[go: nahoru, domu]
Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[tool] when writing to openssl as a part of macOS/iOS code-signing, flush the stdin stream before closing it #150120

Open
wants to merge 13 commits into
base: master
Choose a base branch
from
+166 −7
Open

[tool] when writing to openssl as a part of macOS/iOS code-signing, flush the stdin stream before closing it #150120

Show file tree
Hide file tree
Changes from 5 commits
Commits
Show all changes
13 commits
Select commit Hold shift + click to select a range
338c6b8
instead of crashing, exit to tool if we are unable to write to openssl
andrewkolos Jun 12, 2024
848bbc5
have writeToStdinGuarded share implementation with writelnToStdinGuarded
andrewkolos Jun 21, 2024
69452eb
attempt 2
andrewkolos Jun 21, 2024
f728c15
nits
andrewkolos Jun 24, 2024
98140e3
upgrade doc to mention that we call flush on the sink
andrewkolos Jun 24, 2024
515a5c9
nits
andrewkolos Jun 25, 2024
386cf4a
handle any error from flush
andrewkolos Jun 28, 2024
104f584
patch the new test
andrewkolos Jun 28, 2024
75edc90
satisfy lint
andrewkolos Jun 28, 2024
3a03674
patch new test again
andrewkolos Jun 28, 2024
2e11cd0
fix comment that already went stale before the PR even merged
andrewkolos Jun 28, 2024
6d10601
self-nit
andrewkolos Jun 28, 2024
f01f1c1
simplify new test of writeToStdinGuarded
andrewkolos Jun 28, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
55 changes: 49 additions & 6 deletions packages/flutter_tools/lib/src/base/process.dart
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -244,26 +244,69 @@ abstract class ProcessUtils {
/// ```
///
/// However it did not catch a [SocketException] on Linux.
///
/// As part of making sure errors are caught, this function will call [flush]
/// on [stdin] to ensure that [line] is written to the pipe before this
/// function returns. This means completion will be blocked if the kernel
/// buffer of the pipe is full.
static Future<void> writelnToStdinGuarded({
required IOSink stdin,
required String line,
required void Function(Object, StackTrace) onError,
}) async {
await _writeToStdinGuarded(
stdin: stdin,
content: line,
onError: onError,
isLine: true,
);
}

/// Please see [writelnToStdinGuarded].
///
/// This calls `stdin.write` instead of `stdin.writeln`.
static Future<void> writeToStdinGuarded({
christopherfujino marked this conversation as resolved.
Show resolved Hide resolved
required IOSink stdin,
required String content,
required void Function(Object, StackTrace) onError,
}) async {
await _writeToStdinGuarded(
stdin: stdin,
content: content,
onError: onError,
isLine: false,
);
}

static Future<void> _writeToStdinGuarded({
required IOSink stdin,
required String content,
required void Function(Object, StackTrace) onError,
required bool isLine,
}) async {
final Completer<void> completer = Completer<void>();

void writeFlushAndComplete() {
stdin.writeln(line);
stdin.flush().whenComplete(() {
if (!completer.isCompleted) {
completer.complete();
}
if (isLine) {
stdin.writeln(content);
} else {
stdin.write(content);
}
stdin.flush().then((_) {
completer.complete();
});
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not merging this yet because we probably should have a .onError call here.

}

runZonedGuarded(
writeFlushAndComplete,
(Object error, StackTrace stackTrace) {
onError(error, stackTrace);
try {
onError(error, stackTrace);
} on Exception catch (e) {
completer.completeError(e);
}

