Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

remove apple-codesign crate #259

Merged
merged 7 commits into from
Jul 13, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions crates/rattler-bin/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -22,12 +22,12 @@ rustls-tls = ["reqwest/rustls-tls", "rattler/rustls-tls", "rattler_repodata_gate

[dependencies]
anyhow = "1.0.71"
clap = { version = "4.3.2", features = ["derive"] }
clap = { version = "4.3.11", features = ["derive"] }
console = { version = "0.15.7", features = ["windows-console-colors"] }
dirs = "5.0.1"
futures = "0.3.28"
indicatif = "0.17.5"
itertools = "0.10.5"
itertools = "0.11.0"
once_cell = "1.18.0"
rattler = { version = "0.5.0", path = "../rattler", default-features = false }
rattler_networking = { version = "0.5.0", path = "../rattler_networking", default-features = false }
Expand All @@ -36,7 +36,7 @@ rattler_repodata_gateway = { version = "0.5.0", path = "../rattler_repodata_gate
rattler_solve = { version = "0.5.0", path = "../rattler_solve", features = ["libsolv_rs", "libsolv_c"] }
rattler_virtual_packages = { version = "0.5.0", path = "../rattler_virtual_packages" }
reqwest = { version = "0.11.18", default-features = false }
tokio = { version = "1.28.2", features = ["rt-multi-thread", "macros"] }
tokio = { version = "1.29.1", features = ["rt-multi-thread", "macros"] }
tracing-subscriber = { version = "0.3.17", features = ["env-filter"] }

[package.metadata.release]
Expand Down
27 changes: 13 additions & 14 deletions crates/rattler/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -17,43 +17,42 @@ rustls-tls = ['reqwest/rustls-tls', 'rattler_package_streaming/rustls-tls']

[dependencies]
anyhow = "1.0.71"
apple-codesign = "0.22.0"
async-compression = { version = "0.4.0", features = ["gzip", "tokio", "bzip2", "zstd"] }
async-compression = { version = "0.4.1", features = ["gzip", "tokio", "bzip2", "zstd"] }
bytes = "1.4.0"
chrono = { version = "0.4.26", default-features = false, features = ["std", "serde", "alloc"] }
digest = "0.10.7"
dirs = "5.0.1"
futures = "0.3.28"
fxhash = "0.2.1"
hex = "0.4.3"
itertools = "0.10.5"
itertools = "0.11.0"
memchr = "2.5.0"
memmap2 = "0.6.2"
memmap2 = "0.7.1"
nom = "7.1.3"
once_cell = "1.18.0"
pin-project-lite = "0.2.9"
pin-project-lite = "0.2.10"
rattler_conda_types = { version = "0.5.0", path = "../rattler_conda_types" }
rattler_digest = { version = "0.5.0", path = "../rattler_digest" }
rattler_networking = { version = "0.5.0", path = "../rattler_networking", default-features = false }
rattler_package_streaming = { version = "0.5.0", path = "../rattler_package_streaming", features = ["reqwest", "tokio"], default-features = false }
regex = "1.8.4"
regex = "1.9.1"
reqwest = { version = "0.11.18", default-features = false, features = ["stream", "json", "gzip"] }
serde = { version = "1.0.163", features = ["derive"] }
serde_json = { version = "1.0.96", features = ["raw_value"] }
serde = { version = "1.0.171", features = ["derive"] }
serde_json = { version = "1.0.102", features = ["raw_value"] }
serde_with = "3.0.0"
smallvec = { version = "1.10.0", features = ["serde", "const_new", "const_generics", "union"] }
smallvec = { version = "1.11.0", features = ["serde", "const_new", "const_generics", "union"] }
tempfile = "3.6.0"
thiserror = "1.0.40"
tokio = { version = "1.28.2", features = ["rt", "io-util", "macros"] }
thiserror = "1.0.43"
tokio = { version = "1.29.1", features = ["rt", "io-util", "macros"] }
tokio-stream = "0.1.14"
tokio-util = { version = "0.7.8", features = ["codec", "io"] }
tracing = "0.1.37"
url = { version = "2.4.0", features = ["serde"] }
uuid = { version = "1.3.3", features = ["v4", "fast-rng"] }
uuid = { version = "1.4.0", features = ["v4", "fast-rng"] }

