Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug: The files patterns is changing file permissions in macOS MAS #8943

Open
ollm opened this issue Mar 6, 2025 · 3 comments
Open

Bug: The files patterns is changing file permissions in macOS MAS #8943

ollm opened this issue Mar 6, 2025 · 3 comments

Comments

@ollm
Copy link

ollm commented Mar 6, 2025

  • electron: 32.3.0
  • electron-builder: 25.1.8

electron-builder is changing permissions of some files (Binaries in my case) in macOS MAS and only on arm64, it seems that x64 keeps maintain permissions correctly, the problem seems to be caused by using an exclude pattern and then an include pattern, together with asarUnpack, I use these patterns to avoid including binaries from different arch/os.

{
	"build": {
		...
		"files": [
			"**/*",
			...
			"!node_modules/7zip-bin/+(linux|win|mac)/**",
			"node_modules/7zip-bin/${os}/${arch}",
			...
			"!node_modules/@img/",
			"node_modules/@img/*${arch}*/**/*",
			
		],
		"asarUnpack": [
			"node_modules/sharp",
			"node_modules/@img",
			"node_modules/7zip-bin",
			...
		],
	}
}

Original file permissions:

x64:

ls -l ./node_modules/7zip-bin/mac/x64/7za                                                                                                     
-rwxr-xr-x  1 llopart  staff  2941888  2 oct 01:50 ./node_modules/7zip-bin/mac/x64/7za

ls -l ./node_modules/@img/sharp-darwin-x64/lib/sharp-darwin-x64.node                                                                     
-rwxr-xr-x  1 llopart  staff  245736 20 sep 01:07 ./node_modules/@img/sharp-darwin-x64/lib/sharp-darwin-x64.node

arm64:

ls -l ./node_modules/7zip-bin/mac/arm64/7za
-rwxr-xr-x  1 llopart  staff  988208  2 oct 01:50 ./node_modules/7zip-bin/mac/arm64/7z

ls -l ./node_modules/@img/sharp-darwin-arm64/lib/sharp-darwin-arm64.node
-rwxr-xr-x  1 llopart  staff  262120  2 oct 01:40 ./node_modules/@img/sharp-darwin-arm64/lib/sharp-darwin-arm64.node

Permissions in macOS MAS:

x64 (Maintains permissions):

ls -l ./dist/mas-universal/OpenComic.app/Contents/Resources/app.asar.unpacked/node_modules/7zip-bin/mac/x64/7za
-rwxr-xr-x  1 llopart  staff  2983856  6 mar 09:10 ./dist/mas-universal/OpenComic.app/Contents/Resources/app.asar.unpacked/node_modules/7zip-bin/mac/x64/7za

ls -l ./dist/mas-universal/OpenComic.app/Contents/Resources/app.asar.unpacked/node_modules/@img/sharp-darwin-x64/lib/sharp-darwin-x64.node 
-rwxr-xr-x  1 llopart  staff  266496  6 mar 09:10 ./dist/mas-universal/OpenComic.app/Contents/Resources/app.asar.unpacked/node_modules/@img/sharp-darwin-x64/lib/sharp-darwin-x64.node

arm64 (Does not maintain permissions):

ls -l ./dist/mas-universal/OpenComic.app/Contents/Resources/app.asar.unpacked/node_modules/7zip-bin/mac/arm64/7za                            
-rw-r--r--  1 llopart  staff  1007056  6 mar 08:19 ./dist/mas-universal/OpenComic.app/Contents/Resources/app.asar.unpacked/node_modules/7zip-bin/mac/arm64/7za

ls -l ./dist/mas-universal/OpenComic.app/Contents/Resources/app.asar.unpacked/node_modules/@img/sharp-darwin-arm64/lib/sharp-darwin-arm64.node
-rw-r--r--  1 llopart  staff  280832  6 mar 08:19 ./dist/mas-universal/OpenComic.app/Contents/Resources/app.asar.unpacked/node_modules/@img/sharp-darwin-arm64/lib/sharp-darwin-arm64.node

