fix: set macOS crypto keychain name earlier (#34683)

* fix: set macOS crypto keychain name earlier

* spec: ensure arm64 mac tests are cleaned up
This commit is contained in:
Samuel Attard 2022-09-23 12:32:10 -07:00 committed by GitHub
parent 8a0b4fa338
commit 324db14969
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 12 additions and 14 deletions

View file

@ -216,6 +216,7 @@ step-maybe-cleanup-arm64-mac: &step-maybe-cleanup-arm64-mac
rm -rf ~/Library/Application\ Support/electron* rm -rf ~/Library/Application\ Support/electron*
security delete-generic-password -l "Chromium Safe Storage" || echo "✓ Keychain does not contain password from tests" security delete-generic-password -l "Chromium Safe Storage" || echo "✓ Keychain does not contain password from tests"
security delete-generic-password -l "Electron Test Main Safe Storage" || echo "✓ Keychain does not contain password from tests" security delete-generic-password -l "Electron Test Main Safe Storage" || echo "✓ Keychain does not contain password from tests"
security delete-generic-password -a "electron-test-safe-storage" || echo "✓ Keychain does not contain password from tests"
elif [ "$TARGET_ARCH" == "arm" ] || [ "$TARGET_ARCH" == "arm64" ]; then elif [ "$TARGET_ARCH" == "arm" ] || [ "$TARGET_ARCH" == "arm64" ]; then
XVFB=/usr/bin/Xvfb XVFB=/usr/bin/Xvfb
/sbin/start-stop-daemon --stop --exec $XVFB || echo "Xvfb not running" /sbin/start-stop-daemon --stop --exec $XVFB || echo "Xvfb not running"

View file

@ -91,6 +91,7 @@
#endif #endif
#if BUILDFLAG(IS_MAC) #if BUILDFLAG(IS_MAC)
#include "components/os_crypt/keychain_password_mac.h"
#include "services/device/public/cpp/geolocation/geolocation_manager.h" #include "services/device/public/cpp/geolocation/geolocation_manager.h"
#include "shell/browser/ui/cocoa/views_delegate_mac.h" #include "shell/browser/ui/cocoa/views_delegate_mac.h"
#else #else
@ -490,6 +491,9 @@ void ElectronBrowserMainParts::WillRunMainMessageLoop(
} }
void ElectronBrowserMainParts::PostCreateMainMessageLoop() { void ElectronBrowserMainParts::PostCreateMainMessageLoop() {
#if BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_MAC)
std::string app_name = electron::Browser::Get()->GetName();
#endif
#if BUILDFLAG(IS_LINUX) #if BUILDFLAG(IS_LINUX)
auto shutdown_cb = auto shutdown_cb =
base::BindOnce(base::RunLoop::QuitCurrentWhenIdleClosureDeprecated()); base::BindOnce(base::RunLoop::QuitCurrentWhenIdleClosureDeprecated());
@ -500,7 +504,6 @@ void ElectronBrowserMainParts::PostCreateMainMessageLoop() {
// Set up crypt config. This needs to be done before anything starts the // Set up crypt config. This needs to be done before anything starts the
// network service, as the raw encryption key needs to be shared with the // network service, as the raw encryption key needs to be shared with the
// network service for encrypted cookie storage. // network service for encrypted cookie storage.
std::string app_name = electron::Browser::Get()->GetName();
const base::CommandLine& command_line = const base::CommandLine& command_line =
*base::CommandLine::ForCurrentProcess(); *base::CommandLine::ForCurrentProcess();
std::unique_ptr<os_crypt::Config> config = std::unique_ptr<os_crypt::Config> config =
@ -517,6 +520,10 @@ void ElectronBrowserMainParts::PostCreateMainMessageLoop() {
base::PathService::Get(DIR_SESSION_DATA, &config->user_data_path); base::PathService::Get(DIR_SESSION_DATA, &config->user_data_path);
OSCrypt::SetConfig(std::move(config)); OSCrypt::SetConfig(std::move(config));
#endif #endif
#if BUILDFLAG(IS_MAC)
KeychainPassword::GetServiceName() = app_name + " Safe Storage";
KeychainPassword::GetAccountName() = app_name;
#endif
#if BUILDFLAG(IS_POSIX) #if BUILDFLAG(IS_POSIX)
// Exit in response to SIGINT, SIGTERM, etc. // Exit in response to SIGINT, SIGTERM, etc.
InstallShutdownSignalHandlers( InstallShutdownSignalHandlers(

View file

@ -42,10 +42,6 @@
#include "shell/common/options_switches.h" #include "shell/common/options_switches.h"
#include "url/gurl.h" #include "url/gurl.h"
#if BUILDFLAG(IS_MAC)
#include "components/os_crypt/keychain_password_mac.h"
#endif
#if BUILDFLAG(IS_LINUX) #if BUILDFLAG(IS_LINUX)
#include "components/os_crypt/key_storage_config_linux.h" #include "components/os_crypt/key_storage_config_linux.h"
#endif #endif
@ -288,12 +284,6 @@ void SystemNetworkContextManager::OnNetworkServiceCreated(
base::FeatureList::IsEnabled(features::kAsyncDns), base::FeatureList::IsEnabled(features::kAsyncDns),
default_secure_dns_mode, doh_config, additional_dns_query_types_enabled); default_secure_dns_mode, doh_config, additional_dns_query_types_enabled);
std::string app_name = electron::Browser::Get()->GetName();
#if BUILDFLAG(IS_MAC)
KeychainPassword::GetServiceName() = app_name + " Safe Storage";
KeychainPassword::GetAccountName() = app_name;
#endif
// The OSCrypt keys are process bound, so if network service is out of // The OSCrypt keys are process bound, so if network service is out of
// process, send it the required key. // process, send it the required key.
if (content::IsOutOfProcessNetworkService() && if (content::IsOutOfProcessNetworkService() &&

View file

@ -4,7 +4,7 @@ import { safeStorage } from 'electron/main';
import { expect } from 'chai'; import { expect } from 'chai';
import { emittedOnce } from './events-helpers'; import { emittedOnce } from './events-helpers';
import { ifdescribe } from './spec-helpers'; import { ifdescribe } from './spec-helpers';
import * as fs from 'fs'; import * as fs from 'fs-extra';
/* isEncryptionAvailable returns false in Linux when running CI due to a mocked dbus. This stops /* isEncryptionAvailable returns false in Linux when running CI due to a mocked dbus. This stops
* Chrome from reaching the system's keyring or libsecret. When running the tests with config.store * Chrome from reaching the system's keyring or libsecret. When running the tests with config.store
@ -36,8 +36,8 @@ describe('safeStorage module', () => {
ifdescribe(process.platform !== 'linux')('safeStorage module', () => { ifdescribe(process.platform !== 'linux')('safeStorage module', () => {
after(async () => { after(async () => {
const pathToEncryptedString = path.resolve(__dirname, 'fixtures', 'api', 'safe-storage', 'encrypted.txt'); const pathToEncryptedString = path.resolve(__dirname, 'fixtures', 'api', 'safe-storage', 'encrypted.txt');
if (fs.existsSync(pathToEncryptedString)) { if (await fs.pathExists(pathToEncryptedString)) {
await fs.unlinkSync(pathToEncryptedString); await fs.remove(pathToEncryptedString);
} }
}); });