match 0.1.2 → 0.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +20 -1
- data/bin/match +15 -0
- data/lib/match.rb +1 -0
- data/lib/match/change_password.rb +14 -0
- data/lib/match/encrypt.rb +16 -6
- data/lib/match/git_helper.rb +23 -3
- data/lib/match/options.rb +12 -3
- data/lib/match/runner.rb +1 -1
- data/lib/match/version.rb +1 -1
- metadata +8 -7
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 9c0f9786bd1163d37e0f4ee1f96b2597d839ec5d
|
|
4
|
+
data.tar.gz: 2d41389a1fe003263e6a53d71f290e70d3bf134d
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: d225f09935f20e35d143086b6598aa90edb29bbb38cbe84548ff203d89827f40f0dad50309922c500d77bdf2b7afd8a360f98d0031d11ff4575b43def3aa39fd
|
|
7
|
+
data.tar.gz: 794d25bfeec94e8c1804dc9ec5526d5e785efeacb94a5cf14919640c9d731ec5898242d247eced944b99528961f4eb58aee170ffe867924b05a34025cce0db90
|
data/README.md
CHANGED
|
@@ -157,6 +157,15 @@ For a list of all available options run
|
|
|
157
157
|
match --help
|
|
158
158
|
```
|
|
159
159
|
|
|
160
|
+
#### Handle multiple targets
|
|
161
|
+
|
|
162
|
+
If you have several targets with different bundle identifiers, call `match` for each of them:
|
|
163
|
+
|
|
164
|
+
```
|
|
165
|
+
match appstore -a tools.fastlane.app
|
|
166
|
+
match appstore -a tools.fastlane.app.watchkitapp
|
|
167
|
+
```
|
|
168
|
+
|
|
160
169
|
#### Passphrase
|
|
161
170
|
|
|
162
171
|
When running `match` for the first time on a new machine, it will ask you for the passphrase for the Git repository. This is an additional layer of security: each of the files will be encrypted using `openssl`.Make sure to remember the password, as you'll need it when you run match on a different machine
|
|
@@ -257,7 +266,7 @@ e.g. `$(sigh_tools.fastlane.app_development)`
|
|
|
257
266
|
|
|
258
267
|
This is useful when installing your application on your device using the Development profile.
|
|
259
268
|
|
|
260
|
-
You can statically select the right provisioning profile in your Xcode project (the name will be `tools.fastlane.app
|
|
269
|
+
You can statically select the right provisioning profile in your Xcode project (the name will be `match Development tools.fastlane.app`).
|
|
261
270
|
|
|
262
271
|
### Nuke
|
|
263
272
|
|
|
@@ -274,6 +283,16 @@ match nuke distribution
|
|
|
274
283
|
|
|
275
284
|
You'll have to confirm a list of profiles / certificates that will be deleted.
|
|
276
285
|
|
|
286
|
+
### Change Password
|
|
287
|
+
|
|
288
|
+
To change the password of your repo and therefore decrypting and encrypting all files run
|
|
289
|
+
|
|
290
|
+
```
|
|
291
|
+
match change_password
|
|
292
|
+
```
|
|
293
|
+
|
|
294
|
+
You'll be asked for the new password on all your machines on the next run.
|
|
295
|
+
|
|
277
296
|
## Is this secure?
|
|
278
297
|
|
|
279
298
|
Both your keys and provisioning profiles are encrypted using OpenSSL using a passphrase.
