Default new project to the ios-signing-cert development team (#90021)

91d1e3ed · Jenn Magder · GitHub · 4ef6fc18 · 91d1e3ed · 91d1e3ed
Unverified Commit 91d1e3ed authored Oct 07, 2021 by Jenn Magder Committed by GitHub Oct 07, 2021
11 changed files
--- a/packages/flutter_tools/lib/src/commands/create.dart
+++ b/packages/flutter_tools/lib/src/commands/create.dart
@@ -16,6 +16,7 @@ import '../features.dart';
 import '../flutter_manifest.dart';
 import '../flutter_project_metadata.dart';
 import '../globals_null_migrated.dart' as globals;
+import '../ios/code_signing.dart';
 import '../project.dart';
 import '../reporting/reporting.dart';
 import '../runner/flutter_command.dart';
@@ -234,6 +235,17 @@ class CreateCommand extends CreateBase {
    }

    final String dartSdk = globals.cache.dartSdkBuild;
+    final bool includeIos = featureFlags.isIOSEnabled && platforms.contains('ios');
+    String developmentTeam;
+    if (includeIos) {
+      developmentTeam = await getCodeSigningIdentityDevelopmentTeam(
+        processManager: globals.processManager,
+        platform: globals.platform,
+        logger: globals.logger,
+        config: globals.config,
+        terminal: globals.terminal,
+      );
+    }

    final Map<String, Object> templateContext = createTemplateContext(
      organization: organization,
@@ -243,7 +255,8 @@ class CreateCommand extends CreateBase {
      withPluginHook: generatePlugin,
      androidLanguage: stringArg('android-language'),
      iosLanguage: stringArg('ios-language'),
-      ios: featureFlags.isIOSEnabled && platforms.contains('ios'),
+      iosDevelopmentTeam: developmentTeam,
+      ios: includeIos,
      android: featureFlags.isAndroidEnabled && platforms.contains('android'),
      web: featureFlags.isWebEnabled && platforms.contains('web'),
      linux: featureFlags.isLinuxEnabled && platforms.contains('linux'),

--- a/packages/flutter_tools/lib/src/commands/create_base.dart
+++ b/packages/flutter_tools/lib/src/commands/create_base.dart
@@ -325,6 +325,7 @@ abstract class CreateBase extends FlutterCommand {
    String projectName,
    String projectDescription,
    String androidLanguage,
+    String iosDevelopmentTeam,
    String iosLanguage,
    String flutterRoot,
    String dartSdkVersionBounds,
@@ -375,6 +376,8 @@ abstract class CreateBase extends FlutterCommand {
      'withPluginHook': withPluginHook,
      'androidLanguage': androidLanguage,
      'iosLanguage': iosLanguage,
+      'hasIosDevelopmentTeam': iosDevelopmentTeam != null && iosDevelopmentTeam.isNotEmpty,
+      'iosDevelopmentTeam': iosDevelopmentTeam ?? '',
      'flutterRevision': globals.flutterVersion.frameworkRevision,
      'flutterChannel': globals.flutterVersion.channel,
      'ios': ios,

--- a/packages/flutter_tools/lib/src/ios/code_signing.dart
+++ b/packages/flutter_tools/lib/src/ios/code_signing.dart
@@ -8,10 +8,13 @@ import '../base/common.dart';
 import '../base/config.dart';
 import '../base/io.dart';
 import '../base/logger.dart';
+import '../base/platform.dart';
 import '../base/process.dart';
 import '../base/terminal.dart';
 import '../convert.dart' show utf8;

+const String _developmentTeamBuildSettingName = 'DEVELOPMENT_TEAM';
+
 /// User message when no development certificates are found in the keychain.
 ///
 /// The user likely never did any iOS development.
@@ -91,9 +94,10 @@ final RegExp _certificateOrganizationalUnitExtractionPattern = RegExp(r'OU=([a-z
 ///
 /// Will return null if none are found, if the user cancels or if the Xcode
 /// project has a development team set in the project's build settings.
-Future<Map<String, String>?> getCodeSigningIdentityDevelopmentTeam({
+Future<Map<String, String>?> getCodeSigningIdentityDevelopmentTeamBuildSetting({
  required Map<String, String>? buildSettings,
  required ProcessManager processManager,
+  required Platform platform,
  required Logger logger,
  required Config config,
  required Terminal terminal,
@@ -104,10 +108,10 @@ Future<Map<String, String>?> getCodeSigningIdentityDevelopmentTeam({

