rms/claude-desktop-debian
1
0
Fork 0
mirror of https://github.com/aaddrick/claude-desktop-debian.git synced 2026-05-17 00:26:21 +03:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #595 from JoshuaVlantis/fix/rpm-suid-attr-539

Browse Source 
fix(rpm): set chrome-sandbox suid via %attr instead of %post chmod
This commit is contained in:
Aaddrick
2026-05-14 06:37:04 -04:00
committed by GitHub
parent 5a9c7eb00c cf085711f2
commit c9df9e2f2d
3 changed files with 17 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
scripts/packaging/rpm.sh
View File

@@ -233,14 +233,6 @@ install -Dm 755 $staging_dir/claude-desktop %{buildroot}/usr/bin/claude-desktop
# Update desktop database for MIME types
update-desktop-database /usr/share/applications &> /dev/null || true
# Set correct permissions for chrome-sandbox
SANDBOX_PATH="/usr/lib/$package_name/node_modules/electron/dist/chrome-sandbox"
if [ -f "\$SANDBOX_PATH" ]; then
echo "Setting chrome-sandbox permissions..."
chown root:root "\$SANDBOX_PATH" || echo "Warning: Failed to chown chrome-sandbox"
chmod 4755 "\$SANDBOX_PATH" || echo "Warning: Failed to chmod chrome-sandbox"
fi
%postun
# Update desktop database after removal
update-desktop-database /usr/share/applications &> /dev/null || true
@@ -248,6 +240,7 @@ update-desktop-database /usr/share/applications &> /dev/null || true
%files
%defattr(-, root, root, 0755)
%attr(755, root, root) /usr/bin/claude-desktop
%attr(4755, root, root) /usr/lib/$package_name/node_modules/electron/dist/chrome-sandbox
/usr/lib/$package_name
/usr/share/applications/claude-desktop.desktop
/usr/share/icons/hicolor/*/apps/claude-desktop.png

8
tests/test-artifact-common.sh
View File

@@ -38,6 +38,14 @@ assert_executable() {
fi
}
assert_setuid() {
if [[ -u $1 ]]; then
pass "Setuid bit set: $1"
else
fail "Setuid bit not set: $1"
fi
}
assert_contains() {
local file="$1" pattern="$2" desc="${3:-}"
if grep -q "$pattern" "$file" 2>/dev/null; then

11
tests/test-artifact-rpm.sh
View File

@@ -41,9 +41,14 @@ electron_path='/usr/lib/claude-desktop/node_modules/electron/dist/electron'
assert_file_exists "$electron_path"
assert_executable "$electron_path"
# chrome-sandbox
assert_file_exists \
'/usr/lib/claude-desktop/node_modules/electron/dist/chrome-sandbox'
# chrome-sandbox: setuid bit must be set by the rpm spec's %files
# %attr(4755, ...) entry, not by a %post chmod (#539). The check
# guards against any regression that strips the suid bit — including
# (but not limited to) reverting to a %post chmod, which silently
# no-ops if the scriptlet is skipped (--noscripts, layered images).
chrome_sandbox='/usr/lib/claude-desktop/node_modules/electron/dist/chrome-sandbox'
assert_file_exists "$chrome_sandbox"
assert_setuid "$chrome_sandbox"
# --- Desktop entry validation ---
desktop_file='/usr/share/applications/claude-desktop.desktop'