Codesign Lottie.xcframework #2259
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
calda
force-pushed
the
cal--codesigning
branch
4 times, most recently
from
54b5628 to
414c20c
Compare
calda
commented
Dec 14, 2023
| - uses: apple-actions/import-codesign-certs@v2 | ||
| with: | ||
| p12-file-base64: ${{ secrets.SIGNING_CERTIFICATE_BASE_64 }} | ||
| p12-password: ${{ secrets.SIGNING_CERTIFICATE_PASSWORD }} |
There was a problem hiding this comment.
I followed these steps to create a self-signing certificate and installed it as a secret in this repository:
- Create code signing certificate in Keychain Assistant (instructions)
- Export .p12 file for the code signing certificate, protected with a password. I also added this password to my iCloud Keychain for future reference in case we need it.
- Add certificate password as GitHub actions secret (
SIGNING_CERTIFICATE_PASSWORD) - Convert certificate file to base64, e.g. using
base64 -i "Lottie iOS Self Signing.p12". - Added base 64 as secret to GitHub repo, e.g. using
SIGNING_CERTIFICATE_BASE_64key
calda
force-pushed
the
cal--codesigning
branch
from
414c20c to
e43751f
Compare
This reverts commit e63369d.
calda
force-pushed
the
cal--codesigning
branch
from
7a9d900 to
ca5f1ec
Compare
jparise
reviewed
Dec 15, 2023
| @@ -86,11 +86,15 @@ jobs: | |||
| - '14.1' # Swift 5.7.1 | |||
| steps: | |||
| - uses: actions/checkout@v2 | |||
| - uses: apple-actions/import-codesign-certs@v2 | |||
| with: | |||
| p12-file-base64: ${{ secrets.SIGNING_CERTIFICATE_BASE_64 }} | |||
There was a problem hiding this comment.
nit: _BASE64 would be a little more natural spelling, but no strong feelings on that.
| @@ -85,6 +85,14 @@ Lottie supports Swift / Xcode versions back to the minimum version that is permi | |||
|
|
|||
| Lottie does not collect any data. We provide this notice to help you fill out [App Privacy Details](https://developer.apple.com/app-store/app-privacy-details/). We additionally provide a [privacy manifest](https://github.com/airbnb/lottie-ios/blob/master/PrivacyInfo.xcprivacy) which can be included in your app. | |||
|
|
|||
| ## Security | |||
|
|
|||
| We distribute XCFramework bundles for each release on [GitHub](https://github.com/airbnb/lottie-ios/releases/latest). In Lottie 4.4.0 and later, these XCFramework bundles include a [code signature](https://developer.apple.com/documentation/xcode/verifying-the-origin-of-your-xcframeworks). These bundles are self-signed under the name "Lottie iOS" and have the following fingerprint: | |||
There was a problem hiding this comment.
Should we include some instructions on how someone could use the fingerprint to verify the integrity of their framework artifact?
There was a problem hiding this comment.
Good idea, updated: c7944f6
I couldn't easily find out how to verify this outside of Xcode, e.g. via the command line. Open to suggestions if you have any ideas!
I tried codesign -dv --verbose=4 Lottie.xcframework, but it doesn't show this specific fingerprint string:
Executable=/Users/calstephens/Downloads/BuildProducts/Lottie.xcframework/Info.plist
Identifier=Lottie
Format=bundle
CodeDirectory v=20100 size=183 flags=0x0(none) hashes=1+3 location=embedded
Hash type=sha256 size=32
CandidateCDHash sha1=8e6caf486f23b91f5bbc5eb92c40343ca894cf0d
CandidateCDHashFull sha1=8e6caf486f23b91f5bbc5eb92c40343ca894cf0d
CandidateCDHash sha256=99b40b7bf0ff70ea7abab9e549d3bdd01b26226b
CandidateCDHashFull sha256=99b40b7bf0ff70ea7abab9e549d3bdd01b26226b613be5bca5976e32834aa4f7
Hash choices=sha1,sha256
CMSDigest=4baf8f8e561d838359115d9a23741afeac1a999720d6715a10c5b0238a988081
CMSDigestType=2
Page size=none
CDHash=99b40b7bf0ff70ea7abab9e549d3bdd01b26226b
Signature size=6332
Authority=Lottie iOS
Timestamp=Dec 15, 2023 at 9:15:20 AM
Info.plist entries=3
TeamIdentifier=not set
Sealed Resources version=2 rules=10 files=83
Internal requirements count=1 size=84
Perhaps one of the hashes here corresponds to the fingerprint shown in Xcode via some encoding, but I'm not sure.
