Patch the .AppImage with known working libs to fix openssl crash

closes #1010

scripts/patch-appimage.sh

@@ -0,0 +1,47 @@
+#!/bin/bash
+
+# Patch .AppImage to address libcore crash on some
+# distributions, due to loading system libraries
+# instead of embedded ones.
+#
+# see https://github.com/LedgerHQ/ledger-live-desktop/issues/1010
+
+set -e
+
+BASE_URL=http://mirrors.kernel.org/ubuntu/pool/main/k/krb5
+PACKAGE_SUFFIX=-2build1_amd64.deb
+TMP_DIR=$(mktemp -d)
+LEDGER_LIVE_VERSION=$(grep version package.json | sed -E 's/.*: "(.*)",/\1/g')
+
+cp "dist/ledger-live-desktop-$LEDGER_LIVE_VERSION-linux-x86_64.AppImage" "$TMP_DIR"
+pushd "$TMP_DIR"
+
+declare -a LIBRARIES=(
+  "libgssapi-krb5-2_1.16"
+  "libk5crypto3_1.16"
+  "libkrb5-3_1.16"
+  "libkrb5support0_1.16"
+)
+
+for PACKAGE in "${LIBRARIES[@]}"; do
+  curl -fOL "$BASE_URL/$PACKAGE$PACKAGE_SUFFIX"
+  ar p "$PACKAGE$PACKAGE_SUFFIX" data.tar.xz | tar xvJf >/dev/null - ./usr/lib/x86_64-linux-gnu/
+  rm "$PACKAGE$PACKAGE_SUFFIX"
+done
+
+./ledger-live-desktop-"$LEDGER_LIVE_VERSION"-linux-x86_64.AppImage --appimage-extract
+cp -a usr/lib/x86_64-linux-gnu/*.so.* squashfs-root/usr/lib
+
+echo "> downloading appimagetool"
+curl -fOL "https://github.com/AppImage/AppImageKit/releases/download/continuous/appimagetool-x86_64.AppImage"
+chmod +x appimagetool-x86_64.AppImage
+
+./appimagetool-x86_64.AppImage squashfs-root "$OLDPWD/dist/ledger-live-desktop-$LEDGER_LIVE_VERSION-linux-x86_64.AppImage"
+
+popd
+
+MD5_SUM=$(sha512sum "dist/ledger-live-desktop-$LEDGER_LIVE_VERSION-linux-x86_64.AppImage" | cut -f1 -d\ | xxd -r -p | base64 | paste -sd "")
+sed -i "s|sha512: .*|sha512: ${MD5_SUM}|g" dist/latest-linux.yml
+
+SIZE=$(stat --printf="%s" "dist/ledger-live-desktop-$LEDGER_LIVE_VERSION-linux-x86_64.AppImage")
+sed -i "s|size: .*|size: ${SIZE}|g" dist/latest-linux.yml

scripts/release.sh

@@ -13,7 +13,9 @@ if [ "$(git rev-parse --abbrev-ref HEAD)" != "master" ]; then
   exit 0
 fi
 
-if ! git describe --exact-match --tags 2>/dev/null >/dev/null; then
+GH_TAG=$(git describe --exact-match --tags 2>/dev/null || echo '')
+
+if [[ $GH_TAG == "" ]]; then
   echo "You are not on a tag. Exiting properly. (CI)"
   exit 0
 fi
@@ -57,7 +59,6 @@ fi
 #   exit 1
 # fi
 
-
 if [[ $(uname) == 'Linux' ]]; then # only run it on one target, to prevent race conditions
   runJob \
     "node scripts/create-draft-release.js" \
@@ -68,9 +69,48 @@ fi
 
 runJob "yarn compile" "compiling..." "compiled" "failed to compile" "verbose"
 
+# --------------------------------------------------------------------
+#                     Linux: Internal process error (null)
+#
+# context: https://github.com/LedgerHQ/ledger-live-desktop/issues/1010
+# Linux: Internal process error (null)
+#
+# The "fix" is not optimal, as it doesn't really solve the problem
+# (electron loading system openssl before we can load our embedded one)
+# Quick summary:
+#
+#  - build without publishing
+#  - unpack the .AppImage
+#  - download reported working libs from ubuntu mirrors, put it inside
+#  - re-pack the .AppImage
+#  - checksum stuff
+#  - upload to gh
+
 runJob \
-  "DEBUG=electron-builder electron-builder build --publish always" \
-  "building, packaging and publishing app..." \
-  "app built, packaged and published successfully" \
+  "DEBUG=electron-builder electron-builder build --publish never" \
+  "building and packaging app..." \
+  "app built and packaged successfully" \
   "failed to build app" \
   "verbose"
+
+runJob \
+  "scripts/patch-appimage.sh" \
+  "patching AppImage..." \
+  "AppImage patched successfully" \
+  "failed to patch AppImage"
+
+LEDGER_LIVE_VERSION=$(grep version package.json | sed -E 's/.*: "(.*)",/\1/g')
+
+scripts/upload-github-release-asset.sh \
+  github_api_token="$GH_TOKEN" \
+  owner=LedgerHQ \
+  repo=ledger-live-desktop \
+  tag="$GH_TAG" \
+  filename="dist/ledger-live-desktop-$LEDGER_LIVE_VERSION-linux-x86_64.AppImage"
+
+scripts/upload-github-release-asset.sh \
+  github_api_token="$GH_TOKEN" \
+  owner=LedgerHQ \
+  repo=ledger-live-desktop \
+  tag="$GH_TAG" \
+  filename="dist/latest-linux.yml"

scripts/upload-github-release-asset.sh

@@ -0,0 +1,61 @@
+#!/usr/bin/env bash
+#
+# Author: Stefan Buck
+# License: MIT
+# https://gist.github.com/stefanbuck/ce788fee19ab6eb0b4447a85fc99f447
+#
+#
+# This script accepts the following parameters:
+#
+# * owner
+# * repo
+# * filename
+# * github_api_token
+#
+# Script to upload a release asset using the GitHub API v3.
+#
+# Example:
+#
+# upload-github-release-asset.sh github_api_token=TOKEN owner=stefanbuck repo=playground filename=./build.zip
+#
+
+# Check dependencies.
+set -e
+
+# Validate settings.
+[ "$TRACE" ] && set -x
+
+# shellcheck disable=SC2124
+CONFIG=$@
+
+for line in $CONFIG; do
+  eval "$line"
+done
+
+# Define variables.
+GH_API="https://api.github.com"
+
+# shellcheck disable=SC2154
+GH_REPO="$GH_API/repos/$owner/$repo"
+
+# shellcheck disable=SC2154
+AUTH="Authorization: token $github_api_token"
+
+# github_api_token=$GH_TOKEN owner=meriadec repo=ledger-live-desktop tag=v1.2.2 filename=./dist/electron-builder-debug.yml
+LATEST_RELEASE_ID=$(curl -sH "$AUTH" "$GH_API/repos/meriadec/ledger-live-desktop/releases" | grep '"id":' | head -n 1 | sed -E 's/.*: (.*),/\1/')
+
+# Validate token.
+curl -o /dev/null -sH "$AUTH" "$GH_REPO" || { echo "Error: Invalid repo, token or network issue!";  exit 1; }
+
+# Get ID of the asset based on given filename.
+# shellcheck disable=SC2154
+[ "$LATEST_RELEASE_ID" ] || { echo "Error: Failed to get release id"; exit 1; }
+
+# Upload asset
+echo "Uploading asset... "
+
+# Construct url
+# shellcheck disable=SC2154
+GH_ASSET="https://uploads.github.com/repos/$owner/$repo/releases/$LATEST_RELEASE_ID/assets?name=$(basename "$filename")"
+
+curl --data-binary @"$filename" -H "Authorization: token $github_api_token" -H "Content-Type: application/octet-stream" "$GH_ASSET"