feat: support completely custom AppxManifest.xml #8609
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
🦋 Changeset detectedLatest commit: 7f59a95 The changes in this PR will be included in the next version bump. This PR includes changesets to release 8 packages
Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
|
Thanks for the contribution! 🙂 This functionality should already exist in an electron-builder electron-builder/packages/app-builder-lib/src/configuration.ts Lines 343 to 346 in 74d98d8 |
|
@mmaietta It is very confusing - I don't see how I think the PR should offer a way to replace two types of manifests, one just like the default, that has template variables and one raw XML - as is, no interpolation at all. So that const manifestFile = this.options.customManifestPath || stageDir.getTempFile("AppxManifest.xml")
await this.writeManifest(manifestFile, arch, await this.computePublisherName(), userAssets)But I don't know how distinguish between raw and template based one. |
|
I think I got it, but let's say we have this So to support such a thing, the original template namespaces must be extended, plus new expressions for extensions. If one would have direct template access, he could just
xmlns:desktop2="http://schemas.microsoft.com/appx/manifest/desktop/windows10/2"
<Extensions>
<desktop2:Extension Category="windows.firewallRules">
<desktop2:FirewallRules>
<desktop2:Rule Direction="in" Protocol="TCP" LocalPortMin="22022" LocalPortMax="24044" Profile="all" Action="allow" />
</desktop2:FirewallRules>
</desktop2:Extension>
</Extensions>With the existing hook, I came up to this - it does the job, but it is horrendous appxManifestCreated: async (appxPath) => {
const manifest = await xml2js.parseStringPromise(fs.readFileSync(appxPath, "utf8").toString());
manifest.Package.$["xmlns:desktop2"] = "http://schemas.microsoft.com/appx/manifest/desktop/windows10/2";
const application = manifest.Package.Applications[0].Application[0];
application.Extensions = application.Extensions || [];
application.Extensions.push({
"desktop2:Extension": {
$: {
Category: "windows.fileTypeAssociation",
},
"desktop2:FirewallRules": {
"desktop2:Rule": {
$: {
Direction: "in",
Profile: "private",
Protocol: "TCP",
LocalPortMin: "22022",
LocalPortMax: "24044",
Action: "allow",
},
},
},
},
});
const builder = new xml2js.Builder();
const manifestDocument = builder.buildObject(manifest);
fs.writeFileSync(appxPath, manifestDocument);
} |
|
Ohhhh I see, you want to be able to provide a custom AppxManifest that allows for both template or raw. The hook only allows to replace the file with a raw manifest.
What if we allow both? Let the Related note, I'll also need two unit test cases written for this functionality if we go with that approach ☝️ . One with a raw manifest, and the other with a template manifest. I'm happy to help contribute to this PR by writing the unit tests, but I'll need both manifests from you committed to this branch first for me to build on top of 😄 |
|
That's great Here it is a manifest that totally works for my project https://container-desktop.com <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<Package xmlns="http://schemas.microsoft.com/appx/manifest/foundation/windows10" xmlns:uap="http://schemas.microsoft.com/appx/manifest/uap/windows10" xmlns:desktop="http://schemas.microsoft.com/appx/manifest/desktop/windows10" xmlns:rescap="http://schemas.microsoft.com/appx/manifest/foundation/windows10/restrictedcapabilities" xmlns:desktop2="http://schemas.microsoft.com/appx/manifest/desktop/windows10/2">
<Identity Name="IonutStoica.ContainerDesktop" ProcessorArchitecture="x64" Publisher="CN=52408AA8-2ECC-4E48-9A2C-6C1F69841C79" Version="5.2.13.0"/>
<Properties>
<DisplayName>Container Desktop</DisplayName>
<PublisherDisplayName>Ionut.Stoica</PublisherDisplayName>
<Description>Container Desktop</Description>
<Logo>assets\StoreLogo.png</Logo>
</Properties>
<Resources>
<Resource Language="en-US"/>
</Resources>
<Dependencies>