[dev-dependencies]
assert_matches = "1.5.0"
rand = "0.8.5"
rstest = "0.17.0"
rstest = "0.18.1"
tracing-test = { version = "0.2.4" }
insta = { version = "1.29.0", features = ["yaml"] }
insta = { version = "1.30.0", features = ["yaml"] }
34 changes: 34 additions & 0 deletions crates/rattler/src/install/apple_codesign.rs
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
use super::LinkFileError;
use std::path::Path;

/// Controls the behavior of the [`super::link_package`] function when it encounters a binary that needs
/// to be signed on macOS ARM64 (Apple Silicon).
#[derive(Debug, Clone, Copy, PartialEq, Default)]
pub enum AppleCodeSignBehavior {
/// Do nothing (do not attempt to sign any binary)
DoNothing,
/// Ignore if the signing fails
Ignore,
/// Bubble up the error if the code signing fails (default)
#[default]
Fail,
}

/// Sign a binary using the `codesign` tool with an ad-hoc certificate on macOS.
/// This is required for binaries to run on Apple Silicon.
pub(crate) fn codesign(destination_path: &Path) -> Result<(), LinkFileError> {
let status = std::process::Command::new("/usr/bin/codesign")
.arg("--sign")
// Use an ad-hoc certificate (`-`)
.arg("-")
// replace any existing signature
.arg("--force")
.arg(destination_path)
.status()?;

if !status.success() {
return Err(LinkFileError::FailedToSignAppleBinary);
}

Ok(())
}
18 changes: 13 additions & 5 deletions crates/rattler/src/install/link.rs
Original file line number Diff line number Diff line change
@@ -1,5 +1,4 @@
use crate::install::python::PythonInfo;
use apple_codesign::{SigningSettings, UnifiedSigner};
use rattler_conda_types::package::{FileMode, PathType, PathsEntry, PrefixPlaceholder};
use rattler_conda_types::{NoArchType, Platform};
use rattler_digest::HashingWriter;
Expand All @@ -9,6 +8,8 @@ use std::fs::Permissions;
use std::io::{ErrorKind, Seek, Write};
use std::path::{Path, PathBuf};

use super::apple_codesign::{codesign, AppleCodeSignBehavior};

#[derive(Debug, thiserror::Error)]
pub enum LinkFileError {
#[error(transparent)]
Expand All @@ -30,7 +31,7 @@ pub enum LinkFileError {
FailedToUpdateDestinationFilePermissions(#[source] std::io::Error),

#[error("failed to sign Apple binary")]
FailedToSignAppleBinary(#[from] apple_codesign::AppleCodesignError),
FailedToSignAppleBinary,

#[error("cannot install noarch python files because there is no python version specified ")]
MissingPythonInfo,
Expand Down Expand Up @@ -70,6 +71,7 @@ pub fn link_file(
allow_hard_links: bool,
target_platform: Platform,
target_python: Option<&PythonInfo>,
apple_codesign_behavior: AppleCodeSignBehavior,
) -> Result<LinkedFile, LinkFileError> {
let source_path = package_dir.join(&path_json_entry.relative_path);

Expand Down Expand Up @@ -178,9 +180,15 @@ pub fn link_file(
}

// If the binary changed it requires resigning.
if content_changed {
let signer = UnifiedSigner::new(SigningSettings::default());
signer.sign_path_in_place(&destination_path)?;
if content_changed && apple_codesign_behavior != AppleCodeSignBehavior::DoNothing {
match codesign(&destination_path) {
Ok(_) => {}
Err(e) => {
if apple_codesign_behavior == AppleCodeSignBehavior::Fail {
return Err(e);
}
}
}

