Unverified Commit c73bffe7 authored by godofredoc's avatar godofredoc Committed by GitHub

Migrate verify_codesigned. (#139328)

This is part of the migration of adhoc tests to shard tests.

Bug: https://github.com/flutter/flutter/issues/139153
parent c02ace6b
...@@ -3714,26 +3714,24 @@ targets: ...@@ -3714,26 +3714,24 @@ targets:
- name: Mac_x64 verify_binaries_codesigned - name: Mac_x64 verify_binaries_codesigned
enabled_branches: enabled_branches:
- flutter-\d+\.\d+-candidate\.\d+ - flutter-\d+\.\d+-candidate\.\d+
recipe: flutter/flutter recipe: flutter/flutter_drone
presubmit: false presubmit: false
timeout: 60 timeout: 60
properties: properties:
tags: > tags: >
["framework", "hostonly", "shard", "mac"] ["framework", "hostonly", "shard", "mac"]
validation: verify_binaries_codesigned shard: verify_binaries_codesigned
validation_name: Verify x64 binaries codesigned
- name: Mac_arm64 verify_binaries_codesigned - name: Mac_arm64 verify_binaries_codesigned
enabled_branches: enabled_branches:
- flutter-\d+\.\d+-candidate\.\d+ - flutter-\d+\.\d+-candidate\.\d+
recipe: flutter/flutter recipe: flutter/flutter_drone
presubmit: false presubmit: false
timeout: 60 timeout: 60
properties: properties:
tags: > tags: >
["framework", "hostonly", "shard", "mac"] ["framework", "hostonly", "shard", "mac"]
validation: verify_binaries_codesigned shard: verify_binaries_codesigned
validation_name: Verify arm64 binaries codesigned
- name: Mac web_tool_tests - name: Mac web_tool_tests
recipe: flutter/flutter_drone recipe: flutter/flutter_drone
......
This diff is collapsed.
// Copyright 2014 The Flutter Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
@TestOn('mac-os')
library;
import '../../../packages/flutter_tools/test/src/fake_process_manager.dart';
import '../test.dart';
import './common.dart';
void main() async {
const String flutterRoot = '/a/b/c';
final List<String> allExpectedFiles = await binariesWithEntitlements(flutterRoot) + await binariesWithoutEntitlements(flutterRoot);
final String allFilesStdout = allExpectedFiles.join('\n');
final List<String> withEntitlements = await binariesWithEntitlements(flutterRoot);
group('verifyExist', () {
test('Not all files found', () async {
final ProcessManager processManager = FakeProcessManager.list(
<FakeCommand>[
const FakeCommand(
command: <String>[
'find',
'/a/b/c/bin/cache',
'-type',
'f',
],
stdout: '/a/b/c/bin/cache/artifacts/engine/android-arm-profile/darwin-x64/gen_snapshot',
),
const FakeCommand(
command: <String>[
'file',
'--mime-type',
'-b',
'/a/b/c/bin/cache/artifacts/engine/android-arm-profile/darwin-x64/gen_snapshot',
],
stdout: 'application/x-mach-binary',
),
],
);
expect(
() async => verifyExist(flutterRoot, processManager: processManager),
throwsExceptionWith('Did not find all expected binaries!'),
);
});
test('All files found', () async {
final List<FakeCommand> commandList = <FakeCommand>[];
final FakeCommand findCmd = FakeCommand(
command: const <String>[
'find',
'$flutterRoot/bin/cache',
'-type',
'f',],
stdout: allFilesStdout,
);
commandList.add(findCmd);
for (final String expectedFile in allExpectedFiles) {
commandList.add(
FakeCommand(
command: <String>[
'file',
'--mime-type',
'-b',
expectedFile,
],
stdout: 'application/x-mach-binary',
)
);
}
final ProcessManager processManager = FakeProcessManager.list(commandList);
await expectLater(verifyExist('/a/b/c', processManager: processManager), completes);
});
});
group('findBinaryPaths', () {
test('All files found', () async {
final List<FakeCommand> commandList = <FakeCommand>[];
final FakeCommand findCmd = FakeCommand(
command: const <String>[
'find',
'$flutterRoot/bin/cache',
'-type',
'f',],
stdout: allFilesStdout,
);
commandList.add(findCmd);
for (final String expectedFile in allExpectedFiles) {
commandList.add(
FakeCommand(
command: <String>[
'file',
'--mime-type',
'-b',
expectedFile,
],
stdout: 'application/x-mach-binary',
)
);
}
final ProcessManager processManager = FakeProcessManager.list(commandList);
final List<String> foundFiles = await findBinaryPaths('$flutterRoot/bin/cache', processManager: processManager);
expect(foundFiles, allExpectedFiles);
});
test('Empty file list', () async {
final List<FakeCommand> commandList = <FakeCommand>[];
const FakeCommand findCmd = FakeCommand(
command: <String>[
'find',
'$flutterRoot/bin/cache',
'-type',
'f',],
);
commandList.add(findCmd);
final ProcessManager processManager = FakeProcessManager.list(commandList);
final List<String> foundFiles = await findBinaryPaths('$flutterRoot/bin/cache', processManager: processManager);
expect(foundFiles, <String>[]);
});
group('isBinary', () {
test('isTrue', () async {
