Skip to content

Keep Flutter.framework binaries writable so they can be code signed#40174

Merged
jmagman merged 1 commit intoflutter:masterfrom
jmagman:codesign
Sep 10, 2019
Merged

Keep Flutter.framework binaries writable so they can be code signed#40174
jmagman merged 1 commit intoflutter:masterfrom
jmagman:codesign

Conversation

@jmagman
Copy link
Member

@jmagman jmagman commented Sep 10, 2019

Description

Flutter.framework files were made read-only to "Provide a strong hint to developers that editing Flutter framework headers isn't supported" (cb2b89c) However this is making the Flutter binary readonly, which is being copied into the final embedded Frameworks directories, then can't be codesigned.

Only make headers, modulemaps, and plists readonly.

$ find Flutter/Flutter.framework -type f \( -name '*.h' -o -name '*.modulemap' -o -name '*.plist' \)   
Flutter/Flutter.framework/Headers/FlutterEngine.h
Flutter/Flutter.framework/Headers/FlutterChannels.h
Flutter/Flutter.framework/Headers/FlutterPlugin.h
Flutter/Flutter.framework/Headers/FlutterAppDelegate.h
Flutter/Flutter.framework/Headers/FlutterTexture.h
Flutter/Flutter.framework/Headers/FlutterPlatformViews.h
Flutter/Flutter.framework/Headers/FlutterHeadlessDartRunner.h
Flutter/Flutter.framework/Headers/FlutterCodecs.h
Flutter/Flutter.framework/Headers/Flutter.h
Flutter/Flutter.framework/Headers/FlutterViewController.h
Flutter/Flutter.framework/Headers/FlutterMacros.h
Flutter/Flutter.framework/Headers/FlutterDartProject.h
Flutter/Flutter.framework/Headers/FlutterPluginAppLifeCycleDelegate.h
Flutter/Flutter.framework/Headers/FlutterBinaryMessenger.h
Flutter/Flutter.framework/Headers/FlutterCallbackCache.h
Flutter/Flutter.framework/Modules/module.modulemap
Flutter/Flutter.framework/Info.plist

Related Issues

Fixes #39507.
Another attempt at #39539.

Tests

add2app gets past codesigning for me, but it's still flaky so I didn't turn it back on. See #40173.

Checklist

  • I read the [Contributor Guide] and followed the process outlined there for submitting PRs.
  • I signed the [CLA].
  • I read and followed the [Flutter Style Guide], including [Features we expect every widget to implement].
  • I updated/added relevant documentation (doc comments with ///).
  • All existing and new tests are passing.
  • The analyzer (flutter analyze --flutter-repo) does not report any problems on my PR.
  • I am willing to follow-up on review comments in a timely manner.

Breaking Change

  • Yes, this is a breaking change (Please read [Handling breaking changes]). Replace this with a link to the e-mail where you asked for input on this proposed change.
  • No, this is not a breaking change.

@jmagman jmagman self-assigned this Sep 10, 2019
@fluttergithubbot fluttergithubbot added the tool Affects the "flutter" command-line tool. See also t: labels. label Sep 10, 2019
christopherfujino
christopherfujino approved these changes Sep 10, 2019
View reviewed changes
Copy link
Contributor

@christopherfujino christopherfujino left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This SEEMS foolproof...LGTM

jmagman
jmagman commented Sep 10, 2019
View reviewed changes
packages/flutter_tools/bin/xcode_backend.sh
RunCommand cp -r -- "${flutter_framework}" "${derived_dir}/engine"
RunCommand find "${derived_dir}/engine/Flutter.framework" -type f -exec chmod a-w "{}" \;
# Make headers, plists, and modulemap files read-only to discourage editing.
RunCommand find "${derived_dir}/engine/Flutter.framework" -type f \( -name '*.h' -o -name '*.modulemap' -o -name '*.plist' \) -exec chmod a-w "{}" \;
Copy link
Member Author

@jmagman jmagman Sep 10, 2019
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

To inline this, the last attempt at #39539 was:

RunCommand find "${derived_dir}/engine/Flutter.framework" -type f -exec grep -Il '.' {} \; | xargs chmod a-w

https://github.com/flutter/flutter/pull/39539/files#diff-0d00f38df3883291f23cee8074ac075dR146

I really don't know how this caused devicelab issues removing the repo, but this change is closer to what was there before (no grep -I), just adds checks the extensions.

