1%YAML 1.2 2--- | 3 <%! 4 def expand_symbol_list(symbol_list): 5 return ',\n '.join("'#define %s GRPC_SHADOW_%s'" % (symbol, symbol) for symbol in symbol_list) 6 7 import subprocess 8 boringssl_commit = subprocess.check_output(['git', 'rev-parse', 'HEAD'], cwd='third_party/boringssl-with-bazel').decode().strip() 9 10 # Compress src/boringssl/boringssl_prefix_symbols.h with gzip then encode 11 # with Base64. The result is put in variable prefix_gz_b64. 12 # 13 # Note that gRPC's template parser is still using Python 2, whose gzip 14 # module does not support directly compressing bytes into bytes. Instead, 15 # we have to write the compressed bytes into a intermediate file 16 # (src/boringssl/boringssl_prefix_symbols.h.gz), read the compressed 17 # bytes from this file, then delete the intermediate file. 18 # 19 # TODO(mxyan): move to python3 style gzip compression when possible 20 def compress_boringssl_prefix_header(): 21 import gzip, shutil, os, base64 22 with open('src/boringssl/boringssl_prefix_symbols.h', 'rb') as f_in, gzip.GzipFile('src/boringssl/boringssl_prefix_symbols.h.gz', 'w', mtime=0.0) as f_out: 23 shutil.copyfileobj(f_in, f_out) 24 with open('src/boringssl/boringssl_prefix_symbols.h.gz', 'rb') as f_in: 25 prefix_gz = f_in.read() 26 os.remove('src/boringssl/boringssl_prefix_symbols.h.gz') 27 prefix_gz_b64 = base64.b64encode(prefix_gz) 28 WRAP_LENGTH=80 29 prefix_gz_b64_wrapped = [prefix_gz_b64[i:i+WRAP_LENGTH] for i in range(0, len(prefix_gz_b64), WRAP_LENGTH)] 30 return prefix_gz_b64_wrapped 31 %> 32 33 # This file has been automatically generated from a template file. 34 # Please make modifications to 35 # `templates/src/objective-c/BoringSSL-GRPC.podspec.template` instead. This 36 # file can be regenerated from the template by running 37 # `tools/buildgen/generate_projects.sh`. 38 39 # BoringSSL CocoaPods podspec 40 41 # Copyright 2015, Google Inc. 42 # All rights reserved. 43 # 44 # Redistribution and use in source and binary forms, with or without 45 # modification, are permitted provided that the following conditions are 46 # met: 47 # 48 # * Redistributions of source code must retain the above copyright 49 # notice, this list of conditions and the following disclaimer. 50 # * Redistributions in binary form must reproduce the above 51 # copyright notice, this list of conditions and the following disclaimer 52 # in the documentation and/or other materials provided with the 53 # distribution. 54 # * Neither the name of Google Inc. nor the names of its 55 # contributors may be used to endorse or promote products derived from 56 # this software without specific prior written permission. 57 # 58 # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 59 # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 60 # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 61 # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 62 # OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 63 # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 64 # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 65 # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 66 # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 67 # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 68 # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 69 70 Pod::Spec.new do |s| 71 s.name = 'BoringSSL-GRPC' 72 version = '0.0.16' 73 s.version = version 74 s.summary = 'BoringSSL is a fork of OpenSSL that is designed to meet Google\'s needs.' 75 # Adapted from the homepage: 76 s.description = <<-DESC 77 BoringSSL is a fork of OpenSSL that is designed to meet Google's needs. 78 79 Although BoringSSL is an open source project, it is not intended for general use, as OpenSSL is. 80 We don't recommend that third parties depend upon it. Doing so is likely to be frustrating 81 because there are no guarantees of API stability. Only the latest version of this pod is 82 supported, and every new version is a new major version. 