match 0.1.2 → 0.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +20 -1
- data/bin/match +15 -0
- data/lib/match.rb +1 -0
- data/lib/match/change_password.rb +14 -0
- data/lib/match/encrypt.rb +16 -6
- data/lib/match/git_helper.rb +23 -3
- data/lib/match/options.rb +12 -3
- data/lib/match/runner.rb +1 -1
- data/lib/match/version.rb +1 -1
- metadata +8 -7
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 9c0f9786bd1163d37e0f4ee1f96b2597d839ec5d
|
|
4
|
+
data.tar.gz: 2d41389a1fe003263e6a53d71f290e70d3bf134d
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: d225f09935f20e35d143086b6598aa90edb29bbb38cbe84548ff203d89827f40f0dad50309922c500d77bdf2b7afd8a360f98d0031d11ff4575b43def3aa39fd
|
|
7
|
+
data.tar.gz: 794d25bfeec94e8c1804dc9ec5526d5e785efeacb94a5cf14919640c9d731ec5898242d247eced944b99528961f4eb58aee170ffe867924b05a34025cce0db90
|
data/README.md
CHANGED
|
@@ -157,6 +157,15 @@ For a list of all available options run
|
|
|
157
157
|
match --help
|
|
158
158
|
```
|
|
159
159
|
|
|
160
|
+
#### Handle multiple targets
|
|
161
|
+
|
|
162
|
+
If you have several targets with different bundle identifiers, call `match` for each of them:
|
|
163
|
+
|
|
164
|
+
```
|
|
165
|
+
match appstore -a tools.fastlane.app
|
|
166
|
+
match appstore -a tools.fastlane.app.watchkitapp
|
|
167
|
+
```
|
|
168
|
+
|
|
160
169
|
#### Passphrase
|
|
161
170
|
|
|
162
171
|
When running `match` for the first time on a new machine, it will ask you for the passphrase for the Git repository. This is an additional layer of security: each of the files will be encrypted using `openssl`.Make sure to remember the password, as you'll need it when you run match on a different machine
|
|
@@ -257,7 +266,7 @@ e.g. `$(sigh_tools.fastlane.app_development)`
|
|
|
257
266
|
|
|
258
267
|
This is useful when installing your application on your device using the Development profile.
|
|
259
268
|
|
|
260
|
-
You can statically select the right provisioning profile in your Xcode project (the name will be `tools.fastlane.app
|
|
269
|
+
You can statically select the right provisioning profile in your Xcode project (the name will be `match Development tools.fastlane.app`).
|
|
261
270
|
|
|
262
271
|
### Nuke
|
|
263
272
|
|
|
@@ -274,6 +283,16 @@ match nuke distribution
|
|
|
274
283
|
|
|
275
284
|
You'll have to confirm a list of profiles / certificates that will be deleted.
|
|
276
285
|
|
|
286
|
+
### Change Password
|
|
287
|
+
|
|
288
|
+
To change the password of your repo and therefore decrypting and encrypting all files run
|
|
289
|
+
|
|
290
|
+
```
|
|
291
|
+
match change_password
|
|
292
|
+
```
|
|
293
|
+
|
|
294
|
+
You'll be asked for the new password on all your machines on the next run.
|
|
295
|
+
|
|
277
296
|
## Is this secure?
|
|
278
297
|
|
|
279
298
|
Both your keys and provisioning profiles are encrypted using OpenSSL using a passphrase.
