@@ -24,6 +24,36 @@ function engineDistributionTarget(version) {
2424 return 'enso/dist/' + version
2525}
2626
27+ /**
28+ * AppImage is known to have sandboxing issues, for example:
29+ * https://github.com/enso-org/enso/issues/3801 or
30+ * https://github.com/enso-org/enso/issues/11035
31+ * A solution to them is to run AppImage with --no-sandbox option (just passing no-sandbox
32+ * as chrome option didn't seem to work). Wrapped app in a "sandbox fix loader"
33+ * similar to https://github.com/gergof/electron-builder-sandbox-fix/blob/master/lib/index.js
34+ * 'electron-builder-sandbox-fix' failed to detect the necessity of sandbox, so we just always
35+ * add the option instead. This does not lower security, because Enso processes have access
36+ * to user's filesystem anyway.
37+ */
38+ async function patchAppImage ( context ) {
39+ const executableName = context . packager . executableName
40+ if ( ! executableName ) throw new Error ( 'Expected executableName in context.packager' )
41+ const executable = path . join ( context . appOutDir , executableName )
42+ const loaderScript = `#!/usr/bin/env bash
43+ set -u
44+
45+ SCRIPT_DIR="$( cd "$( dirname "\${BASH_SOURCE[0]}" )" && pwd )"
46+ exec "$SCRIPT_DIR/${ executableName }
47+ `
48+ try {
49+ await fs . rename ( executable , executable + '.bin' )
50+ await fs . writeFile ( executable , loaderScript )
51+ await fs . chmod ( executable , 0o755 )
52+ } catch ( e ) {
53+ throw new Error ( 'Failed to create loader for sandbox fix: ' + e . message )
54+ }
55+ }
56+
2757module . exports = {
2858 appId : 'org.enso' ,
2959 productName : 'Enso' ,
@@ -107,32 +137,8 @@ module.exports = {
107137 } ,
108138 publish : null ,
109139 afterPack : async ( context ) => {
110- // AppImage is known to have sandboxing issues, for example:
111- // https://github.com/enso-org/enso/issues/3801 or
112- // https://github.com/enso-org/enso/issues/11035
113- //
114- // A solution to them is to run AppImage with --no-sandbox option (just passing no-sandbox
115- // as chrome option didn't seem to work). Wrapped app in a "sandbox fix loader"
116- // similar to https://github.com/gergof/electron-builder-sandbox-fix/blob/master/lib/index.js
117- // 'electron-builder-sandbox-fix' failed to detect the necessity of sandbox, so we just always
118- // add the option instead. This does not lower security, because Enso processes have access
119- // to user's filesystem anyway.
120- if ( context . electronPlatformName !== 'linux' ) return
121- const executableName = context . packager . executableName
122- if ( ! executableName ) throw new Error ( 'Expected executableName in context.packager' )
123- const executable = path . join ( context . appOutDir , executableName )
124- const loaderScript = `#!/usr/bin/env bash
125- set -u
126-
127- SCRIPT_DIR="$( cd "$( dirname "\${BASH_SOURCE[0]}" )" && pwd )"
128- exec "$SCRIPT_DIR/${ executableName }
129- `
130- try {
131- await fs . rename ( executable , executable + '.bin' )
132- await fs . writeFile ( executable , loaderScript )
133- await fs . chmod ( executable , 0o755 )
134- } catch ( e ) {
135- throw new Error ( 'Failed to create loader for sandbox fix: ' + e . message )
140+ if ( context . electronPlatformName === 'linux' ) {
141+ await patchAppImage ( context )
136142 }
137143 } ,
138144}
0 commit comments