• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1%YAML 1.2
2--- |
3  <%!
4    def expand_symbol_list(symbol_list):
5        return ',\n    '.join("'#define %s GRPC_SHADOW_%s'" % (symbol, symbol) for symbol in symbol_list)
6
7    import subprocess
8    boringssl_commit = subprocess.check_output(['git', 'rev-parse', 'HEAD'], cwd='third_party/boringssl-with-bazel').decode().strip()
9
10    # Compress src/boringssl/boringssl_prefix_symbols.h with gzip then encode
11    # with Base64. The result is put in variable prefix_gz_b64.
12    #
13    # Note that gRPC's template parser is still using Python 2, whose gzip
14    # module does not support directly compressing bytes into bytes. Instead,
15    # we have to write the compressed bytes into a intermediate file
16    # (src/boringssl/boringssl_prefix_symbols.h.gz), read the compressed
17    # bytes from this file, then delete the intermediate file.
18    #
19    # TODO(mxyan): move to python3 style gzip compression when possible
20    def compress_and_encode_file(filepath):
21      gzip_filepath = filepath + '.gz'
22      import gzip, shutil, os, base64
23      with open(filepath, 'rb') as f_in, gzip.GzipFile(gzip_filepath, 'w', mtime=0.0) as f_out:
24        shutil.copyfileobj(f_in, f_out)
25      with open(gzip_filepath, 'rb') as f_in:
26        prefix_gz = f_in.read()
27      os.remove(gzip_filepath)
28      prefix_gz_b64 = base64.b64encode(prefix_gz)
29      WRAP_LENGTH=80
30      prefix_gz_b64_wrapped = [prefix_gz_b64[i:i+WRAP_LENGTH] for i in range(0, len(prefix_gz_b64), WRAP_LENGTH)]
31      return prefix_gz_b64_wrapped
32  %>
33
34  # This file has been automatically generated from a template file.
35  # Please make modifications to
36  # `templates/src/objective-c/BoringSSL-GRPC.podspec.template` instead. This
37  # file can be regenerated from the template by running
38  # `tools/buildgen/generate_projects.sh`.
39
40  # BoringSSL CocoaPods podspec
41
42  # Copyright 2015, Google Inc.
43  # All rights reserved.
44  #
45  # Redistribution and use in source and binary forms, with or without
46  # modification, are permitted provided that the following conditions are
47  # met:
48  #
49  #     * Redistributions of source code must retain the above copyright
50  # notice, this list of conditions and the following disclaimer.
51  #     * Redistributions in binary form must reproduce the above
52  # copyright notice, this list of conditions and the following disclaimer
53  # in the documentation and/or other materials provided with the
54  # distribution.
55  #     * Neither the name of Google Inc. nor the names of its
56  # contributors may be used to endorse or promote products derived from
57  # this software without specific prior written permission.
58  #
59  # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
60  # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
61  # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
62  # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
63  # OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
64  # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
65  # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
66  # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
67  # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
68  # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
69  # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
70
71  Pod::Spec.new do |s|
72    s.name     = 'BoringSSL-GRPC'
73    version = '0.0.38'
74    s.version  = version
75    s.summary  = 'BoringSSL is a fork of OpenSSL that is designed to meet Google\'s needs.'
76    # Adapted from the homepage:
77    s.description = <<-DESC
78      BoringSSL is a fork of OpenSSL that is designed to meet Google's needs.
79
80      Although BoringSSL is an open source project, it is not intended for general use, as OpenSSL is.
81      We don't recommend that third parties depend upon it. Doing so is likely to be frustrating
82      because there are no guarantees of API stability. Only the latest version of this pod is
83      supported, and every new version is a new major version.
84
85      We update Google libraries and programs that use BoringSSL as needed when deciding to make API
86      changes. This allows us to mostly avoid compromises in the name of compatibility. It works for
87      us, but it may not work for you.
