@onekeyfe/react-native-bundle-update 1.1.26 → 1.1.27
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -21,6 +21,15 @@ Pod::Spec.new do |s|
|
|
|
21
21
|
|
|
22
22
|
s.vendored_frameworks = 'ios/Frameworks/Gopenpgp.xcframework'
|
|
23
23
|
|
|
24
|
+
# When ONEKEY_ALLOW_SKIP_GPG_VERIFICATION env var is set to a non-empty, non-'false' value,
|
|
25
|
+
# enable the ALLOW_SKIP_GPG_VERIFICATION Swift compilation condition.
|
|
26
|
+
# Without this flag, all skip-GPG code paths are compiled out (dead code elimination).
|
|
27
|
+
if ENV['ONEKEY_ALLOW_SKIP_GPG_VERIFICATION'] && ENV['ONEKEY_ALLOW_SKIP_GPG_VERIFICATION'] != '' && ENV['ONEKEY_ALLOW_SKIP_GPG_VERIFICATION'] != 'false'
|
|
28
|
+
s.pod_target_xcconfig = {
|
|
29
|
+
'SWIFT_ACTIVE_COMPILATION_CONDITIONS' => '$(inherited) ALLOW_SKIP_GPG_VERIFICATION'
|
|
30
|
+
}
|
|
31
|
+
end
|
|
32
|
+
|
|
24
33
|
s.dependency 'React-jsi'
|
|
25
34
|
s.dependency 'React-callinvoker'
|
|
26
35
|
s.dependency 'ReactNativeNativeLogger'
|
package/android/build.gradle
CHANGED
|
@@ -39,6 +39,14 @@ android {
|
|
|
39
39
|
minSdkVersion getExtOrIntegerDefault("minSdkVersion")
|
|
40
40
|
targetSdkVersion getExtOrIntegerDefault("targetSdkVersion")
|
|
41
41
|
|
|
42
|
+
// When ONEKEY_ALLOW_SKIP_GPG_VERIFICATION env var is set to a non-empty, non-'false' value,
|
|
43
|
+
// enable the skip-GPG code paths. Without this flag, BuildConfig.ALLOW_SKIP_GPG_VERIFICATION
|
|
44
|
+
// is false and all skip-GPG logic is gated behind an immutable compile-time constant.
|
|
45
|
+
def allowSkipGPG = System.getenv('ONEKEY_ALLOW_SKIP_GPG_VERIFICATION') != null &&
|
|
46
|
+
System.getenv('ONEKEY_ALLOW_SKIP_GPG_VERIFICATION') != '' &&
|
|
47
|
+
System.getenv('ONEKEY_ALLOW_SKIP_GPG_VERIFICATION') != 'false'
|
|
48
|
+
buildConfigField("boolean", "ALLOW_SKIP_GPG_VERIFICATION", allowSkipGPG.toString())
|
|
49
|
+
|
|
42
50
|
externalNativeBuild {
|
|
43
51
|
cmake {
|
|
44
52
|
cppFlags "-frtti -fexceptions -Wall -fstack-protector-all"
|
package/android/src/main/java/com/margelo/nitro/reactnativebundleupdate/ReactNativeBundleUpdate.kt
CHANGED
|
@@ -528,7 +528,7 @@ object BundleUpdateStoreAndroid {
|
|
|
528
528
|
val signature = readSignatureFile(context, currentBundleVersion)
|
|
529
529
|
OneKeyLog.debug("BundleUpdate", "getJsBundlePath: signatureLength=${signature.length}")
|
|
530
530
|
|
|
531
|
-
val devSettingsEnabled = isDevSettingsEnabled(context)
|
|
531
|
+
val devSettingsEnabled = if (BuildConfig.ALLOW_SKIP_GPG_VERIFICATION) isDevSettingsEnabled(context) else false
|
|
532
532
|
if (devSettingsEnabled) {
|
|
533
533
|
OneKeyLog.warn("BundleUpdate", "Startup SHA256 validation skipped (DevSettings enabled)")
|
|
534
534
|
}
|
|
@@ -591,8 +591,10 @@ object BundleUpdateStoreAndroid {
|
|
|
591
591
|
* Returns true if the skip-GPG-verification toggle is enabled in developer settings.