|
data/bin/match
CHANGED
|
@@ -9,8 +9,10 @@ HighLine.track_eof = false
|
|
|
9
9
|
|
|
10
10
|
class MatchApplication
|
|
11
11
|
include Commander::Methods
|
|
12
|
+
UI = FastlaneCore::UI
|
|
12
13
|
|
|
13
14
|
# rubocop:disable Metrics/MethodLength
|
|
15
|
+
# rubocop:disable Metrics/AbcSize
|
|
14
16
|
def run
|
|
15
17
|
program :version, Match::VERSION
|
|
16
18
|
program :description, Match::DESCRIPTION
|
|
@@ -68,6 +70,18 @@ class MatchApplication
|
|
|
68
70
|
end
|
|
69
71
|
end
|
|
70
72
|
|
|
73
|
+
command :change_password do |c|
|
|
74
|
+
c.syntax = 'match change_password'
|
|
75
|
+
c.description = 'Re-encrypt all files with a different password'
|
|
76
|
+
c.action do |args, options|
|
|
77
|
+
params = FastlaneCore::Configuration.create(Match::Options.available_options, options.__hash__)
|
|
78
|
+
params.load_configuration_file("Matchfile")
|
|
79
|
+
|
|
80
|
+
Match::ChangePassword.update(params: params)
|
|
81
|
+
UI.success "Successfully changed the password. Make sure to update the password on all your clients and servers"
|
|
82
|
+
end
|
|
83
|
+
end
|
|
84
|
+
|
|
71
85
|
command "nuke" do |c|
|
|
72
86
|
# We have this empty command here, since otherwise the normal `match` command will be executed
|
|
73
87
|
c.syntax = "match nuke"
|
|
@@ -94,6 +108,7 @@ class MatchApplication
|
|
|
94
108
|
run!
|
|
95
109
|
end
|
|
96
110
|
# rubocop:enable Metrics/MethodLength
|
|
111
|
+
# rubocop:enable Metrics/AbcSize
|
|
97
112
|
end
|
|
98
113
|
|
|
99
114
|
begin
|
data/lib/match.rb
CHANGED
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
module Match
|
|
2
|
+
class ChangePassword
|
|
3
|
+
def self.update(params: nil, from: nil, to: nil)
|
|
4
|
+
to ||= UI.password("New password: ")
|
|
5
|
+
GitHelper.clear_changes
|
|
6
|
+
workspace = GitHelper.clone(params[:git_url], params[:shallow_clone], manual_password: from)
|
|
7
|
+
Encrypt.new.clear_password(params[:git_url])
|
|
8
|
+
Encrypt.new.store_password(params[:git_url], to)
|
|
9
|
+
|
|
10
|
+
message = "[fastlane] Changed password"
|
|
11
|
+
GitHelper.commit_changes(workspace, message, params[:git_url])
|
|
12
|
+
end
|
|
13
|
+
end
|
|
14
|
+
end
|
data/lib/match/encrypt.rb
CHANGED
|
@@ -7,7 +7,7 @@ module Match
|
|
|
7
7
|
end
|
|
8
8
|
|
|
9
9
|
def password(git_url)
|
|
10
|
-
password
|
|
10
|
+
password = ENV["MATCH_PASSWORD"]
|
|
11
11
|
unless password
|
|
12
12
|
item = Security::InternetPassword.find(server: server_name(git_url))
|
|
13
13
|
password = item.password if item
|
|
@@ -20,10 +20,14 @@ module Match
|
|
|
20
20
|
while password.to_s.length == 0
|
|
21
21
|
password = ask("Passphrase for Git Repo: ".yellow) { |q| q.echo = "*" }
|
|
22
22
|
end
|
|
23
|
-
|
|
23
|
+
store_password(git_url, password)
|
|
24
24
|
end
|
|
25
25
|
|
|
26
|
-
return
|
|
26
|
+
return password
|
|
27
|
+
end
|
|
28
|
+
|
|
29
|
+
def store_password(git_url, password)
|
|
30
|
+
Security::InternetPassword.add(server_name(git_url), "", password)
|
|
27
31
|
end
|
|
28
32
|
|
|
29
33
|
# removes the password from the keychain again
|
|
@@ -35,20 +39,21 @@ module Match
|
|
|
35
39
|
iterate(path) do |current|
|
|
36
40
|
crypt(path: current,
|
|
37
41
|
password: password(git_url),
|
|
38
|
-
|
|
42
|
+
encrypt: true)
|
|
39
43
|
UI.success "🔒 Encrypted '#{File.basename(current)}'" if $verbose
|
|
40
44
|
end
|
|
41
45
|
UI.success "🔒 Successfully encrypted certificates repo"
|
|
42
46
|
end
|
|
43
47
|
|
|
44
|
-
def decrypt_repo(path: nil, git_url: nil)
|
|
48
|
+
def decrypt_repo(path: nil, git_url: nil, manual_password: nil)
|
|
45
49
|
iterate(path) do |current|
|
|
46
50
|
begin
|
|
47
51
|
crypt(path: current,
|
|
48
|
-
password: password(git_url),
|
|
52
|
+
password: manual_password || password(git_url),
|
|
49
53
|
encrypt: false)
|
|
50
54
|
rescue
|
|
51
55
|
UI.error "Couldn't decrypt the repo, please make sure you enter the right password!"