<TargetDeviceFamily Name="Windows.Desktop" MinVersion="10.0.18362.0" MaxVersionTested="10.0.18362.0"/>
</Dependencies>
<Capabilities>
<Capability Name="internetClient"/>
<Capability Name="privateNetworkClientServer"/>
<rescap:Capability Name="runFullTrust"/>
</Capabilities>
<Applications>
<Application Id="IonutStoica.ContainerDesktop" Executable="app\Container Desktop.exe" EntryPoint="Windows.FullTrustApplication">
<uap:VisualElements BackgroundColor="#464646" DisplayName="Container Desktop" Square150x150Logo="assets\Square150x150Logo.png" Square44x44Logo="assets\Square44x44Logo.png" Description="Container Desktop">
<uap:DefaultTile Wide310x150Logo="assets\Wide310x150Logo.png" Square310x310Logo="assets\LargeTile.png" Square71x71Logo="assets\SmallTile.png"/>
</uap:VisualElements>
</Application>
</Applications>
<Extensions>
<desktop2:Extension Category="windows.firewallRules">
<desktop2:FirewallRules Executable="app\bin\container-desktop-ssh-relay.exe">
<desktop2:Rule Direction="in" Profile="private" IPProtocol="TCP" LocalPortMin="22022" LocalPortMax="24044"/>
</desktop2:FirewallRules>
</desktop2:Extension>
</Extensions>
</Package>To generate this manifest with the hook, I had to do this: appxManifestCreated: async (appxPath) => {
const manifest = await xml2js.parseStringPromise(fs.readFileSync(appxPath, "utf8").toString());
manifest.Package.$["xmlns:uap"] = "http://schemas.microsoft.com/appx/manifest/uap/windows10";
manifest.Package.$["xmlns:desktop"] = "http://schemas.microsoft.com/appx/manifest/desktop/windows10";
manifest.Package.$["xmlns:desktop2"] = "http://schemas.microsoft.com/appx/manifest/desktop/windows10/2";
manifest.Package.Capabilities = [
[
{ Capability: { $: { Name: "internetClient" } } },
{ Capability: { $: { Name: "privateNetworkClientServer" } } },
{ "rescap:Capability": { $: { Name: "runFullTrust" } } },
],
];
manifest.Package.Extensions = manifest.Package.Extensions || [];
manifest.Package.Extensions.push({
"desktop2:Extension": {
$: {
Category: "windows.firewallRules",
},
"desktop2:FirewallRules": {
$: {
Executable: "app\\bin\\container-desktop-ssh-relay.exe",
},
"desktop2:Rule": {
$: {
Direction: "in",
Profile: "private",
IPProtocol: "TCP",
LocalPortMin: "22022",
LocalPortMax: "24044",
},
},
},
},
});
const builder = new xml2js.Builder();
const manifestDocument = builder.buildObject(manifest);
fs.writeFileSync(appxPath, manifestDocument);
}Because of the use of You can close the ticket and not do anything if we can somehow improve just the documentation on how to use the custom hook with good examples as above as it touches all points. Basically |
|
Thanks! Alrighty, I can take it from here if you'd like (unless you have commits to still push 🙂 ) Thoughts on having the manifest default to reading from the Resources dir unless it's an absolute path? |
|
Nothing more to add, go for it, thank you so much! |
…build resources directory. added unit tests
|
@iongion PR is ready but I need the snapshots regenerated for it as I can't build the AppX on my mac M2. |
|
Just did, it needs some changes
pnpm compile && cross-env UPDATE_SNAPSHOT=true TEST_FILES=appxTest pnpm ci:test
<desktop2:FirewallRules Executable="${executable}">
<desktop2:Rule Direction="in" Profile="private" IPProtocol="TCP" LocalPortMin="22022" LocalPortMax="24044"/>
</desktop2:FirewallRules>
<desktop2:FirewallRules Executable="app\\Test App ßW.exe">
<desktop2:Rule Direction="in" Profile="private" IPProtocol="TCP" LocalPortMin="22022" LocalPortMax="24044"/>
</desktop2:FirewallRules>
$env:SIGNTOOL_PATH="C:\Program Files (x86)\Windows Kits\10\bin\10.0.19041.0\x64\signtool.exe"
pnpm compile && cross-env UPDATE_SNAPSHOT=true TEST_FILES=appxTest pnpm ci:testNow all tests pass NOTE - If using the bundled signtool, then the tests will fail because of thisJust a FYI, there is another tool to sign windows executables, which works on all operating systems - https://ebourg.github.io/jsign/ but it is java based |
|
