fix(linux): bundle correct uv binary SHA256 so AppImage launches#850
fix(linux): bundle correct uv binary SHA256 so AppImage launches#850
Conversation
ensureUv() hashes the extracted `uv` ELF at runtime, but BUNDLED_UV_SHA256["linux-x64"] was set to the uv .tar.gz archive SHA (the value published at astral-sh/uv's .sha256 and verified by CI when downloading the tarball). The archive digest and the extracted-binary digest are two different values by definition, so every Linux AppImage launch aborted at `state: ensure-uv` with "Bundled uv resource SHA256 mismatch". Set the constant to the actual binary SHA256 and correct the comment so future uv bumps update the two distinct digests in their correct places (workflow = archive, constant = binary). Also add a smoke-test assertion that hashes the bundled uv and compares it to BUNDLED_UV_SHA256 — the prior smoke only checked existence and the exec bit, which is why this regression reached main. Verified on Ubuntu 24.04.4 LTS: pre-fix the 0.17.4 AppImage aborts at ensure-uv with the logged mismatch; post-fix the smoke test reports the binary hash matches the constant. The same mismatch caused the AppImage distro-matrix and userns-restricted jobs on PR #847's merge commit to fail (run 24797051764). Fixes #849.
SummarySmall, surgical fix that corrects a genuine launch-blocking bug: Issues FoundNone blocking. One optional nit: 🟢 Cross-platform path handling (tests/electron/appimage-smoke.test.mjs:158) — (Or add Strengths
VerdictApprove. Already approved by @kovtcharov-amd. Safe to merge as-is; the |
Summary
Follow-up fix for #782 / #847. On a fresh Ubuntu 24.04.4 LTS host the 0.17.4 AppImage aborts bootstrap with:
```
state: failed (ensure-uv)
[main] Backend bootstrap failed: Bundled uv resource SHA256 mismatch
expected 22034760075b92487b326da5aa1a2a3e1917e2e766c12c0fd466fccda77013c7
got 0e05d828b5708e8a927724124db3746396afddad6273c47283d7c562dc795bd6
```
The same error is reproducible in the post-merge CI run for #847 (run 24797051764) — both `AppImage distro matrix` and `AppImage userns-restricted` jobs fail identically; the PR merged with red Linux launch checks.
Fixes #849.
Root cause
`BUNDLED_UV_SHA256["linux-x64"]` was set to the tarball SHA256 (value published at astral-sh/uv's .sha256 and verified by the workflow when downloading the `.tar.gz`). But `ensureUv()` hashes the extracted ELF at `resources/vendor/uv/linux-x64/uv`. Those are two different digests by definition — the constant can never match.
Changes
Verification
On Ubuntu 24.04.4 LTS with the 0.17.4 AppImage downloaded from #847's build artifacts:
150 ms after launch at `state: failed (ensure-uv)` with the mismatch in `/.gaia/electron-main.log`.Test plan
Notes for reviewers