|
|
592
592
|
* Reads the persisted value from MMKV storage (key: onekey_bundle_skip_gpg_verification,
|
|
593
593
|
* instance: onekey-app-dev-setting).
|
|
594
|
+
* Gated by BuildConfig.ALLOW_SKIP_GPG_VERIFICATION — always returns false in production builds.
|
|
594
595
|
*/
|
|
595
596
|
fun isSkipGPGEnabled(context: Context): Boolean {
|
|
597
|
+
if (!BuildConfig.ALLOW_SKIP_GPG_VERIFICATION) return false
|
|
596
598
|
return try {
|
|
597
599
|
MMKV.initialize(context)
|
|
598
600
|
val mmkv = MMKV.mmkvWithID("onekey-app-dev-setting") ?: return false
|
|
@@ -720,8 +722,10 @@ class ReactNativeBundleUpdate : HybridReactNativeBundleUpdateSpec() {
|
|
|
720
722
|
}
|
|
721
723
|
}
|
|
722
724
|
|
|
723
|
-
/** Returns true if the skip-GPG-verification toggle is enabled via MMKV storage.
|
|
725
|
+
/** Returns true if the skip-GPG-verification toggle is enabled via MMKV storage.
|
|
726
|
+
* Gated by BuildConfig.ALLOW_SKIP_GPG_VERIFICATION — always returns false in production builds. */
|
|
724
727
|
private fun isSkipGPGEnabled(): Boolean {
|
|
728
|
+
if (!BuildConfig.ALLOW_SKIP_GPG_VERIFICATION) return false
|
|
725
729
|
return try {
|
|
726
730
|
val context = NitroModules.applicationContext ?: return false
|
|
727
731
|
BundleUpdateStoreAndroid.isSkipGPGEnabled(context)
|
|
@@ -891,10 +895,8 @@ class ReactNativeBundleUpdate : HybridReactNativeBundleUpdateSpec() {
|
|
|
891
895
|
OneKeyLog.info("BundleUpdate", "verifyBundleASC: appVersion=$appVersion, bundleVersion=$bundleVersion, file=$filePath, signatureLength=${signature.length}")
|
|
892
896
|
|
|
893
897
|
// GPG verification skipped only when both DevSettings and skip-GPG toggle are enabled
|
|
894
|
-
val
|
|
895
|
-
|
|
896
|
-
val skipGPG = devSettings && skipGPGToggle
|
|
897
|
-
OneKeyLog.info("BundleUpdate", "verifyBundleASC: GPG check: devSettings=$devSettings, skipGPGToggle=$skipGPGToggle, skipGPG=$skipGPG")
|
|
898
|
+
val skipGPG = BuildConfig.ALLOW_SKIP_GPG_VERIFICATION && isDevSettingsEnabled() && isSkipGPGEnabled()
|
|
899
|
+
OneKeyLog.info("BundleUpdate", "verifyBundleASC: GPG check: skipGPG=$skipGPG")
|
|
898
900
|
|
|
899
901
|
if (!skipGPG) {
|
|
900
902
|
OneKeyLog.info("BundleUpdate", "verifyBundleASC: verifying SHA256 of downloaded file...")
