feat(nsis): transition UAC elevation to pure powershell + Start-Process + RunAs#9765
Draft
mmaietta wants to merge 6 commits into
Draft
feat(nsis): transition UAC elevation to pure powershell + Start-Process + RunAs#9765mmaietta wants to merge 6 commits into
powershell + Start-Process + RunAs#9765mmaietta wants to merge 6 commits into
Conversation
…ess + RunAs` with legacy `elevate.exe` as fallback
🦋 Changeset detectedLatest commit: 4d01916 The changes in this PR will be included in the next version bump. This PR includes changesets to release 9 packages
Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
There was a problem hiding this comment.
Pull request overview
This PR updates the Windows NSIS updater’s UAC elevation strategy by making PowerShell-based elevation (Start-Process -Verb RunAs) the primary mechanism, while keeping the legacy elevate.exe approach as a fallback when PowerShell cannot be executed.
Changes:
- Switch NSIS install elevation from
elevate.exetopowershell.exe -EncodedCommand(Start-Process ... -Verb RunAs) withENOENTfallback toelevate.exe. - Make packaging of
elevate.exemore tolerant when it’s absent from the NSIS directory (skip copy rather than failing). - Update installer failure log messaging to refer to “UAC elevation” (but still needs alignment with the actual Electron API used).
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 5 comments.
| File | Description |
|---|---|
| packages/electron-updater/src/NsisUpdater.ts | Implements PowerShell-based UAC elevation with fallback to elevate.exe and updates related logging. |
| packages/app-builder-lib/src/targets/nsis/nsisUtil.ts | Adjusts elevate.exe packaging to skip copying when the binary is not present. |
| .changeset/sad-ends-vanish.md | Declares minor version bumps for electron-updater and app-builder-lib reflecting the feature change. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This pull request introduces a new approach for UAC (User Account Control) elevation in the NSIS updater, transitioning from the legacy
elevate.exehelper to using PowerShell as the primary method. The legacyelevate.exeis retained as a fallback for environments where PowerShell is unavailable. Additional changes improve error messages and the handling of the elevation helper.Start-Process -Verb RunAs) as the primary method, falling back toelevate.exeif encounteringENOENT