electron-builder: blockmap Forbidden - autoUpdater - private S3 bucket

Version: 20.44.4

Target: Windows

I am getting this error after removing public access from my S3 bucket through the AWS console. It also happens when I grant full public access to the bucket and use ‘acl’: ‘private’ in my publish config.

cannot download differentially, fallback to full download: 
Error: Cannot download "https://mybucket.s3.amazonaws.com/releases/electron/win/MyApp%20Setup%200.0.6.exe.blockmap", status 403: Forbidden

The actual Setup file seems to download fine.

It is a private repository but I have given my AWS user FullS3Access and it still doesn’t work.

Is this the problem?: It can see that the aws region is missing from my autoUpdater blockmap requests:

Download block maps (old: "https://mybucket.s3.amazonaws.com/releases/electron/win/MyApp%20Setup%200.0.6.exe.blockmap", new: https://mybucket.s3.amazonaws.com/releases/electron/win/MyApp%20Setup%200.0.7.exe.blockmap)

The files are actually located at: https://mybucket.s3-eu-west-1.amazonaws.com/releases/electron/win/MyApp+Setup+0.0.6.exe.blockmap

So the region is being added correctly to my autoUpdater.requestHeaders but I have no control over the blockmap request urls.

I am using aws4 to sign my request headers.

About this issue

Original URL
State: closed
Created 5 years ago
Comments: 31 (2 by maintainers)

Most upvoted comments

I also had this issue during developing. It’s not a solution but I end up using aws-sdk to download my file if electron-updater found any updated version in my private S3. Note: This will not utilize the blockmap to download the updated app, so it might take a few more seconds to download your app. You will also need to run the installer manually to trigger that update, I did it with child_process.spawn.

First, disable autoDownload:

autoUpdater.autoDownload = false;

import * as AWS from 'aws-sdk';
import fs from 'fs';
import aws4 from 'aws4'

autoUpdater.on('checking-for-update', () => {
    let opts = {
        service: 's3',
        region: s3_region,
        host: s3_host,
        path: latest_yml_path
    };
  
    aws4.sign(opts, {
        accessKeyId,
        secretAccessKey,
        sessionToken
    });
    autoUpdater.requestHeaders = opts.headers
})

autoUpdater.on('update-available', (updateInfo) => {
    AWS.config.update({
        accessKeyId,
        secretAccessKey,
        sessionToken
    });
    const s3 = new AWS.S3();
    const version = this.getVersion(updateInfo.path);
    const params = {
        Bucket: `${your_s3_bucket}`,
        Key: `${path_to_your_file)`
    }
   download(s3, params);
})

and the download looks something like this:

const download = (s3, params) => {
  s3.getObject(params, async (err, data) => {
      if (err) {
          throw new Error(err)
      }
      await fs.promises.writeFile(filePath, data.Body);
      console.info(`${filePath} has been downloaded!`);
      autoUpdater.emit('update-downloaded', filePath);
  });
}

linchen1010 on Apr 14, 2022

Were you able to find out how to achieve it for a private s3 bucket? It’s still not working for me. @stuartcusackie @develar @mayankvadia @justinwaite ?

rohanrk-tricon on Sep 26, 2022

Obviously, if bucket is private, electron-updater cannot access it.

develar on Jul 10, 2019