Skip to content
This repository has been archived by the owner on Apr 17, 2024. It is now read-only.

Is Tink for Objective-C buildable via Bazel? #705

Closed
luispadron opened this issue Jul 2, 2023 · 9 comments
Closed

Is Tink for Objective-C buildable via Bazel? #705

luispadron opened this issue Jul 2, 2023 · 9 comments
Assignees
@morambro
Labels
p3

Comments

@luispadron
Copy link

luispadron commented Jul 2, 2023
edited
Loading

Describe the bug:

It's been months since https://github.com/google/tink/issues/641 was opened with still no resolution so I'm trying to build the objc framework with Bazel and package the .xcframework myself.

Hitting a few issues and it seems like the Bazel build for objc has been broken since at least 1.7.0:

  • In the v1.7.0 tag tink_version.bzl file is missing from the archive which is required by the objc/WORKSPACE
  • If you add the missing file, you get a ton of other issues since the BUILD files try to resolve things like //tools and //cc but objc is in it's own Bazel workspace so those labels don't make sense.

Giving up on 1.7.0 I tried the latest master as of this issue creation and am seeing these issues:

  • Incorrect Tink/ in paths:

    Extracting Bazel installation...
Starting local Bazel server and connecting to it...
ERROR: /Users/lpadron/Development/tink/objc/BUILD.bazel:154:13: no such package 'Tink': BUILD 
file not found in any of the following directories. Add a BUILD file to a directory to mark it 
as a package.
- /Users/lpadron/Development/tink/objc/Tink and referenced by '//:cleartext_keyset_handle

  • After fixing the labels to drop the extra Tink it gets past analysis and fails with header import path issues

ERROR: /Users/lpadron/Development/tink/objc/BUILD.bazel:136:13: Compiling core/TINKBinaryKeysetReader.mm failed: (Exit 1): wrapped_clang_pp failed: error executing command (from target //:binary_keyset_reader) external/local_config_cc/wrapped_clang_pp -target arm64-apple-ios12.0-simulator '-stdlib=libc++' '-std=gnu++11' '-D_FORTIFY_SOURCE=1' -fstack-protector -fcolor-diagnostics -Wall -Wthread-safety ... (remaining 72 arguments skipped)

Use --sandbox_debug to see verbose messages from the sandbox and retain the sandbox build root for debugging
core/TINKBinaryKeysetReader.mm:29:10: fatal error: 'third_party/tink/objc/proto_redirect/tink_cc_pb_redirect.h' file not found
#include "third_party/tink/objc/proto_redirect/tink_cc_pb_redirect.h"
         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1 error generated.
Error in child process '/usr/bin/xcrun'. 1
Target //:Tink_framework failed to build

Is Tink Objective-C tested in CI at all or am I doing something wrong here. Thanks for the help!

What was the expected behavior?

It builds 🙏🏼

How can we reproduce the bug?

cd objc && bazel build //:Tink_framework

Is there anything else you’d like to add?

A general status update on Objective-C support would be great. The CocoPods issue linked above has been open for almost a year at this point and folks are blocked from upgrading to 1.7.0. Additionally, folks on older versions require workarounds to support arm64.
@tholenst
Copy link
Contributor

tholenst commented Jul 3, 2023

We are currently also in the process of moving to separate repos -- I think we didn't expect anyone to build from the old repo and hence I think we currently may only have tests with bazel on the new repo (which isn't public yet).

Sorry for the mess :( We're a little overloaded.

@tholenst tholenst added the p3 label Jul 3, 2023
@luispadron
Copy link
Author

Thanks for the info! I think it might be helpful for others (especially Objective-C users) to clarify this:

I think we didn't expect anyone to build from the old repo and hence I think we currently may only have tests with bazel on the new repo (which isn't public yet).

The README of this repository states it will be maintained / functional until those replacements are available no? Regardless of the replacement, the 1.7.0 tag (before this work started, is also unbuildable)

@morambro
Copy link
Contributor

morambro commented Jul 7, 2023

Hi @luispadron, the new repository https://github.com/tink-crypto/tink-objc is now public. Tink Obj-C 1.7.0 is not buildable from https://github.com/google/tink (this is unideal, I agree), but tink-crypto/tink-objc@HEAD does build and it is maintained.

@tholenst
Copy link
Contributor

tholenst commented Jul 7, 2023

Some remarks: the ObjC version here was not buildable since at least Apr. 2020. In general while we plan to maintain the current features here in the ObjC build, Tink ObjC is vastly behind other languages. As a new user, I would consider to instead use the C++ version.

That being said, we do currently still plan to keep supporting the functionality of ObjC which we have here -- though in practice it has been hard in the past. I hope that with the splitting of the repositories it can become easier.

I also do not have information on how difficult it is to use C++ from ObjC (or e.g. Swift) directly -- so in the end, I cannot make a decision for a user how to use Tink.

From a functionality standpoint, the only thing which ObjC offers over direct usage of C++ Tink is the Keychain integration in "TINKKeysetHandle.h" (e.g. https://github.com/tink-crypto/tink-objc/blob/main/Tink/core/TINKKeysetHandle.mm#L132). However, if this is functionality you want, you want to consider tink-crypto/tink-objc#1.

C++ however offers more functionality: for example, we are working on adding an API to import and export keys in C++, and it has more primitives (such as PRFs, StreamingAeads, and soon or maybe already present, KeyDerivation). These things are unlikely to be added to ObjC Tink any time soon.

@luispadron
Copy link
Author

Using the C++ version with Swift might be easier as of Xcode 15, we'll have to use objective-c for now though as I suspect we use the keychain API.

The objective-c repo is great, thanks for making that public! I'll check it out today and see if I can get a build.

Thanks for the information and support here!

@tholenst
Copy link
Contributor

tholenst commented Jul 7, 2023

If you have existing code it might also not be easy to migrate: the classes are all different. In this case, I think it is almost a must to keep using Tink ObjC. We are also hoping that in the future it might be easier for community members to help with the objective C repository.

@luispadron
Copy link
Author

Thanks y'all for the new repository, I was able to get our app working with it by building a rules_apple apple_static_xcframework from the //Tink:objc target (our project doesn't fully use Bazel yet or we'd just use the //Tink:objc target).

I did need to make some changes to the BUILD to get this working though, I'll open a different issue or a PR in tink_objc. One thing that is now missing with the move though are the historical tags. I was looking to update to 1.7.0 (were on 1.5.0) so I'm not sure what version of Tink we'd now be using since we need to target main of tink-cc and tink-objc.

@luispadron
Copy link
Author

PR in tink-objc with changes: tink-crypto/tink-objc#2

@rickytribbia
Copy link

@tholenst Have anyone an idea to how configure a sample XCode project for an iOS app that use tink-cc and tink-cc-gpckms?

I think that if for you it's difficult to maintain the obj-c version of the project and the c++ version could be more usable also in swift project could be optimal to have some tutorial and/or sample projects in c++ repo that explain how to use it in this scenario.

We've just implemented all crypto stuff using tink and tink-gcpkms in Android and it's frustrating to can't do the same in iOS.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@morambro morambro

Labels
p3
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@rickytribbia @morambro @tholenst @luispadron