Skip to content

Remove chmod to make Flutter framework headers unwritable#45189

Merged
jmagman merged 1 commit intoflutter:masterfrom
jmagman:chmod
Nov 19, 2019
Merged

Remove chmod to make Flutter framework headers unwritable#45189
jmagman merged 1 commit intoflutter:masterfrom
jmagman:chmod

Conversation

@jmagman
Copy link
Member

@jmagman jmagman commented Nov 19, 2019

Description

I believe code signing issues are being manifested as permission errors on these files. Remove the chmod--it's become more problematic than helpful (it was trying to give a gentle hint to not edit those header files) and is hiding potentially actionable code signing error messages.

Related Issues

Fixes #40146.
Also see #39507.
Originally introduced with #8748

Checklist

  • I read the [Contributor Guide] and followed the process outlined there for submitting PRs.
  • I signed the [CLA].
  • I read and followed the [Flutter Style Guide], including [Features we expect every widget to implement].
  • I updated/added relevant documentation (doc comments with ///).
  • All existing and new tests are passing.
  • The analyzer (flutter analyze --flutter-repo) does not report any problems on my PR.
  • I am willing to follow-up on review comments in a timely manner.

Breaking Change

  • Yes, this is a breaking change (Please read [Handling breaking changes]). Replace this with a link to the e-mail where you asked for input on this proposed change.
  • No, this is not a breaking change.

@jmagman jmagman self-assigned this Nov 19, 2019
@fluttergithubbot fluttergithubbot added the tool Affects the "flutter" command-line tool. See also t: labels. label Nov 19, 2019
@jmagman jmagman mentioned this pull request Nov 19, 2019
Closed
christopherfujino
christopherfujino approved these changes Nov 19, 2019
View reviewed changes
Copy link
Contributor

@christopherfujino christopherfujino left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@jmagman jmagman merged commit 1f296ad into flutter:master Nov 19, 2019
@jmagman jmagman deleted the chmod branch November 19, 2019 23:13
zanderso
zanderso reviewed Nov 21, 2019
View reviewed changes
packages/flutter_tools/bin/xcode_backend.sh
RunCommand cp -r -- "${flutter_podspec}" "${derived_dir}/engine"
RunCommand cp -r -- "${flutter_framework}" "${derived_dir}/engine"
# Make headers, plists, and modulemap files read-only to discourage editing.
RunCommand find "${derived_dir}/engine/Flutter.framework" -type f \( -name '*.h' -o -name '*.modulemap' -o -name '*.plist' \) -exec chmod a-w "{}" \;
Copy link
Member

@zanderso zanderso Nov 21, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could we prepend a warning message onto the file if there isn't one there already? Like:

... -exec cat <(echo "DO NOT EDIT") "{}" \;

Or maybe put a message there directly in the engine repo.

cbracken
cbracken reviewed Nov 22, 2019
View reviewed changes
Copy link
Member

@cbracken cbracken left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

It's worth noting that this was less a gentle hint, and more us spending a fairly large amount of time dealing with confusing bug reports that we eventually got traced to developers having unintentionally edited the headers in ways that caused compile errors (typically through jump to header in Xcode then accidentally typing/deleting things).

If this is causing issues with code signing though, an alternative would be to check for changes in the tool (e.g. verify shas or check diffs against the SDK version, etc.). I'm not super convinced that adding "DO NOT EDIT" will solve the issue (though it can't hurt!) since several of these turned out to be developers who could verify the headers had diffs, but had no recollection of editing them. Maybe accidental keypresses or something.

@jmagman
Copy link
Member Author

jmagman commented Nov 22, 2019

LGTM!

It's worth noting that this was less a gentle hint, and more us spending a fairly large amount of time dealing with confusing bug reports that we eventually got traced to developers having unintentionally edited the headers in ways that caused compile errors (typically through jump to header in Xcode then accidentally typing/deleting things).

I wish chflags nouchg let you delete the file, just not edit it. That would solve the problem!
I don't any special flags are on the SDK headers, my guess is that the path is whitelisted by Xcode to be locked, since you can edit them in any other editor you want.

@zanderso zanderso mentioned this pull request Mar 3, 2020
Closed
@jmagman jmagman added the platform-ios iOS applications specifically label Aug 21, 2020
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Aug 21, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@cbracken cbracken cbracken left review comments

@zanderso zanderso zanderso left review comments

+1 more reviewer

@christopherfujino christopherfujino christopherfujino approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@jmagman jmagman

Labels

platform-ios iOS applications specifically tool Affects the "flutter" command-line tool. See also t: labels.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

flutter run failed due to 'Permission denied' when replacing signature of 'Flutter.framework'

6 participants

@jmagman @cbracken @zanderso @christopherfujino @googlebot @fluttergithubbot