83 84 We update Google libraries and programs that use BoringSSL as needed when deciding to make API 85 changes. This allows us to mostly avoid compromises in the name of compatibility. It works for 86 us, but it may not work for you. 87 88 As a Cocoapods pod, it has the advantage over OpenSSL's pods that the library doesn't need to 89 be precompiled. This eliminates the 10 - 20 minutes of wait the first time a user does "pod 90 install", lets it be used as a dynamic framework (pending solution of Cocoapods' issue #4605), 91 and works with bitcode automatically. It's also thought to be smaller than OpenSSL (which takes 92 1MB - 2MB per ARM architecture), but we don't have specific numbers yet. 93 94 BoringSSL arose because Google used OpenSSL for many years in various ways and, over time, built 95 up a large number of patches that were maintained while tracking upstream OpenSSL. As Google's 96 product portfolio became more complex, more copies of OpenSSL sprung up and the effort involved 97 in maintaining all these patches in multiple places was growing steadily. 98 99 Currently BoringSSL is the SSL library in Chrome/Chromium, Android (but it's not part of the 100 NDK) and a number of other apps/programs. 101 DESC 102 s.homepage = 'https://github.com/google/boringssl' 103 s.license = { :type => 'Mixed', :file => 'LICENSE' } 104 # "The name and email addresses of the library maintainers, not the Podspec maintainer." 105 s.authors = 'Adam Langley', 'David Benjamin', 'Matt Braithwaite' 106 107 s.source = { 108 :git => 'https://github.com/google/boringssl.git', 109 :commit => "${boringssl_commit}", 110 } 111 112 s.ios.deployment_target = '9.0' 113 s.osx.deployment_target = '10.10' 114 s.tvos.deployment_target = '10.0' 115 s.watchos.deployment_target = '4.0' 116 117 name = 'openssl_grpc' 118 119 # When creating a dynamic framework, name it openssl.framework instead of BoringSSL.framework. 120 # This lets users write their includes like `#include <openssl/ssl.h>` as opposed to `#include 121 # <BoringSSL/ssl.h>`. 122 s.module_name = name 123 124 # When creating a dynamic framework, copy the headers under `include/openssl/` into the root of 125 # the `Headers/` directory of the framework (i.e., not under `Headers/include/openssl`). 126 # 127 # TODO(jcanizales): Debug why this doesn't work on macOS. 128 s.header_mappings_dir = 'src/include/openssl' 129 130 # The above has an undesired effect when creating a static library: It forces users to write 131 # includes like `#include <BoringSSL/ssl.h>`. `s.header_dir` adds a path prefix to that, and 132 # because Cocoapods lets omit the pod name when including headers of static libraries, the 133 # following lets users write `#include <openssl/ssl.h>`. 134 s.header_dir = name 135 136 # The module map and umbrella header created automatically by Cocoapods don't work for C libraries 137 # like this one. The following file, and a correct umbrella header, are created on the fly by the 138 # `prepare_command` of this pod. 139 s.module_map = 'src/include/openssl/BoringSSL.modulemap' 140 141 # We don't need to inhibit all warnings; only -Wno-shorten-64-to-32. But Cocoapods' linter doesn't 142 # want that for some reason. 143 s.compiler_flags = '-DOPENSSL_NO_ASM', '-GCC_WARN_INHIBIT_ALL_WARNINGS', '-w', '-DBORINGSSL_PREFIX=GRPC' 144 s.requires_arc = false 145 146 # Like many other C libraries, BoringSSL has its public headers under `include/<libname>/` and its 147 # sources and private headers in other directories outside `include/`. Cocoapods' linter doesn't 148 # allow any header to be listed outside the `header_mappings_dir` (even though doing so works in 149 # practice). Because we need our `header_mappings_dir` to be `include/openssl/` for the reason 150 # mentioned above, we work around the linter limitation by dividing the pod into two subspecs, one 151 # for public headers and the other for implementation. Each gets its own `header_mappings_dir`, 152 # making the linter happy. 153 s.subspec 'Interface' do |ss| 154 ss.header_mappings_dir = 'src/include/openssl' 155 ss.source_files = 'src/include/openssl/*.h' 156 end 157 s.subspec 'Implementation' do |ss| 158 ss.header_mappings_dir = 'src' 159 ss.source_files = 'src/ssl/*.