// We may have already completed with an error in the above catch block.
if (!completer.isCompleted) {
completer.complete();
}
Expand Down
10 changes: 9 additions & 1 deletion packages/flutter_tools/lib/src/ios/code_signing.dart
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -231,7 +231,15 @@ Future<String?> _getCodeSigningIdentityDevelopmentTeam({

final Process opensslProcess = await processUtils.start(
const <String>['openssl', 'x509', '-subject']);
await (opensslProcess.stdin..write(signingCertificateStdout)).close();

await ProcessUtils.writeToStdinGuarded(
stdin: opensslProcess.stdin,
content: signingCertificateStdout,
onError: (Object? error, _) {
throw Exception('Unexpected error when writing to openssl: $error');
},
Comment on lines +238 to +240
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If this ends up becoming a pattern (it very much probably will), we may want to consider creating like a writeToStdinUnsafe method that accepts something like a message or taskDescription. This new method would then throw a custom exception type from that.

);
await opensslProcess.stdin.close();

final String opensslOutput = await utf8.decodeStream(opensslProcess.stdout);
// Fire and forget discard of the stderr stream so we don't hold onto resources.
Expand Down
54 changes: 54 additions & 0 deletions packages/flutter_tools/test/general.shard/ios/code_signing_test.dart
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ import 'package:flutter_tools/src/ios/code_signing.dart';

import '../../src/common.dart';
import '../../src/fake_process_manager.dart';
import '../../src/fakes.dart';

const String kCertificates = '''
1) 86f7e437faa5a7fce15d1ddcb9eaeaea377667b8 "iPhone Developer: Profile 1 (1111AAAA11)"
Expand Down Expand Up @@ -581,6 +582,59 @@ void main() {
expect(developmentTeam, isNull);
expect(processManager, hasNoRemainingExpectations);
});

testWithoutContext('handles stdin pipe breaking on openssl process', () async {
final StreamSink<List<int>> stdinSink = ClosedStdinController();

final Completer<void> completer = Completer<void>();
const String certificates = '''
1) 86f7e437faa5a7fce15d1ddcb9eaeaea377667b8 "iPhone Developer: Profile 1 (1111AAAA11)"
1 valid identities found''';
final FakeProcessManager processManager = FakeProcessManager.list(<FakeCommand>[
const FakeCommand(
command: <String>['which', 'security'],
),
const FakeCommand(
command: <String>['which', 'openssl'],
),
const FakeCommand(
command: <String>['security', 'find-identity', '-p', 'codesigning', '-v'],
stdout: certificates,
),
const FakeCommand(
command: <String>['security', 'find-certificate', '-c', '1111AAAA11', '-p'],
stdout: 'This is a fake certificate',
),
FakeCommand(
command: const <String>['openssl', 'x509', '-subject'],
stdin: IOSink(stdinSink),
stdout: 'subject= /CN=iPhone Developer: Profile 1 (1111AAAA11)/OU=3333CCCC33/O=My Team/C=US',
completer: completer,
),
]);

Future<Map<String, String>?> getCodeSigningIdentities() => getCodeSigningIdentityDevelopmentTeamBuildSetting(
buildSettings: <String, String>{
andrewkolos marked this conversation as resolved.
Show resolved Hide resolved
'bogus': 'bogus',
},
platform: macosPlatform,
processManager: processManager,
logger: logger,
config: testConfig,
terminal: testTerminal,
);

await expectLater(
() => getCodeSigningIdentities(),
throwsA(
const TypeMatcher<Exception>().having(
(Exception e) => e.toString(),
'message',
equals('Exception: Unexpected error when writing to openssl: SocketException: Bad pipe'),
),
),
);
});
});
}

Expand Down
9 changes: 9 additions & 0 deletions packages/flutter_tools/test/src/fakes.dart
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -737,3 +737,12 @@ class FakeDevtoolsLauncher extends Fake implements DevtoolsLauncher {
closed = true;
}
}

class ClosedStdinController extends Fake implements StreamSink<List<int>> {
@override
Future<Object?> addStream(Stream<List<int>> stream) async => throw const SocketException('Bad pipe');

@override Future<Object?> close() async {
andrewkolos marked this conversation as resolved.
Show resolved Hide resolved
return null;
}
}