Rather than building the Rust parts of libsignal as part of `pod
install`, fetch them from build-artifacts.signal.org. This requires
adding
ENV['LIBSIGNAL_FFI_PREBUILD_CHECKSUM'] = '...'
to the consuming Podfile. The referenced archives are downloaded to
~/Library/Caches/org.signal.libsignal, and are unarchived as part of
the build. (The archives are outside the build directory so that a
clean build does not require a new download.)
Building with LibSignalClient as a local pod is still supported; in
that case everything will refer to the local target/ directory
instead. Use swift/build_ffi.sh to build as usual.
Previously this took another ScannableFingerprint as an argument, but
that would only allow comparing against other fingerprints generated
by the local client. Accept any collection of bytes instead; the
underlying API will check the encoding.
- We weren't loading the native library as "signal_jni.dll"
- The Gradle build commands, though still requiring a shell environment,
shouldn't rely on Unix-style #! lines to execute shell scripts
Aes256GcmEncryptedData contains APIs equivalent to what's in
SignalCoreKit's Cryptography class. Aes256GcmEncryption and
Aes256GcmDecryption support general AES-256-GCM operations, including
a "streaming" mode that Android uses to decrypt attachments without
the whole attachment being in-memory. iOS doesn't currently do this,
but it could in the future.
Also, moves the AES-GCM-SIV tests to a new file, CryptoTests, along
with the new AES-GCM test.
These are intertwined: older versions of Rust don't support the newer
NDK, but the newer Rust can't successfully compile BoringSSL against
the older NDK.
This requires a boring-sys update to find the Android NDK sysroot in
the right place.
Follow-up to ec4faf26 where we tried to guess if the build directory
path was short enough for non-long-path-aware build tools. Give up on
that and just always use $RUNNER_TEMP if that's shorter.
And
- Use modern output-setting syntax
- Replace actions-rs/toolchain and JS-DevTools/npm-publish
- Use setup-node's node-version-file argument instead of reading
from .nvmrc manually.
- Pin dorny/paths-filter
- Replace svenstaro/upload-release-action with ncipollo/release-action
Currently the only user of this method is the ProtcolException constructor,
when a UnidentifiedSenderMessageContent is present.
All other instances of ProtocolException use the sender's UUID as sender.
So it would be good to have this consistent.
Also brings this in line with similar methods, like `getSourceIdentifier` on
SignalServiceEnvelope.
Removes AuthCredentialPresentationV1 and PniCredentialPresentationV1
entirely. For ProfileKeyCredentialPresentationV1, there are still
situations where we want to extract the UUID and profile key, so we
continue to support parsing only.
criterion 0.3.x had started warning about features being removed in
criterion 0.4 by default, such as automatically generating HTML
reports. That particular one did happen, but other planned removals
did not, so 0.4 ended up being an easy upgrade for us.
By default, Rust targets iOS 7, which is unnecessary but fine for our
purposes. However, BoringSSL has some assembly files that were getting
compiled for the "latest" version (based on the SDK). Address both of
these by setting IPHONEOS_DEPLOYMENT_TARGET explicitly when building
as a CocoaPod.
While here, bump the CocoaPod minimum iOS version to 12.2, which
matches the main Signal app and will allow SignalCoreKit to do the
same.
-i (interactive) and -t (allocate a tty) allow the shell running
inside Docker to handle Ctrl-C (^C) and other shell commands, so you
can stop a command in the interactive process you ran it. However,
they only work if the containing shell (the one where you ran `docker
run`) is also interactive with a tty hooked up, so we test for that
first in both scripts that invoke `docker run`, using `test -t`.
--init passes signals from *outside* Docker down to its subprocesses,
so that cancellation from *another* context works for our Docker
images. This includes the Cancel button in GitHub Actions.