[flutter_tools] delete entitlements files after copying to macos build dir (#126875)

Fixes https://github.com/flutter/flutter/issues/126705

[flutter_tools] delete entitlements files after copying to macos build dir (#126875)
Fixes https://github.com/flutter/flutter/issues/126705
7e1a0d40 · Christopher Fujino · GitHub · 34371894 · 7e1a0d40 · 7e1a0d40
Unverified Commit 7e1a0d40 authored May 22, 2023 by Christopher Fujino Committed by GitHub May 22, 2023
Show whitespace changes
Inline Side-by-side

Showing with 69 additions and 2 deletions

cache.dart packages/flutter_tools/lib/src/cache.dart +14 -0

artifact_updater_test.dart ...utter_tools/test/general.shard/artifact_updater_test.dart +55 -2

No files found.
--- a/packages/flutter_tools/lib/src/cache.dart
+++ b/packages/flutter_tools/lib/src/cache.dart
@@ -1004,6 +1004,19 @@ class ArtifactUpdater {
  @visibleForTesting
  final List<File> downloadedFiles = <File>[];
+  /// These filenames, should they exist after extracting an archive, should be deleted.
+  static const Set<String> _denylistedBasenames = <String>{'entitlements.txt', 'without_entitlements.txt'};
+  void _removeDenylistedFiles(Directory directory) {
+    for (final FileSystemEntity entity in directory.listSync(recursive: true)) {
+      if (entity is! File) {
+        continue;
+      }
+      if (_denylistedBasenames.contains(entity.basename)) {
+        entity.deleteSync();
+      }
+    }
+  }
  /// Download a zip archive from the given [url] and unzip it to [location].
  Future<void> downloadZipArchive(
    String message,
@@ -1120,6 +1133,7 @@ class ArtifactUpdater {
        _deleteIgnoringErrors(tempFile);
        continue;
      }
+      _removeDenylistedFiles(location);
      return;
    }
  }

--- a/packages/flutter_tools/test/general.shard/artifact_updater_test.dart
+++ b/packages/flutter_tools/test/general.shard/artifact_updater_test.dart
@@ -74,6 +74,49 @@ void main() {
    expect(fileSystem.file('out/test/foo.txt'), isNot(exists));
  });
+  testWithoutContext('ArtifactUpdater will delete any denylisted files from the outputDirectory', () async {
+    final FakeOperatingSystemUtils operatingSystemUtils = FakeOperatingSystemUtils();
+    final MemoryFileSystem fileSystem = MemoryFileSystem.test();
+    final BufferLogger logger = BufferLogger.test();
+    final Directory tempStorage = fileSystem.currentDirectory.childDirectory('temp');
+    final String localZipPath = tempStorage.childFile('test.zip').path;
+    File? desiredArtifact;
+    File? entitlementsFile;
+    File? nestedWithoutEntitlementsFile;
+    operatingSystemUtils.unzipCallbacks[localZipPath] = (Directory outputDirectory) {
+      desiredArtifact = outputDirectory.childFile('artifact.bin')..createSync();
+      entitlementsFile = outputDirectory.childFile('entitlements.txt')..createSync();
+      nestedWithoutEntitlementsFile = outputDirectory
+          .childDirectory('dir')
+          .childFile('without_entitlements.txt')
+          ..createSync(recursive: true);
+    };
+    final ArtifactUpdater artifactUpdater = ArtifactUpdater(
+      fileSystem: fileSystem,
+      logger: logger,
+      operatingSystemUtils: operatingSystemUtils,
+      platform: testPlatform,
+      httpClient: FakeHttpClient.any(),
+      tempStorage: tempStorage..createSync(),
+      allowedBaseUrls: <String>['http://test.zip'],
+    );
+    // entitlements file cached from before the tool had a denylist
+    final File staleEntitlementsFile = fileSystem.file('out/path/to/entitlements.txt')..createSync(recursive: true);
+    expect(staleEntitlementsFile, exists);
+    await artifactUpdater.downloadZipArchive(
+      'test message',
+      Uri.parse('http://test.zip'),
+      fileSystem.currentDirectory.childDirectory('out'),
+    );
+    expect(logger.statusText, contains('test message'));
+    expect(desiredArtifact, exists);
+    expect(entitlementsFile, isNot(exists));
+    expect(nestedWithoutEntitlementsFile, isNot(exists));
+    expect(staleEntitlementsFile, isNot(exists));
+  });
  testWithoutContext('ArtifactUpdater will not validate the md5 hash if the '
    'x-goog-hash header is present but missing an md5 entry', () async {
    final FakeOperatingSystemUtils operatingSystemUtils = FakeOperatingSystemUtils();
@@ -491,15 +534,25 @@ class FakeOperatingSystemUtils extends Fake implements OperatingSystemUtils {
  int failures = 0;
  final bool windows;
+  /// A mapping of zip [file] paths to callbacks that receive the [targetDirectory].
+  ///
+  /// Use this to have [unzip] generate an arbitrary set of [FileSystemEntity]s
+  /// under [targetDirectory].
+  final Map<String, void Function(Directory)> unzipCallbacks = <String, void Function(Directory)>{};
  @override
  void unzip(File file, Directory targetDirectory) {
    if (failures > 0) {
      failures -= 1;
      throw Exception();
    }
+    if (unzipCallbacks.containsKey(file.path)) {
+      unzipCallbacks[file.path]!(targetDirectory);
+    } else {
      targetDirectory.childFile(file.fileSystem.path.basenameWithoutExtension(file.path))
        .createSync();
    }
+  }
  @override
  void unpack(File gzippedTarFile, Directory targetDirectory) {