fix: Linux launch crash on glibc 2.42+ (bypass jpackage native launcher)

[rainxchzed]

Closes #563.

Root cause

The jpackage-generated native launcher (bin/GitHub-Store) segfaults inside glibc setenv() before the JVM is even mapped, on glibc >= 2.42 (Fedora 43, Ubuntu 26.04, Debian 13, Bazzite). The reporter's coredump pins it precisely:

#0  setenv () from /lib64/libc.so.6        <- SEGV at fffffffffffe03a0
#1  jvmLauncherStartJvm ()
#2  main ()

It is independent of environment contents (the reporter's env diff between clean/poisoned states was empty, and a minimal env -i launch still crashed) and independent of distro / DE (reproduced on Fedora, Ubuntu, Debian, KDE, GNOME). The poison is in the bundled launcher's setenv path against glibc 2.42's reworked environ handling — nothing we can fix inside the launcher binary, which is generated by jpackage.

Fix

Sidestep the broken native launcher entirely and start the bundled JVM directly — exactly what the Flatpak build already does in production (java -jar), which is why Flatpak was never affected.

New committed launcher packaging/linux/github-store-launcher.sh:

• Locates the bundled lib/runtime/bin/java relative to its own path.
• Parses the jpackage lib/app/*.cfg for classpath, main class, and JVM options (expanding $APPDIR / $ROOTDIR / $BINDIR tokens).
• execs the JVM directly. Works identically inside an AppImage mount, /opt/github-store (deb / rpm / Arch), or the raw Compose app-image dir.

Wired into all four Linux artifacts in CI:

• AppImage — AppRun now execs the wrapper instead of the native launcher.
• Arch — usr/bin symlink + .desktop Exec repointed to the wrapper.
• deb — repack step swaps the native ELF for the wrapper in place (.desktop Exec path unchanged, transparently runs the wrapper).
• rpm — rpmrebuild overwrites the launcher in place; non-fatal if rpmrebuild is unavailable so the rest of the Linux build still ships.

Validation

Simulated a jpackage layout locally (fake .cfg with multi-line classpath, $APPDIR tokens, multiple java-options, plus a stub java) and confirmed the wrapper resolves classpath + main class + options + passes through user args (deep links) correctly. bash -n clean, workflow YAML validated.

Needs a generate-installers CI run to validate the actual deb/rpm/AppImage/Arch repack against real jpackage output before merge — I can't produce signed Linux artifacts locally. cc reporter @nitinkmr333 for a confirmation build.

What's-new bullet added to 19.json + all 12 locales.

Summary by CodeRabbit

• Bug Fixes
  • Fixed Linux desktop app crashing on startup for systems with glibc 2.42+ (including Fedora 43, Ubuntu 26.04, Debian 13, and Bazzite). The app now launches reliably across AppImage, Debian, RPM, and Arch packages.
  • Desktop content width now scales proportionally with the window, improving layout across compact/wide/extra-wide modes.

[coderabbitai]

Walkthrough

Linux desktop crashes on startup when glibc >= 2.42 due to a broken jpackage native launcher. This PR fixes the issue by introducing a JVM-direct launcher script that parses jpackage app config and executes the bundled Java directly, then integrates this launcher into all Linux package formats (AppImage, Debian, RPM, Arch) and documents the fix in release notes.

