Upgrade to Pro — share decks privately, control downloads, hide ads and more …

ciecleci/androidのOpenSSLに気をつけよう

Sponsored · Your Podcast. Everywhere. Effortlessly. Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
Avatar for yamacraft yamacraft
October 27, 2017
Technology
730
0

 ciecleci/androidのOpenSSLに気をつけよう

2017年10月27日(金)に開催されたshibuya.apk #19にて発表した資料になります

Avatar for yamacraft

yamacraft

October 27, 2017

More Decks by yamacraft

See All by yamacraft
なぜアプリのデザインとその実装はうまくいかないのか?
Avatar for yamacraft yamacraft
0
220
あんまり触れられてない気がする、Kotlin1.3の ありがたい追加機能
Avatar for yamacraft yamacraft
0
3.1k
ありがたいUIをもっと大事にしたい
Avatar for yamacraft yamacraft
2
2.4k
Quickstart-android/mlkitについて
Avatar for yamacraft yamacraft
2
4.9k
Firebase関連をCIでデプロイするときのTips
Avatar for yamacraft yamacraft
0
5.1k
開発用途で Realtime Databaseを 導入した話
Avatar for yamacraft yamacraft
2
4.6k
Realtime Databaseに向いてる・向いてないサービス
Avatar for yamacraft yamacraft
0
970
社内用アプリでFirebaseを使っている話
Avatar for yamacraft yamacraft
2
2k
弊社のアプリ開発CI環境
Avatar for yamacraft yamacraft
0
1.2k

Other Decks in Technology

See All in Technology
猫でもわかるKiro CLI(CDKコーディング編)
Avatar for Hiroo Katoh kentapapa
1
110
サイバーフィジカル社会とは何か / What Is a Cyber-Physical Society?
Avatar for Kenji Saito ks91
PRO
0
190
Master Dataグループ紹介資料
Avatar for Sansan, Inc. sansan33
PRO
1
4.6k
名刺メーカーDevグループ 紹介資料
Avatar for Sansan, Inc. sansan33
PRO
0
1.1k
LLM とプロンプトエンジニアリング/チューターを定義する / LLMs and Prompt Engineering, and Defining Tutors
Avatar for Kenji Saito ks91
PRO
0
390
プロンプトエンジニアリングを超えて:自由と統制のあいだでつくる Platform × Context Engineering
Avatar for yuriemori yuriemori
0
190
QGISプラグイン CMChangeDetector
Avatar for Forestgeo.info naokimuroki
1
260
ルールルルルル私的函館観光ガイド── 函館の街はイクラでも楽しめる!
Avatar for nomuson nomuson
0
190
幾億の壁を超えて/Beyond Countless Walls(JP)
Avatar for 小田中育生 ikuodanaka
0
130
Databricksを用いたセキュアなデータ基盤構築とAIプロダクトへの応用.pdf
Avatar for PKSHA Technology(パークシャテクノロジー) pkshadeck
PRO
0
330
Hello UUID
Avatar for mimifuwacc mimifuwacc
0
140
#jawsugyokohama 100 LT11, "My AWS Journey 2011-2026 - kwntravel"
Avatar for Shinichiro Kawano shinichirokawano
0
270

Featured

See All Featured
So, you think you're a good person
Avatar for Per Axbom axbom
PRO
2
2k
A brief & incomplete history of 
UX Design for the World Wide Web: 1989–2019
Avatar for Jason CranfordTeague jct
1
350
Stop Working from a Prison Cell
Avatar for Chris Michel hatefulcrawdad
274
21k
Believing is Seeing
Avatar for Spiro Bolos oripsolob
1
110
Learning to Love Humans: Emotional Interface Design
Avatar for Aarron Walter aarron
275
41k
The untapped power of vector embeddings
Avatar for Frank van Dijk frankvandijk
2
1.7k
Neural Spatial Audio Processing for Sound Field Analysis and Control
Avatar for NII S. Koyama's Lab skoyamalab
0
250
How To Stay Up To Date on Web Technology
Avatar for Chris Coyier chriscoyier
790
250k
Why Your Marketing Sucks and What You Can Do About It - Sophie Logan
Avatar for Sophie Logan marketingsoph
0
130
Are puppies a ranking factor?
Avatar for Jono Alderson jonoalderson
1
3.3k
Building Experiences: Design Systems, User Experience, and Full Site Editing
Avatar for Michelle Schulp Hunt marktimemedia
0
480
Speed Design
Avatar for Sergey Chernyshev sergeychernyshev
33
1.6k

Transcript

  1. circleci/androidͷ OpenSSLʹؾΛ͚ͭΑ͏ @yamacraft

  2. profile • @yamacraft (Wataru Yamada) • Mobile Application Engineer •

    LeadingMark, inc • team Y.G.E.(private) • Ұ෦دߘ → → →

  3. αϯϓϧϓϩδΣΫτ https://github.com/yamacraft/android.RequestPermissions

  4. લஔ͖ • ઌ΄ͲͷϓϩδΣΫτ͸Circle CI 1.0ͰϏϧυ͢Δ࢓૊ΈΛೖ Ε͍ͯͨ • Circle CI 2.0ͩͱϏϧυ΋ૣ͘ͳΔͱฉ͍ͨͷͰɺࢼ͠ʹରԠ

    ͯ͠ΈΑ͏ͱࢥͬͨ • ͪͳΈʹൿಗ৘ใ͸OpenSSLͰ҉߸Խͨ͠ϑΝΠϧʹೖΕͯ ͍Δʢ1.0࣌୅ʹެ͕ࣜҊ಺ͯͨ͠ํ๏Λ࠾༻ʣ • https://github.com/circleci/encrypted-files

  5. Circle CI2.0Ͱઃఆͨ͠಺༰ • image͸ެࣜͷcircleci/androidΛ࢖༻ • OpenSSLͰ҉߸Խͨ͠ϑΝΠϧΛ෮ݩ͠ɺγ εςϜͷ؀ڥม਺ʹ૊ΈࠐΉ • ͋ͱ͸./gradlew build͢Δ͚ͩ

  6. decryptͰ͖ͳ͍…

  7. Ͳ͏ͯ͠… • circleci/android(apt)ͷOpenSSL͸ 1.1.0f • mac OS(homebrew)ͷOpenSSL͸1.0.2l • 1.1.0͔Βޓ׵ੑʹͪΐͬͱ໰୊ʢ࢓༷มߋʣ ͕͋ΔΒ͍͠…

  8. ৄࡉ • OpenSSL1.1.0ͱҎલͷόʔδϣϯͱͷޓ׵ੑ • https://http2.try-and-test.net/openssl1_1_0_tips.html

  9. ͰɺͲ͏ͨ͠ͷʁ • ҉߸ԽϑΝΠϧΛ࡞Δ࣌ʹɺҰํ޲ؔ਺Λ sha256ࢦఆ͢ΔΦϓγϣϯΛࢦఆͯ͠ੜ੒͢ Δͱ෮߸ԽͰ͖ΔΑ͏ʹͳΔ • openssl aes-256-cbc -md sha256

    -e -in secret-env-plain -out secret-env-cipher -k $KEY

  10. ϏϧυͰ͖ͨʂ

  11. ·ͱΊ OpenSSLͷόʔδϣϯҧ͍ʹ͸ؾΛ͚ͭΑ͏ʂ

  12. ͓͠·͍