You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
fix(desktop): unbreak OAuth in Linux AppImage by de-polluting child env (#49)
* fix(desktop): unbreak OAuth in Linux AppImage by de-polluting child env
GitHub & Azure OAuth (and all forge HTTP traffic) shell out to the system
`curl` via `hidden_cmd`. In the released Linux AppImage, AppRun rewrites
`LD_LIBRARY_PATH` (and friends) to the bundle's libs; the spawned `curl`
inherits them, loads ABI-incompatible bundled libssl/libcurl, and dies at
TLS init. With `-s` and an unread stderr, that produced an empty body which
reached serde_json as the cryptic "Failed to parse device-code response:
EOF while parsing a value at line 1 column 0" (issue #48). It worked under
`tauri dev` because no AppImage wrapper polluted the env.
- `appimage_env_fixes()` (pure, injected env lookup): inside an AppImage
(APPDIR/APPIMAGE set), restore each polluted var from AppRun's `<VAR>_ORIG`
or drop the override; no-op otherwise so a legitimate LD_LIBRARY_PATH on a
normal install is untouched. Applied in `hidden_cmd` for every spawn
(curl, gh, git).
- `curl_with_status`: add `-S`/--show-error and a `curl_transport_check`
that maps a non-zero curl exit to an explicit transport error carrying
curl's stderr, instead of letting an empty body surface as a JSON parse
error.
Tests: 7 new unit tests over the pure helpers (no global env mutation).
* test(desktop): headless repro harness for AppImage curl env pollution (#48)
Linux-only shell harness that reproduces issue #48 and proves the fix
without the GUI, the Tauri toolchain, or an AppImage build:
1. CLEAN — curl with a normal env succeeds
2. POLLUTED — simulate AppRun (APPDIR + a bundle dir whose libcurl/libssl
sonames are deliberately broken on LD_LIBRARY_PATH): curl
fails with an empty body == the user-visible EOF parse error
3. SCRUBBED — apply hidden_cmd's env fix (restore <VAR>_ORIG / unset):
curl succeeds again
Exits non-zero unless all stages behave as expected, so it works as a
regression test in any Linux env (OrbStack/Lima/UTM/CI). Refuses to run
on non-Linux to avoid false results.
* docs+ci: CHANGELOG entry for #48 fix + run repro harness in CI
- CHANGELOG.md: document the Linux AppImage OAuth fix under [Unreleased].
- ci.yml: new lightweight `appimage-env-repro` job (bash + curl only, no
Tauri toolchain) that runs scripts/repro-issue-48-appimage-curl.sh on
every push/PR, keeping the regression covered.
---------
Co-authored-by: Laurent Guitton <laurent.guitton@dendreo.com>
Copy file name to clipboardExpand all lines: CHANGELOG.md
+4Lines changed: 4 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -7,6 +7,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
7
7
8
8
## [Unreleased]
9
9
10
+
### Fixed
11
+
12
+
-**GitHub & Azure OAuth in the Linux AppImage** — sign-in failed in the released AppImage with `Failed to parse device-code response: EOF while parsing a value at line 1 column 0` (worked under `pnpm tauri dev`). The forge HTTP transport shells out to the system `curl`, which inherited the AppImage `AppRun`'s `LD_LIBRARY_PATH` pollution and loaded ABI-incompatible bundled libs, dying before the TLS request completed (empty body → JSON parse error). `hidden_cmd` now de-pollutes the child environment inside an AppImage (restore each `<VAR>_ORIG` saved by AppRun, else drop the override; no-op outside an AppImage), and the curl transport now adds `--show-error` and reports a non-zero curl exit as an explicit transport error instead of a misleading parse error. Reproduced and verified end-to-end on Linux via `scripts/repro-issue-48-appimage-curl.sh`. (#48)
0 commit comments