  // If the user already has it set in the project build settings itself,
  // continue with that.
-  if (_isNotEmpty(buildSettings['DEVELOPMENT_TEAM'])) {
+  if (_isNotEmpty(buildSettings[_developmentTeamBuildSettingName])) {
    logger.printStatus(
      'Automatically signing iOS for device deployment using specified development '
-      'team in Xcode project: ${buildSettings['DEVELOPMENT_TEAM']}'
+      'team in Xcode project: ${buildSettings[_developmentTeamBuildSettingName]}'
    );
    return null;
  }
@@ -116,6 +120,53 @@ Future<Map<String, String>?> getCodeSigningIdentityDevelopmentTeam({
    return null;
  }

+  final String? developmentTeam = await _getCodeSigningIdentityDevelopmentTeam(
+    processManager: processManager,
+    platform: platform,
+    logger: logger,
+    config: config,
+    terminal: terminal,
+    shouldExitOnNoCerts: true,
+  );
+
+  if (developmentTeam == null) {
+    return null;
+  }
+
+  return <String, String>{
+    _developmentTeamBuildSettingName: developmentTeam,
+  };
+}
+
+Future<String?> getCodeSigningIdentityDevelopmentTeam({
+  required ProcessManager processManager,
+  required Platform platform,
+  required Logger logger,
+  required Config config,
+  required Terminal terminal,
+}) async =>
+    _getCodeSigningIdentityDevelopmentTeam(
+      processManager: processManager,
+      platform: platform,
+      logger: logger,
+      config: config,
+      terminal: terminal,
+      shouldExitOnNoCerts: false,
+    );
+
+/// Set [shouldExitOnNoCerts] to show instructions for how to add a cert when none are found, then [toolExit].
+Future<String?> _getCodeSigningIdentityDevelopmentTeam({
+  required ProcessManager processManager,
+  required Platform platform,
+  required Logger logger,
+  required Config config,
+  required Terminal terminal,
+  bool shouldExitOnNoCerts = false,
+}) async {
+  if (!platform.isMacOS) {
+    return null;
+  }
+
  // If the user's environment is missing the tools needed to find and read
  // certificates, abandon. Tools should be pre-equipped on macOS.
  final ProcessUtils processUtils = ProcessUtils(processManager: processManager, logger: logger);
@@ -150,7 +201,8 @@ Future<Map<String, String>?> getCodeSigningIdentityDevelopmentTeam({
      .toSet() // Unique.
      .toList();

-  final String? signingIdentity = await _chooseSigningIdentity(validCodeSigningIdentities, logger, config, terminal);
+  final String? signingIdentity =
+      await _chooseSigningIdentity(validCodeSigningIdentities, logger, config, terminal, shouldExitOnNoCerts);

  // If none are chosen, return null.
  if (signingIdentity == null) {
@@ -193,28 +245,25 @@ Future<Map<String, String>?> getCodeSigningIdentityDevelopmentTeam({
    return null;
  }

-  final String? developmentTeam = _certificateOrganizationalUnitExtractionPattern
-      .firstMatch(opensslOutput)
-      ?.group(1);
-  if (developmentTeam == null) {
-    return null;
-  }
-
-  return <String, String>{
-    'DEVELOPMENT_TEAM': developmentTeam,
-  };
+  return _certificateOrganizationalUnitExtractionPattern.firstMatch(opensslOutput)?.group(1);
 }

