| %YAML 1.2 |
| --- | |
| <%! |
| def expand_symbol_list(symbol_list): |
| return ',\n '.join("'#define %s GRPC_SHADOW_%s'" % (symbol, symbol) for symbol in symbol_list) |
| import subprocess |
| boringssl_commit = subprocess.check_output(['git', 'rev-parse', 'HEAD'], cwd='third_party/boringssl-with-bazel').decode().strip() |
| %> |
| |
| # This file has been automatically generated from a template file. |
| # Please make modifications to |
| # `templates/src/objective-c/BoringSSL-GRPC.podspec.template` instead. This |
| # file can be regenerated from the template by running |
| # `tools/buildgen/generate_projects.sh`. Because of some limitations of this |
| # template, you might actually need to run the same script twice in a row. |
| # (see err_data.c section) |
| |
| # BoringSSL CocoaPods podspec |
| |
| # Copyright 2015, Google Inc. |
| # All rights reserved. |
| # |
| # Redistribution and use in source and binary forms, with or without |
| # modification, are permitted provided that the following conditions are |
| # met: |
| # |
| # * Redistributions of source code must retain the above copyright |
| # notice, this list of conditions and the following disclaimer. |
| # * Redistributions in binary form must reproduce the above |
| # copyright notice, this list of conditions and the following disclaimer |
| # in the documentation and/or other materials provided with the |
| # distribution. |
| # * Neither the name of Google Inc. nor the names of its |
| # contributors may be used to endorse or promote products derived from |
| # this software without specific prior written permission. |
| # |
| # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS |
| # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT |
| # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR |
| # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT |
| # OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
| # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT |
| # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
| # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
| # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
| # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE |
| # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| |
| Pod::Spec.new do |s| |
| s.name = 'BoringSSL-GRPC' |
| version = '0.0.5' |
| s.version = version |
| s.summary = 'BoringSSL is a fork of OpenSSL that is designed to meet Google\'s needs.' |
| # Adapted from the homepage: |
| s.description = <<-DESC |
| BoringSSL is a fork of OpenSSL that is designed to meet Google's needs. |
| |
| Although BoringSSL is an open source project, it is not intended for general use, as OpenSSL is. |
| We don't recommend that third parties depend upon it. Doing so is likely to be frustrating |
| because there are no guarantees of API stability. Only the latest version of this pod is |
| supported, and every new version is a new major version. |
| |
| We update Google libraries and programs that use BoringSSL as needed when deciding to make API |
| changes. This allows us to mostly avoid compromises in the name of compatibility. It works for |
| us, but it may not work for you. |
| |
| As a Cocoapods pod, it has the advantage over OpenSSL's pods that the library doesn't need to |
| be precompiled. This eliminates the 10 - 20 minutes of wait the first time a user does "pod |
| install", lets it be used as a dynamic framework (pending solution of Cocoapods' issue #4605), |
| and works with bitcode automatically. It's also thought to be smaller than OpenSSL (which takes |
| 1MB - 2MB per ARM architecture), but we don't have specific numbers yet. |
| |
| BoringSSL arose because Google used OpenSSL for many years in various ways and, over time, built |
| up a large number of patches that were maintained while tracking upstream OpenSSL. As Google's |