As a temporary solution I have stopped using these patterns in files.
@ollm ollm mentioned this issue Mar 6, 2025
Closed
1 task
@mmaietta
Copy link
Collaborator

mmaietta commented Mar 11, 2025
edited
Loading

Can you share a minimum reproducible repo for this? Something i can test locally with?
I can investigate after my computer is repaired (water damage 😢)

Also might be worth upgrading to 26.0.10 first and retesting with that version. Numerous upgrades were made, including asar packaging logic flows

@ollm
Copy link
Author

ollm commented Mar 12, 2025

Thank you for your reply!

Can you share a minimum reproducible repo for this? Something i can test locally with?

I have created a test case repository with minimal code: https://github.com/ollm/electron-builder-permissions-bug

Usage:

npm run build-mac-store
> [email protected] build-mac-store
> electron-builder --universal --mac mas && npm run postbuild
  • electron-builder  version=26.0.11 os=23.5.0
  • loaded configuration  file=package.json ("build" field)
  • description is missed in the package.json  appPackageFile=/Users/llopart/Documents/github/electron-builder-permissions-bug/package.json
  • writing effective config  file=dist/builder-effective-config.yaml
  • executing @electron/rebuild  electronVersion=35.0.1 arch=x64 buildFromSource=false appDir=./
  • installing native dependencies  arch=x64
  • completed installing native dependencies
  • packaging       platform=mas arch=x64 electron=35.0.1 appOutDir=dist/mas-universal-x64-temp
  • default Electron icon is used  reason=application icon is not set
  • executing @electron/rebuild  electronVersion=35.0.1 arch=arm64 buildFromSource=false appDir=./
  • installing native dependencies  arch=arm64
  • completed installing native dependencies
  • packaging       platform=mas arch=arm64 electron=35.0.1 appOutDir=dist/mas-universal-arm64-temp
  • packaging       platform=mas arch=universal electron=35.0.1 appOutDir=dist/mas-universal
  • signing         file=dist/mas-universal/electron-builder-permissions-bug.app platform=darwin type=distribution identityName=Apple Distribution: Oleguer Llopart (XXXXXXX) identityHash=XXXXXXXXXXXXXXXXXXXXXXXX provisioningProfile=none
  • skipped macOS notarization  reason=`notarize` options were unable to be generated
  • signing         file=dist/mas-universal/electron-builder-permissions-bug.app platform=mas type=distribution identityName=Apple Distribution: Oleguer Llopart (XXXXXXX) identityHash=XXXXXXXXXXXXXXXXXXXXXXXX provisioningProfile=none
> [email protected] postbuild
> node scripts/test-postbuild.js
Original x64     | F:OK | R:OK | W:OK | X:OK | Exists:OK | -rwxr-xr-x
Original arm64   | F:OK | R:OK | W:OK | X:OK | Exists:OK | -rwxr-xr-x
Darwin Mas x64   | F:OK | R:OK | W:OK | X:OK | Exists:OK | -rwxr-xr-x
Darwin Mas arm64 | F:OK | R:OK | W:OK | X:-- | Exists:OK | -rw-r--r--

Also might be worth upgrading to 26.0.10 first and retesting with that version. Numerous upgrades were made, including asar packaging logic flows

I have tried with 26.0.11 and the same thing happens, something that I did not mention in the first message is that my computer is x64 (macOS Sonoma in Virtual Machine QEMU) and not arm64, in case it could affect.

@mmaietta
Copy link
Collaborator

mmaietta commented Apr 1, 2025

So this might be possibly resolved through changes in #8995 (Draft PR to test file streaming approach in my forked asar repo)

Basically, files will no longer be copied before being passed to electron/asar and instead directly passed to asar as streams with a stat of the file's current mode, bypassing any permissions potentially being changed during the copy-before-pack setup we currently use (limitation of asar package)

If my asar PR is accepted upstream, then I can proceed with the refactor I already started/tested out

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mmaietta @ollm