From 9203abe6c964dce9cc9140c218fb00fa4776efa3 Mon Sep 17 00:00:00 2001
From: Michael Telatynski <7t3chguy@gmail.com>
Date: Mon, 3 Feb 2025 08:30:37 +0000
Subject: [PATCH] Enable fuse EnableEmbeddedAsarIntegrityValidation (#1979)

---
 electron-builder.ts | 32 +++++++++++++++++++++++++++++---
 package.json        |  1 +
 2 files changed, 30 insertions(+), 3 deletions(-)

diff --git a/electron-builder.ts b/electron-builder.ts
index a34a128a..d4c337f4 100644
--- a/electron-builder.ts
+++ b/electron-builder.ts
@@ -1,6 +1,10 @@
 import * as os from "node:os";
 import * as fs from "node:fs";
-import { Configuration as BaseConfiguration } from "electron-builder";
+import * as path from "node:path";
+import * as plist from "plist";
+import { AfterPackContext, Arch, Configuration as BaseConfiguration, Platform } from "electron-builder";
+import { computeData } from "app-builder-lib/out/asar/integrity";
+import { readFile, writeFile } from "node:fs/promises";
 
 /**
  * This script has different outputs depending on your os platform.
@@ -42,6 +46,26 @@ interface Configuration extends BaseConfiguration {
     } & BaseConfiguration["deb"];
 }
 
+async function injectAsarIntegrity(context: AfterPackContext) {
+    const packager = context.packager;
+
+    // We only need to re-generate asar on universal Mac builds, due to https://github.com/electron/universal/issues/116
+    if (packager.platform !== Platform.MAC || context.arch !== Arch.universal) return;
+
+    const resourcesPath = packager.getResourcesDir(context.appOutDir);
+    const asarIntegrity = await computeData({
+        resourcesPath,
+        resourcesRelativePath: "Resources",
+        resourcesDestinationPath: resourcesPath,
+        extraResourceMatchers: [],
+    });
+
+    const plistPath = path.join(resourcesPath, "..", "Info.plist");
+    const data = plist.parse(await readFile(plistPath, "utf8")) as unknown as Writable<plist.PlistObject>;
+    data["ElectronAsarIntegrity"] = asarIntegrity as unknown as Writable<plist.PlistValue>;
+    await writeFile(plistPath, plist.build(data));
+}
+
 /**
  * @type {import('electron-builder').Configuration}
  * @see https://www.electron.build/configuration/configuration
@@ -64,8 +88,10 @@ const config: Omit<Writable<Configuration>, "electronFuses"> & {
         resetAdHocDarwinSignature: !process.env.APPLE_TEAM_ID,
 
         loadBrowserProcessSpecificV8Snapshot: false,
-        // https://github.com/electron/fuses/issues/7
-        enableEmbeddedAsarIntegrityValidation: false,
+        enableEmbeddedAsarIntegrityValidation: true,
+    },
+    afterPack: async (context: AfterPackContext) => {
+        await injectAsarIntegrity(context);
     },
     files: [
         "package.json",
diff --git a/package.json b/package.json
index 8dcd0bc3..046d38c1 100644
--- a/package.json
+++ b/package.json
@@ -105,6 +105,7 @@
         "matrix-web-i18n": "^3.2.1",
         "mkdirp": "^3.0.0",
         "pacote": "^21.0.0",
+        "plist": "^3.1.0",
         "prettier": "^3.0.0",
         "rimraf": "^6.0.0",
         "tar": "^7.0.0",