mirror of
https://github.com/flutter/flutter
synced 2024-10-13 03:32:55 +00:00
test macos binaries are codesigned before publishing (#81585)
This commit is contained in:
parent
ea9d9ee9fd
commit
f33499df33
|
@ -292,10 +292,47 @@ class ArchiveCreator {
|
|||
_outputFile = File(path.join(outputDir.absolute.path, _archiveName));
|
||||
await _installMinGitIfNeeded();
|
||||
await _populateCaches();
|
||||
await _validate();
|
||||
await _archiveFiles(_outputFile);
|
||||
return _outputFile;
|
||||
}
|
||||
|
||||
/// Validates the integrity of the release package.
|
||||
///
|
||||
/// Currently only checks that macOS binaries are codesigned. Will throw a
|
||||
/// [PreparePackageException] if the test failes.
|
||||
Future<void> _validate() async {
|
||||
// Only validate in strict mode, which means `--publish`
|
||||
if (!strict || !platform.isMacOS) {
|
||||
return;
|
||||
}
|
||||
// Validate that the dart binary is codesigned
|
||||
final String dartPath = path.join(
|
||||
flutterRoot.absolute.path,
|
||||
'bin',
|
||||
'cache',
|
||||
'dart-sdk',
|
||||
'bin',
|
||||
'dart',
|
||||
);
|
||||
try {
|
||||
// TODO(fujino): Use the conductor https://github.com/flutter/flutter/issues/81701
|
||||
await _processRunner.runProcess(
|
||||
<String>[
|
||||
'codesign',
|
||||
'-vvvv',
|
||||
'--check-notarization',
|
||||
dartPath,
|
||||
],
|
||||
workingDirectory: flutterRoot,
|
||||
);
|
||||
} on PreparePackageException catch (e) {
|
||||
throw PreparePackageException(
|
||||
'The binary $dartPath was not codesigned!\n${e.message}',
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
/// Returns the version number of this release, according the to tags in the
|
||||
/// repo.
|
||||
///
|
||||
|
|
|
@ -132,6 +132,7 @@ void main() {
|
|||
'$flutter create --template=plugin ${createBase}plugin': null,
|
||||
'git clean -f -x -- **/.packages': null,
|
||||
'git clean -f -x -- **/.dart_tool/': null,
|
||||
if (platform.isMacOS) 'codesign -vvvv --check-notarization ${path.join(tempDir.path, 'flutter', 'bin', 'cache', 'dart-sdk', 'bin', 'dart')}': null,
|
||||
if (platform.isWindows) 'attrib -h .git': null,
|
||||
if (platform.isWindows) '7za a -tzip -mx=9 $archiveName flutter': null
|
||||
else if (platform.isMacOS) 'zip -r -9 --symlinks $archiveName flutter': null
|
||||
|
@ -160,6 +161,7 @@ void main() {
|
|||
'$flutter create --template=plugin ${createBase}plugin': null,
|
||||
'git clean -f -x -- **/.packages': null,
|
||||
'git clean -f -x -- **/.dart_tool/': null,
|
||||
if (platform.isMacOS) 'codesign -vvvv --check-notarization ${path.join(tempDir.path, 'flutter', 'bin', 'cache', 'dart-sdk', 'bin', 'dart')}': null,
|
||||
if (platform.isWindows) 'attrib -h .git': null,
|
||||
if (platform.isWindows) '7za a -tzip -mx=9 $archiveName flutter': null
|
||||
else if (platform.isMacOS) 'zip -r -9 --symlinks $archiveName flutter': null
|
||||
|
@ -229,6 +231,57 @@ void main() {
|
|||
await creator.initializeRepo();
|
||||
await creator.createArchive();
|
||||
});
|
||||
|
||||
test('fails if binary is not codesigned', () async {
|
||||
final String createBase = path.join(tempDir.absolute.path, 'create_');
|
||||
final String archiveName = path.join(tempDir.absolute.path,
|
||||
'flutter_${platformName}_v1.2.3-dev${platform.isLinux ? '.tar.xz' : '.zip'}');
|
||||
final ProcessResult codesignFailure = ProcessResult(1, 1, '', 'code object is not signed at all');
|
||||
final String binPath = path.join(tempDir.path, 'flutter', 'bin', 'cache', 'dart-sdk', 'bin', 'dart');
|
||||
final Map<String, List<ProcessResult>> calls = <String, List<ProcessResult>>{
|
||||
'git clone -b dev https://chromium.googlesource.com/external/github.com/flutter/flutter': null,
|
||||
'git reset --hard $testRef': null,
|
||||
'git remote set-url origin https://github.com/flutter/flutter.git': null,
|
||||
'git describe --tags --exact-match $testRef': <ProcessResult>[ProcessResult(0, 0, 'v1.2.3', '')],
|
||||
if (platform.isWindows) '7za x ${path.join(tempDir.path, 'mingit.zip')}': null,
|
||||
'$flutter doctor': null,
|
||||
'$flutter update-packages': null,
|
||||
'$flutter precache': null,
|
||||
'$flutter ide-config': null,
|
||||
'$flutter create --template=app ${createBase}app': null,
|
||||
'$flutter create --template=package ${createBase}package': null,
|
||||
'$flutter create --template=plugin ${createBase}plugin': null,
|
||||
'git clean -f -x -- **/.packages': null,
|
||||
'git clean -f -x -- **/.dart_tool/': null,
|
||||
if (platform.isMacOS) 'codesign -vvvv --check-notarization $binPath': <ProcessResult>[codesignFailure],
|
||||
if (platform.isWindows) 'attrib -h .git': null,
|
||||
if (platform.isWindows) '7za a -tzip -mx=9 $archiveName flutter': null
|
||||
else if (platform.isMacOS) 'zip -r -9 --symlinks $archiveName flutter': null
|
||||
else if (platform.isLinux) 'tar cJf $archiveName flutter': null,
|
||||
};
|
||||
processManager.addCommands(convertResults(calls));
|
||||
creator = ArchiveCreator(
|
||||
tempDir,
|
||||
tempDir,
|
||||
testRef,
|
||||
Branch.dev,
|
||||
strict: true,
|
||||
processManager: processManager,
|
||||
subprocessOutput: false,
|
||||
platform: platform,
|
||||
httpReader: fakeHttpReader,
|
||||
);
|
||||
await creator.initializeRepo();
|
||||
|
||||
try {
|
||||
await creator.createArchive();
|
||||
fail('failed to throw');
|
||||
} on Exception catch (e) {
|
||||
expect(e is PreparePackageException, true);
|
||||
final PreparePackageException exception = e as PreparePackageException;
|
||||
expect(exception.message, contains('The binary $binPath was not codesigned!'));
|
||||
}
|
||||
}, skip: !platform.isMacOS);
|
||||
});
|
||||
|
||||
group('ArchivePublisher for $platformName', () {
|
||||
|
|
Loading…
Reference in a new issue