+/// Set [shouldExitOnNoCerts] to show instructions for how to add a cert when none are found, then [toolExit].
 Future<String?> _chooseSigningIdentity(
  List<String> validCodeSigningIdentities,
  Logger logger,
  Config config,
  Terminal terminal,
+  bool shouldExitOnNoCerts,
 ) async {
  // The user has no valid code signing identities.
  if (validCodeSigningIdentities.isEmpty) {
-    logger.printError(noCertificatesInstruction, emphasis: true);
-    throwToolExit('No development certificates available to code sign app for device deployment');
+    if (shouldExitOnNoCerts) {
+      logger.printError(noCertificatesInstruction, emphasis: true);
+      throwToolExit('No development certificates available to code sign app for device deployment');
+    } else {
+      return null;
+    }
  }

  if (validCodeSigningIdentities.length == 1) {

--- a/packages/flutter_tools/lib/src/ios/mac.dart
+++ b/packages/flutter_tools/lib/src/ios/mac.dart
@@ -189,8 +189,9 @@ Future<XcodeBuildResult> buildXcodeProject({
      ) ?? <String, String>{};

  if (codesign && environmentType == EnvironmentType.physical) {
-    autoSigningConfigs = await getCodeSigningIdentityDevelopmentTeam(
+    autoSigningConfigs = await getCodeSigningIdentityDevelopmentTeamBuildSetting(
      buildSettings: buildSettings,
+      platform: globals.platform,
      processManager: globals.processManager,
      logger: globals.logger,
      config: globals.config,

--- a/packages/flutter_tools/lib/src/xcode_project.dart
+++ b/packages/flutter_tools/lib/src/xcode_project.dart
@@ -10,6 +10,7 @@ import 'build_info.dart';
 import 'bundle.dart' as bundle;
 import 'flutter_plugins.dart';
 import 'globals_null_migrated.dart' as globals;
+import 'ios/code_signing.dart';
 import 'ios/plist_parser.dart';
 import 'ios/xcode_build_settings.dart' as xcode;
 import 'ios/xcodeproj.dart';
@@ -475,12 +476,23 @@ class IosProject extends XcodeBasedProject {
      templateRenderer: globals.templateRenderer,
    );
    final String iosBundleIdentifier = parent.manifest.iosBundleIdentifier ?? 'com.example.${parent.manifest.appName}';
+
+    final String? iosDevelopmentTeam = await getCodeSigningIdentityDevelopmentTeam(
+      processManager: globals.processManager,
+      platform: globals.platform,
+      logger: globals.logger,
+      config: globals.config,
+      terminal: globals.terminal,
+    );
+
    template.render(
      target,
      <String, Object>{
        'ios': true,
        'projectName': parent.manifest.appName,
        'iosIdentifier': iosBundleIdentifier,
+        'hasIosDevelopmentTeam': iosDevelopmentTeam != null && iosDevelopmentTeam.isNotEmpty,
+        'iosDevelopmentTeam': iosDevelopmentTeam ?? '',
      },
      printStatusWhenWriting: false,
      overwriteExisting: true,

--- a/packages/flutter_tools/templates/app_shared/ios-objc.tmpl/Runner.xcodeproj/project.pbxproj.tmpl
+++ b/packages/flutter_tools/templates/app_shared/ios-objc.tmpl/Runner.xcodeproj/project.pbxproj.tmpl
@@ -298,6 +298,9 @@
 			buildSettings = {
 				ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon;
 				CURRENT_PROJECT_VERSION = "$(FLUTTER_BUILD_NUMBER)";
+{{#hasIosDevelopmentTeam}}
+				DEVELOPMENT_TEAM = {{iosDevelopmentTeam}};
+{{/hasIosDevelopmentTeam}}
 				ENABLE_BITCODE = NO;
 				INFOPLIST_FILE = Runner/Info.plist;
 				LD_RUNPATH_SEARCH_PATHS = (
@@ -421,6 +424,9 @@
 			buildSettings = {
 				ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon;
 				CURRENT_PROJECT_VERSION = "$(FLUTTER_BUILD_NUMBER)";
+{{#hasIosDevelopmentTeam}}
+				DEVELOPMENT_TEAM = {{iosDevelopmentTeam}};
+{{/hasIosDevelopmentTeam}}
 				ENABLE_BITCODE = NO;
 				INFOPLIST_FILE = Runner/Info.plist;
 				LD_RUNPATH_SEARCH_PATHS = (
@@ -439,6 +445,9 @@
 			buildSettings = {
 				ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon;
 				CURRENT_PROJECT_VERSION = "$(FLUTTER_BUILD_NUMBER)";
+{{#hasIosDevelopmentTeam}}
+				DEVELOPMENT_TEAM = {{iosDevelopmentTeam}};
+{{/hasIosDevelopmentTeam}}
 				ENABLE_BITCODE = NO;
 				INFOPLIST_FILE = Runner/Info.plist;
 				LD_RUNPATH_SEARCH_PATHS = (