|
|
@@ -987,10 +989,8 @@ class ReactNativeBundleUpdate : HybridReactNativeBundleUpdateSpec() {
|
|
|
987
989
|
OneKeyLog.info("BundleUpdate", "installBundle: appVersion=$appVersion, bundleVersion=$bundleVersion, signatureLength=${signature.length}")
|
|
988
990
|
|
|
989
991
|
// GPG verification skipped only when both DevSettings and skip-GPG toggle are enabled
|
|
990
|
-
val
|
|
991
|
-
|
|
992
|
-
val skipGPG = devSettings && skipGPGToggle
|
|
993
|
-
OneKeyLog.info("BundleUpdate", "installBundle: GPG check: devSettings=$devSettings, skipGPGToggle=$skipGPGToggle, skipGPG=$skipGPG")
|
|
992
|
+
val skipGPG = BuildConfig.ALLOW_SKIP_GPG_VERIFICATION && isDevSettingsEnabled() && isSkipGPGEnabled()
|
|
993
|
+
OneKeyLog.info("BundleUpdate", "installBundle: GPG check: skipGPG=$skipGPG")
|
|
994
994
|
|
|
995
995
|
val folderName = "$appVersion-$bundleVersion"
|
|
996
996
|
val currentFolderName = BundleUpdateStoreAndroid.getCurrentBundleVersion(context)
|
|
@@ -1116,10 +1116,9 @@ class ReactNativeBundleUpdate : HybridReactNativeBundleUpdateSpec() {
|
|
|
1116
1116
|
}
|
|
1117
1117
|
|
|
1118
1118
|
// Verify GPG signature is valid (skipped when both DevSettings and skip-GPG toggle are enabled)
|
|
1119
|
-
val
|
|
1120
|
-
|
|
1121
|
-
|
|
1122
|
-
if (!(devSettings && skipGPGToggle)) {
|
|
1119
|
+
val skipGPGSwitch = BuildConfig.ALLOW_SKIP_GPG_VERIFICATION && isDevSettingsEnabled() && isSkipGPGEnabled()
|
|
1120
|
+
OneKeyLog.info("BundleUpdate", "setCurrentUpdateBundleData: GPG check: skipGPG=$skipGPGSwitch")
|
|
1121
|
+
if (!skipGPGSwitch) {
|
|
1123
1122
|
if (params.signature.isEmpty() ||
|
|
1124
1123
|
!BundleUpdateStoreAndroid.validateMetadataFileSha256(context, bundleVersion, params.signature)) {
|
|
1125
1124
|
OneKeyLog.error("BundleUpdate", "setCurrentUpdateBundleData: GPG signature verification failed")
|
|
@@ -205,10 +205,15 @@ public class BundleUpdateStore: NSObject {
|
|
|
205
205
|
/// Returns true if the skip-GPG-verification toggle is enabled in developer settings.
|
|
206
206
|
/// Reads the persisted value from MMKV storage (key: onekey_bundle_skip_gpg_verification,
|
|
207
207
|
/// instance: onekey-app-dev-setting).
|
|
208
|
+
/// Gated by ALLOW_SKIP_GPG_VERIFICATION compile flag — always returns false in production builds.
|
|
208
209
|
public static func isSkipGPGEnabled() -> Bool {
|
|
210
|
+
#if ALLOW_SKIP_GPG_VERIFICATION
|
|
209
211
|
MMKV.initialize(rootDir: nil)
|
|
210
212
|
guard let mmkv = MMKV(mmapID: "onekey-app-dev-setting") else { return false }
|
|
211
213
|
return mmkv.bool(forKey: "onekey_bundle_skip_gpg_verification", defaultValue: false)
|
|
214
|
+
#else
|
|
215
|
+
return false
|
|
216
|
+
#endif
|
|
212
217
|
}
|
|
213
218
|
|
|
214
219
|
public static func readMetadataFileSha256(_ signature: String) -> String? {
|
|
@@ -410,10 +415,14 @@ public class BundleUpdateStore: NSObject {
|
|
|
410
415
|
let signature = readSignatureFile(currentBundleVer)
|
|
411
416
|
OneKeyLog.debug("BundleUpdate", "getJsBundlePath: signatureLength=\(signature.count)")
|
|
412
417
|
|
|
418
|
+
#if ALLOW_SKIP_GPG_VERIFICATION
|
|
413
419
|
let devSettingsEnabled = isDevSettingsEnabled()
|
|
414
420
|
if devSettingsEnabled {
