Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
electron-installer-redhat
Advanced tools
Create a Red Hat package for your Electron app.
This tool requires Node 10 or greater and rpmbuild
4.13 or greater to build the .rpm
package.
Note: RPM 4.13.0 or greater is required due to the boolean dependency feature.
On Fedora you can do something like this:
$ sudo dnf install rpm-build
While on Debian/Ubuntu you'll need to do this instead:
$ sudo apt-get install rpm
For use from command-line:
$ npm install -g electron-installer-redhat
For use in npm scripts or programmatically:
$ npm install --save-dev electron-installer-redhat
Say your Electron app lives in path/to/app
, and has a structure like this:
.
├── LICENSE
├── README.md
├── node_modules
│ ├── electron-packager
│ └── electron
├── package.json
├── resources
│ ├── Icon.png
│ ├── IconTemplate.png
│ └── IconTemplate@2x.png
└── src
├── index.js
├── main
│ └── index.js
└── renderer
├── index.html
└── index.js
You now run electron-packager
to build the app for Red Hat:
$ electron-packager . app --platform linux --arch x64 --out dist/
And you end up with something like this in your dist
folder:
.
└── dist
└── app-linux-x64
├── LICENSE
├── LICENSES.chromium.html
├── content_shell.pak
├── app
├── icudtl.dat
├── libgcrypt.so.11
├── libnode.so
├── locales
├── natives_blob.bin
├── resources
├── snapshot_blob.bin
└── version
How do you turn that into a Red Hat package that your users can install?
If you want to run electron-installer-redhat
straight from the command-line, install the package globally:
$ npm install -g electron-installer-redhat
And point it to your built app:
$ electron-installer-redhat --src dist/app-linux-x64/ --dest dist/installers/ --arch x86_64
You'll end up with the package at dist/installers/app-0.0.1-1.x86_64.rpm
.
If you want to run electron-installer-redhat
through npm, install the package locally:
$ npm install --save-dev electron-installer-redhat
Edit the scripts
section of your package.json
:
{
"name": "app",
"description": "An awesome app!",
"version": "0.0.1",
"scripts": {
"start": "electron .",
"build": "electron-packager . app --platform linux --arch x64 --out dist/",
"rpm64": "electron-installer-redhat --src dist/app-linux-x64/ --dest dist/installers/ --arch x86_64"
},
"devDependencies": {
"electron-installer-redhat": "*",
"electron-packager": "*",
"electron-prebuilt": "*"
}
}
And run the script:
$ npm run rpm64
You'll end up with the package at dist/installers/app-0.0.1-1.x86_64.rpm
.
Install the package locally:
$ npm install --save-dev electron-installer-redhat
And write something like this:
const installer = require('electron-installer-redhat')
const options = {
src: 'dist/app-linux-x64/',
dest: 'dist/installers/',
arch: 'x86_64'
}
async function main (options) {
console.log('Creating package (this may take a while)')
try {
await installer(options)
console.log(`Successfully created package at ${options.dest}`)
} catch (err) {
console.error(err, err.stack)
process.exit(1)
}
}
main(options)
You'll end up with the package at dist/installers/app-0.0.1-1.x86_64.rpm
.
Note: As of 2.0.0, the Node-style callback pattern is no longer available. You can use util.callbackify
if this is required for your use case.
Even though you can pass most of these options through the command-line interface, it may be easier to create a configuration file:
{
"dest": "dist/installers/",
"icon": "resources/Icon.png",
"categories": [
"Utility"
]
}
And pass that instead with the config
option:
$ electron-installer-redhat --src dist/app-linux-x64/ --arch x86_64 --config config.json
Anyways, here's the full list of options:
Type: String
Default: undefined
Path to the folder that contains your built Electron application.
Type: String
Default: undefined
Path to the folder that will contain your Red Hat installer.
Type: Function
Default: function (dest, src) { return path.join(dest, src); }
Function that renames all files generated by the task just before putting them in your dest
folder.
Type: String
Default: package.name
Name of the package (e.g. atom
), used in the Name
field of the spec
file.
