[go: nahoru, domu]
Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[match][sigh] fix access to certs installed by fastlane tools for productsign command for macOS #20474

Merged
merged 2 commits into from
Jul 18, 2022
Merged

[match][sigh] fix access to certs installed by fastlane tools for productsign command for macOS #20474

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
fafa538
Add productsign to import script command
DuMaM Jul 14, 2022
4eac70b
Merge branch 'fastlane:master' into bugfix/add-missing-productsign-fo…
DuMaM Jul 18, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions fastlane/spec/actions_specs/import_certificate_spec.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@
password = 'testpassword'

keychain_path = File.expand_path(File.join('~', 'Library', 'Keychains', keychain))
expected_command = "security import #{cert_name} -k '#{keychain_path}' -P #{password} -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild 1> /dev/null"
expected_command = "security import #{cert_name} -k '#{keychain_path}' -P #{password} -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild -T /usr/bin/productsign 1> /dev/null"

# this command is also sent on macOS Sierra and we need to allow it or else the test will fail
allowed_command = "security set-key-partition-list -S apple-tool:,apple: -s -k #{''.shellescape} #{keychain_path.shellescape} 1> /dev/null"
Expand All @@ -38,7 +38,7 @@
password = '\"test pa$$word\"'

keychain_path = File.expand_path(File.join('~', 'Library', 'Keychains', keychain))
expected_security_import_command = "security import #{cert_name.shellescape} -k '#{keychain_path.shellescape}' -P #{password.shellescape} -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild 1> /dev/null"
expected_security_import_command = "security import #{cert_name.shellescape} -k '#{keychain_path.shellescape}' -P #{password.shellescape} -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild -T /usr/bin/productsign 1> /dev/null"

# this command is also sent on macOS Sierra and we need to allow it or else the test will fail
expected_set_key_partition_list_command = "security set-key-partition-list -S apple-tool:,apple: -s -k #{password.shellescape} #{keychain_path.shellescape} 1> /dev/null"
Expand Down Expand Up @@ -66,7 +66,7 @@
password = 'testpassword'

keychain_path = File.expand_path(File.join('~', 'Library', 'Keychains', keychain))
expected_command = "security import #{cert_name} -k '#{keychain_path}' -P #{password} -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild"
expected_command = "security import #{cert_name} -k '#{keychain_path}' -P #{password} -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild -T /usr/bin/productsign"

# this command is also sent on macOS Sierra and we need to allow it or else the test will fail
allowed_command = "security set-key-partition-list -S apple-tool:,apple: -s -k #{''.shellescape} #{keychain_path.shellescape} 1> /dev/null"
Expand Down
1 change: 1 addition & 0 deletions fastlane_core/lib/fastlane_core/keychain_importer.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ def self.import_file(path, keychain_path, keychain_password: nil, certificate_pa
command << " -T /usr/bin/codesign" # to not be asked for permission when running a tool like `gym` (before Sierra)
command << " -T /usr/bin/security"
command << " -T /usr/bin/productbuild" # to not be asked for permission when using an installer cert for macOS
command << " -T /usr/bin/productsign" # to not be asked for permission when using an installer cert for macOS
command << " 1> /dev/null" unless output

sensitive_command = command.gsub(password_part, " -P ********")
Expand Down
10 changes: 5 additions & 5 deletions match/spec/utils_spec.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@

describe 'import' do
it 'finds a normal keychain name relative to ~/Library/Keychains' do
expected_command = "security import item.path -k '#{Dir.home}/Library/Keychains/login.keychain' -P #{''.shellescape} -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild 1> /dev/null"
expected_command = "security import item.path -k '#{Dir.home}/Library/Keychains/login.keychain' -P #{''.shellescape} -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild -T /usr/bin/productsign 1> /dev/null"

# this command is also sent on macOS Sierra and we need to allow it or else the test will fail
expected_partition_command = "security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k #{''.shellescape} #{Dir.home}/Library/Keychains/login.keychain 1> /dev/null"
Expand All @@ -33,7 +33,7 @@
it 'treats a keychain name it cannot find in ~/Library/Keychains as the full keychain path' do
tmp_path = Dir.mktmpdir
keychain = "#{tmp_path}/my/special.keychain"
expected_command = "security import item.path -k '#{keychain}' -P #{''.shellescape} -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild 1> /dev/null"
expected_command = "security import item.path -k '#{keychain}' -P #{''.shellescape} -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild -T /usr/bin/productsign 1> /dev/null"

# this command is also sent on macOS Sierra and we need to allow it or else the test will fail
expected_partition_command = "security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k #{''.shellescape} #{keychain} 1> /dev/null"
Expand All @@ -58,7 +58,7 @@
end

it "tries to find the macOS Sierra keychain too" do
expected_command = "security import item.path -k '#{Dir.home}/Library/Keychains/login.keychain-db' -P #{''.shellescape} -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild 1> /dev/null"
expected_command = "security import item.path -k '#{Dir.home}/Library/Keychains/login.keychain-db' -P #{''.shellescape} -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild -T /usr/bin/productsign 1> /dev/null"

# this command is also sent on macOS Sierra and we need to allow it or else the test will fail
expected_partition_command = "security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k #{''.shellescape} #{Dir.home}/Library/Keychains/login.keychain-db 1> /dev/null"
Expand All @@ -76,7 +76,7 @@

describe "keychain_password" do
it 'prompts for keychain password when none given and not in keychain' do
expected_command = "security import item.path -k '#{Dir.home}/Library/Keychains/login.keychain' -P #{''.shellescape} -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild 1> /dev/null"
expected_command = "security import item.path -k '#{Dir.home}/Library/Keychains/login.keychain' -P #{''.shellescape} -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild -T /usr/bin/productsign 1> /dev/null"

# this command is also sent on macOS Sierra and we need to allow it or else the test will fail
expected_partition_command = "security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k #{'user_entered'.shellescape} #{Dir.home}/Library/Keychains/login.keychain 1> /dev/null"
Expand All @@ -99,7 +99,7 @@
end

it 'find keychain password in keychain when none given' do
expected_command = "security import item.path -k '#{Dir.home}/Library/Keychains/login.keychain' -P #{''.shellescape} -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild 1> /dev/null"
expected_command = "security import item.path -k '#{Dir.home}/Library/Keychains/login.keychain' -P #{''.shellescape} -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild -T /usr/bin/productsign 1> /dev/null"

# this command is also sent on macOS Sierra and we need to allow it or else the test will fail
expected_partition_command = "security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k #{'from_keychain'.shellescape} #{Dir.home}/Library/Keychains/login.keychain 1> /dev/null"
Expand Down