From a3b2080201779416e0125f86796521f481a1dd85 Mon Sep 17 00:00:00 2001 From: Roc Wu Date: Sat, 16 Mar 2019 18:01:29 +0800 Subject: [PATCH] fix code signing issue with diff package - keep .codepushrelease in manifest json but ignores it in package hash as it needs to be included in diff package --- core/utils/security.js | 24 ++++++++++++++++++------ 1 file changed, 18 insertions(+), 6 deletions(-) diff --git a/core/utils/security.js b/core/utils/security.js index 7cb15791..b6bab402 100644 --- a/core/utils/security.js +++ b/core/utils/security.js @@ -61,7 +61,9 @@ security.stringSha256Sync = function (contents) { security.packageHashSync = function (jsonData) { var sortedArr = security.sortJsonToArr(jsonData); - var manifestData = _.map(sortedArr, (v) => { + var manifestData = _.filter(sortedArr, (v) => { + return !security.isPackageHashIgnored(v.path); + }).map((v) => { return v.path + ':' + v.hash; }); log.debug('packageHashSync manifestData:', manifestData); @@ -153,18 +155,28 @@ security.isHashIgnored = function (relativePath) { return true; } - const IgnoreMacOSX = '__MACOSX/'; const IgnoreDSStore = '.DS_Store'; - const IgnoreCodePushMetadata = '.codepushrelease'; return relativePath.startsWith(IgnoreMacOSX) || relativePath === IgnoreDSStore - || relativePath.endsWith(IgnoreDSStore) - || relativePath === IgnoreCodePushMetadata - || relativePath.endsWith(IgnoreCodePushMetadata); + || relativePath.endsWith(IgnoreDSStore); +} + +security.isPackageHashIgnored = function (relativePath) { + if (!relativePath) { + return true; + } + + // .codepushrelease contains code sign JWT + // it should be ignored in package hash but need to be included in package manifest + const IgnoreCodePushMetadata = '.codepushrelease'; + return relativePath === IgnoreCodePushMetadata + || relativePath.endsWith(IgnoreCodePushMetadata) + || security.isHashIgnored(relativePath); } + security.calcAllFileSha256 = function (directoryPath) { return new Promise((resolve, reject) => { var recursive = require("recursive-readdir");