Patch app-builder-lib to save win asar integrity

package.json

@@ -320,6 +320,7 @@
     "pngjs": "7.0.0",
     "prettier": "2.8.0",
     "protobufjs-cli": "1.1.1",
+    "resedit": "2.0.2",
     "resolve-url-loader": "5.0.0",
     "sass": "1.49.7",
     "sass-loader": "10.2.0",

patches/app-builder-lib+24.6.3.patch

@@ -70,6 +70,73 @@ index 7f37444..1a85145 100644
 +}
  //# sourceMappingURL=asarUtil.js.map
 \ No newline at end of file
+diff --git a/node_modules/app-builder-lib/out/electron/ElectronFramework.js b/node_modules/app-builder-lib/out/electron/ElectronFramework.js
+index 2b09620..a469506 100644
+--- a/node_modules/app-builder-lib/out/electron/ElectronFramework.js
++++ b/node_modules/app-builder-lib/out/electron/ElectronFramework.js
+@@ -9,6 +9,7 @@ const path = require("path");
+ const index_1 = require("../index");
+ const pathManager_1 = require("../util/pathManager");
+ const electronMac_1 = require("./electronMac");
++const electronWin_1 = require("./electronWin");
+ const electronVersion_1 = require("./electronVersion");
+ const fs = require("fs/promises");
+ const injectFFMPEG_1 = require("./injectFFMPEG");
+@@ -39,6 +40,9 @@ async function beforeCopyExtraFiles(options) {
+     else if (packager.platform === index_1.Platform.WINDOWS) {
+         const executable = path.join(appOutDir, `${packager.appInfo.productFilename}.exe`);
+         await (0, fs_extra_1.rename)(path.join(appOutDir, `${electronBranding.projectName}.exe`), executable);
++        if (options.asarIntegrity) {
++            await (0, electronWin_1.addWinAsarIntegrity)(executable, options.asarIntegrity);
++        }
+     }
+     else {
+         await (0, electronMac_1.createMacApp)(packager, appOutDir, options.asarIntegrity, options.platformName === "mas");
+diff --git a/node_modules/app-builder-lib/out/electron/electronWin.js b/node_modules/app-builder-lib/out/electron/electronWin.js
+new file mode 100644
+index 0000000..f198807
+--- /dev/null
++++ b/node_modules/app-builder-lib/out/electron/electronWin.js
+@@ -0,0 +1,39 @@
++"use strict";
++Object.defineProperty(exports, "__esModule", { value: true });
++exports.addWinAsarIntegrity = void 0;
++const promises_1 = require("fs/promises");
++const cjs_1 = require("resedit/cjs");
++const builder_util_1 = require("builder-util");
++/** @internal */
++async function addWinAsarIntegrity(executablePath, asarIntegrity) {
++    const resedit = await (0, cjs_1.load)();
++    const buffer = await (0, promises_1.readFile)(executablePath);
++    const executable = resedit.NtExecutable.from(buffer);
++    const resource = resedit.NtExecutableResource.from(executable);
++    const versionInfo = resedit.Resource.VersionInfo.fromEntries(resource.entries);
++    if (versionInfo.length !== 1) {
++        throw new Error(`Failed to parse version info in ${executablePath}`);
++    }
++    const languages = versionInfo[0].getAllLanguagesForStringValues();
++    if (languages.length !== 1) {
++        throw new Error(`Failed to locate languages in ${executablePath}`);
++    }
++    // See: https://github.com/electron/packager/blob/00d20b99cf4aa4621103dbbd09ff7de7d2f7f539/src/resedit.ts#L124
++    const integrityList = Array.from(Object.entries(asarIntegrity)).map(([file, { algorithm: alg, hash: value }]) => ({
++        file,
++        alg,
++        value,
++    }));
++    resource.entries.push({
++        type: "INTEGRITY",
++        id: "ELECTRONASAR",
++        bin: Buffer.from(JSON.stringify(integrityList)),
++        lang: languages[0].lang,
++        codepage: languages[0].codepage,
++    });
++    resource.outputResource(executable);
++    await (0, promises_1.writeFile)(executablePath, Buffer.from(executable.generate()));
++    builder_util_1.log.info({ executablePath }, "updating asar integrity executable resource");
++}
++exports.addWinAsarIntegrity = addWinAsarIntegrity;
++//# sourceMappingURL=electronWin.js.map
 diff --git a/node_modules/app-builder-lib/out/macPackager.js b/node_modules/app-builder-lib/out/macPackager.js
 index 9df12c4..465ffa3 100644
 --- a/node_modules/app-builder-lib/out/macPackager.js

ts/scripts/fuse-electron.ts

@@ -43,9 +43,9 @@ export async function afterPack({
     [FuseV1Options.EnableNodeOptionsEnvironmentVariable]: false,
     // Disables the --inspect and --inspect-brk family of CLI options
     [FuseV1Options.EnableNodeCliInspectArguments]: enableInspectArguments,
-    // Enables validation of the app.asar archive on macOS
+    // Enables validation of the app.asar archive on macOS/Windows
     [FuseV1Options.EnableEmbeddedAsarIntegrityValidation]:
-      electronPlatformName === 'darwin',
+      electronPlatformName === 'darwin' || electronPlatformName === 'win32',
     // Enforces that Electron will only load your app from "app.asar" instead of
     // its normal search paths
     [FuseV1Options.OnlyLoadAppFromAsar]: true,

yarn.lock

@@ -16101,6 +16101,11 @@ pathval@^1.1.1:
   resolved "https://registry.yarnpkg.com/pathval/-/pathval-1.1.1.tgz#8534e77a77ce7ac5a2512ea21e0fdb8fcf6c3d8d"
   integrity sha512-Dp6zGqpTdETdR63lehJYPeIOqpiNBNtc7BpWSLrOje7UaIsE5aY92r/AunQA7rsXvet3lrJ3JnZX29UPTKXyKQ==
 
+pe-library@^1.0.1:
+  version "1.0.1"
+  resolved "https://registry.yarnpkg.com/pe-library/-/pe-library-1.0.1.tgz#02735430885a622576a53cd8827658b7d2fada0e"
+  integrity sha512-nh39Mo1eGWmZS7y+mK/dQIqg7S1lp38DpRxkyoHf0ZcUs/HDc+yyTjuOtTvSMZHmfSLuSQaX945u05Y2Q6UWZg==
+
 peek-stream@^1.1.0:
   version "1.1.3"
   resolved "https://registry.yarnpkg.com/peek-stream/-/peek-stream-1.1.3.tgz#3b35d84b7ccbbd262fff31dc10da56856ead6d67"
@@ -17757,6 +17762,13 @@ requizzle@^0.2.3:
   dependencies:
     lodash "^4.17.21"
 
+resedit@2.0.2:
+  version "2.0.2"
+  resolved "https://registry.yarnpkg.com/resedit/-/resedit-2.0.2.tgz#875adfb3eb975e27e4d0bec1214b8ccc37509d5d"
+  integrity sha512-UKTnq602iVe+W5SyRAQx/WdWMnlDiONfXBLFg/ur4QE4EQQ8eP7Jgm5mNXdK12kKawk1vvXPja2iXKqZiGDW6Q==
+  dependencies:
+    pe-library "^1.0.1"
+
 reselect@4.1.2:
   version "4.1.2"
   resolved "https://registry.yarnpkg.com/reselect/-/reselect-4.1.2.tgz#7bf642992d143d4f3b0f2dca8aa52018808a1d51"