88
89      As a Cocoapods pod, it has the advantage over OpenSSL's pods that the library doesn't need to
90      be precompiled. This eliminates the 10 - 20 minutes of wait the first time a user does "pod
91      install", lets it be used as a dynamic framework (pending solution of Cocoapods' issue #4605),
92      and works with bitcode automatically. It's also thought to be smaller than OpenSSL (which takes
93      1MB - 2MB per ARM architecture), but we don't have specific numbers yet.
94
95      BoringSSL arose because Google used OpenSSL for many years in various ways and, over time, built
96      up a large number of patches that were maintained while tracking upstream OpenSSL. As Google's
97      product portfolio became more complex, more copies of OpenSSL sprung up and the effort involved
98      in maintaining all these patches in multiple places was growing steadily.
99
100      Currently BoringSSL is the SSL library in Chrome/Chromium, Android (but it's not part of the
101      NDK) and a number of other apps/programs.
102    DESC
103    s.homepage = 'https://github.com/google/boringssl'
104    s.license  = { :type => 'Mixed', :file => 'LICENSE' }
105    # "The name and email addresses of the library maintainers, not the Podspec maintainer."
106    s.authors  = 'Adam Langley', 'David Benjamin', 'Matt Braithwaite'
107
108    s.source = {
109      :git => 'https://github.com/google/boringssl.git',
110      :commit => "${boringssl_commit}",
111    }
112
113    s.ios.deployment_target = '11.0'
114    s.osx.deployment_target = '10.14'
115    s.tvos.deployment_target = '13.0'
116    s.watchos.deployment_target = '6.0'
117    s.visionos.deployment_target = '1.0'
118
119    name = 'openssl_grpc'
120
121    # When creating a dynamic framework, name it openssl.framework instead of BoringSSL.framework.
122    # This lets users write their includes like `#include <openssl/ssl.h>` as opposed to `#include
123    # <BoringSSL/ssl.h>`.
124    s.module_name = name
125
126    # When creating a dynamic framework, copy the headers under `include/openssl/` into the root of
127    # the `Headers/` directory of the framework (i.e., not under `Headers/include/openssl`).
128    #
129    # TODO(jcanizales): Debug why this doesn't work on macOS.
130    s.header_mappings_dir = 'src/include/openssl'
131
132    # The above has an undesired effect when creating a static library: It forces users to write
133    # includes like `#include <BoringSSL/ssl.h>`. `s.header_dir` adds a path prefix to that, and
134    # because Cocoapods lets omit the pod name when including headers of static libraries, the
135    # following lets users write `#include <openssl/ssl.h>`.
136    s.header_dir = name
137
138    # We don't need to inhibit all warnings; only -Wno-shorten-64-to-32. But Cocoapods' linter doesn't
139    # want that for some reason.
140    s.compiler_flags = '-DOPENSSL_NO_ASM', '-w', '-DBORINGSSL_PREFIX=GRPC'
141    s.requires_arc = false
142
143    # Like many other C libraries, BoringSSL has its public headers under `include/<libname>/` and its
144    # sources and private headers in other directories outside `include/`. Cocoapods' linter doesn't
145    # allow any header to be listed outside the `header_mappings_dir` (even though doing so works in
146    # practice). Because we need our `header_mappings_dir` to be `include/openssl/` for the reason
147    # mentioned above, we work around the linter limitation by dividing the pod into two subspecs, one
148    # for public headers and the other for implementation. Each gets its own `header_mappings_dir`,
149    # making the linter happy.
