Add RPM spec: repackage upstream claude-desktop .deb (preserves setuid chrome-sandbox)

This commit is contained in:
2026-07-02 06:12:26 +00:00
parent 360eb6fe62
commit eda7449fe7

78
rpm/claude-desktop.spec Normal file
View File

@@ -0,0 +1,78 @@
# Prebuilt Electron bundle repackaged from the upstream .deb — no compile,
# no strip, no debuginfo (matches the house convention in lair/mistralrs-package).
%global _build_id_links none
%global debug_package %{nil}
%global __strip /usr/bin/true
# Passed in via --define at rpmbuild time (see .gitea/workflows/build-release.yml).
%{!?claude_desktop_version: %global claude_desktop_version 0.0.0}
# The bundled Electron .so files are private to the app; don't let rpm scan
# them for provides/requires. Fedora-native runtime deps are listed manually.
%global __requires_exclude ^.*$
%global __provides_exclude ^.*$
Name: claude-desktop
Version: %{claude_desktop_version}
Release: 1%{?dist}
Summary: Desktop application for Claude.ai
License: LicenseRef-Anthropic-Proprietary
URL: https://claude.ai
Source0: claude-desktop_%{claude_desktop_version}_amd64.deb
ExclusiveArch: x86_64
Requires: gtk3 libnotify nss libXtst libuuid at-spi2-core
Requires: libdrm mesa-libgbm libsecret xdg-utils
%description
Desktop application for Claude.ai, repackaged from the upstream Debian
package. The Debian-specific AppArmor/apt maintainer scripts are omitted
(Fedora uses SELinux and dnf); the setuid-root chrome-sandbox helper is
preserved so Chromium's sandbox works.
%prep
%setup -q -c -T
# Extract the .deb without dpkg: `ar` (binutils) + `tar` (auto-detects the
# data member's compression, currently xz). Portable across CI runners.
ar x %{SOURCE0}
mkdir -p payload
tar -xf data.tar.* -C payload
%build
# Nothing to build — prebuilt bundle.
%install
cp -a payload/usr %{buildroot}/usr
# Drop Debian packaging cruft that has no meaning on Fedora.
rm -rf %{buildroot}/usr/share/lintian
rm -rf %{buildroot}/usr/share/doc/claude-desktop
# Chromium's sandbox helper must be setuid root. Set it explicitly rather
# than relying on the extraction tool to preserve it (GNU tar drops setuid
# bits when not run as root). rpm records root:root ownership by default.
chmod 4755 %{buildroot}/usr/lib/claude-desktop/chrome-sandbox
%files
%{_bindir}/claude-desktop
%dir /usr/lib/claude-desktop
# The bundle, including chrome-sandbox which keeps its setuid-root (4755)
# mode from the upstream deb — required for Chromium's sandbox to work.
/usr/lib/claude-desktop/*
/usr/share/applications/claude-desktop.desktop
/usr/share/icons/hicolor/*/apps/claude-desktop.png
%post
touch --no-create /usr/share/icons/hicolor &>/dev/null || :
update-desktop-database &>/dev/null || :
%postun
if [ $1 -eq 0 ] ; then
touch --no-create /usr/share/icons/hicolor &>/dev/null
gtk-update-icon-cache /usr/share/icons/hicolor &>/dev/null || :
update-desktop-database &>/dev/null || :
fi
%posttrans
gtk-update-icon-cache /usr/share/icons/hicolor &>/dev/null || :
%changelog