Type: String
Default: package.productName || package.name
Name of the application (e.g. Atom
), used in the Name
field of the desktop
specification.
Type: String
Default: package.genericName || package.productName || package.name
Generic name of the application (e.g. Text Editor
), used in the GenericName
field of the desktop
specification.
Type: String
Default: package.description
Short, one-line description of the application; do not end with a period.
Used in the Summary
field of the spec
file.
Type: String
Default: package.productDescription || package.description
Long description of the application, used in the %description
tag of the spec
file.
Type: String
Default: package.version
Version number of the package, used in the Version
field of the spec
file.
Type: String
Default: package.revision || 1
Revision number of the package, used in the Release
field of the spec
file.
Type: String
Default: package.license
License of the package, used in the License
field of the spec
file.
Type: String
Default: undefined
Machine architecture the package is targeted to, used to set the --target
option.
Type: String
Default: Operating system platform of the host machine. For possible values see Node.js process.platform
Operating system platform the package is targeted to, used to set the --target
option.
Type: Array[String]
Default: The minimum list of packages needed for Electron to run
Packages that are required when the program starts, used in the Requires
field of the spec
file.
All user requirements will be appended to the default array of requirements, and any duplicates will be removed.
Type: String
Default: package.homepage || package.author.url
URL of the homepage for the package, used in the URL
field of the spec
specification.
Type: Number
Default: 2
Package compression level, from 0
to 9
.
Type: String
Default: package.name
Relative path to the executable that will act as binary for the application, used in the Exec
field of the desktop
specification.
The generated package will contain a symlink /usr/bin/<%= options.name %>
pointing to the path provided here.
For example, providing this configuration:
{
src: '...',
dest: '...',
name: 'foo',
bin: 'resources/cli/launcher.sh'
}
Will create a package with the following symlink:
usr/bin/foo@ -> ../share/foo/resources/cli/launcher/sh
And a desktop specification with the following Exec
key:
Exec=foo %U
Type: Array[String]
Default: []
Command-line arguments to pass to the executable. Will be added to the Exec
field of the desktop
specification.
Type: String
or Object[String:String]
Default: undefined
Path to a single image that will act as icon for the application:
{
icon: 'resources/Icon.png'
}
Or multiple images with their corresponding resolutions:
{
icon: {
'48x48': 'resources/Icon48.png',
'64x64': 'resources/Icon64.png',
'128x128': 'resources/Icon128.png',
'256x256': 'resources/Icon256.png',
'scalable': 'resources/Icon.svg',
'symbolic': 'resources/Icon-symbolic.svg',
}
}
Per the icon theme specification, image files must either PNGs or SVGs. The SVG format can only be used for the scalable
or symbolic
resolutions.
Type: Array[String]
Default: []
Categories in which the application should be shown in a menu, used in the Categories
field of the desktop
specification.
For possible values check out the Desktop Menu Specification.
Type: Array[String]
Default: []
MIME types the application is able to open, used in the MimeType
field of the desktop
specification.
If this option is specified, make sure to run update-desktop-database &> /dev/null
as part of the post
and postun
scripts to refresh the cached database of MIME types.
Type: Object[String:String]
Default: undefined
Path to installation scripts with their corresponding name. The files contents will be added to the spec file.
{
scripts: {
'pre': 'resources/pre_script',
'post': 'resources/post_script',
'preun': 'resources/preun_script',
'postun': 'resources/postun_script'
}
}
Type: String
Default: resources/desktop.ejs
The absolute path to a custom template for the generated FreeDesktop.org desktop entry file.
git clone git://github.com/electron-userland/electron-installer-redhat.git
Copyright (c) 2016 Daniel Perez Alvarez (unindented.org). This is free software, and may be redistributed under the terms specified in the LICENSE file.
FAQs
Create a Red Hat package for your Electron app.
The npm package electron-installer-redhat receives a total of 35,984 weekly downloads. As such, electron-installer-redhat popularity was classified as popular.
We found that electron-installer-redhat demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 7 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.