final List<FakeCommand> commandList = <FakeCommand>[];
const String fileToCheck = '/a/b/c/one.zip';
const FakeCommand findCmd = FakeCommand(
command: <String>[
'file',
'--mime-type',
'-b',
fileToCheck,
],
stdout: 'application/x-mach-binary',
);
commandList.add(findCmd);
final ProcessManager processManager = FakeProcessManager.list(commandList);
final bool result = await isBinary(fileToCheck, processManager: processManager);
expect(result, isTrue);
});
test('isFalse', () async {
final List<FakeCommand> commandList = <FakeCommand>[];
const String fileToCheck = '/a/b/c/one.zip';
const FakeCommand findCmd = FakeCommand(
command: <String>[
'file',
'--mime-type',
'-b',
fileToCheck,
],
stdout: 'text/xml',
);
commandList.add(findCmd);
final ProcessManager processManager = FakeProcessManager.list(commandList);
final bool result = await isBinary(fileToCheck, processManager: processManager);
expect(result, isFalse);
});
});
group('hasExpectedEntitlements', () {
test('expected entitlements', () async {
final List<FakeCommand> commandList = <FakeCommand>[];
const String fileToCheck = '/a/b/c/one.zip';
const FakeCommand codesignCmd = FakeCommand(
command: <String>[
'codesign',
'--display',
'--entitlements',
':-',
fileToCheck,
],
);
commandList.add(codesignCmd);
final ProcessManager processManager = FakeProcessManager.list(commandList);
final bool result = await hasExpectedEntitlements(fileToCheck, flutterRoot, processManager: processManager);
expect(result, isTrue);
});
test('unexpected entitlements', () async {
final List<FakeCommand> commandList = <FakeCommand>[];
const String fileToCheck = '/a/b/c/one.zip';
const FakeCommand codesignCmd = FakeCommand(
command: <String>[
'codesign',
'--display',
'--entitlements',
':-',
fileToCheck,
],
exitCode: 1,
);
commandList.add(codesignCmd);
final ProcessManager processManager = FakeProcessManager.list(commandList);
final bool result = await hasExpectedEntitlements(fileToCheck, flutterRoot, processManager: processManager);
expect(result, isFalse);
});
});
});
group('verifySignatures', () {
test('succeeds if every binary is codesigned and has correct entitlements', () async {
final List<FakeCommand> commandList = <FakeCommand>[];
final FakeCommand findCmd = FakeCommand(
command: const <String>[
'find',
'$flutterRoot/bin/cache',
'-type',
'f',],
stdout: allFilesStdout,
);
commandList.add(findCmd);
for (final String expectedFile in allExpectedFiles) {
commandList.add(
FakeCommand(
command: <String>[
'file',
'--mime-type',
'-b',
expectedFile,
],
stdout: 'application/x-mach-binary',
)
);
}
for (final String expectedFile in allExpectedFiles) {
commandList.add(
FakeCommand(
command: <String>[
'codesign',
'-vvv',
expectedFile,
],
)
);
if (withEntitlements.contains(expectedFile)) {
commandList.add(
FakeCommand(
command: <String>[
'codesign',
'--display',
'--entitlements',
':-',
expectedFile,
],
stdout: expectedEntitlements.join('\n'),
)
);
}
}
final ProcessManager processManager = FakeProcessManager.list(commandList);
await expectLater(verifySignatures(flutterRoot, processManager: processManager), completes);
});
test('fails if binaries do not have the right entitlements', () async {
final List<FakeCommand> commandList = <FakeCommand>[];
final FakeCommand findCmd = FakeCommand(
command: const <String>[
'find',
'$flutterRoot/bin/cache',
'-type',
'f',],
stdout: allFilesStdout,
);
commandList.add(findCmd);
for (final String expectedFile in allExpectedFiles) {
commandList.add(
FakeCommand(
command: <String>[
'file',
'--mime-type',
'-b',
expectedFile,
],
stdout: 'application/x-mach-binary',
)
);
}
for (final String expectedFile in allExpectedFiles) {
commandList.add(
FakeCommand(
command: <String>[
'codesign',
'-vvv',
expectedFile,
],
)
);
if (withEntitlements.contains(expectedFile)) {
commandList.add(
FakeCommand(
command: <String>[
'codesign',
'--display',
'--entitlements',
':-',
expectedFile,
],
)
);
}
}
final ProcessManager processManager = FakeProcessManager.list(commandList);
expect(
() async => verifySignatures(flutterRoot, processManager: processManager),
throwsExceptionWith('Test failed because files found with the wrong entitlements'),
);
});
});
}
...@@ -21,3 +21,13 @@ void tryToDelete(Directory directory) { ...@@ -21,3 +21,13 @@ void tryToDelete(Directory directory) {
print('Failed to delete ${directory.path}: $error'); print('Failed to delete ${directory.path}: $error');
} }
} }
Matcher throwsExceptionWith(String messageSubString) {
return throwsA(
isA<Exception>().having(
(Exception e) => e.toString(),
'description',
contains(messageSubString),
),
);
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment