Codesign and upload new ios-usb-dependencies binary

This issue has been created since 2022-09-23.

Codesign the binaries in flutter_infra_release/ios-usb-dependencies/unsigned/ from https://ci.chromium.org/p/flutter/builders/prod/ios-usb-dependencies/5 and upload to the signed bucket.

https://docs.google.com/document/d/1ukmoITOt7rixsp8dw7Da95-3WFkKzPMnwzcvd-0UqqU (internal link) says:

./codesign.py --ios-deploy $IOS_DEPLOY_REVISION

I'm not sure if this still works after the recipe change https://flutter-review.googlesource.com/c/recipes/+/32660/

See also https://docs.google.com/document/d/1LZ4k65Xf5wcMD7ProYL6zXRcoBlCkWB67Mu_Uzs-gjU/ (internal link)

Blocking #111988

@XilaiZhang

XilaiZhang wrote this answer on 2022-09-23

update: ignore my initial thoughts below. i need to do more testings.

TLDR: I left a comment in https://flutter-review.googlesource.com/c/recipes/+/32660/ which I believe could be the potential cause.

umm I clicked through each of the ios_deploy_revision in the designated signed buckets at https://pantheon.corp.google.com/storage/browser/flutter_infra_release/ios-usb-dependencies/ios-deploy?authuser=0&pageState=(%22StorageObjectListTable%22:(%22f%22:%22%255B%255D%22))&prefix=&forceOnObjectsSortingFiltering=false, and looks like all of them were created in 2020 or 2021. My understanding is that the binaries Jenn code signed weren't uploaded back to the correct bucket.

From the upload step of ios-deploy in https://logs.chromium.org/logs/flutter/buildbucket/cr-buildbucket/8802457278010945569/+/u/gsutil_upload_of_ios-deploy.zip/execution_details, looks like the codesigned ios-deploy was uploaded back to the bucket flutter_infra_release/ios-usb-dependencies/unsigned/ios-deploy/90bac5343961b10379a41d814820c5aac8145df2 , and i verified that this bucket has a create timestamp of Sep 20 2022. But I am confused as of why a signed binary would be uploaded back to this bucket.

tracing through the code sign script, looks like cloud buckets are set correctly. If using the codesign script, the signed binary would be uploaded back to the flutter_infra_release/ios-usb-dependencies/ios-deploy/revision bucket, as opposed to the flutter_infra_release/ios-usb-dependencies/unsigned/ios-deploy/90bac5343961b10379a41d814820c5aac8145df2 bucket.

I traced through https://flutter-review.googlesource.com/c/recipes/+/32660/ and my understanding is that the codesigned binary is uploaded through the GetCloudPath function, which uses the unsigned binary cloud bucket path, and I left a comment at the line which I believe could potentially be the culprit.

I am kind of confused of how the upload/download to/from google cloud storage is handled by the recipe and not handled by the codesigning script. And it doesn't look like the codesign script was triggered as one of the steps in the recipe. Maybe @christopherfujino would have more idea on how code sign script fits in this recipe?

jmagman wrote this answer on 2022-09-23

The artifacts produced by the recipe at https://flutter-review.googlesource.com/c/recipes/+/32660/ are unsigned, and upload to the unsigned bucket.

My understanding is that the binaries Jenn code signed weren't uploaded back to the correct bucket.

I haven't codesigned anything, they need to be codesigned on the codesigning bot, which is what this issue is tracking. If the recipe could handle codesigning and upload to the signed bucket that would be even better, but it doesn't now. Then I will validate ios-deploy works, and then we can bump the version that the tool downloads.

XilaiZhang wrote this answer on 2022-09-23

Ohhh i see. sorry I misunderstood. So this would be a tracking issue, and not a bug that requires inspection or fix?

jmagman wrote this answer on 2022-09-23

Exactly, the unsigned ios-deploy binary is built, and now it needs to be codesigned with the distribution cert, and uploaded to the signed bucket.

XilaiZhang wrote this answer on 2022-09-23

Perfect prefect, thanks for explaining!

jmagman wrote this answer on 2022-09-27

Now that https://flutter-review.googlesource.com/c/recipes/+/34240 has merged it would be great to have all the binaries codesigned, not just ios-deploy. I'll update the title and description.

XilaiZhang wrote this answer on 2022-09-27

Will do, yeah I will experiment with repo modules a few more times. If it doesn’t work I will just remove the else block to unblock myself.

