fix: keychain access controll

impaktfull · Dec 12, 2023 · 1b38c70 · 1b38c70
1 parent 05f4634
commit 1b38c70
Show file tree

Hide file tree

Showing 2 changed files with 49 additions and 15 deletions.
diff --git a/lib/src/integrations/apple_certificate/plugin/mac_os_keychain_plugin.dart b/lib/src/integrations/apple_certificate/plugin/mac_os_keychain_plugin.dart
@@ -20,22 +20,44 @@ class MacOsKeyChainPlugin extends ImpaktfullCliPlugin {
     final fullKeyChainName = _fullKeyChainName(keyChainName);
     final originalKeyChains = await _getUserKeyChains();
     if (originalKeyChains.contains(fullKeyChainName)) {
-      throw ImpaktfullCliError('$fullKeyChainName already exists, make sure to remove it first.');
+      throw ImpaktfullCliError(
+          '$fullKeyChainName already exists, make sure to remove it first.');
     }
 
     ImpaktfullCliLogger.debug('Create Apple KeyChain ($fullKeyChainName)');
-    await processRunner.runProcess(['security', 'create-keychain', '-p', '$globalKeyChainPassword', fullKeyChainName]);
+    await processRunner.runProcess([
+      'security',
+      'create-keychain',
+      '-p',
+      '$globalKeyChainPassword',
+      fullKeyChainName
+    ]);
     final keyChain = await _getUserKeyChains();
-    await processRunner.runProcess(['security', 'list-keychains', '-d', 'user', '-s', fullKeyChainName, ...keyChain]);
+    await processRunner.runProcess([
+      'security',
+      'list-keychains',
+      '-d',
+      'user',
+      '-s',
+      fullKeyChainName,
+      ...keyChain
+    ]);
   }
 
   Future<void> unlockKeyChain(
     String keyChainName,
     Secret globalKeyChainPassword,
   ) async {
     final fullKeyChainName = _fullKeyChainName(keyChainName);
-    await processRunner.runProcess(['security', 'set-keychain-settings', fullKeyChainName]);
-    await processRunner.runProcess(['security', 'unlock-keychain', '-p', globalKeyChainPassword.value, fullKeyChainName]);
+    await processRunner
+        .runProcess(['security', 'set-keychain-settings', fullKeyChainName]);
+    await processRunner.runProcess([
+      'security',
+      'unlock-keychain',
+      '-p',
+      globalKeyChainPassword.value,
+      fullKeyChainName
+    ]);
   }
 
   Future<void> addCertificateToKeyChain(
@@ -74,13 +96,18 @@ class MacOsKeyChainPlugin extends ImpaktfullCliPlugin {
   ) async {
     final fullKeyChainName = _fullKeyChainName(keyChainName);
     ImpaktfullCliLogger.debug('Remove Apple KeyChain ($fullKeyChainName)');
-    await processRunner.runProcess(['security', 'delete-keychain', fullKeyChainName]);
+    await processRunner
+        .runProcess(['security', 'delete-keychain', fullKeyChainName]);
   }
 
   Future<List<String>> _getUserKeyChains() async {
-    final keychainsString = await processRunner.runProcess(['security', 'list-keychains', '-d', 'user']);
-    final keychainsList = keychainsString.split('\n').where((element) => element.isNotEmpty);
-    return keychainsList.map((keychain) => keychain.replaceAll('"', '').trim()).toList();
+    final keychainsString = await processRunner
+        .runProcess(['security', 'list-keychains', '-d', 'user']);
+    final keychainsList =
+        keychainsString.split('\n').where((element) => element.isNotEmpty);
+    return keychainsList
+        .map((keychain) => keychain.replaceAll('"', '').trim())
+        .toList();
   }
 
   Future<void> printKeyChainList() async {

diff --git a/lib/src/integrations/ci_cd/plugin/ci_cd_plugin.dart b/lib/src/integrations/ci_cd/plugin/ci_cd_plugin.dart
@@ -86,7 +86,8 @@ class CiCdPlugin extends ImpaktfullPlugin {
     if (playStoreUploadConfig != null) {
       await playStorePlugin.uploadToPlayStore(
         file: file,
-        serviceAccountCredentialsFile: playStoreUploadConfig.serviceAccountCredentialsFile,
+        serviceAccountCredentialsFile:
+            playStoreUploadConfig.serviceAccountCredentialsFile,
       );
     }
   }
@@ -148,7 +149,8 @@ class CiCdPlugin extends ImpaktfullPlugin {
       await testflightPlugin.uploadToTestflightWithEmailPassword(
         file: file,
         email: testflightUploadConfig.credentials?.userName,
-        appSpecificPassword: testflightUploadConfig.credentials?.appSpecificPassword,
+        appSpecificPassword:
+            testflightUploadConfig.credentials?.appSpecificPassword,
         type: testflightUploadConfig.type,
       );
     }
@@ -192,12 +194,17 @@ class CiCdPlugin extends ImpaktfullPlugin {
     Secret? globalKeyChainPassword,
   }) async {
     ImpaktfullCliEnvironment.requiresMacOs(reason: 'Building iOS/macOS apps');
-    final globalKeyChainPasswordSecret = globalKeyChainPassword ?? ImpaktfullCliEnvironmentVariables.getUnlockKeyChainPassword();
+    final globalKeyChainPasswordSecret = globalKeyChainPassword ??
+        ImpaktfullCliEnvironmentVariables.getUnlockKeyChainPassword();
 
-    await macOsKeyChainPlugin.createKeyChain(keyChainName, globalKeyChainPasswordSecret);
+    await macOsKeyChainPlugin.createKeyChain(
+        keyChainName, globalKeyChainPasswordSecret);
     try {
-      await macOsKeyChainPlugin.unlockKeyChain(keyChainName, globalKeyChainPasswordSecret);
-      await macOsKeyChainPlugin.addCertificateToKeyChain(keyChainName, certFile, certPassword, accessControlAll: true);
+      await macOsKeyChainPlugin.unlockKeyChain(
+          keyChainName, globalKeyChainPasswordSecret);
+      await macOsKeyChainPlugin.addCertificateToKeyChain(
+          keyChainName, certFile, certPassword,
+          accessControlAll: true);
       await onStartBuild();
     } catch (e) {
       rethrow;