Proguard/R8 is stripping out fields from generated file class AesGcmKeyFormat #361
Comments
|
Checked with the 1.3.0 stable release that the Same with the |
simtse
changed the title
|
Ahh in 1.3, we already had But since this is now in the We definitely have other libraries that use protobuf in our project, I'm not sure how they conflict or cause problems. |
|
Apparently this is protocolbuffers/protobuf#6463. I will investigate more. |
|
(By the way, much thanks for the detailed report: this helps a lot). |
AndroidX Security delegates crypto operation to Tink which depends on Protobuf Javalite. Recently Protobuf Javalite introduced a change that relies on reflection, which doesn't work with Proguard. This change adds a rule that keeps the (shaded) Protobuf classes in Tink as-is. See also: - https://buganizer.corp.google.com/issues/154315507 - tink-crypto/tink#361 - protocolbuffers/protobuf#6463 - https://b.corp.google.com/issues/144631039
|
Does this smaller rule work for you? |
|
It looks like the right way to do this is to include this rule in Tink. According to https://developer.android.com/studio/build/shrink-code#configuration-files, we just need to put this rule in META-INF/proguard/. |
GitHub issue: #361. PiperOrigin-RevId: 313043816
|
@simtse HEAD-SNAPSHOT (and 1.4.0) includes a ProGuard file rule with the following rule: I believe your custom rule is no longer needed. Could you please test with HEAD-SNAPSHOT and confirm? |
|
I confirm that the fix works perfectly. |
|
I'm running into some issues on my part so I'm doing some testing right now. I don't have anything conclusive yet, but this is an error that I get when taking And AndroidX I'm still trying to figure out what might be the problem. Might be the emulator environment as well. |
|
@thaidn, So this is going to sound odd as these are some combinations I've tried and their results.
|
|
Can you show me your build.gradle? I suspect that this is because of caching. Can you remove |
|
Our build.gradle is kotlin script, so not the same for pasting Not sure what you're looking for specifically, so I'll just translate to what we have. The build is happening in a CI environment with a Google Cloud And we've declared the
Note: I updated my comment above #361 (comment) to say that ✅ worked when we declare the keep rules ourselves. |
|
Thanks @simtse. Have you tried removing |
|
Will try locally with removing cache. Because this is running on Firebase test lab devices/emulators, I would have thought the caching doesn't really matter. But I'll try |
|
Whoops sorry I hit the wrong button. |
I am having the issue stated above, with EncryptedSharedPrefs. I just invalidated my Android Studio and Gradle caches, cleaned my project, and restarted Android Studio. The issue persists when building a release APK with minify enabled. Here is my log if this helps:
|
|
@tytydraco hi there, EncryptedSharedPrefs would require a different solution. It comes from AndroidX Security which depends on 1.4.0-rc2. You have two workarounds: 1/ Use this ProGuard rule 2/ Configure Gradle to remove the 1.4.0-rc2 version and add a dependency on HEAD-SNAPSHOT. Could you please try either way and let us know which one works for you? |
Thanks for confirming. Yeah the goal is to have the rule within Tink. I added it to Tink in 8bdaed4. It works on my machine, but it seems that @simtse is having some trouble. |
|
I'm working on this today again so I'll report back. I will try to build locally instead of in CI to see if it might be a CI caching problem. |
|
Another weird thing happened when running locally with Then got However, if I were to use the now deprecated approach I would be able to reference the field. The odd thing was that I also added the rule as well but it still failed with the same error.
It is odd that it consistently fails even after I cleared my caches from |
I'm not sure that this is related to proguard though, it sounds like somehow an old version of AesGcmKeyManager made it in your compilation. How did you build it in this case? |
|
@tholenst and @thaidn , yes so I figured out why I had those problems. I updated the local builds and everything looks good now ✅
|
|
@simtse awesome, thank you! Would you mind sharing your Gradle config, especially how you replace 1.3.0 in AndroidX Security with 1.4.0-rc2? I believe many would found it useful. |
|
So my problem wasn't exactly getting AndroidX security to 1.4.0-rc2, I believe it was more that the I had something like this in Gradle config (kotlin gradle script). But the groovy implementation is very similar. dependences {
...
implementation("com.google.crypto.tink:tink-android:HEAD-SNAPSHOT")
implementation("androidx.security:security-crypto:1.0.0-rc01") // uses Tink 1.3.0
...
}And for whatever reason, it would pick up 1.3.0 Tink when building to the APK. So I had to override resolution strategy to get configurations.all {
resolutionStrategy.eachDependency {
if (requested.group == "com.google.crypto.tink" && requested.name == "tink-android" && (requested.version != "HEAD-SNAPSHOT")) {
useVersion("HEAD-SNAPSHOT")
because("Testing out snapshots")
}
}
} |
|
This is very helpful, thanks @simtse. I'll leave this open until 1.4.0 is released. |
|
https://github.com/google/tink/releases/tag/v1.4.0 was released a few minutes ago. |
|
Hi @thaidn i can find @tholenst i wonder if you can help aslo |
Coming from Tink 1.3.0 stable to Tink 1.4 RC2 (on Android), I noticed that the
AesGcmKeyFormathas a possible problem with proguard/R8. We haven't added anything in ourproguard-rules.profile for Tink and am getting a stack trace like thisIn the Android studio looking at the generated
AesGcmKeyFormat, it has the_versionBut when looking at the build APK with proguard/R8 running through it, seems like
version_was removedSeems like the
AesSivKeyFormathas a similar problem as well.I'm going to also check if this problem might have existed in the 1.3 release of the library. But I haven't seen this stack trace before.
We stricly use protobuf
3.12.0The text was updated successfully, but these errors were encountered: