diff options
| author | Linus Färnstrand <linus@mullvad.net> | 2025-10-15 15:18:28 +0200 |
|---|---|---|
| committer | Linus Färnstrand <linus@mullvad.net> | 2025-10-22 13:16:05 +0200 |
| commit | ca148b0b384168cad76e7bbdeed1afed287654b8 (patch) | |
| tree | de1c99af6f09305958f5af9ffef67f1149571188 | |
| parent | 5b3dadce554013f084890aff3dc88ccb182a153e (diff) | |
| download | mullvadvpn-ca148b0b384168cad76e7bbdeed1afed287654b8.tar.xz mullvadvpn-ca148b0b384168cad76e7bbdeed1afed287654b8.zip | |
Verify that release builds did not pollute the working directory
Refuse to sign binaries or produce final bundles if building the app
made the git working directory dirty. A dirty working directory is an
indication that the build process changed something that it should not
touch
| -rwxr-xr-x | android/build.sh | 18 | ||||
| -rwxr-xr-x | build.sh | 21 |
2 files changed, 33 insertions, 6 deletions
diff --git a/android/build.sh b/android/build.sh index e8392f345d..e37fd3bf2f 100755 --- a/android/build.sh +++ b/android/build.sh @@ -30,11 +30,15 @@ while [ -n "${1:-""}" ]; do shift 1 done -if [[ "$GRADLE_BUILD_TYPE" == "release" ]]; then +function assert_clean_working_directory { if [[ -n "$(git status --porcelain)" ]]; then - echo "Dirty working directory! Will not accept that for an official release." - exit 1 + echo "Dirty working directory! Will not accept that for an official release." + exit 1 fi +} + +if [[ "$GRADLE_BUILD_TYPE" == "release" ]]; then + assert_clean_working_directory if [ ! -f "$SCRIPT_DIR/credentials/keystore.properties" ]; then echo "ERROR: No keystore.properties file found" >&2 @@ -80,6 +84,14 @@ if [[ "$BUILD_BUNDLE" == "yes" ]]; then $GRADLE_CMD --console plain "${BUNDLE_TASKS[@]}" fi +# When building releases, we check that the working directory is clean before building, +# further up. Now verify that this is still true. The build process should never make the +# working directory dirty. +# This could for example happen if lockfiles are outdated, and the build process updates them. +if [[ "$GRADLE_BUILD_TYPE" == "release" ]]; then + assert_clean_working_directory +fi + if [[ "$RUN_PLAY_PUBLISH_TASKS" == "yes" && "${#PLAY_PUBLISH_TASKS[@]}" -ne 0 ]]; then $GRADLE_CMD --console plain "${PLAY_PUBLISH_TASKS[@]}" fi @@ -119,12 +119,18 @@ else CPP_BUILD_MODE="Debug" fi -if [[ "$SIGN" == "true" ]]; then - if [[ -n $(git status --porcelain) ]]; then +function assert_clean_working_directory { + if [[ -n "$(git status --porcelain)" ]]; then log_error "Dirty working directory!" - log_error "Will only build a signed app in a clean working directory" + log_error "Release builds are not allowed on dirty working directories!" exit 1 fi +} + +if [[ "$SIGN" == "true" ]]; then + # Refuse to build signed builds on dirty working directories. Prevents release builds + # from being built from potentially modified code/assets. + assert_clean_working_directory # Will not allow an outdated lockfile when building with signatures # (The build servers should never build without --locked for @@ -408,6 +414,14 @@ esac popd popd +# When signing is enabled, we check that the working directory is clean before building, +# further up. Now verify that this is still true. The build process should never make the +# working directory dirty. +# This could for example happen if lockfiles are outdated, and the build process updates them. +if [[ "$SIGN" == "true" ]]; then + assert_clean_working_directory +fi + # sign installer on Windows if [[ "$SIGN" == "true" && "$(uname -s)" == "MINGW"* ]]; then for installer_path in dist/*"$PRODUCT_VERSION"*.exe; do @@ -427,6 +441,7 @@ if [[ "$UNIVERSAL" == "true" && "$(uname -s)" == "MINGW"* ]]; then --arm64-installer "$SCRIPT_DIR/dist/"*"$PRODUCT_VERSION"_arm64.exe \ "${WIN_PACK_ARGS[@]}" if [[ "$SIGN" == "true" ]]; then + assert_clean_working_directory sign_win "dist/MullvadVPN-${PRODUCT_VERSION}.exe" fi fi |