|
|
415
421
|
OneKeyLog.warn("BundleUpdate", "Startup SHA256 validation skipped (DevSettings enabled)")
|
|
416
422
|
}
|
|
423
|
+
#else
|
|
424
|
+
let devSettingsEnabled = false
|
|
425
|
+
#endif
|
|
417
426
|
if !devSettingsEnabled && !validateMetadataFileSha256(currentBundleVer, signature: signature) {
|
|
418
427
|
OneKeyLog.warn("BundleUpdate", "getJsBundlePath: validateMetadataFileSha256 failed, signatureLength=\(signature.count)")
|
|
419
428
|
return nil
|
|
@@ -817,10 +826,12 @@ class ReactNativeBundleUpdate: HybridReactNativeBundleUpdateSpec {
|
|
|
817
826
|
OneKeyLog.info("BundleUpdate", "verifyBundleASC: appVersion=\(appVersion), bundleVersion=\(bundleVersion), file=\(filePath), signatureLength=\(signature.count)")
|
|
818
827
|
|
|
819
828
|
// GPG verification skipped only when both DevSettings and skip-GPG toggle are enabled
|
|
820
|
-
|
|
821
|
-
let
|
|
822
|
-
|
|
823
|
-
|
|
829
|
+
#if ALLOW_SKIP_GPG_VERIFICATION
|
|
830
|
+
let skipGPG = BundleUpdateStore.isDevSettingsEnabled() && BundleUpdateStore.isSkipGPGEnabled()
|
|
831
|
+
#else
|
|
832
|
+
let skipGPG = false
|
|
833
|
+
#endif
|
|
834
|
+
OneKeyLog.info("BundleUpdate", "verifyBundleASC: GPG check: skipGPG=\(skipGPG)")
|
|
824
835
|
|
|
825
836
|
if !skipGPG {
|
|
826
837
|
OneKeyLog.info("BundleUpdate", "verifyBundleASC: verifying SHA256 of downloaded file...")
|
|
@@ -936,10 +947,12 @@ class ReactNativeBundleUpdate: HybridReactNativeBundleUpdateSpec {
|
|
|
936
947
|
OneKeyLog.info("BundleUpdate", "installBundle: appVersion=\(appVersion), bundleVersion=\(bundleVersion), signatureLength=\(signature.count)")
|
|
937
948
|
|
|
938
949
|
// GPG verification skipped only when both DevSettings and skip-GPG toggle are enabled
|
|
939
|
-
|
|
940
|
-
let
|
|
941
|
-
|
|
942
|
-
|
|
950
|
+
#if ALLOW_SKIP_GPG_VERIFICATION
|
|
951
|
+
let skipGPG = BundleUpdateStore.isDevSettingsEnabled() && BundleUpdateStore.isSkipGPGEnabled()
|
|
952
|
+
#else
|
|
953
|
+
let skipGPG = false
|
|
954
|
+
#endif
|
|
955
|
+
OneKeyLog.info("BundleUpdate", "installBundle: GPG check: skipGPG=\(skipGPG)")
|
|
943
956
|
|
|
944
957
|
let folderName = "\(appVersion)-\(bundleVersion)"
|
|
945
958
|
let currentFolderName = BundleUpdateStore.currentBundleVersion()
|
|
@@ -1065,10 +1078,13 @@ class ReactNativeBundleUpdate: HybridReactNativeBundleUpdateSpec {
|
|
|
1065
1078
|
}
|
|
1066
1079
|
|
|
1067
1080
|
// Verify GPG signature is valid (skipped when both DevSettings and skip-GPG toggle are enabled)
|
|
1068
|
-
|
|
1069
|
-
let
|
|
1070
|
-
|
|
1071
|
-
|
|
1081
|
+
#if ALLOW_SKIP_GPG_VERIFICATION
|
|
1082
|
+
let skipGPGSwitch = BundleUpdateStore.isDevSettingsEnabled() && BundleUpdateStore.isSkipGPGEnabled()
|
|
1083
|
+
#else
|
|
1084
|
+
let skipGPGSwitch = false
|
|
1085
|
+
#endif
|
|
1086
|
+
OneKeyLog.info("BundleUpdate", "setCurrentUpdateBundleData: GPG check: skipGPG=\(skipGPGSwitch)")
|
|
1087
|
+
if !skipGPGSwitch {
|
|
1072
1088
|
guard !params.signature.isEmpty,
|
|
1073
1089
|
BundleUpdateStore.validateMetadataFileSha256(bundleVersion, signature: params.signature) else {
|
|
1074
1090
|
OneKeyLog.error("BundleUpdate", "setCurrentUpdateBundleData: GPG signature verification failed")
|