Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

docs: add a section on automatic rollback #315

Merged
merged 2 commits into from
Dec 2, 2024
Merged

docs: add a section on automatic rollback #315

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
3810f2f
docs: add a section on automatic rollback
eseidel Dec 2, 2024
13ad43d
Update src/content/docs/code-push/rollback.mdx
eseidel Dec 2, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion src/content/docs/code-push/release.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,7 @@ shorebird release android --target ./lib/main_development.dart --flavor developm
build` can. To pass arguments to the underlying `flutter build` you need to put
`flutter build` arguments after a `--` separator. For example: `shorebird
release android -- --dart-define="foo=bar"` will define the `"foo"` environment
variable inside Dart as you might have done with `flutter build` directly. In
variable inside Dart as you might have done with `flutter build` directly. In
Powershell the `--` separator must be quoted: `'--'`.
:::

Expand Down
33 changes: 33 additions & 0 deletions src/content/docs/code-push/rollback.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -47,3 +47,36 @@ If you app needs to download an older patch as part of a rollback,
installing that patch will count against your monthly patch installs. If you
have no remaining patch installs, the app will revert to the base release.
:::

## Patch Integrity and Automatic Rollback

Shorebird includes safety features to prevent needing to issue the manual
rollback of a patch.

`shorebird patch` also generates a hash of your patch file which is stored
separately from the patch and checked every time your patch is installed, or
booted from on the user's device.

Customers are also encouraged to use Shorebird's [patch-signing
eseidel marked this conversation as resolved.
Show resolved Hide resolved
feature](https://docs.shorebird.dev/guides/patch-signing/) to cryptographically
sign patch files. This uses the same cryptographic algorithms used in the
Google and Apple app stores. When enabled, your [public
key](https://en.wikipedia.org/wiki/Public-key_cryptography) is included in your
app bundle and a patch's signature is checked on every install and boot to
ensure your app can never accept a patch file not signed by your secret key.

Finally Shorebird's [updater](https://github.com/shorebirdtech/updater) includes
automatic on-device rollback. If for any reason a patch's hash or signature does
not match, the patch is discarded. If for any reason a patch fails to load into
the Dart runtime, a patch will be marked "bad" on that device, and the app will
be automatically rolled back to the latest installed patch.

The previous patch file is always kept on disk until at least one successful
boot is made of the next patch, after which a patch file is automatically
cleaned up from the user's device to minimize disk usage.

All of code which implements these integrity measures is of course open source
and available for review on [GitHub](https://github.com/shorebirdtech/). An
overview of our code locations is available under [Architecture](/architecture).

See also [Shorebird Public Security Policies](https://handbook.shorebird.dev/security/).
Loading