iOS,macOS: Do not copy unsigned_binaries.txt to build outputs (flutter#154684)

cbracken · web-flow · commit 4d179987553d · 2024-09-05T21:37:28.000Z
There are three categories of binaries produced as part of the framework artifacts: * Those that use APIs that require entitlements and must be code-signed; e.g. gen_snapshot * Those that do not use APIs that require entitlements and must be code-signed; e.g. Flutter.framework dylib. * Those that do not need to be code-signed; e.g. Flutter.dSYM symbols. We are adding the third category in flutter/engine#54977. The Cocoon code signing aspect of this was handled in flutter/cocoon#3890. This ensures these files don't get copied into the build output should they appear in the artifact cache. Issue: flutter#154571
diff --git a/packages/flutter_tools/lib/src/build_system/targets/macos.dart b/packages/flutter_tools/lib/src/build_system/targets/macos.dart
@@ -87,7 +87,12 @@ abstract class UnpackMacOS extends Target {
     await _thinFramework(environment, frameworkBinaryPath);
   }
 
-  static const List<String> _copyDenylist = <String>['entitlements.txt', 'without_entitlements.txt'];
+  /// Files that should not be copied to build output directory if found during framework copy step.
+  static const List<String> _copyDenylist = <String>[
+    'entitlements.txt',
+    'without_entitlements.txt',
+    'unsigned_binaries.txt',
+  ];
 
   void _removeDenylistedFiles(Directory directory) {
     for (final FileSystemEntity entity in directory.listSync(recursive: true)) {
diff --git a/packages/flutter_tools/lib/src/cache.dart b/packages/flutter_tools/lib/src/cache.dart
@@ -1034,7 +1034,11 @@ class ArtifactUpdater {
   final List<File> downloadedFiles = <File>[];
 
   /// These filenames, should they exist after extracting an archive, should be deleted.
-  static const Set<String> _denylistedBasenames = <String>{'entitlements.txt', 'without_entitlements.txt'};
+  static const Set<String> _denylistedBasenames = <String>{
+    'entitlements.txt',
+    'without_entitlements.txt',
+    'unsigned_binaries.txt',
+  };
   void _removeDenylistedFiles(Directory directory) {
     for (final FileSystemEntity entity in directory.listSync(recursive: true)) {
       if (entity is! File) {
diff --git a/packages/flutter_tools/test/general.shard/artifact_updater_test.dart b/packages/flutter_tools/test/general.shard/artifact_updater_test.dart
@@ -83,13 +83,15 @@ void main() {
     File? desiredArtifact;
     File? entitlementsFile;
     File? nestedWithoutEntitlementsFile;
+    File? unsignedBinariesFile;
     operatingSystemUtils.unzipCallbacks[localZipPath] = (Directory outputDirectory) {
       desiredArtifact = outputDirectory.childFile('artifact.bin')..createSync();
       entitlementsFile = outputDirectory.childFile('entitlements.txt')..createSync();
       nestedWithoutEntitlementsFile = outputDirectory
           .childDirectory('dir')
           .childFile('without_entitlements.txt')
           ..createSync(recursive: true);
+      unsignedBinariesFile = outputDirectory.childFile('unsigned_binaries.txt')..createSync();
     };
     final ArtifactUpdater artifactUpdater = ArtifactUpdater(
       fileSystem: fileSystem,
@@ -114,6 +116,7 @@ void main() {
     expect(desiredArtifact, exists);
     expect(entitlementsFile, isNot(exists));
     expect(nestedWithoutEntitlementsFile, isNot(exists));
+    expect(unsignedBinariesFile, isNot(exists));
     expect(staleEntitlementsFile, isNot(exists));
   });
 
diff --git a/packages/flutter_tools/test/general.shard/build_system/targets/macos_test.dart b/packages/flutter_tools/test/general.shard/build_system/targets/macos_test.dart
@@ -173,10 +173,11 @@ void main() {
     ProcessManager: () => processManager,
   });
 
-  testUsingContext('deletes entitlements.txt and without_entitlements.txt files after copying', () async {
+  testUsingContext('deletes entitlements.txt, without_entitlements.txt, unsigned_binaries.txt files after copying', () async {
     binary.createSync(recursive: true);
     final File entitlements = environment.outputDir.childFile('entitlements.txt');
     final File withoutEntitlements = environment.outputDir.childFile('without_entitlements.txt');
+    final File unsignedBinaries = environment.outputDir.childFile('unsigned_binaries.txt');
     final File nestedEntitlements = environment
         .outputDir
         .childDirectory('first_level')
@@ -201,6 +202,7 @@ void main() {
         onRun: (_) {
           entitlements.writeAsStringSync('foo');
           withoutEntitlements.writeAsStringSync('bar');
+          unsignedBinaries.writeAsStringSync('baz');
           nestedEntitlements.writeAsStringSync('somefile.bin');
         },
       ),
@@ -211,6 +213,7 @@ void main() {
     await const DebugUnpackMacOS().build(environment);
     expect(entitlements.existsSync(), isFalse);
     expect(withoutEntitlements.existsSync(), isFalse);
+    expect(unsignedBinaries.existsSync(), isFalse);
     expect(nestedEntitlements.existsSync(), isFalse);
 
     expect(processManager, hasNoRemainingExpectations);
