From 0a984cff03296263ae83d454d2d3dc6970a0c7a1 Mon Sep 17 00:00:00 2001 From: bebstein-pass <95220086+bebstein-pass@users.noreply.github.com> Date: Wed, 8 Jan 2025 17:26:05 +0100 Subject: [PATCH] (BSR) docs(android): improve setup for Android (#7490) --- .envrc | 2 +- devbox.json | 20 +++--- doc/installation/Android.md | 7 ++ scripts/add_certificate_to_ios_simulator.sh | 4 +- scripts/ensure_nix_use_certificate.sh | 4 +- scripts/install_certificate_java.sh | 68 +++++++++++++++++++ scripts/is_proxy_enabled.sh | 4 +- scripts/load_certificate.sh | 4 +- ...start_android_emulator_with_certificate.sh | 8 +-- 9 files changed, 98 insertions(+), 23 deletions(-) create mode 100755 scripts/install_certificate_java.sh diff --git a/.envrc b/.envrc index 2e63a46b1ab..7bb06dd1fde 100644 --- a/.envrc +++ b/.envrc @@ -23,7 +23,7 @@ layout node source_env ./scripts/install_node_modules_when_not_installed.sh -ANDROID_HOME="$HOME/Library/Android/sdk" +ANDROID_HOME="${ANDROID_HOME:-"$HOME/Library/Android/sdk"}" if [ -d "$ANDROID_HOME" ]; then export ANDROID_HOME PATH_add "$ANDROID_HOME/platform-tools" diff --git a/devbox.json b/devbox.json index 1fb1bcedc15..8dd8a33835a 100644 --- a/devbox.json +++ b/devbox.json @@ -1,14 +1,16 @@ { "packages": [ - "nodejs@20.10.0", - "jq@latest", - "watchman@latest", - "ruby@2.7.5", - "python3@latest", - "git@latest", - "maestro@latest", + // needed to debug pipeline locally "act@latest", "gh@latest", - "podman@latest" - ] + "podman@latest", + // others stuffs + "git@latest", + "nodejs@20.10.0", + "watchman@latest", + "jq@latest", // needed by some scripts run in the pipeline + "ruby@2.7.5", // needed to install iOS dependencies and to run fastlane + "python3@latest", // needed by scripts/add_tracker.py + "maestro@latest", // needed to run end to end test locally + ], } diff --git a/doc/installation/Android.md b/doc/installation/Android.md index 9b88c03cad0..605d7a17a2a 100644 --- a/doc/installation/Android.md +++ b/doc/installation/Android.md @@ -25,6 +25,13 @@ Then open the Android Virtual Devices Manager and select (or create) a Virtual D keyPassword= ``` +### Install + +```sh +./scripts/install_certificate_java.sh # this script ask root password +direnv reload +``` + ### 🔥 Firebase setup Download the `google-services.json` file from Keeper and place it inside the `android/app` directory. You can also download this file from the Firebase console. diff --git a/scripts/add_certificate_to_ios_simulator.sh b/scripts/add_certificate_to_ios_simulator.sh index 6e16241a336..e4e10b4c532 100755 --- a/scripts/add_certificate_to_ios_simulator.sh +++ b/scripts/add_certificate_to_ios_simulator.sh @@ -1,10 +1,10 @@ #!/usr/bin/env bash set -o errexit -o nounset -o pipefail -SSL_CERT_FILE="$(realpath '/Library/Application Support'/*/*/data/*cacert.pem 2>/dev/null || true)" +SSL_CERT_FILE="$(realpath '/Library/Application Support'/*/*/data/*cacert.pem 2>/dev/null || echo '')" SCRIPT_FOLDER="$(dirname "$(realpath "$0")")" -if "$SCRIPT_FOLDER/is_proxy_enabled.sh"; then +if sh "$SCRIPT_FOLDER/is_proxy_enabled.sh"; then xcrun simctl keychain booted add-root-cert "$SSL_CERT_FILE" fi diff --git a/scripts/ensure_nix_use_certificate.sh b/scripts/ensure_nix_use_certificate.sh index 08591b793ab..82611a23387 100644 --- a/scripts/ensure_nix_use_certificate.sh +++ b/scripts/ensure_nix_use_certificate.sh @@ -1,7 +1,7 @@ #!/usr/bin/env bash set -o errexit -o nounset -o pipefail -SSL_CERT_FILE="$(realpath '/Library/Application Support'/*/*/data/*cacert.pem 2>/dev/null || true)" +SSL_CERT_FILE="$(realpath '/Library/Application Support'/*/*/data/*cacert.pem 2>/dev/null || echo '')" NIX_CONF="/etc/nix/nix.conf" is_nix_using_certificate() { @@ -41,6 +41,6 @@ ensure_nix_use_certificate() { restart_nix } -if ./is_proxy_enabled.sh; then +if sh ./is_proxy_enabled.sh; then ensure_nix_use_certificate fi diff --git a/scripts/install_certificate_java.sh b/scripts/install_certificate_java.sh new file mode 100755 index 00000000000..caa61497d05 --- /dev/null +++ b/scripts/install_certificate_java.sh @@ -0,0 +1,68 @@ +#!