security(dist): codesign-verify the fetched/remote cef_host (fail-closed, team-pinned)#17
Merged
Merged
Conversation
…te cef_host (fail-closed) The .sha256 sidecar lives in the same public GCS prefix as the tarball, so it is transport integrity only — the actual root of trust is the Developer-ID signature sealed inside the app, which nothing consulted before executing the fetched binary (posix_spawn bypasses Gatekeeper, curl sets no quarantine). - fetch_cef_host.sh: extract to a private staging dir, then REQUIRE `codesign --verify --deep --strict` with a designated requirement pinning the leaf cert to the publishing team (FLUTTER_CEF_TEAM_ID, default KLAJ5X6PJP) before moving the app into place. Fail-CLOSED on any mismatch (also drops the cached tarball). Offline-safe (no spctl/Gatekeeper round-trip). - publish-cef-host.sh: the "already exists -> skip" idempotency no longer trusts a pre-existing remote object blindly (keys are content hashes of PUBLIC sources, so a bucket-writer could pre-plant an object for a future commit and permanently suppress the legitimate upload). It now downloads + signature-verifies the remote artifact: valid -> no-op as before; invalid -> hard error telling the operator to investigate/delete. Validated live: genuine artifact fetch passes (team KLAJ5X6PJP); a tampered binary with a matching (attacker-controlled) sha256 sidecar is REFUSED and nothing is installed; a wrong FLUTTER_CEF_TEAM_ID is refused; publish verify-remote no-ops against the genuine GCS object. tool/ is not part of the content hash, so no artifact republish is needed. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes the top finding of the cef architecture audit: the auto-fetched cef_host executable was never authenticity-verified before use — the
.sha256sidecar lives in the same public bucket as the tarball, so it's transport integrity only.Changes
codesign --verify --deep --strictwith a designated requirement pinning the leaf cert to the publishing team (FLUTTER_CEF_TEAM_ID, defaultKLAJ5X6PJP). The app is only moved intonative/cef_host/prebuilt/after passing; a failure also drops the cached tarball. Offline-safe (no spctl).Validated (live)
tool/is outside the content hash — no artifact republish needed; consumers get the gate on their next pin bump.🤖 Generated with Claude Code