Prune cache in case of checksum errors

[stefansundin]

Hello.

Was having a minor annoyance today. My SHASUMS256.txt file was missing an entry and even though I updated it on the remote end, the file was cached and I kept getting this error:

An unhandled rejection has occurred inside Forge: NoChecksumFoundError: No checksum found in checksum file for "electron-v16.0.4-linux-x64.zip".

So it would be good to delete the cache in this case. If the checksum is missing in the file (as in this case) then delete the cached SHASUMS256.txt. If the checksum is invalid then perhaps delete both SHASUMS256.txt and the file that failed verification.

For those wondering, the cache location is listed here: https://www.electronjs.org/docs/latest/tutorial/installation#cache

• Linux: $XDG_CACHE_HOME or ~/.cache/electron/
• macOS: ~/Library/Caches/electron/
• Windows: $LOCALAPPDATA/electron/Cache or ~/AppData/Local/electron/Cache/

[MarshallOfSound]

The SHASUMS256 file on Electron's side is immutable and so this expectation is codified in the @electron/get module, if we deleted the SHASUMS file when a hash didn't match it means a compromised remote could update the checksums file aswell and with the opposite intention to your request allow a malicious Electron binary to be loaded onto a theoretically locked system that already had a SHASUM. Using force: true in your one off case is what you want to do as that will force redownloading of the Electron artifact and the checksums file