CalvinBackup/Shadowbroker
1
0
Fork 0
mirror of https://github.com/BigBodyCobain/Shadowbroker.git synced 2026-05-28 10:01:31 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
896d1ae938c62dc44229dd345f73cb45b1450e5f
Shadowbroker/backend/data/release_digests.json
T
Shadowbroker 896d1ae938 fix(#319,#296): v0.9.8 rebuild — bundle missing deps so backend launches (#322) 
Issues #319 and #296 reported that the installed v0.9.79 Windows MSI/EXE
crashed on launch with:

    thread 'main' panicked ... failed to setup app: error encountered
    during setup hook: ShadowBroker cannot start: the bundled local
    backend failed to launch.
    technical detail: managed_backend_exited_early:exit code: 103

Root cause: ``backend/pyproject.toml`` declares ``defusedxml>=0.7.1`` and
``PySocks==1.7.1`` as runtime dependencies, but the venv used to build
v0.9.79 (and the initial v0.9.8 publish) had both missing. When
``services/fetchers/aircraft_database.py`` does
``import defusedxml.ElementTree`` at startup, Python raises
``ModuleNotFoundError`` and uvicorn exits, which Tauri reports as
``managed_backend_exited_early``.

Both packages now installed in the build venv. ``main.py`` imports
end-to-end with only the expected ``plane_alert_db.json not found``
warning (runtime-state file, populated on first launch).

Rebuilt artifacts on the maintainer's local machine:

    ShadowBroker_v0.9.8.zip                  6.06 MB
      183bb5cd62b9b9349d95df5ef7696cb6ca810ab4b991fa9dab6f898af4c7a175
    ShadowBroker_0.9.8_x64_en-US.msi       122.4 MB
      fe22f9d51e4360d74c18a7250c2fbb9ed4fa4c7a884b3ac0d04a21115466386b
    ShadowBroker_0.9.8_x64-setup.exe        76.5 MB
      94a0309862e9c81c92cdcbfea8eec9dbb97eef19ded82b26217b397defbc810c

After this merges, the v0.9.8 tag will be force-moved to this commit and
the GitHub release assets replaced so the integrity chain validates
against the working installers instead of the broken ones.

Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-23 16:48:45 -06:00

46 lines
2.4 KiB
JSON
Raw Blame History

{
"_comment": [
"Baked-in SHA-256 digests for known Shadowbroker release archives.",
"",
"Issue #231: the self-updater previously skipped integrity verification",
"entirely whenever the MESH_UPDATE_SHA256 env var was unset (which is the",
"default — nothing in the install docs tells operators to set it). That",
"made the auto-update a supply-chain RCE on any compromise of the GitHub",
"release pipeline.",
"",
"The fix uses a multi-source verification chain mirroring the Tor bundle",
"digest approach in #201:",
"",
" 1. MESH_UPDATE_SHA256 env var (operator override, preserved)",
" 2. SHA256SUMS.txt asset published alongside each release (primary —",
" the maintainer's release process already publishes this)",
" 3. This baked-in digest list (second line of defense for releases",
" missing a SHA256SUMS asset, or when the asset can't be fetched)",
" 4. HTTPS-only fallback with a loud warning (preserves auto-update",
" flow during transient outages so users don't get stuck)",
"",
"Mismatch from a source that DID respond is fatal — the update is",
"refused and the existing install keeps running. Only the 'no source",
"reachable at all' case falls back to HTTPS-only.",
"",
"Format: each entry is keyed by release tag and maps asset filenames",
"to their canonical SHA-256 digest (hex, lowercase). The updater",
"compares the locally-computed digest of the downloaded asset against",
"the value here.",
"",
"When the maintainer ships a new release, add its digests here BEFORE",
"removing the old ones so operators on the old code still validate",
"against the previous entries during the transition."
],
"v0.9.79": {
"ShadowBroker_v0.9.79.zip": "f6877c1d66614525315ea82636ce9f7b41178332c4dbf90d27431a1ea1d9cd47",
"ShadowBroker_0.9.79_x64-setup.exe": "f7b676ada45cac7da05868b0a353678c9ee700e3abcf456a7c0c038c36da446f",
"ShadowBroker_0.9.79_x64_en-US.msi": "e0713c3cdda184cfbea750bfac0d62a35678fec00847e6476f2cac8e7e42046e"
},
"v0.9.8": {
"ShadowBroker_v0.9.8.zip": "183bb5cd62b9b9349d95df5ef7696cb6ca810ab4b991fa9dab6f898af4c7a175",
"ShadowBroker_0.9.8_x64-setup.exe": "94a0309862e9c81c92cdcbfea8eec9dbb97eef19ded82b26217b397defbc810c",
"ShadowBroker_0.9.8_x64_en-US.msi": "fe22f9d51e4360d74c18a7250c2fbb9ed4fa4c7a884b3ac0d04a21115466386b"
}
}
Reference in New Issue View Git Blame Copy Permalink