the definition is guaranteed visible at every call site.
Why no gate caught it: the strict per-site match counts validate on the concatenation, where a single scope really does exist; node --check on each split file passes because an unresolved identifier is a runtime error, not a syntax error; and the smoke test does not start a Code session. apply_patches.py now closes the class at the split-back chokepoint: any injected __cdb* identifier referenced in more than one chunk part must be defined via globalThis, otherwise the build fails loud. The guard was verified in both directions - it rejects the broken v1.19367.0-4 bundle and passes the fixed one. An audit of all other injected identifiers found no second instance of the pattern (the remaining cross-chunk helpers were already globalThis-based).
Launcher: sign-in now persists on Hyprland/sway/XFCE and other keyring-less-by-Chromium desktops (#191)
Chromium picks its encryption backend from XDG_CURRENT_DESKTOP. On desktops it does not map to a keyring backend - all wlroots compositors (Hyprland, sway, river, niri), COSMIC, and also XFCE/LXQt, which it maps to basic_text by policy - safeStorage.isEncryptionAvailable() is false, OAuth tokens do not persist across launches, and the app tells the user to "install and unlock a system keyring" they may already be running.
The launcher now detects a Secret Service (org.freedesktop.secrets, owned or D-Bus-activatable) on the session bus and, on those desktops, adds --password-store=gnome-libsecret automatically (suggested and verified by the #191 reporter on Hyprland). Desktops Chromium already handles (GNOME family -> libsecret, KDE -> kwallet) are left untouched. Escape hatches: an explicit --password-store=... argument always wins, CLAUDE_PASSWORD_STORE=<value> forces a backend, and CLAUDE_PASSWORD_STORE=auto disables the detection. One-time side effect on machines that previously ran on basic_text: data encrypted under the old hardcoded key cannot be read after the switch, so the first launch may ask you to sign in again - after that, sign-in finally sticks.