Class: Fastlane::Actions::VerifyXcodeAction
Class Method Summary
collapse
action_name, author, output, return_value, sh, step_text
Class Method Details
.authors ⇒ Object
98
99
100
|
# File 'lib/fastlane/actions/verify_xcode.rb', line 98
def self.authors
["KrauseFx"]
end
|
.available_options ⇒ Object
86
87
88
89
90
91
92
93
94
95
96
|
# File 'lib/fastlane/actions/verify_xcode.rb', line 86
def self.available_options
[
FastlaneCore::ConfigItem.new(key: :xcode_path,
env_name: "FL_VERIFY_XCODE_XCODE_PATH",
description: "The path to the Xcode installation to test",
default_value: File.expand_path('../../', FastlaneCore::Helper.xcode_path),
verify_block: proc do |value|
raise "Couldn't find Xcode at path '#{value}'".red unless File.exist?(value)
end)
]
end
|
.description ⇒ Object
74
75
76
|
# File 'lib/fastlane/actions/verify_xcode.rb', line 74
def self.description
"Verifies that the Xcode installation is properly signed by Apple"
end
|
.details ⇒ Object
78
79
80
81
82
83
84
|
# File 'lib/fastlane/actions/verify_xcode.rb', line 78
def self.details
[
"This action was implemented after the recent Xcode attacked to make sure",
"you're not using a hacked Xcode installation.",
"http://researchcenter.paloaltonetworks.com/2015/09/novel-malware-xcodeghost-modifies-xcode-infects-apple-ios-apps-and-hits-app-store/"
].join("\n")
end
|
.is_supported?(platform) ⇒ Boolean
102
103
104
|
# File 'lib/fastlane/actions/verify_xcode.rb', line 102
def self.is_supported?(platform)
[:ios, :mac].include?(platform)
end
|
.run(params) ⇒ Object
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
|
# File 'lib/fastlane/actions/verify_xcode.rb', line 7
def self.run(params)
Helper.log.info "Verifying your Xcode installation at path '#{params[:xcode_path]}'...".green
Helper.log.info "Verifying Xcode was signed by Apple Inc.".green
command = "codesign --display --verbose=4 '#{params[:xcode_path]}'"
must_includes = [
"Identifier=com.apple.dt.Xcode",
"Authority=Apple Mac OS Application Signing",
"Authority=Apple Worldwide Developer Relations Certification Authority",
"Authority=Apple Root CA",
"TeamIdentifier=59GAB85EFG"
]
verify(command: command, must_includes: must_includes, params: params)
Helper.log.info "Successfully verified the code signature".green
Helper.log.info "Verifying Xcode using GateKeeper..."
Helper.log.info "This will take up to a few minutes, now is a great time to go for a coffee ☕...".green
command = "/usr/sbin/spctl --assess --verbose '#{params[:xcode_path]}'"
must_includes = ['accepted']
output = verify(command: command, must_includes: must_includes, params: params)
if output.include?("source=Mac App Store") or output.include?("source=Apple") or output.include?("source=Apple System")
Helper.log.info "Successfully verified Xcode installation at path '#{params[:xcode_path]}' 🎧".green
else
show_and_raise_error("Invalid Download Source of Xcode: #{output}")
end
true
end
|
.show_and_raise_error(error) ⇒ Object
62
63
64
65
66
67
68
|
# File 'lib/fastlane/actions/verify_xcode.rb', line 62
def self.show_and_raise_error(error)
Helper.log.fatal "Attention: Your Xcode Installation might be hacked.".red
Helper.log.fatal "This might be a false alarm, if so, please submit an issue on GitHub".red
Helper.log.fatal "The following information couldn't be found:".red
Helper.log.fatal error.yellow
raise "The Xcode installation at path '#{params[:xcode_path]}' might be compromised."
end
|
.verify(command: nil, must_includes: nil, params: nil) ⇒ Object
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
|
# File 'lib/fastlane/actions/verify_xcode.rb', line 46
def self.verify(command: nil, must_includes: nil, params: nil)
output = Actions.sh(command)
errors = []
must_includes.each do |current|
next if output.include?(current)
errors << current
end
if errors.count > 0
show_and_raise_error(errors.join("\n"))
end
return output
end
|