[gn + codesign] mac code sign configuration for FlutterMacOS.framework.zip #35707
Conversation
XilaiZhang
changed the title
sky/tools/create_macos_framework.py
Outdated
| ) | ||
|
|
||
| # Zip FlutterMacOS.framework. | ||
| subprocess.check_call([ |
There was a problem hiding this comment.
Sorry didn't realize there is an engine PR review on Thursday. These without_entiltements and 'entitlements.txt` are just text files embedded in the zip artifacts, not going to affect the correctness of anything.
There was a problem hiding this comment.
Inspecting locally, looks like the symlinks are dropped in the build process. Current assumption is based on #35673.
There was a problem hiding this comment.
Is this ready for review?
|
Yeah I will convert this to a draft for now, and come back when #35673 is ready |
|
@XilaiZhang Is this still on your radar? Looks like #35673 has landed. |
|
Thanks for the reminder! revisiting this pr and refreshing memories. |
|
rebuilt all the sub-builds and verified that the metadata files still work as expected for global generators. reopening this pull requests. |
|
Is there an issue filed for preserving symlinks in frameworks that are archived? In the meantime, marking this as WIP. |
I don't think there are checks in the engine, but the last time this was an issue I wrote tests in the framework to validate the expected framework bundle structure after it's unzipped: |
sorry just to clarify, the engine artifacts in production have the correct symlink. It was just that when I build and test the artifact locally through gn the symlinks aren't there (probably because the symlinks are added through recipe). yeah for local build and test the issue is being discussed in flutter/flutter#107674. Thanks for triaging! |
sky/tools/create_macos_framework.py
Outdated
| @@ -152,6 +157,30 @@ def process_framework(dst, args, fat_framework, fat_framework_binary): | |||
| ], | |||
| cwd=dst) | |||
|
|
|||
| macos_filepath_with_entitlements = '' | |||
There was a problem hiding this comment.
Should lines 160 to 170 be moved to line 151 and remove the zipping subprocess? as it is we are zipping twice.
There was a problem hiding this comment.
Sure, updated to zip only once. Yeah I remember this artifact was historically unzipped twice (https://github.com/christopherfujino/codesign.py/blob/master/codesign.py#L151) for some reasons, but verified just now and it looks there we can do a single zip/unzip.
Also it's interesting that if i double click to extract the artifact, the symlinks are not preserved. But if i use the subprocess command "unzip.. -d .." then the symlinks are preserved in the extracted file.
XilaiZhang
added
the
autosubmit
|
Reverting because this change broke some lints: https://ci.chromium.org/p/flutter/builders/prod/Linux%20Android%20clang-tidy/2079 |
…121023) * 9c6993e52 [gn + codesign] mac code sign configuration for FlutterMacOS.framework.zip (flutter/engine#35707) * 2fdce9a96 Revert "[gn + codesign] mac code sign configuration for FlutterMacOS.framework.zip (#35707)" (flutter/engine#39735)
Hm, why didn't Line 254 in 3aa112c |
Filed flutter/flutter#121160 |
…k.zip (flutter#35707) * embed codesign config in macos framework * format files * update path * y flag for outer layer zip * simplify structure * format files
context: this is related to recent change at https://github.com/flutter/engine/pull/35673/files , where the FlutterMacOS.framework.zip is now built through the global generator scripts.
This commit embed code signing configurations in the global generator script for FlutterMacOS.framework.zip.