{h,c,cc}', 160 'src/ssl/**/*.{h,c,cc}', 161 'src/crypto/*.{h,c,cc}', 162 'src/crypto/**/*.{h,c,cc}', 163 # We have to include fiat because spake25519 depends on it 164 'src/third_party/fiat/*.{h,c,cc}', 165 # Include the err_data.c pre-generated in boringssl's master-with-bazel branch 166 'err_data.c' 167 168 ss.private_header_files = 'src/ssl/*.h', 169 'src/ssl/**/*.h', 170 'src/crypto/*.h', 171 'src/crypto/**/*.h', 172 'src/third_party/fiat/*.h' 173 # bcm.c includes other source files, creating duplicated symbols. Since it is not used, we 174 # explicitly exclude it from the pod. 175 # TODO (mxyan): Work with BoringSSL team to remove this hack. 176 ss.exclude_files = 'src/crypto/fipsmodule/bcm.c', 177 'src/**/*_test.*', 178 'src/**/test_*.*', 179 'src/**/test/*.*' 180 181 ss.dependency "#{s.name}/Interface", version 182 end 183 184 s.prepare_command = <<-END_OF_COMMAND 185 # Add a module map and an umbrella header 186 cat > src/include/openssl/umbrella.h <<EOF 187 #include "ssl.h" 188 #include "crypto.h" 189 #include "aes.h" 190 /* The following macros are defined by base.h. The latter is the first file included by the 191 other headers. */ 192 #if defined(OPENSSL_ARM) || defined(OPENSSL_AARCH64) 193 # include "arm_arch.h" 194 #endif 195 #include "asn1.h" 196 #include "asn1_mac.h" 197 #include "asn1t.h" 198 #include "blowfish.h" 199 #include "cast.h" 200 #include "chacha.h" 201 #include "cmac.h" 202 #include "conf.h" 203 #include "cpu.h" 204 #include "curve25519.h" 205 #include "des.h" 206 #include "dtls1.h" 207 #include "hkdf.h" 208 #include "md4.h" 209 #include "md5.h" 210 #include "obj_mac.h" 211 #include "objects.h" 212 #include "opensslv.h" 213 #include "ossl_typ.h" 214 #include "pkcs12.h" 215 #include "pkcs7.h" 216 #include "pkcs8.h" 217 #include "poly1305.h" 218 #include "rand.h" 219 #include "rc4.h" 220 #include "ripemd.h" 221 #include "safestack.h" 222 #include "srtp.h" 223 #include "x509.h" 224 #include "x509v3.h" 225 EOF 226 cat > src/include/openssl/BoringSSL.modulemap <<EOF 227 framework module openssl { 228 umbrella header "umbrella.h" 229 textual header "arm_arch.h" 230 export * 231 module * { export * } 232 } 233 EOF 234 235 # To avoid symbol conflict with OpenSSL, gRPC needs to rename all the BoringSSL symbols with a 236 # prefix. This is done with BoringSSL's BORINGSSL_PREFIX mechanism 237 # (https://github.com/google/boringssl/blob/75148d7abf12bdd1797fec3c5da9a21963703516/BUILDING.md#building-with-prefixed-symbols). 238 # The required prefix header file boringssl_prefix_symbols.h is not part of BoringSSL repo at 239 # this moment. It has to be generated by BoringSSL's users and be injected to BoringSSL build. 240 # gRPC generates this file in script /tools/distrib/upgrade_boringssl_objc.sh. This script 241 # outputs a gzip+base64 encoded version of boringssl_prefix_symbols.h because of Cocoapods' 242 # limit on the 'prepare_command' field length. The encoded header is generated from 243 # /src/boringssl/boringssl_prefix_symbols.h. Here we decode the content and inject the header to 244 # the correct location in BoringSSL. 245 base64 -D <<EOF | gunzip > src/include/openssl/boringssl_prefix_symbols.h 246 % for line in compress_boringssl_prefix_header(): 247 ${line.decode('utf-8')} 248 % endfor 249 EOF 250 251 # We are renaming openssl to openssl_grpc so that there is no conflict with openssl if it exists 252 find . -type f \\( -path '*.h' -or -path '*.cc' -or -path '*.c' \\) -print0 | xargs -0 -L1 sed -E -i'.grpc_back' 's;#include <openssl/;#include <openssl_grpc/;g' 253 254 # Include of boringssl_prefix_symbols.h does not follow Xcode import style. We add the package 255 # name here so that Xcode knows where to find it. 256 find . -type f \\( -path '*.h' -or -path '*.cc' -or -path '*.c' \\) -print0 | xargs -0 -L1 sed -E -i'.grpc_back' 's;#include <boringssl_prefix_symbols.h>;#include <openssl_grpc/boringssl_prefix_symbols.h>;g' 257 END_OF_COMMAND 258 end 259