@sentry/cli 1.72.1 → 1.73.1

package/CHANGELOG.md

@@ -2,6 +2,25 @@
 
 "You know what they say. Fool me once, strike one, but fool me twice... strike three." — Michael Scott
 
+## 1.73.1
+
+### Various fixes & improvements
+
+- feat: Allow for using local binary through SENTRYCLI_USE_LOCAL env (#1129) by @kamilogorek
+- ref: Dont panic on malformed xcodeproj directories (#1127) by @kamilogorek
+
+## 1.73.0
+
+* feat: Add checksum validation for installed binaries (set `SENTRYCLI_SKIP_CHECKSUM_VALIDATION` to opt-out) (#1123)
+* fix: Detect unwind and debug information in files linked with `gold` (#1124)
+* ref: Silence progress bar in CI environments by default (#1122)
+
+## 1.72.2
+
+* feat: Use default xcode values for plist struct (#1111)
+* fix: Fixes a panic when inspecting debug files larger than 4GB (#1117)
+* ref: Update log message when bundle ID is missing (#1113)
+
 ## 1.72.1
 
 * fix: Dont include `debug_id` during assemble when not PDBs are not supported (#1110)

package/checksums.txt

@@ -0,0 +1,9 @@
+sentry-cli-Darwin-arm64=94134d4e93df23462698f09ff172b53abcff13ef929507670372c84b20f776b7
+sentry-cli-Darwin-universal=041e3994de2d49c562792ae74d2a4f9be1fa145f267dcb1ec894cd83cb8ec2f6
+sentry-cli-Darwin-x86_64=2b236ce84f866251013964ad4190ee6be8e8079d52d5b38d0efd13a468073f20
+sentry-cli-Linux-aarch64=3dc9dacf69d55f4fe64e67dccbea647f50f884019e0d0eb58534f407bbde7fbd
+sentry-cli-Linux-armv7=28bbd534ab4312e6a49b9792cf6f12c77fe5a280fa7bb7d71101af66ce3380b5
+sentry-cli-Linux-i686=437eeed2799dabae95e3fda76ddff649604729068265b2c2d88afff1a3a64446
+sentry-cli-Linux-x86_64=85ca7fce2267088766fdb6d00d6ff3ad45e43c234eab21a107e70292cee714c7
+sentry-cli-Windows-i686.exe=e994d15f6d6300feaca1f178d4b980b44162e8d9fac7ef23fff9490fd033aa6a
+sentry-cli-Windows-x86_64.exe=224a411aa268183576b56cd3978a4cd5e58bea4753f67bcfda51be5b46a5a58b

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sentry/cli",
-  "version": "1.72.1",
+  "version": "1.73.1",
   "description": "A command line utility to work with Sentry. https://docs.sentry.io/hosted/learn/cli/",
   "homepage": "https://docs.sentry.io/hosted/learn/cli/",
   "license": "BSD-3-Clause",
@@ -40,7 +40,8 @@
     "node-fetch": "^2.6.7",
     "npmlog": "^4.1.2",
     "progress": "^2.0.3",
-    "proxy-from-env": "^1.1.0"
+    "proxy-from-env": "^1.1.0",
+    "which": "^2.0.2"
   },
   "devDependencies": {
     "eslint": "^6.8.0",

package/scripts/install.js

@@ -18,6 +18,7 @@ const Proxy = require('proxy-from-env');
 // NOTE: Can be dropped in favor of `fs.mkdirSync(path, { recursive: true })` once we stop supporting Node 8.x
 const mkdirp = require('mkdirp');
 const npmLog = require('npmlog');
+const which = require('which');
 
 const helper = require('../js/helper');
 const pkgInfo = require('../package.json');
@@ -48,8 +49,9 @@ function shouldRenderProgressBar() {
   const silentFlag = process.argv.some(v => v === '--silent');
   const silentConfig = process.env.npm_config_loglevel === 'silent';
   const silentEnv = process.env.SENTRY_NO_PROGRESS_BAR;
+  const ciEnv = process.env.CI === 'true';
   // If any of possible options is set, skip rendering of progress bar
-  return !(silentFlag || silentConfig || silentEnv);
+  return !(silentFlag || silentConfig || silentEnv || ciEnv);
 }
 
 function getDownloadUrl(platform, arch) {
@@ -149,11 +151,64 @@ function getTempFile(cached) {
     .slice(2)}.tmp`;
 }
 
+function validateChecksum(tempPath, name) {
+  let storedHash;
+  try {
+    const checksums = fs.readFileSync(path.join(__dirname, '../checksums.txt'), 'utf8');
+    const entries = checksums.split('\n');
+    for (let i = 0; i < entries.length; i++) {
+      const [key, value] = entries[i].split('=');
+      if (key === name) {
+        storedHash = value;
+        break;
+      }
+    }
+  } catch (e) {
+    npmLog.info(
+      'Checksums are generated when the package is published to npm. They are not available directly in the source repository. Skipping validation.'
+    );
+    return;
+  }
+
+  if (!storedHash) {
+    npmLog.info(`Checksum for ${name} not found, skipping validation.`);
+    return;
+  }
+
+  const currentHash = crypto
+    .createHash('sha256')
+    .update(fs.readFileSync(tempPath))
+    .digest('hex');
+
+  if (storedHash !== currentHash) {
+    fs.unlinkSync(tempPath);
+    throw new Error(
+      `Checksum validation for ${name} failed.\nExpected: ${storedHash}\nReceived: ${currentHash}`
+    );
+  } else {
+    npmLog.info('Checksum validation passed.');
+  }
+}
+
 function downloadBinary() {
   const arch = os.arch();
   const platform = os.platform();
   const outputPath = helper.getPath();
 
+  if (process.env.SENTRYCLI_USE_LOCAL === '1') {
+    try {
+      const binPath = which.sync('sentry-cli');
+      npmLog.info('sentry-cli', `Using local binary: ${binPath}`);
+      fs.copyFileSync(binPath, outputPath);
+      return Promise.resolve();
+    } catch (e) {
+      throw new Error(
+        'Configured installation of local binary, but it was not found.' +
+          'Make sure that `sentry-cli` executable is available in your $PATH or disable SENTRYCLI_USE_LOCAL env variable.'
+      );
+    }
+  }
+
   const downloadUrl = getDownloadUrl(platform, arch);
   if (!downloadUrl) {
     return Promise.reject(new Error(`Unsupported target ${platform}-${arch}`));
@@ -216,6 +271,9 @@ function downloadBinary() {
           .on('error', e => reject(e))
           .on('close', () => resolve());
       }).then(() => {
+        if (process.env.SENTRYCLI_SKIP_CHECKSUM_VALIDATION !== '1') {
+          validateChecksum(tempPath, name);
+        }
         fs.copyFileSync(tempPath, cachedPath);
         fs.copyFileSync(tempPath, outputPath);
         fs.unlinkSync(tempPath);