So I don't seem to be running into any issue with signtool, rather it's something wrong with the template manifest (probably why allowing a custom one was never previously implemented since the error messages are so obscure. Can you take a look at |
|
@iongion are you willing to try this out in an alpha release of electron-builder or do you need the electron-builder version be in GA (non-alpha)? |
beyondkmp
reviewed
Nov 24, 2024
This was referenced Dec 27, 2024
mmaietta
pushed a commit
that referenced
this pull request
Jan 26, 2025
## 26.0.0 ### Major Changes - [#8782](#8782) [`633490cb`](633490c) Thanks [@mmaietta](https://github.com/mmaietta)! - fix: removing conditional logic that would build HFS+ dmg on non-arm64 macs as HFS+ was sunset in macos 15.2 - [#8582](#8582) [`6a9597b4`](6a9597b) Thanks [@mmaietta](https://github.com/mmaietta)! - chore: remove deprecated fields from `winOptions` and `macOptions`. (For `winOptions` signing configuration, it has been moved to `win.signtoolOptions` in order to support `azureOptions` as a separate field and avoid bloating `win` configuration object. For `macOptions`, notarize options has been deprecated in favor of env vars for quite some time. Env vars are much more secure) - [#8572](#8572) [`0dbe357a`](0dbe357) Thanks [@mmaietta](https://github.com/mmaietta)! - feat: allowing additional entries in .desktop file, such as `[Desktop Actions <actionName>]`. Requires changing configuration `desktop` property to object to be more extensible in the future - [#8562](#8562) [`b8185d48`](b8185d4) Thanks [@beyondkmp](https://github.com/beyondkmp)! - support including node_modules in other subdirectories ### Minor Changes - [#8787](#8787) [`cdf18d9a`](cdf18d9) Thanks [@mmaietta](https://github.com/mmaietta)! - feat: add `pwsh` detection to enable azure trusted signing within docker image - [#8711](#8711) [`6f0fb8e4`](6f0fb8e) Thanks [@hrueger](https://github.com/hrueger)! - Add `host` property to support self-hosted Keygen instances - [#8636](#8636) [`88cc0b06`](88cc0b0) Thanks [@mmaietta](https://github.com/mmaietta)! - feat: add support for AppArmor with template profile and configuration property - [#8609](#8609) [`d672b04b`](d672b04) Thanks [@iongion](https://github.com/iongion)! - feat: support completely custom AppxManifest.xml - [#8607](#8607) [`f123628c`](f123628) Thanks [@mmaietta](https://github.com/mmaietta)! - feat: allow disabling of building a universal windows installer - [#8588](#8588) [`8434e10d`](8434e10) Thanks [@mmaietta](https://github.com/mmaietta)! - feat: adding integration with @electron/fuses - [#8570](#8570) [`c8484305`](c848430) Thanks [@mmaietta](https://github.com/mmaietta)! - feat: migrate to official `electron/asar` packaging - [#8525](#8525) [`13f55a3e`](13f55a3) Thanks [@mmaietta](https://github.com/mmaietta)! - feat: migrate `electronDist` to be an electron-builder `Hook` - [#8394](#8394) [`ae9221d9`](ae9221d) Thanks [@xyloflake](https://github.com/xyloflake)! - feat: Implement autoupdates for pacman - [#8741](#8741) [`eacbbf59`](eacbbf5) Thanks [@0xlau](https://github.com/0xlau)! - Add `forcePathStyle` option to S3Options ### Patch Changes - [#8575](#8575) [`dfa35c32`](dfa35c3) Thanks [@doctolivier](https://github.com/doctolivier)! - chore(deps): update @electron/rebuild to v3.7.0 - [#8576](#8576) [`3eab7143`](3eab714) Thanks [@beyondkmp](https://github.com/beyondkmp)! - fix: packages in the workspace not being under node_modules - [#8577](#8577) [`e9eef0c1`](e9eef0c) Thanks [@mmaietta](https://github.com/mmaietta)! - fix: add additional default exclusions to copy logic - [#8596](#8596) [`e0b0e351`](e0b0e35) Thanks [@mmaietta](https://github.com/mmaietta)! - chore: refactor files for publishing to electron-publish - [#8601](#8601) [`215fc36b`](215fc36) Thanks [@mmaietta](https://github.com/mmaietta)! - Revert "fix(win): use appInfo description as primary entry for FileDescription" to resolve [#8599](#8599) - [#8603](#8603) [`712a8bce`](712a8bc) Thanks [@mmaietta](https://github.com/mmaietta)! - fix: checking relative path without separator