New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Electron Fuses support #6365
Comments
Hi Brother, I also encountered this problem. Electron-builder is an installer, and you cannot run Fuses directly. I obtained the generated folder and packaged it again with other packaging software. I think this function is a very important function. option configure Fuses! This is great! |
Is this still relevant? If so, what is blocking it? Is there anything you can do to help move it forward? This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. |
Relevant, please reopen. |
This is how I pull the executable in my work project:
Basically, the Resources folder is always nested one level down, so resolving to the higher directory pulls the folder I need to access the executable. Maybe an approach like that could work for your purposes? I think in your case it would be for .app or .exe
|
I don't think #6930 should be closed unless this issue explicitly includes support for |
This adapted code from @kaatt's shared code should cover most use cases with reasonable defaults and includes basic Linux workarounds. // Adapted from https://github.com/electron-userland/electron-builder/issues/6365#issue-1033809141
const afterPack = async context => {
const ext = {
darwin: '.app',
win32: '.exe',
linux: [''],
}[context.electronPlatformName];
const IS_LINUX = context.electronPlatformName === 'linux';
const executableName = IS_LINUX
? context.packager.appInfo.productFilename.toLowerCase().replace('-dev', '')
: context.packager.appInfo.productFilename; // .toLowerCase() to accomodate Linux file named `name` but productFileName is `Name` -- Replaces '-dev' because on Linux the executable name is `name` even for the DEV builds
const electronBinaryPath = path.join(
context.appOutDir,
`${executableName}${ext}`
);
await flipFuses(electronBinaryPath, {
version: FuseVersion.V1,
[FuseV1Options.EnableCookieEncryption]: true,
[FuseV1Options.EnableNodeOptionsEnvironmentVariable]: false,
[FuseV1Options.EnableNodeCliInspectArguments]: false,
// [FuseV1Options.EnableEmbeddedAsarIntegrityValidation]: true, // Only affects macOS builds, but breaks them -- https://github.com/electron/fuses/issues/7
[FuseV1Options.OnlyLoadAppFromAsar]: true,
});
}; |
Adding on to ☝️ , when building for MacOS Universal distributable and want to flip fuses, you'll need to run import * as builder from "electron-builder";
....
afterPack: async (context: builder.AfterPackContext) => {
if (context.electronPlatformName !== 'darwin' || context.arch === builder.Arch.universal) {
await addElectronFuses(context)
}
},
...
// Adapted from https://github.com/electron-userland/electron-builder/issues/6365#issue-1033809141
async function addElectronFuses(context: builder.AfterPackContext) {
const { appOutDir, packager: { appInfo }, electronPlatformName, arch } = context
const ext = {
darwin: '.app',
win32: '.exe',
linux: [''],
}[electronPlatformName];
const electronBinaryPath = path.join(appOutDir, `${appInfo.productFilename}${ext}`);
console.log('Flipping fuses for: ', electronBinaryPath)
await flipFuses(electronBinaryPath, {
version: FuseVersion.V1,
resetAdHocDarwinSignature: electronPlatformName === 'darwin' && arch === builder.Arch.arm64, // necessary for building on Apple Silicon
[FuseV1Options.RunAsNode]: false,
[FuseV1Options.EnableCookieEncryption]: true,
[FuseV1Options.EnableNodeOptionsEnvironmentVariable]: false,
[FuseV1Options.EnableNodeCliInspectArguments]: false,
[FuseV1Options.OnlyLoadAppFromAsar]: true,
});
}; |
Hey guys, I investigated further to see if I could integrate Fuses package directly into electron-builder. Got the logic flow but the schema validator fails due to having to use This theoretically would allow version overrides since electron-builder schema wouldn't need to have a breaking change when a FuseV2Config eventually comes out. Instead, it'd just be a simple package update and the schema would automatically accept the new version. Due to the way the package's
Which translates to:
This was the configuration property
The documentation site won't even generate either. 😢 I don't see a way for this to be able to be published. Thoughts are welcome. For now, I'm closing this ticket and suggesting this approach #6365 (comment). Sorry folks |
In the example @mmaietta provided, These are the settings that worked for me for universal: // https://github.com/electron-userland/electron-builder/issues/6365
const path = require('path');
const { flipFuses, FuseVersion, FuseV1Options } = require('@electron/fuses');
const builder = require('electron-builder');
// Adapted from https://github.com/electron-userland/electron-builder/issues/6365#issue-1033809141
async function addElectronFuses(context) {
const { electronPlatformName, arch } = context;
const ext = {
darwin: '.app',
win32: '.exe',
linux: [''],
}[electronPlatformName];
const IS_LINUX = context.electronPlatformName === 'linux';
const executableName = IS_LINUX
? context.packager.appInfo.productFilename.toLowerCase().replace('-dev', '').replace(' ', '-')
: context.packager.appInfo.productFilename; // .toLowerCase() to accomodate Linux file named `name` but productFileName is `Name` -- Replaces '-dev' because on Linux the executable name is `name` even for the DEV builds
const electronBinaryPath = path.join(context.appOutDir, `${executableName}${ext}`);
await flipFuses(electronBinaryPath, {
version: FuseVersion.V1,
[FuseV1Options.EnableCookieEncryption]: true,
resetAdHocDarwinSignature: electronPlatformName === 'darwin' && arch === builder.Arch.universal,
[FuseV1Options.RunAsNode]: false,
[FuseV1Options.EnableNodeOptionsEnvironmentVariable]: false,
[FuseV1Options.EnableNodeCliInspectArguments]: false,
[FuseV1Options.OnlyLoadAppFromAsar]: true,
// Mac app crashes when enabled for us on arm, might be fine for you
[FuseV1Options.LoadBrowserProcessSpecificV8Snapshot]: false,
// https://github.com/electron/fuses/issues/7
[FuseV1Options.EnableEmbeddedAsarIntegrityValidation]: false,
});
}
module.exports = async (context) => {
if (context.electronPlatformName !== 'darwin' || context.arch === builder.Arch.universal) {
await addElectronFuses(context);
}
}; |
I'm flipping fuses in my afterPack script. Is there a better way to get the path to the final packaged Electron executable?
The text was updated successfully, but these errors were encountered: