Merge pull request #1557 from meriadec/fix-fedora-crash

Patch the .AppImage with known working libs to fix openssl crash
6 years ago · 567a8d2a74
4 changed files with 160 additions and 5 deletions
--- a/scripts/patch-appimage.sh
+++ b/scripts/patch-appimage.sh
@ -0,0 +1,49 @@
+#!/bin/bash
+
+# Patch .AppImage to address libcore crash on some
+# distributions, due to loading system libraries
+# instead of embedded ones.
+#
+# see https://github.com/LedgerHQ/ledger-live-desktop/issues/1010
+
+set -e
+
+BASE_URL=http://mirrors.kernel.org/ubuntu/pool/main/k/krb5
+PACKAGE_SUFFIX=-2build1_amd64.deb
+TMP_DIR=$(mktemp -d)
+LEDGER_LIVE_VERSION=$(grep version package.json | sed -E 's/.*: "(.*)",/\1/g')
+
+cp "dist/ledger-live-desktop-$LEDGER_LIVE_VERSION-linux-x86_64.AppImage" "$TMP_DIR"
+pushd "$TMP_DIR"
+
+declare -a LIBRARIES=(
+  "libgssapi-krb5-2_1.16"
+  "libk5crypto3_1.16"
+  "libkrb5-3_1.16"
+  "libkrb5support0_1.16"
+)
+
+for PACKAGE in "${LIBRARIES[@]}"; do
+  curl -fOL "$BASE_URL/$PACKAGE$PACKAGE_SUFFIX"
+  ar p "$PACKAGE$PACKAGE_SUFFIX" data.tar.xz | tar xvJf >/dev/null - ./usr/lib/x86_64-linux-gnu/
+  rm "$PACKAGE$PACKAGE_SUFFIX"
+done
+
+curl -fOL "https://s3-eu-west-1.amazonaws.com/ledger-ledgerlive-resources-dev/public_resources/appimagetool-x86_64.AppImage"
+
+cp "$OLDPWD/scripts/shasums/patch-appimage-sums.txt" .
+sha512sum --quiet --check patch-appimage-sums.txt || exit 1
+
+./ledger-live-desktop-"$LEDGER_LIVE_VERSION"-linux-x86_64.AppImage --appimage-extract
+cp -a usr/lib/x86_64-linux-gnu/*.so.* squashfs-root/usr/lib
+
+chmod +x appimagetool-x86_64.AppImage
+./appimagetool-x86_64.AppImage squashfs-root "$OLDPWD/dist/ledger-live-desktop-$LEDGER_LIVE_VERSION-linux-x86_64.AppImage"
+
+popd
+
+MD5_SUM=$(sha512sum "dist/ledger-live-desktop-$LEDGER_LIVE_VERSION-linux-x86_64.AppImage" | cut -f1 -d\ | xxd -r -p | base64 | paste -sd "")
+sed -i "s|sha512: .*|sha512: ${MD5_SUM}|g" dist/latest-linux.yml
+
+SIZE=$(stat --printf="%s" "dist/ledger-live-desktop-$LEDGER_LIVE_VERSION-linux-x86_64.AppImage")
+sed -i "s|size: .*|size: ${SIZE}|g" dist/latest-linux.yml
--- a/scripts/release.sh
+++ b/scripts/release.sh
@ -13,7 +13,9 @@ if [ "$(git rev-parse --abbrev-ref HEAD)" != "master" ]; then
  exit 0
 fi

-if ! git describe --exact-match --tags 2>/dev/null >/dev/null; then
+GH_TAG=$(git describe --exact-match --tags 2>/dev/null || echo '')
+
+if [[ $GH_TAG == "" ]]; then
  echo "You are not on a tag. Exiting properly. (CI)"
  exit 0
 fi
@ -57,7 +59,6 @@ fi
 #   exit 1
 # fi

-
 if [[ $(uname) == 'Linux' ]]; then # only run it on one target, to prevent race conditions
  runJob \
    "node scripts/create-draft-release.js" \
@ -68,9 +69,48 @@ fi

 runJob "yarn compile" "compiling..." "compiled" "failed to compile" "verbose"

