Feature flag

yim-lee · yim-lee · commit c1df354d8fdc · 2021-02-18T16:55:21.000-08:00
diff --git a/Sources/PackageCollections/Providers/JSONPackageCollectionProvider.swift b/Sources/PackageCollections/Providers/JSONPackageCollectionProvider.swift
@@ -13,6 +13,7 @@ import Dispatch
 import struct Foundation.Data
 import struct Foundation.Date
 import class Foundation.JSONDecoder
+import class Foundation.ProcessInfo
 import struct Foundation.URL
 
 import PackageCollectionsModel
@@ -24,6 +25,9 @@ import TSCBasic
 private typealias JSONModel = PackageCollectionModel.V1
 
 struct JSONPackageCollectionProvider: PackageCollectionProvider {
+    // FIXME: remove
+    static let enableSignatureCheck = ProcessInfo.processInfo.environment["ENABLE_COLLECTION_SIGNATURE_CHECK"] != nil
+
     private let configuration: Configuration
     private let diagnosticsEngine: DiagnosticsEngine
     private let httpClient: HTTPClient
@@ -120,6 +124,11 @@ struct JSONPackageCollectionProvider: PackageCollectionProvider {
         do {
             // This fails if collection is not signed (i.e., no "signature")
             let signedCollection = try self.decoder.decode(JSONModel.SignedCollection.self, from: data)
+
+            if !Self.enableSignatureCheck {
+                return callback(self.makeCollection(from: signedCollection.collection, source: source, signature: Model.SignatureData(from: signedCollection.signature, isVerified: true)))
+            }
+
             if source.skipSignatureCheck {
                 // Don't validate signature; set isVerified=false
                 callback(self.makeCollection(from: signedCollection.collection, source: source, signature: Model.SignatureData(from: signedCollection.signature, isVerified: false)))
diff --git a/Tests/PackageCollectionsTests/JSONPackageCollectionProviderTests.swift b/Tests/PackageCollectionsTests/JSONPackageCollectionProviderTests.swift
@@ -19,6 +19,8 @@ import SPMTestSupport
 import TSCBasic
 import TSCUtility
 
+private let enableSignatureCheck = JSONPackageCollectionProvider.enableSignatureCheck
+
 class JSONPackageCollectionProviderTests: XCTestCase {
     func testGood() throws {
         fixture(name: "Collections") { directoryPath in
@@ -396,6 +398,10 @@ class JSONPackageCollectionProviderTests: XCTestCase {
     }
 
     func testSigned_skipSignatureCheck() throws {
+        if !enableSignatureCheck {
+            try XCTSkipIf(true)
+        }
+
         fixture(name: "Collections") { directoryPath in
             let path = directoryPath.appending(components: "JSON", "good_signed.json")
             let url = URL(string: "https://www.test.com/collection.json")!
@@ -460,6 +466,10 @@ class JSONPackageCollectionProviderTests: XCTestCase {
     }
 
     func testSigned_noTrustedRootCertsConfigured() throws {
+        if !enableSignatureCheck {
+            try XCTSkipIf(true)
+        }
+
         fixture(name: "Collections") { directoryPath in
             let path = directoryPath.appending(components: "JSON", "good_signed.json")
             let url = URL(string: "https://www.test.com/collection.json")!
@@ -500,6 +510,10 @@ class JSONPackageCollectionProviderTests: XCTestCase {
     }
 
     func testSignedBad() throws {
+        if !enableSignatureCheck {
+            try XCTSkipIf(true)
+        }
+
         fixture(name: "Collections") { directoryPath in
             let path = directoryPath.appending(components: "JSON", "good_signed.json")
             let url = URL(string: "https://www.test.com/collection.json")!