--- a/packages/flutter_tools/templates/app_shared/ios-swift.tmpl/Runner.xcodeproj/project.pbxproj.tmpl
+++ b/packages/flutter_tools/templates/app_shared/ios-swift.tmpl/Runner.xcodeproj/project.pbxproj.tmpl
@@ -288,6 +288,9 @@
 				ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon;
 				CLANG_ENABLE_MODULES = YES;
 				CURRENT_PROJECT_VERSION = "$(FLUTTER_BUILD_NUMBER)";
+{{#hasIosDevelopmentTeam}}
+				DEVELOPMENT_TEAM = {{iosDevelopmentTeam}};
+{{/hasIosDevelopmentTeam}}
 				ENABLE_BITCODE = NO;
 				INFOPLIST_FILE = Runner/Info.plist;
 				LD_RUNPATH_SEARCH_PATHS = (
@@ -416,6 +419,9 @@
 				ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon;
 				CLANG_ENABLE_MODULES = YES;
 				CURRENT_PROJECT_VERSION = "$(FLUTTER_BUILD_NUMBER)";
+{{#hasIosDevelopmentTeam}}
+				DEVELOPMENT_TEAM = {{iosDevelopmentTeam}};
+{{/hasIosDevelopmentTeam}}
 				ENABLE_BITCODE = NO;
 				INFOPLIST_FILE = Runner/Info.plist;
 				LD_RUNPATH_SEARCH_PATHS = (
@@ -438,6 +444,9 @@
 				ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon;
 				CLANG_ENABLE_MODULES = YES;
 				CURRENT_PROJECT_VERSION = "$(FLUTTER_BUILD_NUMBER)";
+{{#hasIosDevelopmentTeam}}
+				DEVELOPMENT_TEAM = {{iosDevelopmentTeam}};
+{{/hasIosDevelopmentTeam}}
 				ENABLE_BITCODE = NO;
 				INFOPLIST_FILE = Runner/Info.plist;
 				LD_RUNPATH_SEARCH_PATHS = (

--- a/packages/flutter_tools/templates/module/ios/host_app_ephemeral/Runner.xcodeproj.tmpl/project.pbxproj.tmpl
+++ b/packages/flutter_tools/templates/module/ios/host_app_ephemeral/Runner.xcodeproj.tmpl/project.pbxproj.tmpl
@@ -298,6 +298,9 @@
 			buildSettings = {
 				ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon;
 				CURRENT_PROJECT_VERSION = "$(FLUTTER_BUILD_NUMBER)";
+{{#hasIosDevelopmentTeam}}
+				DEVELOPMENT_TEAM = {{iosDevelopmentTeam}};
+{{/hasIosDevelopmentTeam}}
 				INFOPLIST_FILE = Runner/Info.plist;
 				LD_RUNPATH_SEARCH_PATHS = (
 					"$(inherited)",
@@ -420,6 +423,9 @@
 			buildSettings = {
 				ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon;
 				CURRENT_PROJECT_VERSION = "$(FLUTTER_BUILD_NUMBER)";
+{{#hasIosDevelopmentTeam}}
+				DEVELOPMENT_TEAM = {{iosDevelopmentTeam}};
+{{/hasIosDevelopmentTeam}}
 				INFOPLIST_FILE = Runner/Info.plist;
 				LD_RUNPATH_SEARCH_PATHS = (
 					"$(inherited)",
@@ -437,6 +443,9 @@
 			buildSettings = {
 				ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon;
 				CURRENT_PROJECT_VERSION = "$(FLUTTER_BUILD_NUMBER)";
+{{#hasIosDevelopmentTeam}}
+				DEVELOPMENT_TEAM = {{iosDevelopmentTeam}};
+{{/hasIosDevelopmentTeam}}
 				INFOPLIST_FILE = Runner/Info.plist;
 				LD_RUNPATH_SEARCH_PATHS = (
 					"$(inherited)",

