Enable encryption for mobile targets

[winghouchan]

Why?

#1423 introduced support for React Native however encryption was disabled due to the difficulty in getting successful builds with encryption enabled:

• Encryption seems to be compiling sqlcipher (?) via cmake, which also includes OpenSSL flags, the problem the compilation step is hard to integrate with Android (and that's why I had to disable it). Someone else that knows the internals of libsql should give it a try.

– #1423 (comment)

With encryption disabled, libSQL on React Native does not have feature parity with other platforms.

What?

This PR enables encryption for builds against mobile targets. However, while the encryption feature is enabled, there is additional work to get the encryption feature fully complete:

P.S. if you do turn on encryption, it will require a modification to the bindings to send the encryption key from JS, so, open a PR when the time comes and I will take a look.

– #1423 (comment)

How?

• The encryption feature of the libSQL dependency in the C bindings package has been enabled for all targets.
• Build scripts and configurations in the libSQL FFI package have been updated so that libSQL products for each target and the OP SQLite Example App build successfully; and the tests against the OP SQLite Example App pass.

I'm not actually familiar with Android/iOS/C/Rust build systems, or libSQL / OP SQLite internals so configuration decisions were based on a feedback loop of running make <android|ios> in bindings/c and making updates until builds in libSQL and the OP SQLite Example App were successful. I'm unsure if there's anything else to check and will have to defer to Turso team members and @ospfranco for their knowledge.

[winghouchan]

Note

This value comes from the value already passed to the platform option when running cargo ndk. It has been pulled out and assigned here so that it can also be passed as an environment variable for libSQL FFI's build script which uses it to set the ANDROID_PLATFORM variable when running CMake.

[winghouchan]

Note

cmake_opts changed from Vec<&str> to Vec<String> to allow for interpolating options values into a string with their option names.

[winghouchan]

Note

Use the Android NDK toolchain if available (determined by the value of the CARGO_NDK_CMAKE_TOOLCHAIN_PATH). This seems to be necessary for a successful build for Android.

[winghouchan]

Note

Changing cmake_opts from Vec<&str> to Vec<String> necessitated calling to_string on these string literals.

This seems very verbose but I'm not familiar with Rust so please let me know if there is a better way.

[winghouchan]

Important

This is probably the critical change to build for Android. It configures CMake in the following ways:

• Sets CMAKE_TOOLCHAIN_FILE to the path to the Android NDK toolchain file (available via the CARGO_NDK_CMAKE_TOOLCHAIN_PATH environment variable).
• Sets the ANDROID_ABI variable according to the defined target.
• Sets the ANDROID_PLATFORM variable to the platform level specified in the C bindings package manifest, via an environment variable named ANDROID_PLATFORM.

[winghouchan]

Important

This is probably the critical change to build for iOS. It configures CMake in the following ways:

• Sets the CMAKE_OSX_ARCHITECTURES variable to the architecture according to the target.
• Sets the CMAKE_SYSTEM_PROCESSOR variable to the processor according to the target.
• Sets the CMAKE_OSX_SYSROOT variable to iphonesimulator if the target is a simulator or the x86_64 architecture (there are no physical x86_64 iPhones) or iphoneos if the target is a physical device.

[winghouchan]

@ospfranco: given my unfamiliarity, would you mind expanding on this comment on #1423 please?

P.S. if you do turn on encryption, it will require a modification to the bindings to send the encryption key from JS, so, open a PR when the time comes and I will take a look.

[winghouchan]

Related: #1384

[winghouchan]

I see there's some logic for cross compilation:

libsql/libsql-ffi/build.rs

Lines 457 to 509 in c6ebbe1

	let target_postfix = target.to_string().replace("-", "_");
	let cross_cc_var_name = format!("CC_{}", target_postfix);
	println!("cargo:warning=CC_var_name={}", cross_cc_var_name);
	let cross_cc = env::var(&cross_cc_var_name).ok();
	let cross_cxx_var_name = format!("CXX_{}", target_postfix);
	let cross_cxx = env::var(&cross_cxx_var_name).ok();
	let toolchain_path = sqlite3mc_build_dir.join("toolchain.cmake");
	let cmake_toolchain_opt = "-DCMAKE_TOOLCHAIN_FILE=toolchain.cmake".to_string();
	let mut toolchain_file = OpenOptions::new()
	.create(true)
	.write(true)
	.append(true)
	.open(toolchain_path.clone())
	.unwrap();
	if let Some(ref cc) = cross_cc {
	let system_name = if cc.contains("linux") {
	"Linux"
	} else if cc.contains("darwin") {
	"Darwin"
	} else if cc.contains("w64") {
	"Windows"
	} else {
	panic!("Unsupported cross target {}", cc)
	};
	let system_processor = if cc.contains("x86_64") {
	"x86_64"
	} else if cc.contains("aarch64") {
	"arm64"
	} else if cc.contains("arm") {
	"arm"
	} else {
	panic!("Unsupported cross target {}", cc)
	};
	cmake_opts.push(&cmake_toolchain_opt);
	writeln!(toolchain_file, "set(CMAKE_SYSTEM_NAME \"{}\")", system_name).unwrap();
	writeln!(
	toolchain_file,
	"set(CMAKE_SYSTEM_PROCESSOR \"{}\")",
	system_processor
	)
	.unwrap();
	writeln!(toolchain_file, "set(CMAKE_C_COMPILER {})", cc).unwrap();
	}
	if let Some(cxx) = cross_cxx {
	writeln!(toolchain_file, "set(CMAKE_CXX_COMPILER {})", cxx).unwrap();
	}

Would it be better to somehow work within this, instead of the changes currently proposed (79ff682)?

[penberg]

@levydsa do you remember why we disabled encryption for mobile targets?

[levydsa]

@penberg, because it was hard to cross-compile sqlite3mc to mobile targets. But apparently, its possible with a few tweaks.

[tyrauber]

Thank you @winghouchan, for picking this up. libsql is fantastic on mobile devices (thanks to op-sqlite), but the lack of database encryption is definitely problematic. I would love to see this get merged in.