| product portfolio became more complex, more copies of OpenSSL sprung up and the effort involved |
| in maintaining all these patches in multiple places was growing steadily. |
| |
| Currently BoringSSL is the SSL library in Chrome/Chromium, Android (but it's not part of the |
| NDK) and a number of other apps/programs. |
| DESC |
| s.homepage = 'https://github.com/google/boringssl' |
| s.license = { :type => 'Mixed', :file => 'LICENSE' } |
| # "The name and email addresses of the library maintainers, not the Podspec maintainer." |
| s.authors = 'Adam Langley', 'David Benjamin', 'Matt Braithwaite' |
| |
| s.source = { |
| :git => 'https://github.com/google/boringssl.git', |
| :commit => "${boringssl_commit}", |
| } |
| |
| s.ios.deployment_target = '7.0' |
| s.osx.deployment_target = '10.7' |
| s.tvos.deployment_target = '10.0' |
| s.watchos.deployment_target = '4.0' |
| |
| name = 'openssl_grpc' |
| |
| # When creating a dynamic framework, name it openssl.framework instead of BoringSSL.framework. |
| # This lets users write their includes like `#include <openssl/ssl.h>` as opposed to `#include |
| # <BoringSSL/ssl.h>`. |
| s.module_name = name |
| |
| # When creating a dynamic framework, copy the headers under `include/openssl/` into the root of |
| # the `Headers/` directory of the framework (i.e., not under `Headers/include/openssl`). |
| # |
| # TODO(jcanizales): Debug why this doesn't work on macOS. |
| s.header_mappings_dir = 'src/include/openssl' |
| |
| # The above has an undesired effect when creating a static library: It forces users to write |
| # includes like `#include <BoringSSL/ssl.h>`. `s.header_dir` adds a path prefix to that, and |
| # because Cocoapods lets omit the pod name when including headers of static libraries, the |
| # following lets users write `#include <openssl/ssl.h>`. |
| s.header_dir = name |
| |
| # The module map and umbrella header created automatically by Cocoapods don't work for C libraries |
| # like this one. The following file, and a correct umbrella header, are created on the fly by the |
| # `prepare_command` of this pod. |
| s.module_map = 'src/include/openssl/BoringSSL.modulemap' |
| |
| # We don't need to inhibit all warnings; only -Wno-shorten-64-to-32. But Cocoapods' linter doesn't |
| # want that for some reason. |
| s.compiler_flags = '-DOPENSSL_NO_ASM', '-GCC_WARN_INHIBIT_ALL_WARNINGS', '-w' |
| s.requires_arc = false |
| |
| # Like many other C libraries, BoringSSL has its public headers under `include/<libname>/` and its |
| # sources and private headers in other directories outside `include/`. Cocoapods' linter doesn't |
| # allow any header to be listed outside the `header_mappings_dir` (even though doing so works in |
| # practice). Because we need our `header_mappings_dir` to be `include/openssl/` for the reason |
| # mentioned above, we work around the linter limitation by dividing the pod into two subspecs, one |
| # for public headers and the other for implementation. Each gets its own `header_mappings_dir`, |
| # making the linter happy. |
| s.subspec 'Interface' do |ss| |
| ss.header_mappings_dir = 'src/include/openssl' |
| ss.source_files = 'src/include/openssl/*.h' |
| end |
| s.subspec 'Implementation' do |ss| |
| ss.header_mappings_dir = 'src' |
| ss.source_files = 'src/ssl/*.{h,c,cc}', |
| 'src/ssl/**/*.{h,c,cc}', |
| 'src/crypto/*.{h,c,cc}', |
| 'src/crypto/**/*.{h,c,cc}', |
| # We have to include fiat because spake25519 depends on it |
| 'src/third_party/fiat/*.{h,c,cc}', |
| # Include the err_data.c generated in prepare_command below |
| 'src/err_data.c' |
| |
| ss.private_header_files = 'src/ssl/*.h', |
| 'src/ssl/**/*.h', |
| 'src/crypto/*.h', |
| 'src/crypto/**/*.h', |
| 'src/third_party/fiat/*.h' |
| # bcm.c includes other source files, creating duplicated symbols. Since it is not used, we |
| # explicitly exclude it from the pod. |
| # TODO (mxyan): Work with BoringSSL team to remove this hack. |