--- a/packages/flutter_tools/test/commands.shard/permeable/build_apk_test.dart
+++ b/packages/flutter_tools/test/commands.shard/permeable/build_apk_test.dart
@@ -129,7 +129,7 @@ void main() {

    group('AndroidSdk', () {
      testUsingContext('throws throwsToolExit if AndroidSdk is null', () async {
-        final String projectPath = await createProject(tempDir, arguments: <String>['--no-pub', '--template=app']);
+        final String projectPath = await createProject(tempDir, arguments: <String>['--no-pub', '--template=app', '--platform=android']);

        await expectLater(
          () => runBuildApkCommand(
@@ -150,7 +150,7 @@ void main() {
    });

    testUsingContext('shrinking is enabled by default on release mode', () async {
-      final String projectPath = await createProject(tempDir, arguments: <String>['--no-pub', '--template=app']);
+      final String projectPath = await createProject(tempDir, arguments: <String>['--no-pub', '--template=app', '--platform=android']);
      processManager.addCommand(FakeCommand(
        command: <String>[
          gradlew,
@@ -179,7 +179,7 @@ void main() {
    });

    testUsingContext('--split-debug-info is enabled when an output directory is provided', () async {
-      final String projectPath = await createProject(tempDir, arguments: <String>['--no-pub', '--template=app']);
+      final String projectPath = await createProject(tempDir, arguments: <String>['--no-pub', '--template=app', '--platform=android']);
      processManager.addCommand(FakeCommand(
        command: <String>[
          gradlew,
@@ -209,7 +209,7 @@ void main() {
    });

    testUsingContext('--extra-front-end-options are provided to gradle project', () async {
-      final String projectPath = await createProject(tempDir, arguments: <String>['--no-pub', '--template=app']);
+      final String projectPath = await createProject(tempDir, arguments: <String>['--no-pub', '--template=app', '--platform=android']);
      processManager.addCommand(FakeCommand(
        command: <String>[
          gradlew,
@@ -239,7 +239,7 @@ void main() {
    });

    testUsingContext('shrinking is disabled when --no-shrink is passed', () async {
-      final String projectPath = await createProject(tempDir, arguments: <String>['--no-pub', '--template=app']);
+      final String projectPath = await createProject(tempDir, arguments: <String>['--no-pub', '--template=app', '--platform=android']);
      processManager.addCommand(FakeCommand(
        command: <String>[
          gradlew,
@@ -271,7 +271,7 @@ void main() {
    });

    testUsingContext('guides the user when the shrinker fails', () async {
-      final String projectPath = await createProject(tempDir, arguments: <String>['--no-pub', '--template=app']);
+      final String projectPath = await createProject(tempDir, arguments: <String>['--no-pub', '--template=app', '--platform=android']);
      const String r8StdoutWarning =
        "Execution failed for task ':app:transformClassesAndResourcesWithR8ForStageInternal'.\n"
        '> com.android.tools.r8.CompilationFailedException: Compilation failed to complete';
@@ -322,7 +322,7 @@ void main() {
    });

    testUsingContext("reports when the app isn't using AndroidX", () async {
-      final String projectPath = await createProject(tempDir, arguments: <String>['--no-pub', '--template=app']);
+      final String projectPath = await createProject(tempDir, arguments: <String>['--no-pub', '--template=app', '--platform=android']);
      // Simulate a non-androidx project.
      tempDir
        .childDirectory('flutter_project')
@@ -375,7 +375,7 @@ void main() {
    });

    testUsingContext('reports when the app is using AndroidX', () async {
-      final String projectPath = await createProject(tempDir, arguments: <String>['--no-pub', '--template=app']);
+      final String projectPath = await createProject(tempDir, arguments: <String>['--no-pub', '--template=app', '--platform=android']);
      processManager.addCommand(FakeCommand(
        command: <String>[
          gradlew,

--- a/packages/flutter_tools/test/commands.shard/permeable/create_test.dart
+++ b/packages/flutter_tools/test/commands.shard/permeable/create_test.dart
@@ -44,6 +44,9 @@ const String _kDisabledPlatformRequestedMessage = 'currently not supported on yo

 // This needs to be created from the local platform due to re-entrant flutter calls made in this test.
 FakePlatform _kNoColorTerminalPlatform() => FakePlatform.fromPlatform(const LocalPlatform())..stdoutSupportsAnsi = false;
+FakePlatform _kNoColorTerminalMacOSPlatform() => FakePlatform.fromPlatform(const LocalPlatform())
+  ..stdoutSupportsAnsi = false
+  ..operatingSystem = 'macos';

 final Map<Type, Generator> noColorTerminalOverride = <Type, Generator>{
  Platform: _kNoColorTerminalPlatform,
@@ -60,6 +63,7 @@ void main() {
  Directory projectDir;
  FakeFlutterVersion fakeFlutterVersion;
  LoggingProcessManager loggingProcessManager;
+  FakeProcessManager fakeProcessManager;
  BufferLogger logger;

  setUpAll(() async {
@@ -76,6 +80,7 @@ void main() {
      frameworkRevision: frameworkRevision,
      channel: frameworkChannel,
    );
+    fakeProcessManager = FakeProcessManager.empty();
  });

  tearDown(() {
@@ -1308,6 +1313,56 @@ void main() {
    Platform: _kNoColorTerminalPlatform,
  });

+  testUsingContext('has iOS development team with app template', () async {
+    Cache.flutterRoot = '../..';
+
+    final Completer<void> completer = Completer<void>();
+    final StreamController<List<int>> controller = StreamController<List<int>>();
+    const String certificates = '''
+1) 86f7e437faa5a7fce15d1ddcb9eaeaea377667b8 "iPhone Developer: Profile 1 (1111AAAA11)"
+    1 valid identities found''';
+    fakeProcessManager.addCommands(<FakeCommand>[
+      const FakeCommand(
+        command: <String>['which', 'security'],
+      ),
+      const FakeCommand(
+        command: <String>['which', 'openssl'],
+      ),
+      const FakeCommand(
+        command: <String>['security', 'find-identity', '-p', 'codesigning', '-v'],
+        stdout: certificates,
+      ),
+      const FakeCommand(
+        command: <String>['security', 'find-certificate', '-c', '1111AAAA11', '-p'],
+        stdout: 'This is a fake certificate',
+      ),
+      FakeCommand(
+        command: const <String>['openssl', 'x509', '-subject'],
+        stdin: IOSink(controller.sink),
+        stdout: 'subject= /CN=iPhone Developer: Profile 1 (1111AAAA11)/OU=3333CCCC33/O=My Team/C=US',
+      )
+    ]);
+
+    controller.stream.listen((List<int> chunk) {
+      completer.complete();
+    });
+
+    final CreateCommand command = CreateCommand();
+    final CommandRunner<void> runner = createTestCommandRunner(command);
+
+    await runner.run(<String>['create', '--template=app', '--no-pub', '--org', 'com.foo.bar', projectDir.path]);
+
+    final String xcodeProjectPath = globals.fs.path.join('ios', 'Runner.xcodeproj', 'project.pbxproj');
+    final File xcodeProjectFile = globals.fs.file(globals.fs.path.join(projectDir.path, xcodeProjectPath));
+    expect(xcodeProjectFile, exists);
+    final String xcodeProject = xcodeProjectFile.readAsStringSync();
+    expect(xcodeProject, contains('DEVELOPMENT_TEAM = 3333CCCC33;'));
+  }, overrides: <Type, Generator>{
+    FlutterVersion: () => fakeFlutterVersion,
+    Platform: _kNoColorTerminalMacOSPlatform,
+    ProcessManager: () => fakeProcessManager,
+  });
+
  testUsingContext('has correct content and formatting with macOS app template', () async {
    Cache.flutterRoot = '../..';


--- a/packages/flutter_tools/test/general.shard/ios/code_signing_test.dart
+++ b/packages/flutter_tools/test/general.shard/ios/code_signing_test.dart