jparise
approved these changes
Dec 15, 2023
Merged
cgrindel-self-hosted-renovate bot
referenced
this pull request
in cgrindel/rules_swift_package_manager
Jan 23, 2024
This PR contains the following updates: | Package | Update | Change | |---|---|---| | [airbnb/lottie-spm](https://togithub.com/airbnb/lottie-spm) | minor | `from: "4.3.4"` -> `from: "4.4.0"` | --- ### Release Notes <details> <summary>airbnb/lottie-spm (airbnb/lottie-spm)</summary> ### [`v4.4.0`](https://togithub.com/airbnb/lottie-spm/releases/tag/4.4.0) [Compare Source](https://togithub.com/airbnb/lottie-spm/compare/4.3.4...4.4.0) #### New features - Add privacy manifest ([https://github.com/airbnb/lottie-ios/pull/2252](https://togithub.com/airbnb/lottie-ios/pull/2252)) - Codesign Lottie.xcframework ([https://github.com/airbnb/lottie-ios/pull/2259](https://togithub.com/airbnb/lottie-ios/pull/2259)) - Add time remapping support to Core Animation rendering engine ([https://github.com/airbnb/lottie-ios/pull/2286](https://togithub.com/airbnb/lottie-ios/pull/2286)) - Add official visionOS support to lottie-ios repo ([https://github.com/airbnb/lottie-ios/pull/2287](https://togithub.com/airbnb/lottie-ios/pull/2287)) - lottie-spm now supports visionOS ([https://github.com/airbnb/lottie-spm/pull/12](https://togithub.com/airbnb/lottie-spm/pull/12)) - Adopt policy on minimum supported Swift / Xcode version, update minimum versions to Swift 5.7 / Xcode 14.1 ([https://github.com/airbnb/lottie-ios/pull/2260](https://togithub.com/airbnb/lottie-ios/pull/2260)) #### Bug fixes - Update LottieView to display placeholder using `overlay` instead of `ZStack` ([https://github.com/airbnb/lottie-ios/pull/2289](https://togithub.com/airbnb/lottie-ios/pull/2289)) - Fix issue where Core Animation rendering engine couldn't display last frame of animation when paused ([https://github.com/airbnb/lottie-ios/pull/2254](https://togithub.com/airbnb/lottie-ios/pull/2254)) - Do not create `DotLottieImageProvider` instance if there's no image files ([https://github.com/airbnb/lottie-ios/pull/2271](https://togithub.com/airbnb/lottie-ios/pull/2271)) - Mark DotLottieCache as Sendable ([https://github.com/airbnb/lottie-ios/pull/2245](https://togithub.com/airbnb/lottie-ios/pull/2245)) - Fix issue where AnimationKeypath in SolidLayer could be incorrect ([https://github.com/airbnb/lottie-ios/pull/2278](https://togithub.com/airbnb/lottie-ios/pull/2278)) - Fix issue where Repeater could be displayed incorrectly ([https://github.com/airbnb/lottie-ios/pull/2276](https://togithub.com/airbnb/lottie-ios/pull/2276)) - Include dSYMs in xcframework build ([https://github.com/airbnb/lottie-ios/pull/2284](https://togithub.com/airbnb/lottie-ios/pull/2284)) - Fix parsing issue, add support for DotLottieConfiguration in SwiftUI LottieView ([https://github.com/airbnb/lottie-ios/pull/2277](https://togithub.com/airbnb/lottie-ios/pull/2277)) - Fix issue where DotLottieImageProvider didn't handle base64 images ([https://github.com/airbnb/lottie-ios/pull/2283](https://togithub.com/airbnb/lottie-ios/pull/2283)) - Fix issue where manually interpolated keyframes could animate incorrectly ([https://github.com/airbnb/lottie-ios/pull/2285](https://togithub.com/airbnb/lottie-ios/pull/2285)) **Full Changelog**: airbnb/lottie-ios@4.3.4...4.4.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://togithub.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNi4xMDAuMCIsInVwZGF0ZWRJblZlciI6IjM2LjEwMC4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9--> Co-authored-by: Self-hosted Renovate Bot <361546+cgrindel-self-hosted-renovate[bot]@users.noreply.github.enterprise.com>
3 tasks
iago849
pushed a commit
to atteamapps/lottie-ios
that referenced
this pull request
Feb 8, 2024
cgrindel-self-hosted-renovate bot
referenced
this pull request
in cgrindel/rules_swift_package_manager
Feb 22, 2024
