search

electron-userland / electron-builder

A complete solution to package and build a ready for distribution Electron app with “auto update” support out of the box
https://www.electron.build
MIT License
13.46k stars 1.71k forks source link

RPM file doesn't work on a FIPS enabled RHEL system #8198

Closed m-mohamedin closed 2 months ago

m-mohamedin commented 2 months ago

The RPM target option provides files with a MD5 file digest. RPM files built on RHEL or Fedora will create RPM files with a SHA256 file digest. When you attempt to install the RPM file on a FIPS enabled RHEL system, the RPM installation will fail.

m-mohamedin commented 2 months ago

I believe the right question is how to sign RPM packages for Linux. I see code signing documentation is only for macOS and Windows. Thanks

lm-sig commented 2 months ago

The electron-builder docs have a Linux section unless I am looking at the wrong page.

https://www.electron.build/configuration/linux.html

The docs show a "fpm" parameter for RPM files. The docs link to the "FPM" documentation page and it shows a "--rpm-digest" argument that could be passed with a "sha256" option.

Can you try building draw.io with fpm ["--rpm-digest sha256"] ?

m-mohamedin commented 2 months ago

The electron-builder docs have a Linux section unless I am looking at the wrong page.

https://www.electron.build/configuration/linux.html

The docs show a "fpm" parameter for RPM files. The docs link to the "FPM" documentation page and it shows a "--rpm-digest" argument that could be passed with a "sha256" option.

Can you try building draw.io with fpm ["--rpm-digest sha256"] ?

Thanks for the reply, I've got this error:

  • adding autoupdate files for: rpm. (Beta feature)  resourceDir=/home/runner/work/drawio-desktop/drawio-desktop/dist/linux-unpacked/resources
  ⨯ cannot execute  cause=exit status 1
                    errorOut=ERROR: Unrecognised option '--rpm-digest sha256'

See: 'fpm --help'

                    command=/home/runner/.cache/electron-builder/fpm/fpm-1.9.3-2.3.1-linux-x86_64/fpm -s dir --force -t rpm -d gtk3 -d libnotify -d nss -d libXScrnSaver -d libXtst -d xdg-utils -d at-spi2-core -d libuuid --rpm-os linux --rpm-compression xzmt --architecture aarch64 --after-install /tmp/t-c0ifAe/2-after-install --after-remove /tmp/t-c0ifAe/3-after-remove --description 'draw.io desktop' --version 24.3.1 --package /home/runner/work/drawio-desktop/drawio-desktop/dist/drawio-aarch64-24.3.1.rpm --name draw.io --maintainer 'JGraph <support@draw.io>' --url https://github.com/jgraph/drawio --vendor 'JGraph <support@draw.io>' --license Apache-2.0 '--rpm-rpmbuild-define=_build_id_links none' '--rpm-digest sha256' /home/runner/work/drawio-desktop/drawio-desktop/dist/linux-arm64-unpacked/=/opt/drawio /home/runner/work/drawio-desktop/drawio-desktop/build/16x16.png=/usr/share/icons/hicolor/16x16/apps/drawio.png /home/runner/work/drawio-desktop/drawio-desktop/build/32x32.png=/usr/share/icons/hicolor/32x32/apps/drawio.png /home/runner/work/drawio-desktop/drawio-desktop/build/48x48.png=/usr/share/icons/hicolor/48x48/apps/drawio.png /home/runner/work/drawio-desktop/drawio-desktop/build/64x64.png=/usr/share/icons/hicolor/64x64/apps/drawio.png /home/runner/work/drawio-desktop/drawio-desktop/build/96x96.png=/usr/share/icons/hicolor/96x96/apps/drawio.png /home/runner/work/drawio-desktop/drawio-desktop/build/128x128.png=/usr/share/icons/hicolor/128x128/apps/drawio.png /home/runner/work/drawio-desktop/drawio-desktop/build/192x192.png=/usr/share/icons/hicolor/192x192/apps/drawio.png /home/runner/work/drawio-desktop/drawio-desktop/build/256x256.png=/usr/share/icons/hicolor/256x256/apps/drawio.png /home/runner/work/drawio-desktop/drawio-desktop/build/512x512.png=/usr/share/icons/hicolor/512x512/apps/drawio.png /home/runner/work/drawio-desktop/drawio-desktop/build/720x720.png=/usr/share/icons/hicolor/720x720/apps/drawio.png /home/runner/work/drawio-desktop/drawio-desktop/build/1024x1024.png=/usr/share/icons/hicolor/1024x1024/apps/drawio.png /tmp/t-c0ifAe/4.xml=/usr/share/mime/packages/drawio.xml /tmp/t-c0ifAe/7-drawio.desktop=/usr/share/applications/drawio.desktop
                    workingDir=
  ⨯ cannot execute  cause=exit status 1
                    errorOut=ERROR: Unrecognised option '--rpm-digest sha256'

See: 'fpm --help'
lm-sig commented 2 months ago

Sorry, this is the first time I've looked at electron-builder or fpm.

Based on your output it looks like it put the parameter within quotes so fpm thought you were trying to pass the entire argument as a parameter. Can you try one of these options and see if they help?

fpm: ["--rpm-digest", "sha256"]

or

fpm: ["--rpm-digest=sha256"]

m-mohamedin commented 2 months ago

Thanks fpm: ["--rpm-digest=sha256"] works