From 324db14969c74461b849ba02c66af387c0d70d49 Mon Sep 17 00:00:00 2001 From: Samuel Attard Date: Fri, 23 Sep 2022 12:32:10 -0700 Subject: [PATCH] fix: set macOS crypto keychain name earlier (#34683) * fix: set macOS crypto keychain name earlier * spec: ensure arm64 mac tests are cleaned up --- .circleci/config/base.yml | 1 + shell/browser/electron_browser_main_parts.cc | 9 ++++++++- shell/browser/net/system_network_context_manager.cc | 10 ---------- spec/api-safe-storage-spec.ts | 6 +++--- 4 files changed, 12 insertions(+), 14 deletions(-) diff --git a/.circleci/config/base.yml b/.circleci/config/base.yml index 04b3daec34de..91efc6bb1354 100644 --- a/.circleci/config/base.yml +++ b/.circleci/config/base.yml @@ -216,6 +216,7 @@ step-maybe-cleanup-arm64-mac: &step-maybe-cleanup-arm64-mac rm -rf ~/Library/Application\ Support/electron* security delete-generic-password -l "Chromium Safe Storage" || echo "✓ Keychain does not contain password from tests" security delete-generic-password -l "Electron Test Main Safe Storage" || echo "✓ Keychain does not contain password from tests" + security delete-generic-password -a "electron-test-safe-storage" || echo "✓ Keychain does not contain password from tests" elif [ "$TARGET_ARCH" == "arm" ] || [ "$TARGET_ARCH" == "arm64" ]; then XVFB=/usr/bin/Xvfb /sbin/start-stop-daemon --stop --exec $XVFB || echo "Xvfb not running" diff --git a/shell/browser/electron_browser_main_parts.cc b/shell/browser/electron_browser_main_parts.cc index 20c2d611d839..601879ab28b6 100644 --- a/shell/browser/electron_browser_main_parts.cc +++ b/shell/browser/electron_browser_main_parts.cc @@ -91,6 +91,7 @@ #endif #if BUILDFLAG(IS_MAC) +#include "components/os_crypt/keychain_password_mac.h" #include "services/device/public/cpp/geolocation/geolocation_manager.h" #include "shell/browser/ui/cocoa/views_delegate_mac.h" #else @@ -490,6 +491,9 @@ void ElectronBrowserMainParts::WillRunMainMessageLoop( } void ElectronBrowserMainParts::PostCreateMainMessageLoop() { +#if BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_MAC) + std::string app_name = electron::Browser::Get()->GetName(); +#endif #if BUILDFLAG(IS_LINUX) auto shutdown_cb = base::BindOnce(base::RunLoop::QuitCurrentWhenIdleClosureDeprecated()); @@ -500,7 +504,6 @@ void ElectronBrowserMainParts::PostCreateMainMessageLoop() { // Set up crypt config. This needs to be done before anything starts the // network service, as the raw encryption key needs to be shared with the // network service for encrypted cookie storage. - std::string app_name = electron::Browser::Get()->GetName(); const base::CommandLine& command_line = *base::CommandLine::ForCurrentProcess(); std::unique_ptr config = @@ -517,6 +520,10 @@ void ElectronBrowserMainParts::PostCreateMainMessageLoop() { base::PathService::Get(DIR_SESSION_DATA, &config->user_data_path); OSCrypt::SetConfig(std::move(config)); #endif +#if BUILDFLAG(IS_MAC) + KeychainPassword::GetServiceName() = app_name + " Safe Storage"; + KeychainPassword::GetAccountName() = app_name; +#endif #if BUILDFLAG(IS_POSIX) // Exit in response to SIGINT, SIGTERM, etc. InstallShutdownSignalHandlers( diff --git a/shell/browser/net/system_network_context_manager.cc b/shell/browser/net/system_network_context_manager.cc index d1f474d59ead..2b8f431425fa 100644 --- a/shell/browser/net/system_network_context_manager.cc +++ b/shell/browser/net/system_network_context_manager.cc @@ -42,10 +42,6 @@ #include "shell/common/options_switches.h" #include "url/gurl.h" -#if BUILDFLAG(IS_MAC) -#include "components/os_crypt/keychain_password_mac.h" -#endif - #if BUILDFLAG(IS_LINUX) #include "components/os_crypt/key_storage_config_linux.h" #endif @@ -288,12 +284,6 @@ void SystemNetworkContextManager::OnNetworkServiceCreated( base::FeatureList::IsEnabled(features::kAsyncDns), default_secure_dns_mode, doh_config, additional_dns_query_types_enabled); - std::string app_name = electron::Browser::Get()->GetName(); -#if BUILDFLAG(IS_MAC) - KeychainPassword::GetServiceName() = app_name + " Safe Storage"; - KeychainPassword::GetAccountName() = app_name; -#endif - // The OSCrypt keys are process bound, so if network service is out of // process, send it the required key. if (content::IsOutOfProcessNetworkService() && diff --git a/spec/api-safe-storage-spec.ts b/spec/api-safe-storage-spec.ts index 098095e2fde0..e7f4dcf18547 100644 --- a/spec/api-safe-storage-spec.ts +++ b/spec/api-safe-storage-spec.ts @@ -4,7 +4,7 @@ import { safeStorage } from 'electron/main'; import { expect } from 'chai'; import { emittedOnce } from './events-helpers'; import { ifdescribe } from './spec-helpers'; -import * as fs from 'fs'; +import * as fs from 'fs-extra'; /* isEncryptionAvailable returns false in Linux when running CI due to a mocked dbus. This stops * Chrome from reaching the system's keyring or libsecret. When running the tests with config.store @@ -36,8 +36,8 @@ describe('safeStorage module', () => { ifdescribe(process.platform !== 'linux')('safeStorage module', () => { after(async () => { const pathToEncryptedString = path.resolve(__dirname, 'fixtures', 'api', 'safe-storage', 'encrypted.txt'); - if (fs.existsSync(pathToEncryptedString)) { - await fs.unlinkSync(pathToEncryptedString); + if (await fs.pathExists(pathToEncryptedString)) { + await fs.remove(pathToEncryptedString); } });