This PR contains the following updates: | Package | Update | Change | |---|---|---| | [airbnb/lottie-spm](https://togithub.com/airbnb/lottie-spm) | patch | `from: "4.4.0"` -> `from: "4.4.1"` | --- ### Release Notes <details> <summary>airbnb/lottie-spm (airbnb/lottie-spm)</summary> ### [`v4.4.1`](https://togithub.com/airbnb/lottie-spm/releases/tag/4.4.1) [Compare Source](https://togithub.com/airbnb/lottie-spm/compare/4.4.0...4.4.1) ##### Bug fixes in 4.4.1 - Replace os check with canImport so classes are available on visionOS ([https://github.com/airbnb/lottie-ios/pull/2294](https://togithub.com/airbnb/lottie-ios/pull/2294)) - Omit privacy manifest from source files in podspec ([https://github.com/airbnb/lottie-ios/pull/2307](https://togithub.com/airbnb/lottie-ios/pull/2307)) - Fix crash in Main Thread rendering engine path interpolation implementation ([https://github.com/airbnb/lottie-ios/pull/2305](https://togithub.com/airbnb/lottie-ios/pull/2305)) - Fix warning from invalid character in Cocoapods resource bundle identifier ([https://github.com/airbnb/lottie-ios/pull/2317](https://togithub.com/airbnb/lottie-ios/pull/2317)) - Fix infinite loop when setting `LottieAnimationView.viewportFrame` ([https://github.com/airbnb/lottie-ios/pull/2316](https://togithub.com/airbnb/lottie-ios/pull/2316)) ##### New features in 4.4.0 - Add privacy manifest ([https://github.com/airbnb/lottie-ios/pull/2252](https://togithub.com/airbnb/lottie-ios/pull/2252)) - Codesign Lottie.xcframework ([https://github.com/airbnb/lottie-ios/pull/2259](https://togithub.com/airbnb/lottie-ios/pull/2259)) - Add time remapping support to Core Animation rendering engine ([https://github.com/airbnb/lottie-ios/pull/2286](https://togithub.com/airbnb/lottie-ios/pull/2286)) - Add official visionOS support to lottie-ios repo ([https://github.com/airbnb/lottie-ios/pull/2287](https://togithub.com/airbnb/lottie-ios/pull/2287)) - lottie-spm now supports visionOS ([https://github.com/airbnb/lottie-spm/pull/12](https://togithub.com/airbnb/lottie-spm/pull/12)) - Adopt policy on minimum supported Swift / Xcode version, update minimum versions to Swift 5.7 / Xcode 14.1 ([https://github.com/airbnb/lottie-ios/pull/2260](https://togithub.com/airbnb/lottie-ios/pull/2260)) **Full Changelog**: airbnb/lottie-ios@4.4.0...4.4.1 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://togithub.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNi4xMDAuMCIsInVwZGF0ZWRJblZlciI6IjM2LjEwMC4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9--> Co-authored-by: Self-hosted Renovate Bot <361546+cgrindel-self-hosted-renovate[bot]@users.noreply.github.enterprise.com>
cgrindel-self-hosted-renovate bot
referenced
this pull request
in cgrindel/rules_swift_package_manager
Apr 8, 2024
This PR contains the following updates: | Package | Update | Change | |---|---|---| | [airbnb/lottie-spm](https://togithub.com/airbnb/lottie-spm) | patch | `from: "4.4.1"` -> `from: "4.4.2"` | --- ### Release Notes <details> <summary>airbnb/lottie-spm (airbnb/lottie-spm)</summary> ### [`v4.4.2`](https://togithub.com/airbnb/lottie-spm/releases/tag/4.4.2) [Compare Source](https://togithub.com/airbnb/lottie-spm/compare/4.4.1...4.4.2) ##### Changes in 4.4.2 - Update minimum deployment target to iOS 13.0 / macOS 10.15 ([https://github.com/airbnb/lottie-ios/pull/2322](https://togithub.com/airbnb/lottie-ios/pull/2322)) - Add privacy manifest to lottie-spm repo ([https://github.com/airbnb/lottie-spm/pull/23](https://togithub.com/airbnb/lottie-spm/pull/23)) - Add visionOS support to Cocoapods podspec ([https://github.com/airbnb/lottie-ios/pull/2348](https://togithub.com/airbnb/lottie-ios/pull/2348)) - Fix incorrect usage of `State(initialValue:)` in `LottieView` ([https://github.com/airbnb/lottie-ios/pull/2357](https://togithub.com/airbnb/lottie-ios/pull/2357)) - Use correct version number when building XCFramework bundle ([https://github.com/airbnb/lottie-ios/pull/2341](https://togithub.com/airbnb/lottie-ios/pull/2341)) ##### New features in 4.4.0 - Add privacy manifest ([https://github.com/airbnb/lottie-ios/pull/2252](https://togithub.com/airbnb/lottie-ios/pull/2252)) - Codesign Lottie.xcframework ([https://github.com/airbnb/lottie-ios/pull/2259](https://togithub.com/airbnb/lottie-ios/pull/2259)) - Add time remapping support to Core Animation rendering engine ([https://github.com/airbnb/lottie-ios/pull/2286](https://togithub.com/airbnb/lottie-ios/pull/2286)) - Add official visionOS support to lottie-ios repo ([https://github.com/airbnb/lottie-ios/pull/2287](https://togithub.com/airbnb/lottie-ios/pull/2287)) - lottie-spm now supports visionOS ([https://github.com/airbnb/lottie-spm/pull/12](https://togithub.com/airbnb/lottie-spm/pull/12)) - Adopt policy on minimum supported Swift / Xcode version, update minimum versions to Swift 5.7 / Xcode 14.1 ([https://github.com/airbnb/lottie-ios/pull/2260](https://togithub.com/airbnb/lottie-ios/pull/2260)) **Full Changelog**: airbnb/lottie-ios@4.4.1...4.4.2 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://togithub.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNi4xMDkuNCIsInVwZGF0ZWRJblZlciI6IjM2LjEwOS40IiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9--> Co-authored-by: Self-hosted Renovate Bot <361546+cgrindel-self-hosted-renovate[bot]@users.noreply.github.enterprise.com>
cgrindel-self-hosted-renovate bot
referenced
this pull request
in cgrindel/rules_swift_package_manager
Apr 16, 2024
) This PR contains the following updates: | Package | Update | Change | |---|---|---| | [airbnb/lottie-spm](https://togithub.com/airbnb/lottie-spm) | patch | `from: "4.4.2"` -> `from: "4.4.3"` | --- ### Release Notes <details> <summary>airbnb/lottie-spm (airbnb/lottie-spm)</summary> ### [`v4.4.3`](https://togithub.com/airbnb/lottie-spm/releases/tag/4.4.3) [Compare Source](https://togithub.com/airbnb/lottie-spm/compare/4.4.2...4.4.3) ##### Bug fixes in 4.4.3 - Fix issue where animation size could be incorrect after loading async animation ([https://github.com/airbnb/lottie-ios/pull/2379](https://togithub.com/airbnb/lottie-ios/pull/2379)) - Update NSPrivacyAccessedAPITypeReasons in privacy manifest ([https://github.com/airbnb/lottie-ios/pull/2380](https://togithub.com/airbnb/lottie-ios/pull/2380)) - Include animation duration when computing cost/complexity of Core Animation time remapping ([https://github.com/airbnb/lottie-ios/pull/2381](https://togithub.com/airbnb/lottie-ios/pull/2381)) ##### New features in 4.4.0 - Add privacy manifest ([https://github.com/airbnb/lottie-ios/pull/2252](https://togithub.com/airbnb/lottie-ios/pull/2252)) - Codesign Lottie.xcframework ([https://github.com/airbnb/lottie-ios/pull/2259](https://togithub.com/airbnb/lottie-ios/pull/2259)) - Add time remapping support to Core Animation rendering engine ([https://github.com/airbnb/lottie-ios/pull/2286](https://togithub.com/airbnb/lottie-ios/pull/2286)) - Add official visionOS support to lottie-ios repo ([https://github.com/airbnb/lottie-ios/pull/2287](https://togithub.com/airbnb/lottie-ios/pull/2287)) - lottie-spm now supports visionOS ([https://github.com/airbnb/lottie-spm/pull/12](https://togithub.com/airbnb/lottie-spm/pull/12)) - Adopt policy on minimum supported Swift / Xcode version, update minimum versions to Swift 5.7 / Xcode 14.1 ([https://github.com/airbnb/lottie-ios/pull/2260](https://togithub.com/airbnb/lottie-ios/pull/2260)) **Full Changelog**: airbnb/lottie-ios@4.4.2...4.4.3 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://togithub.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNi4xMDkuNCIsInVwZGF0ZWRJblZlciI6IjM2LjEwOS40IiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9--> Co-authored-by: Self-hosted Renovate Bot <361546+cgrindel-self-hosted-renovate[bot]@users.noreply.github.enterprise.com>
MoroziOS
pushed a commit
to MoroziOS/tmg-lottie-ios
that referenced
this pull request
May 22, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR updates the job that builds
Lottie.xcframeworkto codesign the bundle using a self-signed certificate.When viewing
Lottie.xcframeworkin Xcode 15 it now shows the following signature information:We'll publish the signature fingerprint in the README so consumers can validate they're using an authentic build.