@jmagman jmagman merged commit 556e3d9 into flutter:master Sep 10, 2019
@jmagman jmagman deleted the codesign branch September 10, 2019 22:18
@yrom
Copy link

yrom commented Sep 11, 2019

hi @jmagman , I think the stable branch need this PR too, related issue #40146

@jmagman
Copy link
Member Author

jmagman commented Sep 11, 2019

hi @jmagman , I think the stable branch need this PR too, related issue #40146

Hi @yrom! You must be on the master channel to use Flutter modules since they are still an experimental feature. If you could flutter update and test this change, it would be greatly appreciated!

@OHeroJ
Copy link

OHeroJ commented Sep 11, 2019

hi @jmagman , I think the stable branch need this PR too, related issue #40146

Hi @yrom! You must be on the master channel to use Flutter modules since they are still an experimental feature. If you could flutter update and test this change, it would be greatly appreciated!

Means that the stable version under the existing app mixture is unable to use? My god!

@jmagman
Copy link
Member Author

jmagman commented Sep 11, 2019

hi @jmagman , I think the stable branch need this PR too, related issue #40146

Hi @yrom! You must be on the master channel to use Flutter modules since they are still an experimental feature. If you could flutter update and test this change, it would be greatly appreciated!

Means that the stable version under the existing app mixture is unable to use? My god!

You can see the caveats here: https://github.com/flutter/flutter/wiki/Add-Flutter-to-existing-apps#intro

The "add-to-app" support is in preview, and is so far only available on the master channel.

Since Flutter's "Add-to-App" functionality is in preview, the associated APIs and tooling are not stable and are subject to change.

@OHeroJ
Copy link

OHeroJ commented Sep 11, 2019
edited
Loading

hi @jmagman , I think the stable branch need this PR too, related issue #40146

Hi @yrom! You must be on the master channel to use Flutter modules since they are still an experimental feature. If you could flutter update and test this change, it would be greatly appreciated!

Means that the stable version under the existing app mixture is unable to use? My god!

You can see the caveats here: https://github.com/flutter/flutter/wiki/Add-Flutter-to-existing-apps#intro

The "add-to-app" support is in preview, and is so far only available on the master channel.

Since Flutter's "Add-to-App" functionality is in preview, the associated APIs and tooling are not stable and are subject to change.

but run flutter build ios, the same error!

$ flutter build ios

Building com.mtd.iosFlutterModule for device (ios-release)...
Automatically signing iOS for device deployment using specified development team in Xcode project: BB535CKPXQ
Running Xcode build...

Xcode build done.                                           11.2s
Failed to build iOS app
Error output from Xcode build:
↳
    ** BUILD FAILED **


Xcode's output:

    /Users/oheroj/Desktop/TN/flutter_module/build/ios/Release-iphoneos/Runner.app/Frameworks/Flutter.framework: replacing existing
    signature
    /Users/oheroj/Desktop/TN/flutter_module/build/ios/Release-iphoneos/Runner.app/Frameworks/Flutter.framework: Permission denied
    Command CodeSign failed with a nonzero exit code
    note: Using new build systemnote: Planning buildnote: Constructing build description

@yrom
Copy link

yrom commented Sep 11, 2019

@jmagman yep, our team were working with this 'experimental feature' in the stable branch and bring it to our online app on previous stable version (v1.7.8). 😂And we will apply this PR to our inner fork version. thx.

@OHeroJ
Copy link

OHeroJ commented Sep 11, 2019

@jmagman yep, our team were working with this 'experimental feature' in the stable branch and bring it to our online app on previous stable version (v1.7.8). 😂And we will apply this PR to our inner fork version. thx.

hello,If 1.9 stable continue to have a hotfix, the inner fork verion merge this hotfix branch?

@OHeroJ OHeroJ mentioned this pull request Sep 11, 2019
Closed
Inconnu08 pushed a commit to Inconnu08/flutter that referenced this pull request Sep 30, 2019
@jmagman @Inconnu08
Keep Flutter.framework binaries writable so they can be code signed (f…
3a51ec4 
…lutter#40174)
This was referenced Oct 14, 2019
Closed
Merged
@lifenautjoe lifenautjoe mentioned this pull request Oct 25, 2019
Closed
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Aug 4, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@cbracken cbracken Awaiting requested review from cbracken

1 more reviewer

@christopherfujino christopherfujino christopherfujino approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@jmagman jmagman

Labels

tool Affects the "flutter" command-line tool. See also t: labels.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Cannot codesign Flutter.framework, replacing existing signature, Permission denied

6 participants

@jmagman @yrom @OHeroJ @christopherfujino @googlebot @fluttergithubbot