Changes

Linux launcher wrapper and packaging integration

Layer / File(s)	Summary
JVM-direct launcher script packaging/linux/github-store-launcher.sh	Bash script computes app root from its location, verifies bundled JVM exists, locates and parses the jpackage .cfg to extract classpath/modulepath and main class/module, expands $APPDIR/$ROOTDIR/$BINDIR tokens, then execs java with the resolved launch arguments. Exits with error if JVM, config, or launch target cannot be resolved.
AppImage/AppDir packaging wiring .github/workflows/build-desktop-platforms.yml (lines 325–335)	Copies launcher wrapper into AppDir bin/, makes it executable, and updates AppRun entrypoint to exec the wrapper script instead of the native GitHub-Store binary.
Debian package launcher replacement .github/workflows/build-desktop-platforms.yml (lines 368–403)	Step defines WRAPPER variable, then for each built .deb, moves the native opt/.../bin/GitHub-Store ELF to .bin, copies the wrapper to the original path, makes it executable, and warns if launcher is not found or not an ELF.
RPM package launcher replacement .github/workflows/build-desktop-platforms.yml (lines 405–442)	Uses nullglob and conditionally installs rpmrebuild, then calls rpmrebuild --change-files to overwrite the in-package launcher with the wrapper script; warns and drops RPMs if rebuilding is unavailable or produces no output.
Arch Linux package launcher integration .github/workflows/build-desktop-platforms.yml (lines 497–515)	Installs wrapper into opt/github-store/bin/, updates github-store.desktop Exec to wrapper path, and points usr/bin/github-store symlink to the wrapper instead of native binary.
Release notes and i18n translations core/presentation/src/commonMain/composeResources/files/whatsnew/*/19.json (13 locales)	Documents that Linux desktop no longer crashes on glibc 2.42+ by announcing all Linux package formats now bypass the broken bundled launcher and start the JVM directly. Existing bullet about responsive desktop content width is retained in all locales.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• OpenHub-Store/GitHub-Store#281: Both PRs modify the AppImage/AppDir build flow; this PR updates AppRun to exec the new github-store-launcher.sh wrapper.
• OpenHub-Store/GitHub-Store#362: Both PRs touch Arch packaging; this PR wires the launcher into Arch packages while that PR added initial Arch packaging scaffolding.
• OpenHub-Store/GitHub-Store#679: Both PRs modify WhatsNew/version 19 related files; this PR adds the Linux launcher/crash-fix content while that PR registers version 19.

🐰 A launcher born from config and JVM dreams,
No more segfaults on systems with glibc schemes,
AppImage, deb, rpm, and Arch all stand,
Running Java direct across the Linux land! ✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The PR title concisely and clearly describes the main fix: resolving a Linux launch crash on glibc 2.42+ by bypassing the broken jpackage native launcher.
Linked Issues check	✅ Passed	The PR directly addresses issue #563 by implementing a shell wrapper that bypasses the broken jpackage native launcher, eliminating the segfault when launching on systems with glibc 2.42+.
Out of Scope Changes check	✅ Passed	All changes are scoped to fixing the glibc 2.42+ crash: the launcher wrapper, CI workflow updates for distribution packaging, and release notes across multiple locales.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/563-linux-launcher-setenv-segv

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[greptile-apps]

Greptile Summary

This PR fixes a Linux launch crash on glibc 2.42+ (Fedora 43, Ubuntu 26.04, Debian 13, Bazzite) by bypassing the jpackage-generated native launcher, which segfaults in setenv() before the JVM loads. The fix mirrors the already-working Flatpak approach — a new bash wrapper reads the jpackage .cfg and execs the bundled JVM directly.

• packaging/linux/github-store-launcher.sh: New launcher script that parses jpackage .cfg tokens, builds the classpath/module-path/JVM-options arrays, and execs the bundled lib/runtime/bin/java. Works across AppImage, deb, rpm, and Arch layouts.
• CI workflow: Updated to inject the wrapper into all four Linux artifact formats; the AppImage AppRun and Arch .desktop/symlink are repointed directly, while the deb is repacked and the rpm is rebuilt with rpmrebuild.
• What's-new strings: Crash-fix bullet added to all 13 locales.

Confidence Score: 4/5

Safe to merge for AppImage, deb, and Arch users; rpm users could receive the unpatched crash-inducing binary if an edge-case mv failure goes undetected.

The launcher script and the AppImage/Arch/deb wiring look correct. The rpm step intentionally drops rpms on failure to avoid shipping the broken binary, but the mv -f call on line 428 is not guarded — a silent failure there leaves the original ELF in place and it gets uploaded to release artifacts. Every other failure path in that step explicitly deletes the rpm; this one is the only gap.

.github/workflows/build-desktop-platforms.yml — specifically the rpm patching step around line 428.

Important Files Changed

Filename	Overview
packaging/linux/github-store-launcher.sh	New bash launcher that parses jpackage .cfg and execs the bundled JVM directly; handles classpath and module modes, expands jpackage tokens, includes guards for missing JVM/cfg.
.github/workflows/build-desktop-platforms.yml	Wires the new launcher into all four Linux package formats (AppImage, deb, rpm, Arch). The rpm step is missing -e so a failed mv silently ships the unpatched broken ELF; the deb step leaves a GitHub-Store.bin backup in every installed package.
core/presentation/src/commonMain/composeResources/files/whatsnew/19.json	Added what's-new entry for the Linux glibc 2.42+ crash fix across the base locale.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[User launches app] --> B{Package type}
    B -->|AppImage| C[AppRun]
    B -->|deb / Arch| D[github-store-launcher.sh via PATH symlink / Exec=]
    B -->|rpm| E[GitHub-Store replaced by wrapper]
    C --> D
    E --> D
    D --> F[readlink -f BASH_SOURCE, resolve BINDIR / ROOTDIR]
    F --> G[find lib/app/*.cfg]
    G --> H[Parse cfg: classpath, mainclass, modulepath, javaopts]
    H --> I{mainmodule set?}
    I -->|Yes| J[exec java --module-path ... -m module]
    I -->|No| K[exec java -cp classpath mainclass]
    J --> L[JVM starts]
    K --> L

Loading

_{Reviews (2): Last reviewed commit: "Merge branch 'main' into fix/563-linux-l..." | Re-trigger Greptile}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/build-desktop-platforms.yml:
- Around line 412-434: The workflow currently continues and may publish original
RPMs when patching fails; change the failure branches so the job exits non‑zero
instead of continuing. Specifically, replace the apt-get failure path that
currently does "echo ...; exit 0" with a non‑zero exit (e.g. exit 1) and
similarly change the rpmrebuild failure branches (the else blocks that echo
warnings after rpmrebuild or when "$rebuilt" is empty) to fail the job (exit 1)
rather than logging and continuing; ensure you also do not mv the original file
when rpmrebuild produced no output (the mv inside the success branch should
remain the only place originals are overwritten). Use the WRAPPER, OUTDIR,
rpmrebuild invocation, and the "$rebuilt" check to locate the exact places to
modify.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: fcb9fd13-e2de-401f-988c-227342bd793d

📥 Commits

Reviewing files that changed from the base of the PR and between 1636530 and e6cfadf.

📒 Files selected for processing (15)

• .github/workflows/build-desktop-platforms.yml
• core/presentation/src/commonMain/composeResources/files/whatsnew/19.json
• core/presentation/src/commonMain/composeResources/files/whatsnew/ar/19.json
• core/presentation/src/commonMain/composeResources/files/whatsnew/bn/19.json
• core/presentation/src/commonMain/composeResources/files/whatsnew/es/19.json
• core/presentation/src/commonMain/composeResources/files/whatsnew/fr/19.json
• core/presentation/src/commonMain/composeResources/files/whatsnew/hi/19.json
• core/presentation/src/commonMain/composeResources/files/whatsnew/it/19.json
• core/presentation/src/commonMain/composeResources/files/whatsnew/ja/19.json
• core/presentation/src/commonMain/composeResources/files/whatsnew/ko/19.json
• core/presentation/src/commonMain/composeResources/files/whatsnew/pl/19.json
• core/presentation/src/commonMain/composeResources/files/whatsnew/ru/19.json
• core/presentation/src/commonMain/composeResources/files/whatsnew/tr/19.json
• core/presentation/src/commonMain/composeResources/files/whatsnew/zh-CN/19.json
• packaging/linux/github-store-launcher.sh

[rainxchzed]

Addressed all four review findings:

Launcher (1df634c9)

• SIGPIPE under pipefail (greptile L31): added || true to the find … | head -n1, matching the deb-patch step.
• Module branch dropped -cp (greptile L87) + unquoted ${modulepath:+…} word-split (greptile L86): rewrote the launch as an launch_args array — --module-path, optional -cp, -m accumulated as discrete elements, then exec "$JAVA" "${launch_args[@]}" "$@". Space-safe, and the module branch now carries -cp when both are present.

RPM CI (5b075676)

• Shipping unpatched rpm (CodeRabbit L434): see inline reply — took a different route than exit 1.

[greptile-apps]

Silent mv failure can ship the broken ELF rpm

The step opts out of set -e (only set -uo pipefail) so that the cleanup loop can finish after partial failures. Every explicit error branch deletes the rpm to avoid shipping the crash-inducing binary. But if mv -f "$rebuilt" "$rpm" on line 428 fails (e.g., ENOSPC or unexpected I/O error), the failure is swallowed, the original ELF at $rpm is left intact, and it gets uploaded via the artifact step — shipping the glibc 2.42 crash to rpm users instead of fixing it.

Adding || { echo "::warning::..."; rm -f "$rpm"; } after the mv closes this gap without changing the overall fault-tolerant design.

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

.github/workflows/build-desktop-platforms.yml (1)

424-437: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Add an RPM post-rebuild launcher content check (and confirm the exact launcher path/name).

jpackage’s default RPM layout installs launchers under /opt/<name>/bin/<launcher>, so the hardcoded ./opt/github-store/bin/GitHub-Store target is plausibly correct. However, unlike the deb step, the RPM flow has no post-swap validation—if the in-place swap doesn’t actually replace the launcher content, an ELF launcher could still be shipped undetected. Add a guard after the mv that inspects ./opt/github-store/bin/GitHub-Store inside the rebuilt RPM and drops the RPM if it still starts with the ELF magic (0x7fELF); also confirm the launcher path/name from the actual generate-installers RPM output.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/build-desktop-platforms.yml around lines 424 - 437, After
successfully moving the rebuilt RPM into place (the mv that sets "$rpm" from
rebuilt), add a verification step that inspects the installed launcher file path
used in the rebuild (the target "./opt/github-store/bin/GitHub-Store" derived
from "$WRAPPER") inside the rebuilt package and rejects the RPM if the file
still begins with the ELF magic bytes (0x7f 'E' 'L' 'F'); use the existing
variables rpm, rebuilt, OUTDIR and the rpmrebuild flow to open/check the rebuilt
package content and rm -f "$rpm" on failure, and also confirm the exact launcher
path/name by cross-checking the actual generate-installers RPM output to ensure
the checked path matches the produced package layout.

🧹 Nitpick comments (1)

.github/workflows/build-desktop-platforms.yml (1)

412-437: Dropped RPMs won't be caught by the release completeness guard.

The drop-and-warn here correctly keeps the GH#563 crash out of the upload, as agreed. But note the downstream effect: the release job's completeness guard counts deb and rpm together (linux_modern_count / linux_debian12_count at lines 665-668 and 706-707). When the rpm is dropped here but the deb survives, that group count stays >= 1, so the guard passes and a draft release can ship with no RPM at all — the only signal is this ::warning::, which is easy to miss in a long run log.

Consider surfacing the drop more visibly so a missing RPM doesn't slip into a release silently — e.g. emit it to $GITHUB_STEP_SUMMARY, or track rpm presence separately from deb in the completeness guard.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/build-desktop-platforms.yml around lines 412 - 437, The
workflow currently drops RPMs during the rpmrebuild failure paths (the loop over
the rpms array and the rpmrebuild invocation) but does not update the release
completeness guard counters, so a release can proceed with only DEBs; when you
remove an RPM (the rm -f "$rpm" branches), also record that fact in a
machine-readable/visible place: append a clear entry to $GITHUB_STEP_SUMMARY (or
set a workflow output like missing_rpms or increment a missing_rpm counter) so
the release job can detect missing RPMs separately from DEBs, and update the
release completeness guard logic (the linux_modern_count / linux_debian12_count
check) to consider that missing_rpms output/counter before allowing a draft
release to be created.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Outside diff comments:
In @.github/workflows/build-desktop-platforms.yml:
- Around line 424-437: After successfully moving the rebuilt RPM into place (the
mv that sets "$rpm" from rebuilt), add a verification step that inspects the
installed launcher file path used in the rebuild (the target
"./opt/github-store/bin/GitHub-Store" derived from "$WRAPPER") inside the
rebuilt package and rejects the RPM if the file still begins with the ELF magic
bytes (0x7f 'E' 'L' 'F'); use the existing variables rpm, rebuilt, OUTDIR and
the rpmrebuild flow to open/check the rebuilt package content and rm -f "$rpm"
on failure, and also confirm the exact launcher path/name by cross-checking the
actual generate-installers RPM output to ensure the checked path matches the
produced package layout.

