ciecleci/androidのOpenSSLに気をつけよう
by
yamacraft
Link
Embed
Share
Beginning
This slide
Copy link URL
Copy link URL
Copy iframe embed code
Copy iframe embed code
Copy javascript embed code
Copy javascript embed code
Share
Tweet
Share
Tweet
Slide 1
Slide 1 text
circleci/androidͷ OpenSSLʹؾΛ͚ͭΑ͏ @yamacraft
Slide 2
Slide 2 text
profile • @yamacraft (Wataru Yamada) • Mobile Application Engineer • LeadingMark, inc • team Y.G.E.(private) • Ұ෦دߘ → → →
Slide 3
Slide 3 text
αϯϓϧϓϩδΣΫτ https://github.com/yamacraft/android.RequestPermissions
Slide 4
Slide 4 text
લஔ͖ • ઌ΄ͲͷϓϩδΣΫτCircle CI 1.0ͰϏϧυ͢ΔΈΛೖ Ε͍ͯͨ • Circle CI 2.0ͩͱϏϧυૣ͘ͳΔͱฉ͍ͨͷͰɺࢼ͠ʹରԠ ͯ͠ΈΑ͏ͱࢥͬͨ • ͪͳΈʹൿಗใOpenSSLͰ҉߸Խͨ͠ϑΝΠϧʹೖΕͯ ͍Δʢ1.0࣌ʹެ͕ࣜҊͯͨ͠ํ๏Λ࠾༻ʣ • https://github.com/circleci/encrypted-files
Slide 5
Slide 5 text
Circle CI2.0Ͱઃఆͨ͠༰ • imageެࣜͷcircleci/androidΛ༻ • OpenSSLͰ҉߸Խͨ͠ϑΝΠϧΛ෮ݩ͠ɺγ εςϜͷڥมʹΈࠐΉ • ͋ͱ./gradlew build͢Δ͚ͩ
Slide 6
Slide 6 text
decryptͰ͖ͳ͍…
Slide 7
Slide 7 text
Ͳ͏ͯ͠… • circleci/android(apt)ͷOpenSSL 1.1.0f • mac OS(homebrew)ͷOpenSSL1.0.2l • 1.1.0͔Βޓੑʹͪΐͬͱʢ༷มߋʣ ͕͋ΔΒ͍͠…
Slide 8
Slide 8 text
ৄࡉ • OpenSSL1.1.0ͱҎલͷόʔδϣϯͱͷޓੑ • https://http2.try-and-test.net/openssl1_1_0_tips.html
Slide 9
Slide 9 text
ͰɺͲ͏ͨ͠ͷʁ • ҉߸ԽϑΝΠϧΛ࡞Δ࣌ʹɺҰํؔΛ sha256ࢦఆ͢ΔΦϓγϣϯΛࢦఆͯ͠ੜ͢ Δͱ෮߸ԽͰ͖ΔΑ͏ʹͳΔ • openssl aes-256-cbc -md sha256 -e -in secret-env-plain -out secret-env-cipher -k $KEY
Slide 10
Slide 10 text
ϏϧυͰ͖ͨʂ
Slide 11
Slide 11 text
·ͱΊ OpenSSLͷόʔδϣϯҧ͍ʹؾΛ͚ͭΑ͏ʂ
Slide 12
Slide 12 text
͓͠·͍