as that doesn't work on Windows - [#8604](#8604) [`d4ea0d99`](d4ea0d9) Thanks [@beyondkmp](https://github.com/beyondkmp)! - chore(deps): update app-builder-bin to 5.0.0-alpha.11 - [#8606](#8606) [`a0e635c1`](a0e635c) Thanks [@mmaietta](https://github.com/mmaietta)! - fix: add quotes to surround file path during azure signing to handle files with spaces - [#8627](#8627) [`2a3195d9`](2a3195d) Thanks [@mmaietta](https://github.com/mmaietta)! - fix: add rfc3161 timestamp entry as default for azure signing to resolve Windows Defender alert - [#8631](#8631) [`dcd91a1f`](dcd91a1) Thanks [@olivereisenhut](https://github.com/olivereisenhut)! - fix: Remove path from published binaries - [#8632](#8632) [`645e2abd`](645e2ab) Thanks [@mmaietta](https://github.com/mmaietta)! - fix: only sign concurrently when using local signtool. azure can't be in parallel due to resources being locked during usage - [#8637](#8637) [`667ab2f8`](667ab2f) Thanks [@mmaietta](https://github.com/mmaietta)! - chore: migrate default recommends and default depends for fpm from app-builder-bin to JS code - [#8645](#8645) [`f4d40f91`](f4d40f9) Thanks [@beyondkmp](https://github.com/beyondkmp)! - fix: smart unpack for local module with dll - [#8653](#8653) [`796e1a07`](796e1a0) Thanks [@IsaacAderogba](https://github.com/IsaacAderogba)! - fix: cscIKeyPassword must support empty string arguments - [#8654](#8654) [`9e11358f`](9e11358) Thanks [@mmaietta](https://github.com/mmaietta)! - fix: check ResolvedFileSet src when verifying symlinks to be within project directory - [#8661](#8661) [`6a294c97`](6a294c9) Thanks [@t3chguy](https://github.com/t3chguy)! - chore: remove stale handler for `extend-info` in electronMac plist creation - [#8689](#8689) [`1d7f87c1`](1d7f87c) Thanks [@Lemonexe](https://github.com/Lemonexe)! - fix(win): corrupt asar integrity file path on crossplatform build - [#8693](#8693) [`6a6bed46`](6a6bed4) Thanks [@renovate](https://github.com/apps/renovate)! - fix(deps): update dependency cross-spawn to v7.0.5 [security] - [#8714](#8714) [`66334502`](6633450) Thanks [@kttmv](https://github.com/kttmv)! - chore: Remove informal Russian messages in the NSIS installer - [#8715](#8715) [`4c394d54`](4c394d5) Thanks [@beyondkmp](https://github.com/beyondkmp)! - fix: does not work with NPM workspaces - [#8717](#8717) [`9381513d`](9381513) Thanks [@beyondkmp](https://github.com/beyondkmp)! - fix(deps): update dependency eslint to v9.16.0 [security] - [#8783](#8783) [`a5558e33`](a5558e3) Thanks [@mmaietta](https://github.com/mmaietta)! - chore(deps): upgrade cross spawn 7.0.6 - [#8805](#8805) [`c6d6b6e5`](c6d6b6e) Thanks [@mmaietta](https://github.com/mmaietta)! - fix: ASAR files in extraResources are not included in integrity calculations - [`a1ee0419`](a1ee041) Thanks [@mmaietta](https://github.com/mmaietta)! - fix: use FileCopier for copying files and queue creation of symlinks ## electron-updater 6.4.0 ### Minor Changes - [#8711](#8711) [`6f0fb8e4`](6f0fb8e) Thanks [@hrueger](https://github.com/hrueger)! - Add `host` property to support self-hosted Keygen instances - [#8633](#8633) [`96f5c3eb`](96f5c3e) Thanks [@mmaietta](https://github.com/mmaietta)! - feat(updater): allow usage of `autoRunAppAfterInstall` on mac updater - [#8394](#8394) [`ae9221d9`](ae9221d) Thanks [@xyloflake](https://github.com/xyloflake)! - feat: Implement autoupdates for pacman ### Patch Changes - [#8802](#8802) [`4a68fd2d`](4a68fd2) Thanks [@erijo](https://github.com/erijo)! - fix(linux): AppImage update fails when filename contains spaces - [#8623](#8623) [`cfa67c01`](cfa67c0) Thanks [@DamonYu6](https://github.com/DamonYu6)! - fix: copyFileSync operation will block the main thread - [#8695](#8695) [`819eff7b`](819eff7) Thanks [@peter-sanderson](https://github.com/peter-sanderson)! - fix: respect `disableDifferentialDownload` flag for AppImage
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
PR tries to give total control over the manifest to the users.
To provide mitigation for issues like