|
data/bin/match
CHANGED
|
@@ -9,8 +9,10 @@ HighLine.track_eof = false
|
|
|
9
9
|
|
|
10
10
|
class MatchApplication
|
|
11
11
|
include Commander::Methods
|
|
12
|
+
UI = FastlaneCore::UI
|
|
12
13
|
|
|
13
14
|
# rubocop:disable Metrics/MethodLength
|
|
15
|
+
# rubocop:disable Metrics/AbcSize
|
|
14
16
|
def run
|
|
15
17
|
program :version, Match::VERSION
|
|
16
18
|
program :description, Match::DESCRIPTION
|
|
@@ -68,6 +70,18 @@ class MatchApplication
|
|
|
68
70
|
end
|
|
69
71
|
end
|
|
70
72
|
|
|
73
|
+
command :change_password do |c|
|
|
74
|
+
c.syntax = 'match change_password'
|
|
75
|
+
c.description = 'Re-encrypt all files with a different password'
|
|
76
|
+
c.action do |args, options|
|
|
77
|
+
params = FastlaneCore::Configuration.create(Match::Options.available_options, options.__hash__)
|
|
78
|
+
params.load_configuration_file("Matchfile")
|
|
79
|
+
|
|
80
|
+
Match::ChangePassword.update(params: params)
|
|
81
|
+
UI.success "Successfully changed the password. Make sure to update the password on all your clients and servers"
|
|
82
|
+
end
|
|
83
|
+
end
|
|
84
|
+
|
|
71
85
|
command "nuke" do |c|
|
|
72
86
|
# We have this empty command here, since otherwise the normal `match` command will be executed
|
|
73
87
|
c.syntax = "match nuke"
|
|
@@ -94,6 +108,7 @@ class MatchApplication
|
|
|
94
108
|
run!
|
|
95
109
|
end
|
|
96
110
|
# rubocop:enable Metrics/MethodLength
|
|
111
|
+
# rubocop:enable Metrics/AbcSize
|
|
97
112
|
end
|
|
98
113
|
|
|
99
114
|
begin
|
data/lib/match.rb
CHANGED
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
module Match
|
|
2
|
+
class ChangePassword
|
|
3
|
+
def self.update(params: nil, from: nil, to: nil)
|
|
4
|
+
to ||= UI.password("New password: ")
|
|
5
|
+
GitHelper.clear_changes
|
|
6
|
+
workspace = GitHelper.clone(params[:git_url], params[:shallow_clone], manual_password: from)
|
|
7
|
+
Encrypt.new.clear_password(params[:git_url])
|
|
8
|
+
Encrypt.new.store_password(params[:git_url], to)
|
|
9
|
+
|
|
10
|
+
message = "[fastlane] Changed password"
|
|
11
|
+
GitHelper.commit_changes(workspace, message, params[:git_url])
|
|
12
|
+
end
|
|
13
|
+
end
|
|
14
|
+
end
|
data/lib/match/encrypt.rb
CHANGED
|
@@ -7,7 +7,7 @@ module Match
|
|
|
7
7
|
end
|
|
8
8
|
|
|
9
9
|
def password(git_url)
|
|
10
|
-
password
|
|
10
|
+
password = ENV["MATCH_PASSWORD"]
|
|
11
11
|
unless password
|
|
12
12
|
item = Security::InternetPassword.find(server: server_name(git_url))
|
|
13
13
|
password = item.password if item
|
|
@@ -20,10 +20,14 @@ module Match
|
|
|
20
20
|
while password.to_s.length == 0
|
|
21
21
|
password = ask("Passphrase for Git Repo: ".yellow) { |q| q.echo = "*" }
|
|
22
22
|
end
|
|
23
|
-
|
|
23
|
+
store_password(git_url, password)
|
|
24
24
|
end
|
|
25
25
|
|
|
26
|
-
return
|
|
26
|
+
return password
|
|
27
|
+
end
|
|
28
|
+
|
|
29
|
+
def store_password(git_url, password)
|
|
30
|
+
Security::InternetPassword.add(server_name(git_url), "", password)
|
|
27
31
|
end
|
|
28
32
|
|
|
29
33
|
# removes the password from the keychain again
|
|
@@ -35,20 +39,21 @@ module Match
|
|
|
35
39
|
iterate(path) do |current|
|
|
36
40
|
crypt(path: current,
|
|
37
41
|
password: password(git_url),
|
|
38
|
-
|
|
42
|
+
encrypt: true)
|
|
39
43
|
UI.success "🔒 Encrypted '#{File.basename(current)}'" if $verbose
|
|
40
44
|
end
|
|
41
45
|
UI.success "🔒 Successfully encrypted certificates repo"
|
|
42
46
|
end
|
|
43
47
|
|
|
44
|
-
def decrypt_repo(path: nil, git_url: nil)
|
|
48
|
+
def decrypt_repo(path: nil, git_url: nil, manual_password: nil)
|
|
45
49
|
iterate(path) do |current|
|
|
46
50
|
begin
|
|
47
51
|
crypt(path: current,
|
|
48
|
-
password: password(git_url),
|
|
52
|
+
password: manual_password || password(git_url),
|
|
49
53
|
encrypt: false)
|
|
50
54
|
rescue
|
|
51
55
|
UI.error "Couldn't decrypt the repo, please make sure you enter the right password!"
