Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Introduce compatibility with nightly build #163

Merged
merged 4 commits into from Mar 7, 2019

Conversation

Projects
None yet
4 participants
@mleroy
Copy link
Contributor

mleroy commented Mar 7, 2019

Description: In the SSO flow, the SDK looks for compatible application packages on the device. Today, it looks for the production & debug packages. This adds support for the nightly package as well.

This is useful as we can distribute nightly packages to partners to verify fixes.

Related issue(s): Addresses #164

@mleroy mleroy self-assigned this Mar 7, 2019

@mleroy mleroy requested review from tyvsmith , thepoofy and jck2 Mar 7, 2019

@jck2

This comment has been minimized.

Copy link
Contributor

jck2 commented Mar 7, 2019

Are you sure the existing behavior recognizes debug builds? My understanding was that even though debug is included in the eats package names that the hash is missing and validation will fail for that.

I'm fine with this change, but I have a feeling the decision to not include this was intentional and that we purposely only included hashes for production versions of eats and rides

@mleroy

This comment has been minimized.

Copy link
Contributor Author

mleroy commented Mar 7, 2019

Are you sure the existing behavior recognizes debug builds? My understanding was that even though debug is included in the eats package names that the hash is missing and validation will fail for that.

Hash validation is skipped for debug builds as long as the device is an emulator. See AppProtocol#isDebug:

private boolean isDebug(@NonNull Context context) {
    String brand = Build.BRAND;
    int applicationFlags = context.getApplicationInfo().flags;
    // We are debugging on an emulator, don't validate package signature.
    return (brand.startsWith("Android") || brand.startsWith("generic")) &&
            (applicationFlags & ApplicationInfo.FLAG_DEBUGGABLE) != 0;
}

I'm fine with this change, but I have a feeling the decision to not include this was intentional and that we purposely only included hashes for production versions of eats and rides

Let's hear from @tyvsmith on this. This unblocks an important use case and these hashes can be public.

@thepoofy

This comment has been minimized.

Copy link
Contributor

thepoofy commented Mar 7, 2019

Please create an Issue and reference this in the PR description.

@thepoofy
Copy link
Contributor

thepoofy left a comment

See comments.

@mleroy mleroy requested a review from thepoofy Mar 7, 2019

@thepoofy
Copy link
Contributor

thepoofy left a comment

👍

@tyvsmith

This comment has been minimized.

Copy link
Member

tyvsmith commented Mar 7, 2019

I'm alright adding the extra package names, but in this case, is .internal an indicator fo a build from a local device using a dev keystore? Is .nightly built from a different keystore than the regular on?

@mleroy mleroy changed the title Recognize nightly & internal builds Introduce compatibility with nightly build Mar 7, 2019

@mleroy

This comment has been minimized.

Copy link
Contributor Author

mleroy commented Mar 7, 2019

I reverted most changes to only include the additional .nightly package name for now. We have an on-going discussion as to whether the .internal package should be supported.

@mleroy

This comment has been minimized.

Copy link
Contributor Author

mleroy commented Mar 7, 2019

@mleroy mleroy merged commit 594b15f into master Mar 7, 2019

1 of 3 checks passed

continuous-integration/travis-ci/pr The Travis CI build is in progress
Details
continuous-integration/travis-ci/push The Travis CI build is in progress
Details
license/cla Contributor License Agreement is signed.
Details

@mleroy mleroy deleted the ml/recognize_other_eats_builds branch Mar 7, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.