+# --------------------------------------------------------------------
+#                     Linux: Internal process error (null)
+#
+# context: https://github.com/LedgerHQ/ledger-live-desktop/issues/1010
+# Linux: Internal process error (null)
+#
+# The "fix" is not optimal, as it doesn't really solve the problem
+# (electron loading system openssl before we can load our embedded one)
+# Quick summary:
+#
+#  - build without publishing
+#  - unpack the .AppImage
+#  - download reported working libs from ubuntu mirrors, put it inside
+#  - re-pack the .AppImage
+#  - checksum stuff
+#  - upload to gh
+
 runJob \
-  "DEBUG=electron-builder electron-builder build --publish always" \
-  "building, packaging and publishing app..." \
-  "app built, packaged and published successfully" \
+  "DEBUG=electron-builder electron-builder build --publish never" \
+  "building and packaging app..." \
+  "app built and packaged successfully" \
  "failed to build app" \
  "verbose"
+
+runJob \
+  "scripts/patch-appimage.sh" \
+  "patching AppImage..." \
+  "AppImage patched successfully" \
+  "failed to patch AppImage"
+
+LEDGER_LIVE_VERSION=$(grep version package.json | sed -E 's/.*: "(.*)",/\1/g')
+
+scripts/upload-github-release-asset.sh \
+  github_api_token="$GH_TOKEN" \
+  owner=LedgerHQ \
+  repo=ledger-live-desktop \
+  tag="$GH_TAG" \
+  filename="dist/ledger-live-desktop-$LEDGER_LIVE_VERSION-linux-x86_64.AppImage"
+
+scripts/upload-github-release-asset.sh \
+  github_api_token="$GH_TOKEN" \
+  owner=LedgerHQ \
+  repo=ledger-live-desktop \
+  tag="$GH_TAG" \
+  filename="dist/latest-linux.yml"
--- a/scripts/shasums/patch-appimage-sums.txt
+++ b/scripts/shasums/patch-appimage-sums.txt
@ -0,0 +1,5 @@
+bebb42401a43971cfe3e31f2c9ee4efee352ce0d29a8ccc95ca1356a58463afd4876b133d9f4295697f96b76eb21b50c1909a073db753569e8969065eb40b306  usr/lib/x86_64-linux-gnu/libgssapi_krb5.so.2.2
+d7d2b38a46d65a06560241b226f61d81c4df28d56c6841dd34bb428802ace0fc80cf94de1e5117f0b85b2c69b550df61ac999184d5cfe8ecd3bea4d8394d1d21  usr/lib/x86_64-linux-gnu/libkrb5.so.3.3
+b025b755eb9a64f0d03a8e92c9e4b4f95c2c506bf070cf037841ef8cdb9013e16390d0e17330f2ce8c98c3b1f05b917a3018109acfde7aab50bc9d9fa70ea12b  usr/lib/x86_64-linux-gnu/libk5crypto.so.3.1
+f181e41f306819c10054ff8ceebf4943858f2cd34dea5206b51141877e2f651be3c6435bb02538cbde2cc0415f38e476423a9fd6a428ca9d425e9c662483b9af  usr/lib/x86_64-linux-gnu/libkrb5support.so.0.1
+dd8d81d4c1485209a65a1446225428a1b919478a74fd5698aff64cb8a67992544e62455f849ad73392505707cb94739de00af5ab340a22a87bb752c3808a55d2  appimagetool-x86_64.AppImage
--- a/scripts/upload-github-release-asset.sh
+++ b/scripts/upload-github-release-asset.sh
@ -0,0 +1,61 @@
+#!/usr/bin/env bash
+#
+# Author: Stefan Buck
+# License: MIT
+# https://gist.github.com/stefanbuck/ce788fee19ab6eb0b4447a85fc99f447
+#
+#
+# This script accepts the following parameters:
+#
+# * owner
+# * repo
+# * filename
+# * github_api_token
+#
+# Script to upload a release asset using the GitHub API v3.
+#
+# Example:
+#
+# upload-github-release-asset.sh github_api_token=TOKEN owner=stefanbuck repo=playground filename=./build.zip
+#
+
+# Check dependencies.
+set -e
+
+# Validate settings.
+[ "$TRACE" ] && set -x
+
+# shellcheck disable=SC2124
+CONFIG=$@
+
+for line in $CONFIG; do
+  eval "$line"
+done
+
+# Define variables.
+GH_API="https://api.github.com"
+
+# shellcheck disable=SC2154
+GH_REPO="$GH_API/repos/$owner/$repo"
+
+# shellcheck disable=SC2154
+AUTH="Authorization: token $github_api_token"
+
+# github_api_token=$GH_TOKEN owner=LedgerHQ repo=ledger-live-desktop tag=v1.2.2 filename=./dist/electron-builder-debug.yml
+LATEST_RELEASE_ID=$(curl -sH "$AUTH" "$GH_API/repos/LedgerHQ/ledger-live-desktop/releases" | grep '"id":' | head -n 1 | sed -E 's/.*: (.*),/\1/')
+
+# Validate token.
+curl -o /dev/null -sH "$AUTH" "$GH_REPO" || { echo "Error: Invalid repo, token or network issue!";  exit 1; }
+
+# Get ID of the asset based on given filename.
+# shellcheck disable=SC2154
+[ "$LATEST_RELEASE_ID" ] || { echo "Error: Failed to get release id"; exit 1; }
+
+# Upload asset
+echo "Uploading asset... "
+
+# Construct url
+# shellcheck disable=SC2154
+GH_ASSET="https://uploads.github.com/repos/$owner/$repo/releases/$LATEST_RELEASE_ID/assets?name=$(basename "$filename")"
+
+curl --data-binary @"$filename" -H "Authorization: token $github_api_token" -H "Content-Type: application/octet-stream" "$GH_ASSET"