Closed stefansundin closed 2 years ago
The SHASUMS256 file on Electron's side is immutable and so this expectation is codified in the @electron/get
module, if we deleted the SHASUMS file when a hash didn't match it means a compromised remote could update the checksums file aswell and with the opposite intention to your request allow a malicious Electron binary to be loaded onto a theoretically locked system that already had a SHASUM. Using force: true
in your one off case is what you want to do as that will force redownloading of the Electron artifact and the checksums file
Hello.
Was having a minor annoyance today. My
SHASUMS256.txt
file was missing an entry and even though I updated it on the remote end, the file was cached and I kept getting this error:So it would be good to delete the cache in this case. If the checksum is missing in the file (as in this case) then delete the cached
SHASUMS256.txt
. If the checksum is invalid then perhaps delete bothSHASUMS256.txt
and the file that failed verification.For those wondering, the cache location is listed here: https://www.electronjs.org/docs/latest/tutorial/installation#cache
$XDG_CACHE_HOME
or~/.cache/electron/
~/Library/Caches/electron/
$LOCALAPPDATA/electron/Cache
or~/AppData/Local/electron/Cache/