XilaiZhang wrote this answer on 2022-09-28

this issue is added to release blockers to track the progress per @CaseyHillers request

XilaiZhang wrote this answer on 2022-09-29

flutter/cocoon#2179 and https://flutter-review.googlesource.com/c/recipes/+/34300 are both ready. would be great if i can get more reviews on them. I have tested by signing the ios usb artifacts under the led directory and they are signed correctly (tested by running the app locally).

jmagman wrote this answer on 2022-10-04
More Details About Repo
Owner Name flutter
Repo Name flutter
Full Name flutter/flutter
Language Dart
Created Date 2015-03-06
Updated Date 2022-10-05
Star Count 145512
Watcher Count 3569
Fork Count 23398
Issue Count 11205

YOU MAY BE INTERESTED

Issue Title Created Date Comment Count Updated Date
unexpected edits returned from `textDocument/onTypeFormatting` mid-comment 2 2022-03-23 2022-10-01
CompileFlags on source doesnt change inferred flags for headers 5 2022-03-24 2022-08-29
Understand -isystem=/path/... option (ignore the = sign) 0 2022-03-25 2022-08-05
unexpected edit returned from `textDocument/onTypeFormatting` with newline at beginning of file 2 2022-03-23 2022-09-28
Error against template label when label is already defined 2 2022-02-16 2022-09-23
SQL Server metadata stored in system tables are not retrieved by DataHub 3 2022-03-29 2022-09-08
Hint at potential performance issues when architecture doesn't match 0 2021-11-22 2022-07-31
Please document how to pass env vars (e.g. secrets) to the build phase 3 2021-03-22 2022-07-18
Better error message when connection to Docker socket fails 0 2021-11-22 2022-09-02
Artifacts might be moved before they are extracted 1 2021-03-25 2022-08-01
No output when running @benchmark from script file 2 2022-04-20 2022-09-12
@benchmarkset breaks on ^C 0 2022-03-11 2022-09-12
@btime in local scope throws UndefVarError 2 2022-07-11 2022-09-12
Name table records have trailing spaces 0 2022-03-13 2022-09-30
Training on a device which doesn't support cuda 9? (> Cuda 11) 5 2021-12-15 2022-09-29
Add output function to proc in distant-core 1 2021-10-20 2022-09-06
webp에서 png 변환 지원 계획은 있나요? 7 2022-02-02 2022-09-16
Improve the formatting system 1 2022-05-26 2022-09-10
XmlNamespaceManager corruption 0 2021-10-28 2022-09-28
`goto` has no stack effects 1 2021-06-17 2022-09-10
Error 502 access from internet 4 2021-04-26 2022-09-18
Suggestion - Stored Procedures result sets rely on very limited sp_describe_first_result_set 3 2021-12-24 2022-09-22
[Question] Risks of using the plugin 5 2021-09-17 2022-08-15
All HTML5 entities are missing 0 2021-10-30 2022-09-28
Pokémon Legends Arceus Player Camera reflected by water 1 2022-01-29 2022-10-01
Update Microsoft.Azure.WebJobs.Extensions.WebPubSub to 1.2.0 1 2022-08-06 2022-08-09
Audience parsing doesn't reject unexpected items 1 2021-03-03 2022-09-19
Feature: Bridge CLI - Startup Process and Path to KubernetesLocalProcessConfig.yaml file 2 2022-01-10 2022-09-27
[Metric SDK] Cumulative metric collection for Synchronous Aggregation storage 1 2022-02-26 2022-09-22
Support wildcards in vmagent urlRelabelConfig 4 2021-09-01 2022-09-27
Bitrise - Update git clone step to the latest version: failing due to go version used 0 2022-08-30 2022-09-22
Incorrect link for feature request issues 1 2022-02-19 2022-09-26
Doesn't support IE11 2 2022-04-01 2022-10-03
The service worker navigation preload request was cancelled before 'preloadResponse' settled. If you intend to use 'preloadResponse', use waitUntil() or respondWith() to wait for the promise to settle. 6 2021-07-04 2022-10-03
[e2e framework] Utilize CAPI's e2e refactored framework 5 2022-03-29 2022-10-04
Implement unit test cases for the `pkg/govmomi/find` package 1 2022-03-27 2022-10-04
chore: update k8s pkg to resolve vulnerabilities 2 2021-09-24 2022-09-10
v0.8.0 - protobuf-java and protobuf-javalite conflict 1 2021-05-12 2022-08-22
Bug: deletion of Azureml Experiment & Run 3 2022-07-08 2022-09-22
Add .mjs for ESM modules in node 2 2018-05-15 2022-09-09
how to set animation when use MaterialWithModalsPageRoute 1 2022-08-02 2022-09-15
Restricting draggable area of sheet 0 2022-08-03 2022-09-15
version_git.h generation fails 3 2021-10-01 2022-09-25
Unable to load SemanticDb information 0 2022-06-23 2022-10-02
New pattern submission - invoke cross acc lambda function directly from step function 0 2022-08-24 2022-09-23
Want a full size image for a plot which got expanded in new tab by clicking expand image button 3 2022-01-30 2022-09-25
Disabling IntelliSense/suggestions 0 2022-01-30 2022-01-23
Latex - Equation environment in markdown does not work 0 2022-01-30 2022-01-23
Current live Recording block lost on writing Label 18 2022-02-24 2022-09-14
Mod incorrectly marked for V0 2 2022-06-05 2022-09-28