|
|
56
|
+
UI.user_error!("Invalid password passed via 'MATCH_PASSWORD'") if ENV["MATCH_PASSWORD"]
|
|
52
57
|
clear_password(git_url)
|
|
53
58
|
decrypt_repo(path: path, git_url: git_url)
|
|
54
59
|
return
|
|
@@ -68,6 +73,10 @@ module Match
|
|
|
68
73
|
end
|
|
69
74
|
|
|
70
75
|
def crypt(path: nil, password: nil, encrypt: true)
|
|
76
|
+
if password.to_s.strip.length == 0
|
|
77
|
+
UI.user_error!("No password supplied")
|
|
78
|
+
end
|
|
79
|
+
|
|
71
80
|
tmpfile = File.join(Dir.mktmpdir, "temporary")
|
|
72
81
|
command = ["openssl aes-256-cbc"]
|
|
73
82
|
command << "-k \"#{password}\""
|
|
@@ -77,6 +86,7 @@ module Match
|
|
|
77
86
|
command << "-d" unless encrypt
|
|
78
87
|
command << "&> /dev/null" unless $verbose # to show show an error message is something goes wrong
|
|
79
88
|
success = system(command.join(' '))
|
|
89
|
+
|
|
80
90
|
raise "Error decrypting '#{path}'" unless success
|
|
81
91
|
FileUtils.mv(tmpfile, path)
|
|
82
92
|
end
|
data/lib/match/git_helper.rb
CHANGED
|
@@ -1,10 +1,12 @@
|
|
|
1
1
|
module Match
|
|
2
2
|
class GitHelper
|
|
3
|
-
def self.clone(git_url)
|
|
3
|
+
def self.clone(git_url, shallow_clone, manual_password: nil)
|
|
4
4
|
return @dir if @dir
|
|
5
5
|
|
|
6
6
|
@dir = Dir.mktmpdir
|
|
7
|
-
command = "git clone '#{git_url}' '#{@dir}'
|
|
7
|
+
command = "git clone '#{git_url}' '#{@dir}'"
|
|
8
|
+
command << " --depth 1" if shallow_clone
|
|
9
|
+
|
|
8
10
|
UI.message "Cloning remote git repo..."
|
|
9
11
|
FastlaneCore::CommandExecutor.execute(command: command,
|
|
10
12
|
print_all: $verbose,
|
|
@@ -13,7 +15,16 @@ module Match
|
|
|
13
15
|
raise "Error cloning repo, make sure you have access to it '#{git_url}'".red unless File.directory?(@dir)
|
|
14
16
|
|
|
15
17
|
copy_readme(@dir)
|
|
16
|
-
|
|
18
|
+
|
|
19
|
+
if !Helper.test? and GitHelper.match_version(@dir).nil? and manual_password.nil?
|
|
20
|
+
UI.important "Migrating to new match..."