| ss.exclude_files = 'src/crypto/fipsmodule/bcm.c', |
| 'src/**/*_test.*', |
| 'src/**/test_*.*', |
| 'src/**/test/*.*' |
| |
| ss.dependency "#{s.name}/Interface", version |
| end |
| |
| s.prepare_command = <<-END_OF_COMMAND |
| # Add a module map and an umbrella header |
| cat > src/include/openssl/umbrella.h <<EOF |
| #include "ssl.h" |
| #include "crypto.h" |
| #include "aes.h" |
| /* The following macros are defined by base.h. The latter is the first file included by the |
| other headers. */ |
| #if defined(OPENSSL_ARM) || defined(OPENSSL_AARCH64) |
| # include "arm_arch.h" |
| #endif |
| #include "asn1.h" |
| #include "asn1_mac.h" |
| #include "asn1t.h" |
| #include "blowfish.h" |
| #include "cast.h" |
| #include "chacha.h" |
| #include "cmac.h" |
| #include "conf.h" |
| #include "cpu.h" |
| #include "curve25519.h" |
| #include "des.h" |
| #include "dtls1.h" |
| #include "hkdf.h" |
| #include "md4.h" |
| #include "md5.h" |
| #include "obj_mac.h" |
| #include "objects.h" |
| #include "opensslv.h" |
| #include "ossl_typ.h" |
| #include "pkcs12.h" |
| #include "pkcs7.h" |
| #include "pkcs8.h" |
| #include "poly1305.h" |
| #include "rand.h" |
| #include "rc4.h" |
| #include "ripemd.h" |
| #include "safestack.h" |
| #include "srtp.h" |
| #include "x509.h" |
| #include "x509v3.h" |
| EOF |
| cat > src/include/openssl/BoringSSL.modulemap <<EOF |
| framework module openssl { |
| umbrella header "umbrella.h" |
| textual header "arm_arch.h" |
| export * |
| module * { export * } |
| } |
| EOF |
| |
| # To build boringssl, we need the generated file err_data.c, which is normally generated |
| # by boringssl's err_data_generate.go, but we already have a copy of err_data.c checked into the |
| # grpc/grpc repository that gets regenerated whenever we update the third_party/boringssl submodule. |
| # To make the podspec independent of the grpc repository, the .podspec.template just copies |
| # the contents of err_data.c directly into the .podspec. |
| # TODO(jtattermusch): avoid needing to run tools/buildgen/generate_projects.sh twice on update |
| # TODO(jtattermusch): another pre-generated copy of err_data.c is under third_party/boringssl-with-bazel |
| # investigate if we could use it. |
| cat > src/err_data.c <<EOF |
| % for err_data in open("src/boringssl/err_data.c", "r").readlines(): |
| ${err_data.replace('\\0', '\\\\0')}\ |
| % endfor |
| EOF |
| |
| # The symbol prefixing mechanism is performed by redefining BoringSSL symbols with "#define |
| # SOME_BORINGSSL_SYMBOL GRPC_SHADOW_SOME_BORINGSSL_SYMBOL". Unfortunately, some symbols are |
| # already redefined as macros in BoringSSL headers in the form "#define SOME_BORINGSSL_SYMBOL |
| # SOME_BORINGSSL_SYMBOL" Such type of redefinition will cause "SOME_BORINGSSL_SYMBOL redefined" |
| # error when using together with our prefix header. So the workaround in the below lines removes |
| # all such type of #define directives. |
| sed -i'.back' '/^#define \\([A-Za-z0-9_]*\\) \\1/d' src/include/openssl/*.h |
| # Remove lines of the format below for the same reason above |
| # #define SOME_BORINGSSL_SYMBOL ${"\\"} |
| # SOME_BORINGSSL_SYMBOL |
| sed -i'.back' '/^#define.*\\\\$/{N;/^#define \\([A-Za-z0-9_]*\\) *\\\\\\n *\\1/d;}' src/include/openssl/*.h |
| |
| # We are renaming openssl to openssl_grpc so that there is no conflict with openssl if it exists |
| find . -type f \\( -path '*.h' -or -path '*.cc' -or -path '*.c' \\) -print0 | xargs -0 -L1 sed -E -i'.grpc_back' 's;#include <openssl/;#include <openssl_grpc/;g' |
| END_OF_COMMAND |
| |
| # Redefine symbols to avoid conflict when the same app also depends on OpenSSL. The list of |
| # symbols are src/objective-c/grpc_shadow_boringssl_symbol_list. |
| # This is the last part of this file. |
| s.prefix_header_contents = |
| ${expand_symbol_list(settings.grpc_shadow_boringssl_symbols)} |
| end |