|
|
56
|
+
UI.user_error!("Invalid password passed via 'MATCH_PASSWORD'") if ENV["MATCH_PASSWORD"]
|
|
52
57
|
clear_password(git_url)
|
|
53
58
|
decrypt_repo(path: path, git_url: git_url)
|
|
54
59
|
return
|
|
@@ -68,6 +73,10 @@ module Match
|
|
|
68
73
|
end
|
|
69
74
|
|
|
70
75
|
def crypt(path: nil, password: nil, encrypt: true)
|
|
76
|
+
if password.to_s.strip.length == 0
|
|
77
|
+
UI.user_error!("No password supplied")
|
|
78
|
+
end
|
|
79
|
+
|
|
71
80
|
tmpfile = File.join(Dir.mktmpdir, "temporary")
|
|
72
81
|
command = ["openssl aes-256-cbc"]
|
|
73
82
|
command << "-k \"#{password}\""
|
|
@@ -77,6 +86,7 @@ module Match
|
|
|
77
86
|
command << "-d" unless encrypt
|
|
78
87
|
command << "&> /dev/null" unless $verbose # to show show an error message is something goes wrong
|
|
79
88
|
success = system(command.join(' '))
|
|
89
|
+
|
|
80
90
|
raise "Error decrypting '#{path}'" unless success
|
|
81
91
|
FileUtils.mv(tmpfile, path)
|
|
82
92
|
end
|
data/lib/match/git_helper.rb
CHANGED
|
@@ -1,10 +1,12 @@
|
|
|
1
1
|
module Match
|
|
2
2
|
class GitHelper
|
|
3
|
-
def self.clone(git_url)
|
|
3
|
+
def self.clone(git_url, shallow_clone, manual_password: nil)
|
|
4
4
|
return @dir if @dir
|
|
5
5
|
|
|
6
6
|
@dir = Dir.mktmpdir
|
|
7
|
-
command = "git clone '#{git_url}' '#{@dir}'
|
|
7
|
+
command = "git clone '#{git_url}' '#{@dir}'"
|
|
8
|
+
command << " --depth 1" if shallow_clone
|
|
9
|
+
|
|
8
10
|
UI.message "Cloning remote git repo..."
|
|
9
11
|
FastlaneCore::CommandExecutor.execute(command: command,
|
|
10
12
|
print_all: $verbose,
|
|
@@ -13,7 +15,16 @@ module Match
|
|
|
13
15
|
raise "Error cloning repo, make sure you have access to it '#{git_url}'".red unless File.directory?(@dir)
|
|
14
16
|
|
|
15
17
|
copy_readme(@dir)
|
|
16
|
-
|
|
18
|
+
|
|
19
|
+
if !Helper.test? and GitHelper.match_version(@dir).nil? and manual_password.nil?
|
|
20
|
+
UI.important "Migrating to new match..."