|
|
21
|
+
ChangePassword.update(params: { git_url: git_url,
|
|
22
|
+
shallow_clone: shallow_clone },
|
|
23
|
+
from: "",
|
|
24
|
+
to: Encrypt.new.password(git_url))
|
|
25
|
+
return self.clone(git_url, shallow_clone)
|
|
26
|
+
end
|
|
27
|
+
Encrypt.new.decrypt_repo(path: @dir, git_url: git_url, manual_password: manual_password)
|
|
17
28
|
|
|
18
29
|
return @dir
|
|
19
30
|
end
|
|
@@ -29,11 +40,19 @@ module Match
|
|
|
29
40
|
].join(" ")
|
|
30
41
|
end
|
|
31
42
|
|
|
43
|
+
def self.match_version(workspace)
|
|
44
|
+
path = File.join(workspace, "match_version.txt")
|
|
45
|
+
if File.exist?(path)
|
|
46
|
+
Gem::Version.new(File.read(path))
|
|
47
|
+
end
|
|
48
|
+
end
|
|
49
|
+
|
|
32
50
|
def self.commit_changes(path, message, git_url)
|
|
33
51
|
Dir.chdir(path) do
|
|
34
52
|
return if `git status`.include?("nothing to commit")
|
|
35
53
|
|
|
36
54
|
Encrypt.new.encrypt_repo(path: path, git_url: git_url)
|
|
55
|
+
File.write("match_version.txt", Match::VERSION) # unencrypted
|
|
37
56
|
|
|
38
57
|
commands = []
|
|
39
58
|
commands << "git add -A"
|
|
@@ -48,6 +67,7 @@ module Match
|
|
|
48
67
|
print_command: $verbose)
|
|
49
68
|
end
|
|
50
69
|
end
|
|
70
|
+
FileUtils.rm_rf(path)
|
|
51
71
|
@dir = nil
|
|
52
72
|
end
|
|
53
73
|
|
data/lib/match/options.rb
CHANGED
|
@@ -46,7 +46,7 @@ module Match
|
|
|
46
46
|
default_value: false),
|
|
47
47
|
FastlaneCore::ConfigItem.new(key: :team_id,
|
|
48
48
|
short_option: "-b",
|
|
49
|
-
env_name: "
|
|
49
|
+
env_name: "FASTLANE_TEAM_ID",
|
|
50
50
|
description: "The ID of your team if you're in multiple teams",
|
|
51
51
|
optional: true,
|
|
52
52
|
default_value: CredentialsManager::AppfileConfig.try_fetch_value(:team_id),
|
|
@@ -55,7 +55,7 @@ module Match
|
|
|
55
55
|
end),
|
|
56
56
|
FastlaneCore::ConfigItem.new(key: :team_name,
|
|
57
57
|
short_option: "-l",
|
|
58
|
-
env_name: "
|
|
58
|
+
env_name: "FASTLANE_TEAM_NAME",
|
|
59
59
|
description: "The name of your team if you're in multiple teams",
|
|
60
60
|
optional: true,
|
|
61
61
|
default_value: CredentialsManager::AppfileConfig.try_fetch_value(:team_name),
|
|
@@ -75,11 +75,20 @@ module Match
|
|
|
75
75
|
description: "Renew the provisioning profiles every time you run match",
|
|
76
76
|
is_string: false,
|
|
77
77
|
default_value: false),
|
|
78
|
+
FastlaneCore::ConfigItem.new(key: :shallow_clone,
|
|
79
|
+
env_name: "MATCH_SHALLOW_CLONE",
|
|
80
|
+
description: "Make a shallow clone of the repository (truncate the history to 1 revision)",
|
|
81
|
+
is_string: false,
|
|
82
|
+
default_value: true),
|
|
78
83
|
FastlaneCore::ConfigItem.new(key: :workspace,
|
|
79
84
|
description: nil,
|
|
80
85
|
verify_block: proc do |value|
|
|
81
86
|
unless Helper.test?
