Flipper: Publish SonarKit.podspec to the CocoaPods Master Repository

Created on 4 Jul 2018  路  12Comments  路  Source: facebook/flipper

Currently SonarKit is published to the Facebook Sonar private repository. In order to get SonarKit.podspec published to the CocoaPods master repo, we first need to take care of fixing and publishing some of its direct dependencies:

  • [x] Yoga podspec should be updated to include the DEFINES_MODULE directive. We should be opening an issue in Yoga, a PR and ask the owners of the repository to pod trunk the new podspec. There are other workarounds to avoid modifying the podspec, like setting the :modular_headers directive for Yoga in a Podfile, but that would prevent us from being able to lint and push the SonarKit.podspec to CocoaPods.

  • [x] YogaKit has a dependency on the patch version of Yoga. We should tell the repository owners to avoid that, otherwise, if Yoga gets updated to 1.9 due to new API , or changes on its podspec, YogaKit won't be able to pull a new minor version due to directly defining a dependency on a patch version. Long story short, YogaKit should depend on Yoga ~>1.8 instead of Yoga ~>1.8.1 or CocoaPods will treat 1.9 for example as a major version change, when it is not. Let's make sure they publish the new podspec to the cocoapods master repo.

  • [ ] Sonar. Well, unfortunately for Sonar.podspec, there is already a published pod with the same name. There is no much we can do here, unless we change Sonar podspec name to something else so we can publish it, or build a subspec in SonarKit where we define Sonar, or make Sonar subspec part of our Core subspec. If we don't see other iOS developers consuming Sonar.podspec as a direct dependency, and its always through SonarKit, maybe a subspec would be the best option here.

  • [x] RSocket.podspec needs to be published to the cocoapods master repo. It doesn't exist yet, so that is good for us. We need to create an issue and a PR in RSocket repository

  • [ ] Peertalk needs to also be updated. I already opened an issue #48 in PeerTalk asking them to generate a new tag using the latest commit since their podspec is pointing to an old commit that doesn't include the latest codebase.

  • [x] Folly. The latest pushed Folly.podspec seems so much different from the one SonarKit is depending. The one SonarKit depends on has more dependencies, more compiler flags, etc... We should get with the Folly owners and decide if our Folly.podspec should be pushed to cocoapods master

iOS
Source
picture pkrmf
👍2

Most helpful comment

I was thinking about this more, I'd recommend grabbing the official name as soon as possible, and putting a placeholder there for now, until this issue is fully completed.

Right now, a malicious actor could easily grab the flipper name on CocoaPods, and cause damage rather easily by abusing the prepare_command spec, or other attack vectors.

picture KrauseFx on 17 Nov 2018
👍2

All 12 comments

@pkrmf Any progress on this?

priteshrnandgaonkar picture priteshrnandgaonkar on 10 Jul 2018

@priteshrnandgaonkar haven鈥檛 had much time. Will take a look today

Sent with GitHawk

pkrmf picture pkrmf on 10 Jul 2018

@priteshrnandgaonkar Yoga and YogaKit PR

pkrmf picture pkrmf on 11 Jul 2018

@priteshrnandgaonkar @emilsjolander What is your opinion on Sonar.podspec ? It is the 3rd bullet point on this PR

pkrmf picture pkrmf on 11 Jul 2018

@pkrmf I think we can't make it part of Core subspec, because code in sonar's podspec is imported as #import <Sonar/xyz.h> in core podspec, and we would not like to change the current import pattern as it will break our internal code. Best option would be to make a separe subspec of SonarKit, like ones we have for plugins. I will look into yoga and yogakit PR.

priteshrnandgaonkar picture priteshrnandgaonkar on 11 Jul 2018

@pkrmf I have commented on your Yoga PR.

priteshrnandgaonkar picture priteshrnandgaonkar on 12 Jul 2018

@priteshrnandgaonkar In about 1 hour I will make the changes, I will let you know

Sent with GitHawk

pkrmf picture pkrmf on 12 Jul 2018

@pkrmf I published yoga and yogakit 1.9.0 pods on cocoapods

priteshrnandgaonkar picture priteshrnandgaonkar on 13 Jul 2018

I was thinking about this more, I'd recommend grabbing the official name as soon as possible, and putting a placeholder there for now, until this issue is fully completed.

Right now, a malicious actor could easily grab the flipper name on CocoaPods, and cause damage rather easily by abusing the prepare_command spec, or other attack vectors.

KrauseFx picture KrauseFx on 17 Nov 2018
👍2

Have reserved the name for Flipper and FlipperKit on cocoapods.

priteshrnandgaonkar picture priteshrnandgaonkar on 19 Nov 2018
👍1

Is there an ETA for the Podpsec getting published on Cocoa Pods? And what's an easy way to use Flipper meanwhile?

israelidanny picture israelidanny on 13 Dec 2018
👍1

I'm cleaning up some old issues and this one hasn't seen updates in a long time. Please let me know if this is still a problem and we can reopen it. Thanks!

passy picture passy on 25 Sep 2019
Was this page helpful?
0 / 5 - 0 ratings

Related issues

richardtop picture richardtop  路  3Comments
abaker picture abaker  路  3Comments
aleclarson picture aleclarson  路  3Comments
keshavamurthy1 picture keshavamurthy1  路  4Comments
jhsware picture jhsware  路  3Comments