feat(cef_host): content-hash-keyed signed prebuilt on GCS#16
Merged
Conversation
Replaces the ad-hoc GitHub-release + committed-manifest prebuilt with a content-hash-keyed, Developer-ID-signed cef_host published to public GCS by a private Codemagic workflow. - tool/cef_host_hash.sh: deterministic hash of the build inputs (native/cef_host + build_cef_host.sh), sourced by both fetch + publish so they can't drift. - tool/fetch_cef_host.sh: derive the GCS URL from the hash, download + sha256 verify, extract. No manifest. Fail-open on network, fail-closed on mismatch. - tool/publish-cef-host.sh: build the SANDBOXED (CEF_HOST_ADHOC=OFF, Developer-ID) variant -- the one that renders agent_ui -- hash it, idempotently upload to gs://flutterflow-downloads/campus_prebuilt_cef_host/<hash>/. - codemagic.yaml: private publish pipeline (push-to-main + cef-host-v* tags); signing material + GCS service account live only in Codemagic, not the repo. - Delete cef_host_prebuilt.json + .github/workflows/release-cef-host.yml (the ad-hoc CI that shipped the agent_ui-breaking host). Keying by build-input hash makes the artifact release-model-agnostic (SHA, branch, or a future release tag all resolve to the same object) and rebuilds only when the host actually changes. Requires the `cef_host_publish` Codemagic env group (GCP SA + Developer-ID P12) -- see specs/prebuilt-cef-host/PLAN.md. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
- Makefile target auto-resolves the Developer ID Application identity and runs tool/publish-cef-host.sh — the local zero-CI publish, run when cef_host changes. - Harden the publish signature check: capture codesign output and string-match instead of piping into grep under `set -o pipefail` (codesign -dvv can exit non-zero on a valid signature, which false-failed the check). Validated end-to-end against a staging GCS prefix: build sandboxed + Developer-ID host -> hash -> upload -> anonymous public-read fetch -> sha256-verify -> extract (Developer-ID confirmed); fetch and publish both idempotent. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
…lish-cef-host` The flutter_cef Codemagic app isn't available, so publishing is the local `make publish-cef-host` target (zero CI; the host changes rarely). Removed the non-functional codemagic.yaml — publish-cef-host.sh stays CI-agnostic for any future automation in a repo that holds the signing + GCS creds. Doc note updated. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Makes flutter_cef turnkey —
pub get+flutter build macosembeds a working, Developer-ID signed, sandboxed cef_host (nomake cef-host, noFLUTTER_CEF_HOST, no pin/host drift) — replacing the ad-hoc GitHub-release prebuilt that shipped the agent_ui-breaking host.Design
native/cef_host/+build_cef_host.sh), not the plugin commit — release-model-agnostic (SHA/branch/tag pins that check out the same native sources resolve to the same object); a Dart-only change rebuilds nothing.tool/cef_host_hash.shis sourced by both fetch and publish so they can't drift.gs://flutterflow-downloads/campus_prebuilt_cef_host/<hash>/…(+.sha256), anonymous public-read.make publish-cef-host(tool/publish-cef-host.sh): builds the sandboxed variant (CEF_HOST_ADHOC=OFF, Developer-ID — renders agent_ui), hashes, idempotently uploads. Signing material never touches this public repo; the host changes rarely so a local publish suffices (the script is CI-agnostic for later automation).cef_host_prebuilt.json+.github/workflows/release-cef-host.yml.Validated end-to-end (staging GCS prefix)
deterministic hash (stable / moves on source change / ignores build outputs) ✔ ·
make publish-cef-host→ sandboxed Developer-ID build → hash85a8824…→ 120 MB tarball +.sha256uploaded ✔ · anonymouscurl -fI→HTTP/2 200,cache-control: immutable✔ · fetch → same hash → download → sha256-verify → extract (Developer-ID confirmed) ✔ · idempotent both sides ✔After merge (go-live)
make publish-cef-hostonce to seed the production prefix.gh release delete cef-host-v0.2.0 --cleanup-tag(retire the ad-hoc host).🤖 Generated with Claude Code