---

Nitpick comments:
In @.github/workflows/build-desktop-platforms.yml:
- Around line 412-437: The workflow currently drops RPMs during the rpmrebuild
failure paths (the loop over the rpms array and the rpmrebuild invocation) but
does not update the release completeness guard counters, so a release can
proceed with only DEBs; when you remove an RPM (the rm -f "$rpm" branches), also
record that fact in a machine-readable/visible place: append a clear entry to
$GITHUB_STEP_SUMMARY (or set a workflow output like missing_rpms or increment a
missing_rpm counter) so the release job can detect missing RPMs separately from
DEBs, and update the release completeness guard logic (the linux_modern_count /
linux_debian12_count check) to consider that missing_rpms output/counter before
allowing a draft release to be created.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: e43cd183-426a-48ee-83ed-589dba6d58ef

📥 Commits

Reviewing files that changed from the base of the PR and between e6cfadf and 676a5d1.

📒 Files selected for processing (15)

• .github/workflows/build-desktop-platforms.yml
• core/presentation/src/commonMain/composeResources/files/whatsnew/19.json
• core/presentation/src/commonMain/composeResources/files/whatsnew/ar/19.json
• core/presentation/src/commonMain/composeResources/files/whatsnew/bn/19.json
• core/presentation/src/commonMain/composeResources/files/whatsnew/es/19.json
• core/presentation/src/commonMain/composeResources/files/whatsnew/fr/19.json
• core/presentation/src/commonMain/composeResources/files/whatsnew/hi/19.json
• core/presentation/src/commonMain/composeResources/files/whatsnew/it/19.json
• core/presentation/src/commonMain/composeResources/files/whatsnew/ja/19.json
• core/presentation/src/commonMain/composeResources/files/whatsnew/ko/19.json
• core/presentation/src/commonMain/composeResources/files/whatsnew/pl/19.json
• core/presentation/src/commonMain/composeResources/files/whatsnew/ru/19.json
• core/presentation/src/commonMain/composeResources/files/whatsnew/tr/19.json
• core/presentation/src/commonMain/composeResources/files/whatsnew/zh-CN/19.json
• packaging/linux/github-store-launcher.sh

✅ Files skipped from review due to trivial changes (12)

• core/presentation/src/commonMain/composeResources/files/whatsnew/ko/19.json
• core/presentation/src/commonMain/composeResources/files/whatsnew/it/19.json
• core/presentation/src/commonMain/composeResources/files/whatsnew/bn/19.json
• core/presentation/src/commonMain/composeResources/files/whatsnew/ar/19.json
• core/presentation/src/commonMain/composeResources/files/whatsnew/es/19.json
• core/presentation/src/commonMain/composeResources/files/whatsnew/pl/19.json
• core/presentation/src/commonMain/composeResources/files/whatsnew/ru/19.json
• core/presentation/src/commonMain/composeResources/files/whatsnew/hi/19.json
• core/presentation/src/commonMain/composeResources/files/whatsnew/zh-CN/19.json
• core/presentation/src/commonMain/composeResources/files/whatsnew/19.json
• core/presentation/src/commonMain/composeResources/files/whatsnew/tr/19.json
• core/presentation/src/commonMain/composeResources/files/whatsnew/ja/19.json

🚧 Files skipped from review as they are similar to previous changes (2)

• packaging/linux/github-store-launcher.sh
• core/presentation/src/commonMain/composeResources/files/whatsnew/fr/19.json