// The file on disk changed from the original file so the hash and file size
// also became invalid.
Expand Down
15 changes: 15 additions & 0 deletions crates/rattler/src/install/mod.rs
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
pub mod apple_codesign;
mod driver;
mod entry_point;
pub mod link;
Expand All @@ -12,6 +13,7 @@ pub use transaction::{Transaction, TransactionOperation};
use crate::install::entry_point::{
create_unix_python_entry_point, create_windows_python_entry_point,
};
pub use apple_codesign::AppleCodeSignBehavior;
use futures::FutureExt;
pub use python::PythonInfo;
use rattler_conda_types::package::{IndexJson, LinkJson, NoArchLinks, PackageFile};
Expand Down Expand Up @@ -143,6 +145,18 @@ pub struct InstallOptions {
/// If you're installing a noarch python package and do not provide this field, the
/// [`link_package`] function will return [`InstallError::MissingPythonInfo`].
pub python_info: Option<PythonInfo>,

/// For binaries on macOS ARM64 (Apple Silicon), binaries need to be signed with an ad-hoc
/// certificate to properly work. This field controls wether or not to do that.
/// Code signing is only executed when the target platform is macOS ARM64. By default,
/// codesigning will fail the installation if it fails. This behavior can be changed by setting
/// this field to `AppleCodeSignBehavior::Ignore` or `AppleCodeSignBehavior::DoNothing`.
///
/// To sign the binaries, the `/usr/bin/codesign` executable is called with `--force` and
/// `--sign -` arguments. The `--force` argument is used to overwrite existing signatures, and
/// the `--sign -` argument is used to sign with an ad-hoc certificate.
/// Ad-hoc signing does not use an identity at all, and identifies exactly one instance of code.
pub apple_codesign_behavior: AppleCodeSignBehavior,
}

/// Given an extracted package archive (`package_dir`), installs its files to the `target_dir`.
Expand Down Expand Up @@ -240,6 +254,7 @@ pub async fn link_package(
allow_hard_links && !entry.no_link,
platform,
python_info.as_deref(),
options.apple_codesign_behavior,
) {
Ok(result) => Ok((
number_of_paths_entries,
Expand Down
24 changes: 12 additions & 12 deletions crates/rattler_conda_types/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -14,19 +14,19 @@ readme.workspace = true
chrono = "0.4.26"
fxhash = "0.2.1"
hex = "0.4.3"
itertools = "0.10.5"
lazy-regex = "2.5.0"
itertools = "0.11.0"
lazy-regex = "3.0.0"
nom = "7.1.3"
regex = "1.8.4"
serde = { version = "1.0.163", features = ["derive"] }
serde_json = "1.0.96"
regex = "1.9.1"
serde = { version = "1.0.171", features = ["derive"] }
serde_json = "1.0.102"
serde-json-python-formatter = "0.1.0"
serde_yaml = "0.9.21"
serde_yaml = "0.9.22"
serde_with = "3.0.0"
serde_repr = "0.1"
smallvec = { version = "1.10.0", features = ["serde", "const_new", "const_generics", "union"] }
strum = { version = "0.24.1", features = ["derive"] }
thiserror = "1.0.40"
smallvec = { version = "1.11.0", features = ["serde", "const_new", "const_generics", "union"] }
strum = { version = "0.25.0", features = ["derive"] }
thiserror = "1.0.43"
tracing = "0.1.37"
url = { version = "2.4.0", features = ["serde"] }
rattler_digest = { version = "0.5.0", path = "../rattler_digest", features = ["serde"] }
Expand All @@ -35,13 +35,13 @@ glob = "0.3.1"

[dev-dependencies]
rand = "0.8.5"
insta = { version = "1.29.0", features = ["yaml", "redactions", "toml"] }
insta = { version = "1.30.0", features = ["yaml", "redactions", "toml"] }
rattler_package_streaming = { path = "../rattler_package_streaming", default-features = false, features=["rustls-tls"] }
tempfile = "3.6.0"
rstest = "0.17.0"
rstest = "0.18.1"
assert_matches = "1.5.0"
hex-literal = "0.4.1"
criterion = { version = "0.4", features = ["html_reports"] }
criterion = { version = "0.5", features = ["html_reports"] }

