ci: add tests

steven-joruk · Feb 19, 2024 · 0c964a7 · 0c964a7
1 parent d6a6006
commit 0c964a7
Show file tree

Hide file tree

Showing 4 changed files with 52 additions and 3 deletions.
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -0,0 +1,49 @@
+name: CI
+
+on:
+  pull_request:
+  push:
+    branches: main
+
+jobs:
+  test:
+    name: Tests
+    runs-on: macos-14
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: build the client
+        run: cargo build -p client
+
+      - name: build and run the authenticating server, allowing clients by cdhash
+        run: |
+          cdhash=$(codesign -dvvv target/debug/client 2>&1 | grep CDHash= | sed 's/CDHash=//')
+          echo $cdhash
+          echo -n "cdhash H\"" > examples/authenticating/requirements.txt
+          echo -n $cdhash >> examples/authenticating/requirements.txt
+          echo \" >> examples/authenticating/requirements.txt
+          cat examples/authenticating/requirements.txt
+          
+          cargo b -p authenticating
+          sudo mkdir -p /Library/PrivilegedHelperTools
+          sudo cp target/debug/authenticating /Library/PrivilegedHelperTools/com.example.authenticating
+          sudo cp examples/authenticating/com.example.authenticating.plist /Library/LaunchDaemons/
+          sudo launchctl load /Library/LaunchDaemons/com.example.authenticating.plist
+
+      - name: verify the echo client can connect when the requirements match
+        run: |
+          target/debug/client | grep "Hello there."
+
+      - name: stop the server
+        run: sudo launchctl unload /Library/LaunchDaemons/com.example.authenticating.plist
+
+      - name: build and run the authenticating server, allowing clients by cdhash
+        run: |
+          echo "cdhash H\"0000000000000000000000000000000000000000\"" > examples/authenticating/requirements.txt
+          cargo b -p authenticating
+          sudo cp target/debug/authenticating /Library/PrivilegedHelperTools/com.example.authenticating
+          sudo launchctl load /Library/LaunchDaemons/com.example.authenticating.plist
+
+      - name: verify the echo client can't connect when the requirements don't match
+        run: |
+          target/debug/client | grep -v "Hello there."
diff --git a/examples/authenticating/Cargo.toml b/examples/authenticating/Cargo.toml
@@ -6,4 +6,4 @@ publish = false
 
 [dependencies]
 privileged_helper_tool = { path = "../../privileged_helper_tool" }
-tokio = { workspace = true, features = ["io-util", "macros", "net", "rt"] }
+tokio = { workspace = true, features = ["io-util", "macros", "net", "rt-multi-thread"] }
diff --git a/examples/authenticating/requirements.txt b/examples/authenticating/requirements.txt
@@ -0,0 +1 @@
+anchor apple generic and certificate leaf[subject.OU] = \"MY_TEAM_ID\"
diff --git a/examples/authenticating/src/main.rs b/examples/authenticating/src/main.rs
@@ -8,8 +8,7 @@ use tokio::{
 /// Update this with your actual team ID, or whatever other verification you
 /// want to perform.
 /// See https://developer.apple.com/library/archive/documentation/Security/Conceptual/CodeSigningGuide/RequirementLang/RequirementLang.html
-const REQUIREMENT_TEXT: &str =
-    "anchor apple generic and certificate leaf[subject.OU] = \"MY_TEAM_ID\"";
+const REQUIREMENT_TEXT: &str = include_str!("../requirements.txt");
 
 #[tokio::main]
 async fn main() {
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		anchor apple generic and certificate leaf[subject.OU] = \"MY_TEAM_ID\"