iOS,macOS: Clean up unsigned_binaries.txt (#3891)

Also cleans up a few more hard-coded filenames and adds more tests. Also clarified `entitlementsPlist` rather than `entitlementsFile` since we have several things that could legitimately be called entitlements files. Issue: flutter/flutter#154571
flutter · Sep 5, 2024 · d375cce · d375cce
1 parent e5c16b7
commit d375cce
Show file tree

Hide file tree

Showing 2 changed files with 32 additions and 8 deletions.
diff --git a/cipd_packages/codesign/lib/src/file_codesign_visitor.dart b/cipd_packages/codesign/lib/src/file_codesign_visitor.dart
@@ -58,7 +58,7 @@ class FileCodesignVisitor {
     ),
     this.notarizationTimerDuration = const Duration(seconds: 5),
   }) {
-    entitlementsFile = rootDirectory.childFile('Entitlements.plist')..writeAsStringSync(_entitlementsFileContents);
+    entitlementsPlist = rootDirectory.childFile('Entitlements.plist')..writeAsStringSync(_entitlementsFileContents);
   }
 
   /// Temp [Directory] to download/extract files to.
@@ -102,7 +102,7 @@ class FileCodesignVisitor {
   };
   Map<String, String> redactedCredentials = {};
 
-  late final File entitlementsFile;
+  late final File entitlementsPlist;
 
   int _remoteDownloadIndex = 0;
   int get remoteDownloadIndex => _remoteDownloadIndex++;
@@ -339,7 +339,8 @@ configuration files, please delete or update these file paths accordingly.
           'This file is located at $currentFilePath in the flutter engine artifact.');
       log.severe('The system has detected a binary file at $currentFilePath. '
           'But it is not in the codesigning configuration files you provided. '
-          'If this is a new engine artifact, please add it to one of the entitlements.txt files.');
+          'If this is a new engine artifact, please add it to one of the codesigning '
+          'config files.');
       throw CodesignException(fixItInstructions);
     }
     if (unsignedBinaryFiles.contains(currentFilePath)) {
@@ -373,7 +374,7 @@ configuration files, please delete or update these file paths accordingly.
       '--options=runtime', // hardened runtime
       if (currentFilePath != '' && withEntitlementsFiles.contains(currentFilePath)) ...<String>[
         '--entitlements',
-        entitlementsFile.absolute.path,
+        entitlementsPlist.absolute.path,
       ],
     ];
 
@@ -397,9 +398,9 @@ configuration files, please delete or update these file paths accordingly.
   /// Context: https://github.com/flutter/flutter/issues/126705. This is a temporary workaround.
   /// Once flutter tools is ready we can remove this logic.
   Future<void> cleanupCodesignConfig(Directory parent) async {
-    final String metadataEntitlements = fileSystem.path.join(parent.path, 'entitlements.txt');
-    final String metadataWithoutEntitlements = fileSystem.path.join(parent.path, 'without_entitlements.txt');
-    for (String metadataPath in [metadataEntitlements, metadataWithoutEntitlements]) {
+    final Iterable<String> pathsToDelete =
+        CodesignType.values.map((CodesignType type) => fileSystem.path.join(parent.path, type.filename));
+    for (String metadataPath in pathsToDelete) {
       if (await fileSystem.file(metadataPath).exists()) {
         log.warning('cleaning up codesign metadata at $metadataPath.');
         await fileSystem.file(metadataPath).delete();

diff --git a/cipd_packages/codesign/test/file_codesign_visitor_test.dart b/cipd_packages/codesign/test/file_codesign_visitor_test.dart
@@ -136,7 +136,8 @@ void main() {
           ],
           onRun: () => fileSystem
             ..file('${rootDirectory.path}/single_artifact/entitlements.txt').createSync(recursive: true)
-            ..file('${rootDirectory.path}/single_artifact/without_entitlements.txt').createSync(recursive: true),
+            ..file('${rootDirectory.path}/single_artifact/without_entitlements.txt').createSync(recursive: true)
+            ..file('${rootDirectory.path}/single_artifact/unsigned_binaries.txt').createSync(recursive: true),
         ),
         FakeCommand(
           command: <String>[
@@ -787,6 +788,15 @@ file_e''',
           mode: FileMode.append,
           encoding: utf8,
         );
+
+      fileSystem.file('${rootDirectory.absolute.path}/test_entitlement/unsigned_binaries.txt')
+        ..createSync(recursive: true)
+        ..writeAsStringSync(
+          '''file_f
+file_g''',
+          mode: FileMode.append,
+          encoding: utf8,
+        );
       final Set<String> fileWithEntitlements = await codesignVisitor.parseCodesignConfig(
         fileSystem.directory('${rootDirectory.absolute.path}/test_entitlement'),
         cs.CodesignType.withEntitlements,
@@ -795,6 +805,10 @@ file_e''',
         fileSystem.directory('${rootDirectory.absolute.path}/test_entitlement'),
         cs.CodesignType.withoutEntitlements,
       );
+      final Set<String> fileUnsigned = await codesignVisitor.parseCodesignConfig(
+        fileSystem.directory('${rootDirectory.absolute.path}/test_entitlement'),
+        cs.CodesignType.unsigned,
+      );
       expect(fileWithEntitlements.length, 3);
       expect(
         fileWithEntitlements,
@@ -812,6 +826,15 @@ file_e''',
           'file_e',
         ]),
       );
+
+      expect(fileUnsigned.length, 2);
+      expect(
+        fileUnsigned,
+        containsAll(<String>[
+          'file_f',
+          'file_g',
+        ]),
+      );
     });
 
     test('log warnings when configuration file is missing', () async {