[[bench]]
name = "parse"
Expand Down
10 changes: 5 additions & 5 deletions crates/rattler_digest/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -12,10 +12,10 @@ readme.workspace = true

[dependencies]
digest = "0.10.7"
tokio = { version = "1.28.2", features = ["io-util"], optional = true }
tokio = { version = "1.29.1", features = ["io-util"], optional = true }
hex = "0.4.3"
serde = { version = "1.0.163", features = ["derive"], optional = true }
sha2 = "0.10.6"
serde = { version = "1.0.171", features = ["derive"], optional = true }
sha2 = "0.10.7"
md-5 = "0.10.5"
blake2 = "0.10.6"
serde_with = "3.0.0"
Expand All @@ -25,7 +25,7 @@ tokio = ["dep:tokio"]
serde = ["dep:serde"]

[dev-dependencies]
rstest = "0.17.0"
rstest = "0.18.1"
tempfile = "3.6.0"
md-5 = "0.10.5"
serde_json = "1.0.96"
serde_json = "1.0.102"
2 changes: 1 addition & 1 deletion crates/rattler_libsolv_rs/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -17,4 +17,4 @@ rattler_conda_types = { version = "0.5.0", path = "../rattler_conda_types" }
tracing = "0.1.37"

[dev-dependencies]
insta = "1.29.0"
insta = "1.30.0"
6 changes: 3 additions & 3 deletions crates/rattler_macros/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -19,8 +19,8 @@ name = "tests"
path = "tests/tests.rs"

[dependencies]
syn = "2.0.18"
quote = "1.0.28"
syn = "2.0.25"
quote = "1.0.29"

[dev-dependencies]
trybuild = { version = "1.0.80", features = ["diff"] }
trybuild = { version = "1.0.81", features = ["diff"] }
16 changes: 8 additions & 8 deletions crates/rattler_networking/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -17,16 +17,16 @@ rustls-tls = ['reqwest/rustls-tls']
[dependencies]
anyhow = "1.0.71"
dirs = "5.0.1"
keyring = "2.0.2"
keyring = "2.0.4"
lazy_static = "1.4.0"
libc = "0.2.144"
reqwest = { version = "0.11.17", features = ["blocking"], default-features = false}
serde = "1.0.163"
serde_json = "1.0.96"
thiserror = "1.0.40"
libc = "0.2.147"
reqwest = { version = "0.11.18", features = ["blocking"], default-features = false}
serde = "1.0.171"
serde_json = "1.0.102"
thiserror = "1.0.43"
tracing = "0.1.37"

[dev-dependencies]
anyhow = "1.0.71"
insta = { version = "1.29.0", features = ["json"] }
tempfile = "3.5.0"
insta = { version = "1.30.0", features = ["json"] }
tempfile = "3.6.0"
10 changes: 5 additions & 5 deletions crates/rattler_package_streaming/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -14,12 +14,12 @@ readme.workspace = true
bzip2 = { version = "0.4" }
chrono = "0.4.26"
futures-util = { version = "0.3.28", optional = true }
itertools = "0.10.5"
itertools = "0.11.0"
rattler_conda_types = { version = "0.5.0", path = "../rattler_conda_types" }
rattler_digest = { version = "0.5.0", path = "../rattler_digest" }
serde_json = "1.0.96"
serde_json = "1.0.102"
tar = { version = "0.4.38" }
thiserror = "1.0.40"
thiserror = "1.0.43"
tokio = { version = "1", optional = true }
tokio-util = { version = "0.7", optional = true }
reqwest = { version = "0.11.18", optional = true, default-features = false }
Expand All @@ -39,5 +39,5 @@ reqwest = ["reqwest/blocking"]
tempfile = "3.6.0"
tokio = { version = "1", features = ["rt", "macros"] }
walkdir = "2.3.3"
rstest = "0.17.0"
rstest_reuse = "0.5.0"
rstest = "0.18.1"
rstest_reuse = "0.6.0"
Loading