150    s.subspec 'Interface' do |ss|
151      ss.header_mappings_dir = 'src/include/openssl'
152      ss.private_header_files = 'src/include/openssl/time.h'
153      ss.source_files = 'src/include/openssl/*.h',
154                        'src/include/openssl/**/*.h'
155    end
156    s.subspec 'Implementation' do |ss|
157      ss.header_mappings_dir = 'src'
158
159      ss.resource_bundles = {
160        s.module_name => 'src/PrivacyInfo.xcprivacy'
161      }
162
163      ss.source_files = 'src/ssl/*.{h,c,cc}',
164                        'src/ssl/**/*.{h,c,cc}',
165                        'src/crypto/*.{h,c,cc}',
166                        'src/crypto/**/*.{h,c,cc,inc}',
167                        # We have to include fiat because spake25519 depends on it
168                        'src/third_party/fiat/*.{h,c,cc}',
169                        # Include the err_data.c pre-generated in boringssl's master-with-bazel branch
170                        'src/gen/crypto/err_data.cc'
171
172      ss.private_header_files = 'src/ssl/*.h',
173                                'src/ssl/**/*.h',
174                                'src/crypto/*.h',
175                                'src/crypto/**/*.h',
176                                'src/third_party/fiat/*.h'
177      ss.exclude_files = 'src/**/*_test.*',
178                         'src/**/test_*.*',
179                         'src/**/test/*.*'
180
181      ss.dependency "#{s.name}/Interface", version
182    end
183
184    s.pod_target_xcconfig = {
185      # Do not let src/include/openssl/time.h override system API
186      'USE_HEADERMAP' => 'NO',
187    }
188
189    s.prepare_command = <<-END_OF_COMMAND
190      set -e
191
192      # To avoid symbol conflict with OpenSSL, gRPC needs to rename all the BoringSSL symbols with a
193      # prefix. This is done with BoringSSL's BORINGSSL_PREFIX mechanism
194      # (https://github.com/google/boringssl/blob/75148d7abf12bdd1797fec3c5da9a21963703516/BUILDING.md#building-with-prefixed-symbols).
195      # The required prefix header file boringssl_prefix_symbols.h is not part of BoringSSL repo at
196      # this moment. It has to be generated by BoringSSL's users and be injected to BoringSSL build.
197      # gRPC generates this file in script /tools/distrib/upgrade_boringssl_objc.sh. This script
198      # outputs a gzip+base64 encoded version of boringssl_prefix_symbols.h because of Cocoapods'
199      # limit on the 'prepare_command' field length. The encoded header is generated from
200      # /src/boringssl/boringssl_prefix_symbols.h. Here we decode the content and inject the header to
201      # the correct location in BoringSSL.
202      case "$(uname)" in
203        Darwin) opts="" ;;
204             *) opts="--ignore-garbage" ;;
205      esac
206      base64 --decode $opts <<EOF | gunzip > src/include/openssl/boringssl_prefix_symbols.h
207        % for line in compress_and_encode_file('src/boringssl/boringssl_prefix_symbols.h'):
208        ${line.decode('utf-8')}
209        % endfor
210      EOF
211
212      # PrivacyInfo.xcprivacy is not part of BoringSSL repo, inject it during pod installation
213      base64 --decode $opts <<EOF | gunzip > src/PrivacyInfo.xcprivacy
214        % for line in compress_and_encode_file('src/objective-c/PrivacyInfo.xcprivacy'):
215        ${line.decode('utf-8')}
216        % endfor
217      EOF
218
219      # We are renaming openssl to openssl_grpc so that there is no conflict with openssl if it exists
220      find . -type f \\( -path '*.h' -or -path '*.cc' -or -path '*.c' -or -path '*.inc' \\) -print0 | xargs -0 -L1 sed -E -i'.grpc_back' 's;#include <openssl/;#include <openssl_grpc/;g'
221
222      # Include of boringssl_prefix_symbols.h does not follow Xcode import style. We add the package
223      # name here so that Xcode knows where to find it.
224      find . -type f \\( -path '*.h' -or -path '*.cc' -or -path '*.c' -or -path '*.inc' \\) -print0 | xargs -0 -L1 sed -E -i'.grpc_back' 's;#include <boringssl_prefix_symbols.h>;#include <openssl_grpc/boringssl_prefix_symbols.h>;g'
225    END_OF_COMMAND
226  end
227