/usr/bin/env bash +set -o errexit -o nounset -o pipefail + +SSL_CERT_FILE="$(realpath '/Library/Application Support'/*/*/data/*cacert.pem 2>/dev/null || echo '')" + +SCRIPT_FOLDER="$(dirname "$(realpath "$0")")" + +remove_certificate_bundle_safe() { + if [ -f "$SSL_CERT_BUNDLE_FILE" ]; then + sudo rm "$SSL_CERT_BUNDLE_FILE" + fi +} + +has_certificate() { + echo "${KEYTOOL_PASSWORD}" | + sudo keytool -cacerts -list -alias "mykey" +} + +remove_certificate() { + echo "${KEYTOOL_PASSWORD}" | + sudo keytool -delete -cacerts -alias "mykey" >/dev/null +} + +remove_certificate_safe() { + remove_certificate_bundle_safe + + if has_certificate; then + remove_certificate + fi +} + +set_password_and_accept_trusting_the_certificate() { + echo "${KEYTOOL_PASSWORD}" + echo "oui" +} + +add_certificate() { + set_password_and_accept_trusting_the_certificate | + sudo keytool -import -cacerts -file "$SSL_CERT_BUNDLE_FILE" >/dev/null +} + +add_certificate_safe() { + if ! has_certificate; then + add_certificate + fi +} + +if [ -n "${SSL_CERT_FILE+x}" ]; then + SSL_CERT_DIR="$(dirname "$SSL_CERT_FILE")" + SSL_CERT_TENANT="$(realpath "$SSL_CERT_DIR"/*tenantcert.pem)" + SSL_CERT_BUNDLE_FILE="$SSL_CERT_DIR/cert-bundle.pem" + + # remove_certificate_safe # to be able to debug, remove everything done, comment this when not debugging + + if sh "$SCRIPT_FOLDER/is_proxy_enabled.sh"; then + if [ -f "$SSL_CERT_TENANT" ]; then + echo "Adding certificate for proxy in Java's keytool system requires root password" + + if [ ! -f "$SSL_CERT_BUNDLE_FILE" ]; then + cat "$SSL_CERT_TENANT" "$SSL_CERT_FILE" | sudo tee "$SSL_CERT_BUNDLE_FILE" >/dev/null + fi + + add_certificate_safe + fi + else + remove_certificate_safe + fi +fi diff --git a/scripts/is_proxy_enabled.sh b/scripts/is_proxy_enabled.sh index 0641414bbe3..af6c20b2fff 100755 --- a/scripts/is_proxy_enabled.sh +++ b/scripts/is_proxy_enabled.sh @@ -1,9 +1,9 @@ #!/usr/bin/env bash set -o errexit -o nounset -o pipefail -PROXY_DIAGNOSTIC="$(realpath '/Library/Application Support'/*/*/*diag 2>/dev/null || true)" +PROXY_DIAGNOSTIC="$(realpath '/Library/Application Support'/*/*/*diag 2>/dev/null || echo '')" -if [ -f "$PROXY_DIAGNOSTIC" ]; then +if [ -n "${PROXY_DIAGNOSTIC+x}" ]; then "$PROXY_DIAGNOSTIC" -f | grep "TUNNEL_CONNECTED" >/dev/null else return 1 diff --git a/scripts/load_certificate.sh b/scripts/load_certificate.sh index effcddb5426..fdb24628832 100644 --- a/scripts/load_certificate.sh +++ b/scripts/load_certificate.sh @@ -1,9 +1,9 @@ #!/usr/bin/env bash set -o errexit -o nounset -o pipefail -SSL_CERT_FILE="$(realpath '/Library/Application Support'/*/*/data/*cacert.pem 2>/dev/null || true)" +SSL_CERT_FILE="$(realpath '/Library/Application Support'/*/*/data/*cacert.pem 2>/dev/null || echo '')" -if ./is_proxy_enabled.sh; then +if sh ./is_proxy_enabled.sh; then export SSL_CERT_FILE="$SSL_CERT_FILE" export NODE_EXTRA_CA_CERTS="$SSL_CERT_FILE" export NIX_SSL_CERT_FILE="$SSL_CERT_FILE" diff --git a/scripts/start_android_emulator_with_certificate.sh b/scripts/start_android_emulator_with_certificate.sh index 68759750d8a..2d38cc22efb 100755 --- a/scripts/start_android_emulator_with_certificate.sh +++ b/scripts/start_android_emulator_with_certificate.sh @@ -1,9 +1,7 @@ #!/usr/bin/env bash set -o errexit -o nounset -o pipefail -SSL_CERT_FILE="$(realpath '/Library/Application Support'/*/*/data/*cacert.pem 2>/dev/null || true)" - -WAIT_BOOT_COMPLETED="${WAIT_BOOT_COMPLETED:-15}" +SSL_CERT_FILE="$(realpath '/Library/Application Support'/*/*/data/*cacert.pem 2>/dev/null || echo '')" SCRIPT_FOLDER="$(dirname "$(realpath "$0")")" @@ -29,7 +27,7 @@ add_certificate_to_this_session() { adb unroot } -if "$SCRIPT_FOLDER/is_proxy_enabled.sh"; then +if sh "$SCRIPT_FOLDER/is_proxy_enabled.sh"; then if [ -z "${ANDROID_SERIAL+x}" ]; then echo "You didn't set the ANDROID_SERIAL environment variable" echo "Choosing one for you :" @@ -45,7 +43,7 @@ if "$SCRIPT_FOLDER/is_proxy_enabled.sh"; then start_android_emulator >/dev/null & - sleep "$WAIT_BOOT_COMPLETED" + adb wait-for-device add_certificate_to_this_session fi