Bitcode strip embedded iOS frameworks (#51914)

32716b9e · Jenn Magder · GitHub · cbbb7ec5 · 32716b9e · 32716b9e
Unverified Commit 32716b9e authored Mar 04, 2020 by Jenn Magder Committed by GitHub Mar 04, 2020
Showing with 46 additions and 13 deletions

ios_content_validation_test.dart dev/devicelab/bin/tasks/ios_content_validation_test.dart +36 -6

manifest.yaml dev/devicelab/manifest.yaml +2 -2

xcode_backend.sh packages/flutter_tools/bin/xcode_backend.sh +8 -5

No files found.
--- a/dev/devicelab/bin/tasks/ios_obfuscate_test.dart
+++ b/dev/devicelab/bin/tasks/ios_obfuscate_test.dart
@@ -7,6 +7,7 @@ import 'dart:io';
 import 'package:flutter_devicelab/framework/apk_utils.dart';
 import 'package:flutter_devicelab/framework/framework.dart';
+import 'package:flutter_devicelab/framework/ios.dart';
 import 'package:flutter_devicelab/framework/utils.dart';
 import 'package:path/path.dart' as path;
@@ -14,8 +15,9 @@ Future<void> main() async {
  await task(() async {
    try {
      bool foundProjectName = false;
+      bool bitcode = false;
      await runProjectTest((FlutterProject flutterProject) async {
-        section('iOS Framework content with --obfuscate');
+        section('Build app with with --obfuscate');
        await inDirectory(flutterProject.rootPath, () async {
          await flutter('build', options: <String>[
            'ios',
@@ -24,30 +26,58 @@ Future<void> main() async {
            '--split-debug-info=foo/',
          ]);
        });
-        final String outputFramework = path.join(
+        final String outputAppPath = path.join(
          flutterProject.rootPath,
-          'build/ios/iphoneos/Runner.app/Frameworks/App.framework/App',
+          'build/ios/iphoneos/Runner.app',
        );
-        if (!File(outputFramework).existsSync()) {
+        final String outputAppFramework = path.join(
-          fail('Failed to produce expected output at $outputFramework');
+          flutterProject.rootPath,
+          outputAppPath,
+          'Frameworks/App.framework/App',
+        );
+        if (!File(outputAppFramework).existsSync()) {
+          fail('Failed to produce expected output at $outputAppFramework');
        }
+        section('Validate obfuscation');
        // Verify that an identifier from the Dart project code is not present
        // in the compiled binary.
        await inDirectory(flutterProject.rootPath, () async {
          final String response = await eval(
            'grep',
-            <String>[flutterProject.name, outputFramework],
+            <String>[flutterProject.name, outputAppFramework],
            canFail: true,
          );
          if (response.trim().contains('matches')) {
            foundProjectName = true;
          }
        });
+        section('Validate bitcode');
+        final String outputFlutterFramework = path.join(
+          flutterProject.rootPath,
+          outputAppPath,
+          'Frameworks/Flutter.framework/Flutter',
+        );
+        if (!File(outputFlutterFramework).existsSync()) {
+          fail('Failed to produce expected output at $outputFlutterFramework');
+        }
+        bitcode = await containsBitcode(outputFlutterFramework);
      });
      if (foundProjectName) {
        return TaskResult.failure('Found project name in obfuscated dart library');
      }
+      // Archiving should contain a bitcode blob, but not building in release.
+      // This mimics Xcode behavior and present a developer from having to install a
+      // 300+MB app to test devices.
+      if (bitcode) {
+        return TaskResult.failure('Bitcode present in Flutter.framework');
+      }
      return TaskResult.success(null);
    } on TaskResult catch (taskResult) {
      return taskResult;

--- a/dev/devicelab/manifest.yaml
+++ b/dev/devicelab/manifest.yaml
@@ -397,9 +397,9 @@ tasks:
  # iOS on-device tests
-  ios_obfuscate_test:
+  ios_content_validation_test:
    description: >
-      Builds an obfuscated APK and verifies a dart identifier cannot be found
+      Builds an obfuscated app and verifies contents and structure
    stage: devicelab
    flaky: true
    required_agent_capabilities: ["mac/ios"]

--- a/packages/flutter_tools/bin/xcode_backend.sh
+++ b/packages/flutter_tools/bin/xcode_backend.sh
@@ -292,14 +292,17 @@ EmbedFlutterFrameworks() {
  # if it doesn't already exist).
  local xcode_frameworks_dir="${TARGET_BUILD_DIR}/${FRAMEWORKS_FOLDER_PATH}"
  RunCommand mkdir -p -- "${xcode_frameworks_dir}"
-  RunCommand cp -Rv -- "${flutter_ios_out_folder}/App.framework" "${xcode_frameworks_dir}"
+  RunCommand rsync -av --delete "${flutter_ios_out_folder}/App.framework" "${xcode_frameworks_dir}"
  # Embed the actual Flutter.framework that the Flutter app expects to run against,
  # which could be a local build or an arch/type specific build.
-  # Remove it first since Xcode might be trying to hold some of these files - this way we're
-  # sure to get a clean copy.
+  # Copy Xcode behavior and don't copy over headers or modules.
-  RunCommand rm -rf -- "${xcode_frameworks_dir}/Flutter.framework"
+  RunCommand rsync -av --delete --filter "- .DS_Store/" --filter "- Headers/" --filter "- Modules/" "${flutter_ios_engine_folder}/Flutter.framework" "${xcode_frameworks_dir}/"
-  RunCommand cp -Rv -- "${flutter_ios_engine_folder}/Flutter.framework" "${xcode_frameworks_dir}/"
+  if [[ "$ACTION" != "install" ]]; then
+    # Strip bitcode from the destination unless archiving.
+    RunCommand "${DT_TOOLCHAIN_DIR}"/usr/bin/bitcode_strip "${flutter_ios_engine_folder}/Flutter.framework/Flutter" -r -o "${xcode_frameworks_dir}/Flutter.framework/Flutter"
+  fi
  # Sign the binaries we moved.
  if [[ -n "${EXPANDED_CODE_SIGN_IDENTITY:-}" ]]; then