@sentry/cli 1.72.2 → 1.73.2

package/CHANGELOG.md

@@ -2,6 +2,25 @@
 
 "You know what they say. Fool me once, strike one, but fool me twice... strike three." — Michael Scott
 
+## 1.73.2
+
+### Various fixes & improvements
+
+- install: Rename SENTRY_NO_PROGRESS_BAR flag to SENTRYCLI_NO_PROGRESS_BAR (#1132) by @kamilogorek
+
+## 1.73.1
+
+### Various fixes & improvements
+
+- feat: Allow for using local binary through SENTRYCLI_USE_LOCAL env (#1129) by @kamilogorek
+- ref: Dont panic on malformed xcodeproj directories (#1127) by @kamilogorek
+
+## 1.73.0
+
+* feat: Add checksum validation for installed binaries (set `SENTRYCLI_SKIP_CHECKSUM_VALIDATION` to opt-out) (#1123)
+* fix: Detect unwind and debug information in files linked with `gold` (#1124)
+* ref: Silence progress bar in CI environments by default (#1122)
+
 ## 1.72.2
 
 * feat: Use default xcode values for plist struct (#1111)

package/checksums.txt

@@ -0,0 +1,9 @@
+sentry-cli-Darwin-arm64=a363b15e883041ed24ba3e9c394952eeab3c0072800ab4874e8374f8dc31af0a
+sentry-cli-Darwin-universal=2b7406c9ddd978ed7828a8491cdf2fa4fa4b83c232b6cda52e0b23caaac6452c
+sentry-cli-Darwin-x86_64=072697e2ccb40d4ddf2623684f14635aadf6a22d45c9976bbaf55582626a0924
+sentry-cli-Linux-aarch64=e9941a53eec7cca900582bbbbba63744295840be65d83aad34467c5eb747d881
+sentry-cli-Linux-armv7=9a7ccbb6b732656a6e0754d86552e37e794972ed91a1383be39b9ced6f0b5d28
+sentry-cli-Linux-i686=f09d66e4f640a2a2aeed72be98ddd2547846cca81a309ae056d26360fb7a87af
+sentry-cli-Linux-x86_64=be5b856087324cb5d270c356c276ee48eecdbef591db155efabaf20576100d07
+sentry-cli-Windows-i686.exe=284b67e0c16aaf318f06784f29c4855af62a5c4a5cee32f98076baa455076c63
+sentry-cli-Windows-x86_64.exe=b6596a13760a25decee54ce3c5d7cc1214fff3c59c1e77d81ab0f920ad30c513

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sentry/cli",
-  "version": "1.72.2",
+  "version": "1.73.2",
   "description": "A command line utility to work with Sentry. https://docs.sentry.io/hosted/learn/cli/",
   "homepage": "https://docs.sentry.io/hosted/learn/cli/",
   "license": "BSD-3-Clause",
@@ -40,7 +40,8 @@
     "node-fetch": "^2.6.7",
     "npmlog": "^4.1.2",
     "progress": "^2.0.3",
-    "proxy-from-env": "^1.1.0"
+    "proxy-from-env": "^1.1.0",
+    "which": "^2.0.2"
   },
   "devDependencies": {
     "eslint": "^6.8.0",

package/scripts/install.js

@@ -18,6 +18,7 @@ const Proxy = require('proxy-from-env');
 // NOTE: Can be dropped in favor of `fs.mkdirSync(path, { recursive: true })` once we stop supporting Node 8.x
 const mkdirp = require('mkdirp');
 const npmLog = require('npmlog');
+const which = require('which');
 
 const helper = require('../js/helper');
 const pkgInfo = require('../package.json');
@@ -47,9 +48,11 @@ function getLogStream(defaultStream) {
 function shouldRenderProgressBar() {
   const silentFlag = process.argv.some(v => v === '--silent');
   const silentConfig = process.env.npm_config_loglevel === 'silent';
-  const silentEnv = process.env.SENTRY_NO_PROGRESS_BAR;
+  // Leave `SENTRY_NO_PROGRESS_BAR` for backwards compatibility
+  const silentEnv = process.env.SENTRYCLI_NO_PROGRESS_BAR || process.env.SENTRY_NO_PROGRESS_BAR;
+  const ciEnv = process.env.CI === 'true';
   // If any of possible options is set, skip rendering of progress bar
-  return !(silentFlag || silentConfig || silentEnv);
+  return !(silentFlag || silentConfig || silentEnv || ciEnv);
 }
 
 function getDownloadUrl(platform, arch) {
@@ -149,11 +152,64 @@ function getTempFile(cached) {
     .slice(2)}.tmp`;
 }
 
+function validateChecksum(tempPath, name) {
+  let storedHash;
+  try {
+    const checksums = fs.readFileSync(path.join(__dirname, '../checksums.txt'), 'utf8');
+    const entries = checksums.split('\n');
+    for (let i = 0; i < entries.length; i++) {
+      const [key, value] = entries[i].split('=');
+      if (key === name) {
+        storedHash = value;
+        break;
+      }
+    }
+  } catch (e) {
+    npmLog.info(
+      'Checksums are generated when the package is published to npm. They are not available directly in the source repository. Skipping validation.'
+    );
+    return;
+  }
+
+  if (!storedHash) {
+    npmLog.info(`Checksum for ${name} not found, skipping validation.`);
+    return;
+  }
+
+  const currentHash = crypto
+    .createHash('sha256')
+    .update(fs.readFileSync(tempPath))
+    .digest('hex');
+
+  if (storedHash !== currentHash) {
+    fs.unlinkSync(tempPath);
+    throw new Error(
+      `Checksum validation for ${name} failed.\nExpected: ${storedHash}\nReceived: ${currentHash}`
+    );
+  } else {
+    npmLog.info('Checksum validation passed.');
+  }
+}
+
 function downloadBinary() {
   const arch = os.arch();
   const platform = os.platform();
   const outputPath = helper.getPath();
 
+  if (process.env.SENTRYCLI_USE_LOCAL === '1') {
+    try {
+      const binPath = which.sync('sentry-cli');
+      npmLog.info('sentry-cli', `Using local binary: ${binPath}`);
+      fs.copyFileSync(binPath, outputPath);
+      return Promise.resolve();
+    } catch (e) {
+      throw new Error(
+        'Configured installation of local binary, but it was not found.' +
+          'Make sure that `sentry-cli` executable is available in your $PATH or disable SENTRYCLI_USE_LOCAL env variable.'
+      );
+    }
+  }
+
   const downloadUrl = getDownloadUrl(platform, arch);
   if (!downloadUrl) {
     return Promise.reject(new Error(`Unsupported target ${platform}-${arch}`));
@@ -216,6 +272,9 @@ function downloadBinary() {
           .on('error', e => reject(e))
           .on('close', () => resolve());
       }).then(() => {
+        if (process.env.SENTRYCLI_SKIP_CHECKSUM_VALIDATION !== '1') {
+          validateChecksum(tempPath, name);
+        }
         fs.copyFileSync(tempPath, cachedPath);
         fs.copyFileSync(tempPath, outputPath);
         fs.unlinkSync(tempPath);