|
|
21
|
+
ChangePassword.update(params: { git_url: git_url,
|
|
22
|
+
shallow_clone: shallow_clone },
|
|
23
|
+
from: "",
|
|
24
|
+
to: Encrypt.new.password(git_url))
|
|
25
|
+
return self.clone(git_url, shallow_clone)
|
|
26
|
+
end
|
|
27
|
+
Encrypt.new.decrypt_repo(path: @dir, git_url: git_url, manual_password: manual_password)
|
|
17
28
|
|
|
18
29
|
return @dir
|
|
19
30
|
end
|
|
@@ -29,11 +40,19 @@ module Match
|
|
|
29
40
|
].join(" ")
|
|
30
41
|
end
|
|
31
42
|
|
|
43
|
+
def self.match_version(workspace)
|
|
44
|
+
path = File.join(workspace, "match_version.txt")
|
|
45
|
+
if File.exist?(path)
|
|
46
|
+
Gem::Version.new(File.read(path))
|
|
47
|
+
end
|
|
48
|
+
end
|
|
49
|
+
|
|
32
50
|
def self.commit_changes(path, message, git_url)
|
|
33
51
|
Dir.chdir(path) do
|
|
34
52
|
return if `git status`.include?("nothing to commit")
|
|
35
53
|
|
|
36
54
|
Encrypt.new.encrypt_repo(path: path, git_url: git_url)
|
|
55
|
+
File.write("match_version.txt", Match::VERSION) # unencrypted
|
|
37
56
|
|
|
38
57
|
commands = []
|
|
39
58
|
commands << "git add -A"
|
|
@@ -48,6 +67,7 @@ module Match
|
|
|
48
67
|
print_command: $verbose)
|
|
49
68
|
end
|
|
50
69
|
end
|
|
70
|
+
FileUtils.rm_rf(path)
|
|
51
71
|
@dir = nil
|
|
52
72
|
end
|
|
53
73
|
|
data/lib/match/options.rb
CHANGED
|
@@ -46,7 +46,7 @@ module Match
|
|
|
46
46
|
default_value: false),
|
|
47
47
|
FastlaneCore::ConfigItem.new(key: :team_id,
|
|
48
48
|
short_option: "-b",
|
|
49
|
-
env_name: "
|
|
49
|
+
env_name: "FASTLANE_TEAM_ID",
|
|
50
50
|
description: "The ID of your team if you're in multiple teams",
|
|
51
51
|
optional: true,
|
|
52
52
|
default_value: CredentialsManager::AppfileConfig.try_fetch_value(:team_id),
|
|
@@ -55,7 +55,7 @@ module Match
|
|
|
55
55
|
end),
|
|
56
56
|
FastlaneCore::ConfigItem.new(key: :team_name,
|
|
57
57
|
short_option: "-l",
|
|
58
|
-
env_name: "
|
|
58
|
+
env_name: "FASTLANE_TEAM_NAME",
|
|
59
59
|
description: "The name of your team if you're in multiple teams",
|
|
60
60
|
optional: true,
|
|
61
61
|
default_value: CredentialsManager::AppfileConfig.try_fetch_value(:team_name),
|
|
@@ -75,11 +75,20 @@ module Match
|
|
|
75
75
|
description: "Renew the provisioning profiles every time you run match",
|
|
76
76
|
is_string: false,
|
|
77
77
|
default_value: false),
|
|
78
|
+
FastlaneCore::ConfigItem.new(key: :shallow_clone,
|
|
79
|
+
env_name: "MATCH_SHALLOW_CLONE",
|
|
80
|
+
description: "Make a shallow clone of the repository (truncate the history to 1 revision)",
|
|
81
|
+
is_string: false,
|
|
82
|
+
default_value: true),
|
|
78
83
|
FastlaneCore::ConfigItem.new(key: :workspace,
|
|
79
84
|
description: nil,
|
|
80
85
|
verify_block: proc do |value|
|
|
81
86
|
unless Helper.test?
