Compare commits

...

1 Commits

Author SHA1 Message Date
Samuel Attard
5cce352fb5 docs: document windows asar integrity 2024-03-28 09:50:12 -07:00

View File

@@ -7,19 +7,23 @@ hide_title: false
## Platform Support
Currently ASAR integrity checking is only supported on macOS.
Currently ASAR integrity checking is supported on:
* macOS as of Electron `>=16.0.0`
* Windows as of Electron `>=30.0.0`
## Requirements
### Electron Forge / Electron Packager
If you are using `>= @electron/packager`, `>= electron-packager@15.4.0` or `>= @electron-forge/core@6.0.0-beta.61` then all these requirements are met for you automatically and you can skip to [Toggling the Fuse](#toggling-the-fuse).
If you are using `>= electron-packager@18.3.1` or `>= @electron-forge/core@7.4.0` then all these requirements are met for you automatically and you can skip to [Toggling the Fuse](#toggling-the-fuse).
### Other build systems
In order to enable ASAR integrity checking you need to ensure that your `app.asar` file was generated by a version of the `asar` npm package that supports asar integrity. Support was introduced in version `3.1.0`.
Your must then populate a valid `ElectronAsarIntegrity` dictionary block in your packaged apps `Info.plist`. An example is included below.
### macOS
When packaging for macOS you must populate a valid `ElectronAsarIntegrity` dictionary block in your packaged apps `Info.plist`. An example is included below.
```plist
<key>ElectronAsarIntegrity</key>
@@ -36,6 +40,19 @@ Your must then populate a valid `ElectronAsarIntegrity` dictionary block in your
Valid `algorithm` values are currently `SHA256` only. The `hash` is a hash of the ASAR header using the given algorithm. The `asar` package exposes a `getRawHeader` method whose result can then be hashed to generate this value.
### Windows
When packaging for Windows you must populate a valid resource entry of type `Integrity` and name `ElectronAsar`. The value of this resource should be a JSON encoded dictionary in the form included below:
```json
{
"resources/app.asar": {
"algorithm": "SHA256",
"hash": "9d1f61ea03c4bb62b4416387a521101b81151da0cfbe18c9f8c8b818c5cebfac"
}
}
```
## Toggling the Fuse
ASAR integrity checking is currently disabled by default and can be enabled by toggling a fuse. See [Electron Fuses](fuses.md) for more information on what Electron Fuses are and how they work. When enabling this fuse you typically also want to enable the `onlyLoadAppFromAsar` fuse otherwise the validity checking can be bypassed via the Electron app code search path.