fix: issues when patching binary files #14521
Conversation
Package Changes Through d212b02There are 9 changes which include tauri-utils with patch, tauri-build with patch, tauri-cli with minor, tauri-macos-sign with patch, @tauri-apps/cli with minor, tauri with minor, tauri-bundler with minor, tauri-runtime-wry with minor, tauri-runtime with minor Planned Package VersionsThe following package releases are the planned based on the context of changes in this pull request.
Add another change file through the GitHub UI by following this link. Read about change files or the docs at github.com/jbolda/covector |
| } | ||
| let mut file_data = std::fs::read(binary).expect("Could not read binary file."); | ||
|
|
||
| if let Some(bundle_var_index) = kmp::index_of(BUNDLE_VAR_TOKEN, &file_data) { |
There was a problem hiding this comment.
Didn't look at it closely yet, but I think this would fail when patching the binary for the second bundle type right? (e.g .msi first and __TAURI_BUNDLE_TYPE becomes __TAURI_BUNDLE_TYPE_VAR_MSI already that when we do it for the NSIS bundle, we can no longer find __TAURI_BUNDLE_TYPE_VAR_UNK)
There was a problem hiding this comment.
There was an issue with double signing the binaries or patching already signed binary (I don't remember exactly) and the fix was to copy the original binary before each bundle so this should be fine. I tested on linux with standard deb,rpm and appImage and didn't get any errors.
There was a problem hiding this comment.
do you remember if after the bundling is all done the binary in target/release/ will be a fresh one or the one from the last patch?
There was a problem hiding this comment.
I've double checked and something is not right. I will fix it so that we always patch and bundle a copy of the binary and at the end we're left with the original, unpatched one.
There was a problem hiding this comment.
I am still a bit concerned about this approach, like if we stopped at one of these steps (user pressed ctrl-c or we had an error somewhere), there's no way to recover/bundle again other than rebuilding the app's binary through cargo, and since we're matching any string in the binary, although unlikely, we risk replacing the wrong things
In my opinion, this method should not be used for the binary patching/main detection method
There was a problem hiding this comment.
if we make sure to never touch the binary in target/release/ and always work on the copy somewhere else then you can just re-run tauri bundle but not sure if that's what you mean
Ah, didn't think of that, that should probably fix this problem, it might leave files in the temp folder but I guess if that's somewhere inside target, the next cargo clean removes it anyways
True but this is so unlikely i wouldn't even count this as an argument
Fair, I just don't really like that chance to be honest 😂
well, any ideas left for the patching idea?
I messed up the words when moving them, I was thinking it shouldn't be the 'main binary patching/detection' method (e.g. use the current one and adding this for a backup)
There was a problem hiding this comment.
I messed up the words when moving them, I was thinking it shouldn't be the 'main binary patching/detection' method (e.g. use the current one and adding this for a backup)
ah my bad. I mean honestly fair enough! we can keep both 🤷
There was a problem hiding this comment.
// When packaging multiple binary types, we make a copy of the unsigned main_binary so that we can
// restore it after each package_type step. This avoids two issues:
// - modifying a signed binary without updating its PE checksum can break signature verification
// - codesigning tools should handle calculating+updating this, we just need to ensure
// (re)signing is performed after every `patch_binary()` operation
// - signing an already-signed binary can result in multiple signatures, causing verification errors
let main_binary_reset_required = matches!(target_os, TargetPlatform::Windows)
&& settings.windows().can_sign()
&& package_types.len() > 1;
So I remembered correctly we do this but it's just for Windows right now. I'm assuming simply extending this approach to Linux will be enough, right? It's basically boils down to the same issue. I will work on this later today.
There was a problem hiding this comment.
in the future we should look into the "work on temp copy only" approach but that's not urgent
There was a problem hiding this comment.
So just to be clear, are we going to use this method for binary patching exclusively or do we want to use this as a fallback? (e.g. the find link section thing -> find the string and replace)
| /// Package type is not supported by target platform | ||
| #[error("Wrong package type {0} for platform {1}")] | ||
| InvalidPackageType(String, String), | ||
| #[error("Wrong package type {0}")] |
There was a problem hiding this comment.