|
|
82
|
-
|
|
87
|
+
if value.start_with?("/var/folders") or value.include?("tmp/") or value.include?("temp/")
|
|
88
|
+
# that's fine
|
|
89
|
+
else
|
|
90
|
+
raise "Specify the `git_url` instead of the `path`".red
|
|
91
|
+
end
|
|
83
92
|
end
|
|
84
93
|
end,
|
|
85
94
|
optional: true)
|
data/lib/match/runner.rb
CHANGED
|
@@ -7,7 +7,7 @@ module Match
|
|
|
7
7
|
hide_keys: [:workspace],
|
|
8
8
|
title: "Summary for match #{Match::VERSION}")
|
|
9
9
|
|
|
10
|
-
params[:workspace] = GitHelper.clone(params[:git_url])
|
|
10
|
+
params[:workspace] = GitHelper.clone(params[:git_url], params[:shallow_clone])
|
|
11
11
|
spaceship = SpaceshipEnsure.new(params[:username]) unless params[:readonly]
|
|
12
12
|
|
|
13
13
|
# Verify the App ID (as we don't want 'match' to fail at a later point)
|
data/lib/match/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: match
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.2.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Felix Krause
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2015-12-
|
|
11
|
+
date: 2015-12-20 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: security
|
|
@@ -30,7 +30,7 @@ dependencies:
|
|
|
30
30
|
requirements:
|
|
31
31
|
- - ">="
|
|
32
32
|
- !ruby/object:Gem::Version
|
|
33
|
-
version: 0.
|
|
33
|
+
version: 0.31.0
|
|
34
34
|
- - "<"
|
|
35
35
|
- !ruby/object:Gem::Version
|
|
36
36
|
version: 1.0.0
|
|
@@ -40,7 +40,7 @@ dependencies:
|
|
|
40
40
|
requirements:
|
|
41
41
|
- - ">="
|
|
42
42
|
- !ruby/object:Gem::Version
|
|
43
|
-
version: 0.
|
|
43
|
+
version: 0.31.0
|
|
44
44
|
- - "<"
|
|
45
45
|
- !ruby/object:Gem::Version
|
|
46
46
|
version: 1.0.0
|
|
@@ -70,7 +70,7 @@ dependencies:
|
|
|
70
70
|
requirements:
|
|
71
71
|
- - ">="
|
|
72
72
|
- !ruby/object:Gem::Version
|
|
73
|
-
version: 0.
|
|
73
|
+
version: 0.18.1
|
|
74
74
|
- - "<"
|
|
75
75
|
- !ruby/object:Gem::Version
|
|
76
76
|
version: 1.0.0
|
|
@@ -80,7 +80,7 @@ dependencies:
|
|
|
80
80
|
requirements:
|
|
81
81
|
- - ">="
|
|
82
82
|
- !ruby/object:Gem::Version
|
|
83
|
-
version: 0.
|
|
83
|
+
version: 0.18.1
|
|
84
84
|
- - "<"
|
|
85
85
|
- !ruby/object:Gem::Version
|
|
86
86
|
version: 1.0.0
|
|
@@ -264,6 +264,7 @@ files:
|
|
|
264
264
|
- lib/assets/MatchfileTemplate
|
|
265
265
|
- lib/assets/READMETemplate.md
|
|
266
266
|
- lib/match.rb
|
|
267
|
+
- lib/match/change_password.rb
|
|
267
268
|
- lib/match/encrypt.rb
|
|
268
269
|
- lib/match/generator.rb
|
|
269
270
|
- lib/match/git_helper.rb
|
|
@@ -295,7 +296,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
295
296
|
version: '0'
|
|
296
297
|
requirements: []
|
|
297
298
|
rubyforge_project:
|
|
298
|
-
rubygems_version: 2.4.
|
|
299
|
+
rubygems_version: 2.4.6
|
|
299
300
|
signing_key:
|
|
300
301
|
specification_version: 4
|
|
301
302
|
summary: Easily sync your certificates and profiles across your team using git
|