This repository was archived by the owner on Feb 25, 2025. It is now read-only.
iOS,macOS: add unsigned_binaries.txt #54977
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Once the build has completed, I'll be pushing a test roll to verify. |
cbracken
added a commit
to cbracken/flutter
that referenced
this pull request
Sep 5, 2024
This tests flutter/engine#54977 "iOS,macOS: add unsigned_binaries.txt"
9 tasks
cbracken
added a commit
to cbracken/flutter
that referenced
this pull request
Sep 5, 2024
This tests flutter/engine#54977 "iOS,macOS: add unsigned_binaries.txt"
9 tasks
There are three categories of binaries produced as part of the framework artifacts: * Those that use APIs that require entitlements and must be code-signed; e.g. gen_snapshot * Those that do not use APIs that require entitlements and must be code-signed; e.g. Flutter.framework dylib. * Those that do not need to be code-signed; e.g. Flutter.dSYM symbols. Until now, our signing infrastructure has assumed that all mach-o binaries in the artifacts we produce require a signature. dSYM files are not required to be codesigned, although the xcframework containing them are, and as such they cannot be removed or tampered with. The framework code-signing tests in `dev/bots/suite_runners/run_verify_binaries_codesigned_tests.dart` are only run on post-submit on release branches, and thus, this issue was not uncovered until the first release after all the dSYM work landed. Those tests were updated in flutter/flutter#154591. This updates the framework and artifact archive generation code to also explicitly exclude those files from signing. Issue: flutter/flutter#154571 Related: flutter/flutter#116493 Related: flutter/flutter#153532
cbracken
added
the
test: all
cbracken
force-pushed
the
unsigned-binaries-list
branch
from
1fbfa24 to
70b79a9
Compare
jmagman
approved these changes
Sep 5, 2024
auto-submit bot
pushed a commit
to flutter/flutter
that referenced
this pull request
Sep 5, 2024
There are three categories of binaries produced as part of the framework artifacts: * Those that use APIs that require entitlements and must be code-signed; e.g. gen_snapshot * Those that do not use APIs that require entitlements and must be code-signed; e.g. Flutter.framework dylib. * Those that do not need to be code-signed; e.g. Flutter.dSYM symbols. We are adding the third category in flutter/engine#54977. The Cocoon code signing aspect of this was handled in flutter/cocoon#3890. This ensures these files don't get copied into the build output should they appear in the artifact cache. Issue: #154571
cbracken
added a commit
to cbracken/flutter
that referenced
this pull request
Sep 5, 2024
This tests flutter/engine#54977 "iOS,macOS: add unsigned_binaries.txt"
cbracken
added a commit
to cbracken/flutter
that referenced
this pull request
Sep 5, 2024
This tests flutter/engine#54977 "iOS,macOS: add unsigned_binaries.txt"
|
Framework roll flutter/flutter#154687 looks good! |
cbracken
added
the
autosubmit
engine-flutter-autoroll
added a commit
to engine-flutter-autoroll/flutter
that referenced
this pull request
Sep 6, 2024
engine-flutter-autoroll
added a commit
to engine-flutter-autoroll/flutter
that referenced
this pull request
Sep 6, 2024
engine-flutter-autoroll
added a commit
to engine-flutter-autoroll/flutter
that referenced
this pull request
Sep 6, 2024
zanderso
added a commit
to flutter/flutter
that referenced
this pull request
Sep 6, 2024
flutter/engine@c50eb8a...419fb8c 2024-09-06 98614782+auto-submit[bot]@users.noreply.github.com Reverts "[engine] always force platform channel responses to schedule a task. (#54975)" (flutter/engine#55000) 2024-09-06 [[email protected]](mailto:[email protected]) Roll Skia from b6bab0fde426 to 6ad117bd2efe (2 revisions) (flutter/engine#54999) 2024-09-06 [[email protected]](mailto:[email protected]) Roll Fuchsia Test Scripts from D9INMR2u4wcyiZ750... to 5dqcFlKzRjJb6V95W... (flutter/engine#54998) 2024-09-06 [[email protected]](mailto:[email protected]) Roll Skia from a09312b70d37 to b6bab0fde426 (3 revisions) (flutter/engine#54997) 2024-09-06 [[email protected]](mailto:[email protected]) Roll Skia from 368f209ccca5 to a09312b70d37 (1 revision) (flutter/engine#54995) 2024-09-06 [[email protected]](mailto:[email protected]) Roll Skia from aec11ae18bb6 to 368f209ccca5 (3 revisions) (flutter/engine#54992) 2024-09-06 [[email protected]](mailto:[email protected]) Roll Fuchsia Linux SDK from xNv47d1TZmK9XgTxu... to PBeI0gGvgFdXV6hCg... (flutter/engine#54990) 2024-09-06 [[email protected]](mailto:[email protected]) Roll Skia from 809f868ded1c to aec11ae18bb6 (22 revisions) (flutter/engine#54988) 2024-09-06 [[email protected]](mailto:[email protected]) Removes the int storage from Color (flutter/engine#54714) 2024-09-06 [[email protected]](mailto:[email protected]) iOS,macOS: Add logging of duplicate codesign binaries (flutter/engine#54987) 2024-09-06 [[email protected]](mailto:[email protected]) Roll Fuchsia Test Scripts from k4lKsecg0pdIp-U7c... to D9INMR2u4wcyiZ750... (flutter/engine#54984) 2024-09-05 [[email protected]](mailto:[email protected]) Manual roll of Dart. (flutter/engine#54983) 2024-09-05 [[email protected]](mailto:[email protected]) iOS,macOS: add unsigned_binaries.txt (flutter/engine#54977) 2024-09-05 [[email protected]](mailto:[email protected]) Manual Skia roll to 809f868ded1c (flutter/engine#54972) 2024-09-05 [[email protected]](mailto:[email protected]) [canvaskit] Fix incorrect calculation of ImageFilter paint bounds (flutter/engine#54980) 2024-09-05 [[email protected]](mailto:[email protected]) [engine] always force platform channel responses to schedule a task. (flutter/engine#54975) 2024-09-05 [[email protected]](mailto:[email protected]) Fix unexpected ViewFocus events when Text Editing utilities change focus in the middle of a blur call. (flutter/engine#54965) Also rolling transitive DEPS: fuchsia/sdk/core/linux-amd64 from xNv47d1TZmK9 to PBeI0gGvgFdX --------- Co-authored-by: Christopher Fujino <[email protected]> Co-authored-by: Zachary Anderson <[email protected]>
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There are three categories of binaries produced as part of the framework artifacts:
Until now, our signing infrastructure has assumed that all mach-o binaries in the artifacts we produce require a signature. dSYM files are not required to be codesigned, although the xcframework containing them are, and as such they cannot be removed or tampered with.
The framework code-signing tests in
dev/bots/suite_runners/run_verify_binaries_codesigned_tests.dartare only run on post-submit on release branches, and thus, this issue was not uncovered until the first release after all the dSYM work landed. Those tests were updated in flutter/flutter#154591. This updates the framework and artifact archive generation code to also explicitly exclude those files from signing.Issue: flutter/flutter#154571
Related: flutter/flutter#116493
Related: flutter/flutter#153532
Pre-launch Checklist
///).If you need help, consider asking for advice on the #hackers-new channel on Discord.