From ef06ca77697a1517ad54430f35c801cbccb61f36 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Linus=20F=C3=A4rnstrand?= Date: Fri, 24 Jan 2025 16:25:25 +0100 Subject: [PATCH] Append --locked when building Rust libraries for iOS in release mode This prevents the build from succeeding if the lockfile is dirty. This stops us from releasing apps that are hard to re-build with the exact same dependencies, or that had malicious stuff injected under some circumstances --- ios/build-rust-library.sh | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/ios/build-rust-library.sh b/ios/build-rust-library.sh index 3b0a6675e715..cd4e39d43e54 100644 --- a/ios/build-rust-library.sh +++ b/ios/build-rust-library.sh @@ -24,12 +24,12 @@ echo ${FEATURE_FLAGS:+--features "$FEATURE_FLAGS"} fi -RELFLAG= +CARGO_ARGS=() if [[ "$CONFIGURATION" == "Release" ]]; then - RELFLAG=--release + CARGO_ARGS+=(--release --locked) fi if [[ "$CONFIGURATION" == "MockRelease" ]]; then - RELFLAG=--release + CARGO_ARGS+=(--release --locked) fi # For whatever reason, Xcode includes its toolchain paths in the PATH variable such as @@ -54,11 +54,11 @@ for arch in $ARCHS; do arm64) if [ $IS_SIMULATOR -eq 0 ]; then # Hardware iOS targets - "$HOME"/.cargo/bin/cargo build -p "$FFI_TARGET" --lib $RELFLAG --target aarch64-apple-ios ${FEATURE_FLAGS:+--features "$FEATURE_FLAGS"} + "$HOME"/.cargo/bin/cargo build -p "$FFI_TARGET" --lib "${CARGO_ARGS[@]}" --target aarch64-apple-ios ${FEATURE_FLAGS:+--features "$FEATURE_FLAGS"} "$HOME"/.cargo/bin/cargo build -p "$FFI_TARGET" --lib --target aarch64-apple-ios ${FEATURE_FLAGS:+--features "$FEATURE_FLAGS"} else # iOS Simulator targets for arm64 - "$HOME"/.cargo/bin/cargo build -p "$FFI_TARGET" --lib $RELFLAG --target aarch64-apple-ios-sim ${FEATURE_FLAGS:+--features "$FEATURE_FLAGS"} + "$HOME"/.cargo/bin/cargo build -p "$FFI_TARGET" --lib "${CARGO_ARGS[@]}" --target aarch64-apple-ios-sim ${FEATURE_FLAGS:+--features "$FEATURE_FLAGS"} "$HOME"/.cargo/bin/cargo build -p "$FFI_TARGET" --lib --target aarch64-apple-ios-sim ${FEATURE_FLAGS:+--features "$FEATURE_FLAGS"} fi esac