Not sure if we could make breaking changes here
@FabianLars any thoughts?
There was a problem hiding this comment.
This was only used by the binary patching code. I don't think any external code will use this error as it's very specific.
There was a problem hiding this comment.
we have downstream bundler users so ideally we don't break here. also not sure if we wanted to keep the old logic around or not @Legend-Master ?
There was a problem hiding this comment.
I think we keep InvalidPackageType the same and mark the other variants deprecated?
There was a problem hiding this comment.
yeah yeah - my ping was a bit offtopic here. Just deprecate it, change the comment to say that it's unused and move on.
| } | ||
| let mut file_data = std::fs::read(binary).expect("Could not read binary file."); | ||
|
|
||
| if let Some(bundle_var_index) = kmp::index_of(BUNDLE_VAR_TOKEN, &file_data) { |
There was a problem hiding this comment.
So just to be clear, are we going to use this method for binary patching exclusively or do we want to use this as a fallback? (e.g. the find link section thing -> find the string and replace)
Co-authored-by: Tony <68118705+Legend-Master@users.noreply.github.com>
|
I've change this to be the only method. I don't see any benefits in using the old method over this. |
|
since the old method didn't work well i agree but i really don't mind either so i'm fine with what tony decides lol - i do like how this here has a seemingly way simpler impl |
|
Let's just roll with this one exclusively |
…/tauri into patch_by_string_substitution
Legend-Master
left a comment
Legend-Master
left a comment
There was a problem hiding this comment.
Generally looking good, seems to work on Windows from testing, thanks again for the help on this
Just some nitpicks
| /// Package type is not supported by target platform | ||
| #[deprecated(note = "User WrongPackageType instead")] | ||
| #[error("Wrong package type {0} for platform {1}")] | ||
| InvalidPackageType(String, String), |
There was a problem hiding this comment.
Any reason we change this to WrongPackageType and removed the platform info?
There was a problem hiding this comment.
I merged both Linux and Windows cases in one function so I thought the platform validation doesn't apply anymore but after thinking about it I split it again
#[cfg(target_os = "linux")]
let bundle_type = match package_type {
crate::PackageType::Deb => b"__TAURI_BUNDLE_TYPE_VAR_DEB",
crate::PackageType::Rpm => b"__TAURI_BUNDLE_TYPE_VAR_RPM",
crate::PackageType::AppImage => b"__TAURI_BUNDLE_TYPE_VAR_APP",
_ => {
return Err(crate::Error::InvalidPackageType(
package_type.short_name().to_owned(),
"Linux".to_owned(),
))
}
};
#[cfg(target_os = "windows")]
let bundle_type = match package_type {
crate::PackageType::Nsis => b"__TAURI_BUNDLE_TYPE_VAR_NSS",
crate::PackageType::WindowsMsi => b"__TAURI_BUNDLE_TYPE_VAR_MSI",
_ => {
return Err(crate::Error::InvalidPackageType(
package_type.short_name().to_owned(),
"Windows".to_owned(),
))
}
};
'''
So I've restored this error.
Co-authored-by: Tony <68118705+Legend-Master@users.noreply.github.com>
…/tauri into patch_by_string_substitution
|
Totally forgot about Mac. I disabled patching on Mac since we already handle it in would be |
|
I think we could change that later if we actually add another bundler for mac Also, we probably want to fix those warnings 🙃
|
|
Fixed 👍 |
| @@ -0,0 +1,8 @@ | |||
| --- | |||
| "tauri": patch:changes | |||
There was a problem hiding this comment.
@FabianLars do we want to delay this to next minor? since this isn't compatible with our current tauri and cli minor versions combo
|
tested with strip=true on linux, will do windows later |
3 participants
This fixes #14186
Alternative patch method based on string value change. Since this is now common for all platforms I removed the no longer necessary code. Also clean up error that is no longer needed. Tested this on Linux with stripped binary and using updater plugin unit tests.