Dependency only for Linux?

Hi Johannes,

Do you have any suggestions for when you have a library dependent on SSL library functions like hmac, sha256? Currently to get my library to compile for macOS, iOS and Linux I use openSSL on Linux and CommonCrypto on macOS and iOS. There is a switch in the Package.swift that includes https://github.com/apple/swift-nio-ssl-support.git on Linux platforms. Then in the code I use

#if canImport(CommonCrypto)
// macOS/iOS code
#else
// Linux code
#endif

Nobody seems to have solved this satisfactorily. Swift NIO include their own SSL library, IBM-Swift/BlueCryptor include a #if os(Linux) in their Package.swift.

Any thoughts?

1 Like

@adam-fowler why don't you always depend on swift-nio-ssl-support, you can still use CommonCrypto (actually, CryptoKit should be preferred) or macOS, no?

@johannesweiss swift-nio-ssl-support requires the libressl library. This doesn't run on iOS. On macOS it requires end users to switch off disableLibraryValidation in the Hardened Runtime section of the signing and capabilities project settings on any project that uses our library. This isn't necessarily something I would like to require of our users.

As far as I know, SwiftPM doesn't actually enforce that you have the dependency; I think it just issues a warning that you may need a certain library. But I was thinking that if you don't actually use it, you may be able to get away with not having it installed. Am I missing something?

If I include swift-nio-ssl-support.git in package.dependencies I get the following error when I run on the iPhone simulator.

2019-10-17 23:25:49.451072+0100 xctest[84050:3582871] The bundle “AWSSDKSwiftCoreTests” couldn’t be loaded because it is damaged or missing necessary resources. Try reinstalling the bundle.
2019-10-17 23:25:49.451170+0100 xctest[84050:3582871] (dlopen_preflight(/Users/adamfowler/Library/Developer/Xcode/DerivedData/aws-sdk-swift-core-fncbnnplhybomqfjxxitigdsalcp/Build/Products/Debug-iphonesimulator/AWSSDKSwiftCoreTests.xctest/AWSSDKSwiftCoreTests): Library not loaded: /usr/local/opt/libressl/lib/libssl.47.dylib
  Referenced from: /Users/adamfowler/Library/Developer/Xcode/DerivedData/aws-sdk-swift-core-fncbnnplhybomqfjxxitigdsalcp/Build/Products/Debug-iphonesimulator/AWSSDKSwiftCoreTests.xctest/AWSSDKSwiftCoreTests
  Reason: no suitable image found.  Did find:
	/usr/local/opt/libressl/lib/libssl.47.dylib: mach-o, but not built for iOS simulator)

If I don't include it then I get the following errors when compiling for Linux

/aws-sdk-swift-core/Sources/AWSSDKSwiftCore/HMAC.swift:17: error: undefined reference to 'EVP_sha256'
/aws-sdk-swift-core/Sources/AWSSDKSwiftCore/HMAC.swift:17: error: undefined reference to 'HMAC_Init_ex'
/aws-sdk-swift-core/Sources/AWSSDKSwiftCore/HMAC.swift:20: error: undefined reference to 'HMAC_Update'
/aws-sdk-swift-core/Sources/AWSSDKSwiftCore/HMAC.swift:23: error: undefined reference to 'HMAC_Final'
/aws-sdk-swift-core/Sources/AWSSDKSwiftCore/Hash.swift:18: error: undefined reference to 'SHA256'
...

Oh and by the way I did try it without libressl installed and it did just show the warning and ran ok on iPhone. Depending on someone not having a library installed seems a little suspect though.

@adam-fowler ahh, right, apologies. The problem is that it tries to link it despite the fact that it's not used...

Yes that is the case.

Please see my reply at Referring to libxml2 in Swift Package Description regarding libxml2.

That’s great news!
Thanks @jakepetroules, I will give it a try.