|
|
82
|
-
|
|
87
|
+
if value.start_with?("/var/folders") or value.include?("tmp/") or value.include?("temp/")
|
|
88
|
+
# that's fine
|
|
89
|
+
else
|
|
90
|
+
raise "Specify the `git_url` instead of the `path`".red
|
|
91
|
+
end
|
|
83
92
|
end
|
|
84
93
|
end,
|
|
85
94
|
optional: true)
|
data/lib/match/runner.rb
CHANGED
|
@@ -7,7 +7,7 @@ module Match
|
|
|
7
7
|
hide_keys: [:workspace],
|
|
8
8
|
title: "Summary for match #{Match::VERSION}")
|
|
9
9
|
|
|
10
|
-
params[:workspace] = GitHelper.clone(params[:git_url])
|
|
10
|
+
params[:workspace] = GitHelper.clone(params[:git_url], params[:shallow_clone])
|
|
11
11
|
spaceship = SpaceshipEnsure.new(params[:username]) unless params[:readonly]
|
|
12
12
|
|
|
13
13
|
# Verify the App ID (as we don't want 'match' to fail at a later point)
|
data/lib/match/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: match
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.2.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Felix Krause
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2015-12-
|
|
11
|
+
date: 2015-12-20 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: security
|
|
@@ -30,7 +30,7 @@ dependencies:
|
|
|
30
30
|
requirements:
|
|
31
31
|
- - ">="
|
|
32
32
|
- !ruby/object:Gem::Version
|
|
33
|
-
version: 0.
|
|
33
|
+
version: 0.31.0
|
|
34
34
|
- - "<"
|
|
35
35
|
- !ruby/object:Gem::Version
|
|
36
36
|
version: 1.0.0
|
|
@@ -40,7 +40,7 @@ dependencies:
|
|
|
40
40
|
requirements:
|
|
41
41
|
- - ">="
|
|
42
42
|
- !ruby/object:Gem::Version
|
|
43
|
-
version: 0.
|
|
43
|
+
version: 0.31.0
|
|
44
44
|
- - "<"
|
|
45
45
|
- !ruby/object:Gem::Version
|
|
46
46
|
version: 1.0.0
|
|
@@ -70,7 +70,7 @@ dependencies:
|
|
|
70
70
|
requirements:
|
|
71
71
|
- - ">="
|
|
72
72
|
- !ruby/object:Gem::Version
|
|
73
|
-
version: 0.
|
|
73
|
+
version: 0.18.1
|
|
74
74
|
- - "<"
|
|
75
75
|
- !ruby/object:Gem::Version
|
|
76
76
|
version: 1.0.0
|
|
@@ -80,7 +80,7 @@ dependencies:
|
|
|
80
80
|
requirements:
|
|
81
81
|
- - ">="
|
|
82
82
|
- !ruby/object:Gem::Version
|
|
83
|
-
version: 0.
|
|
83
|
+
version: 0.18.1
|
|
84
84
|
- - "<"
|
|
85
85
|
- !ruby/object:Gem::Version
|
|
86
86
|
version: 1.0.0
|
|
@@ -264,6 +264,7 @@ files:
|
|
|
264
264
|
- lib/assets/MatchfileTemplate
|
|
265
265
|
- lib/assets/READMETemplate.md
|
|
266
266
|
- lib/match.rb
|
|
267
|
+
- lib/match/change_password.rb
|
|
267
268
|
- lib/match/encrypt.rb
|
|
268
269
|
- lib/match/generator.rb
|
|
269
270
|
- lib/match/git_helper.rb
|
|
@@ -295,7 +296,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
295
296
|
version: '0'
|
|
296
297
|
requirements: []
|
|
297
298
|
rubyforge_project:
|
|
298
|
-
rubygems_version: 2.4.
|
|
299
|
+
rubygems_version: 2.4.6
|
|
299
300
|
signing_key:
|
|
300
301
|
specification_version: 4
|
|
301
302
|
summary: Easily sync your certificates and profiles across your team using git
|