diff --git a/.editorconfig b/.editorconfig new file mode 100644 index 00000000..3939fba5 --- /dev/null +++ b/.editorconfig @@ -0,0 +1,13 @@ +root = true + +[*] +indent_style = space +indent_size = 4 +end_of_line = lf +insert_final_newline = true +trim_trailing_whitespace = true + + +[*.yml] +indent_style = space +indent_size = 2 \ No newline at end of file diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml new file mode 100644 index 00000000..a16ffc8d --- /dev/null +++ b/.github/workflows/main.yml @@ -0,0 +1,26 @@ +name: Main + +on: + push: + branches: [main] + +jobs: + unit-tests: + name: Unit tests + uses: apple/swift-nio/.github/workflows/unit_tests.yml@main + with: + linux_5_9_arguments_override: "-Xswiftc -warnings-as-errors --explicit-target-dependency-import-check error" + linux_5_10_arguments_override: "-Xswiftc -warnings-as-errors --explicit-target-dependency-import-check error" + linux_6_0_arguments_override: "-Xswiftc -warnings-as-errors --explicit-target-dependency-import-check error" + linux_nightly_6_0_arguments_override: "--explicit-target-dependency-import-check error" + linux_nightly_main_arguments_override: "--explicit-target-dependency-import-check error" + + benchmarks: + name: Benchmarks + uses: apple/swift-nio/.github/workflows/benchmarks.yml@main + with: + benchmark_package_path: "Benchmarks" + + cxx-interop: + name: Cxx interop + uses: apple/swift-nio/.github/workflows/cxx_interop.yml@main diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml new file mode 100644 index 00000000..502a14b2 --- /dev/null +++ b/.github/workflows/pull_request.yml @@ -0,0 +1,39 @@ +name: PR + +on: + pull_request: + types: [opened, reopened, synchronize] + +jobs: + soundness: + name: Soundness + uses: swiftlang/github-workflows/.github/workflows/soundness.yml@main + with: + license_header_check_project_name: "SwiftCertificates" + + cmake-lists: + name: Check cmake lists + uses: apple/swift-nio/.github/workflows/swift_matrix.yml@main + with: + name: "Check cmake lists" + matrix_linux_command: ./scripts/check-cmake-lists.sh + + unit-tests: + name: Unit tests + uses: apple/swift-nio/.github/workflows/unit_tests.yml@main + with: + linux_5_9_arguments_override: "-Xswiftc -warnings-as-errors --explicit-target-dependency-import-check error" + linux_5_10_arguments_override: "-Xswiftc -warnings-as-errors --explicit-target-dependency-import-check error" + linux_6_0_arguments_override: "-Xswiftc -warnings-as-errors --explicit-target-dependency-import-check error" + linux_nightly_6_0_arguments_override: "--explicit-target-dependency-import-check error" + linux_nightly_main_arguments_override: "--explicit-target-dependency-import-check error" + + benchmarks: + name: Benchmarks + uses: apple/swift-nio/.github/workflows/benchmarks.yml@main + with: + benchmark_package_path: "Benchmarks" + + cxx-interop: + name: Cxx interop + uses: apple/swift-nio/.github/workflows/cxx_interop.yml@main diff --git a/.github/workflows/pull_request_label.yml b/.github/workflows/pull_request_label.yml new file mode 100644 index 00000000..86f199f3 --- /dev/null +++ b/.github/workflows/pull_request_label.yml @@ -0,0 +1,18 @@ +name: PR label + +on: + pull_request: + types: [labeled, unlabeled, opened, reopened, synchronize] + +jobs: + semver-label-check: + name: Semantic Version label check + runs-on: ubuntu-latest + timeout-minutes: 1 + steps: + - name: Checkout repository + uses: actions/checkout@v4 + with: + persist-credentials: false + - name: Check for Semantic Version label + uses: apple/swift-nio/.github/actions/pull_request_semver_label_checker@main diff --git a/.github/workflows/scheduled.yml b/.github/workflows/scheduled.yml new file mode 100644 index 00000000..b9db48fb --- /dev/null +++ b/.github/workflows/scheduled.yml @@ -0,0 +1,26 @@ +name: Scheduled + +on: + schedule: + - cron: "0 8,20 * * *" + +jobs: + unit-tests: + name: Unit tests + uses: apple/swift-nio/.github/workflows/unit_tests.yml@main + with: + linux_5_9_arguments_override: "-Xswiftc -warnings-as-errors --explicit-target-dependency-import-check error" + linux_5_10_arguments_override: "-Xswiftc -warnings-as-errors --explicit-target-dependency-import-check error" + linux_6_0_arguments_override: "-Xswiftc -warnings-as-errors --explicit-target-dependency-import-check error" + linux_nightly_6_0_arguments_override: "--explicit-target-dependency-import-check error" + linux_nightly_main_arguments_override: "--explicit-target-dependency-import-check error" + + benchmarks: + name: Benchmarks + uses: apple/swift-nio/.github/workflows/benchmarks.yml@main + with: + benchmark_package_path: "Benchmarks" + + cxx-interop: + name: Cxx interop + uses: apple/swift-nio/.github/workflows/cxx_interop.yml@main diff --git a/.licenseignore b/.licenseignore new file mode 100644 index 00000000..c1fb9b15 --- /dev/null +++ b/.licenseignore @@ -0,0 +1,42 @@ +.gitignore +**/.gitignore +.licenseignore +.gitattributes +.git-blame-ignore-revs +.mailfilter +.mailmap +.spi.yml +.swift-format +.editorconfig +.github/* +*.md +*.txt +*.yml +*.yaml +*.json +Package.swift +**/Package.swift +Package@-*.swift +**/Package@-*.swift +Package.resolved +**/Package.resolved +Makefile +*.modulemap +**/*.modulemap +**/*.docc/* +*.xcprivacy +**/*.xcprivacy +*.symlink +**/*.symlink +Dockerfile +**/Dockerfile +Snippets/* +dev/git.commit.template +dev/update-benchmark-thresholds +*.crt +**/*.crt +*.pem +**/*.pem +*.der +**/*.der +Tests/X509Tests/CSR Vectors/cryptography/LICENSE.APACHE diff --git a/Benchmarks/Package.swift b/Benchmarks/Package.swift index bd4daf05..56cc23da 100644 --- a/Benchmarks/Package.swift +++ b/Benchmarks/Package.swift @@ -18,12 +18,12 @@ import PackageDescription let package = Package( name: "benchmarks", platforms: [ - .macOS(.v13), + .macOS(.v13) ], dependencies: [ .package(path: "../"), .package(url: "https://github.com/ordo-one/package-benchmark.git", from: "1.11.1"), - .package(url: "https://github.com/apple/swift-crypto.git", "2.5.0" ..< "4.0.0"), + .package(url: "https://github.com/apple/swift-crypto.git", "2.5.0"..<"4.0.0"), .package(url: "https://github.com/apple/swift-asn1.git", from: "1.0.0"), ], targets: [ @@ -37,11 +37,11 @@ let package = Package( ], path: "Benchmarks/CertificatesBenchmark", resources: [ - .copy("ca-certificates/"), + .copy("ca-certificates/") ], plugins: [ .plugin(name: "BenchmarkPlugin", package: "package-benchmark") ] - ), + ) ] ) diff --git a/Benchmarks/Thresholds/5.8/CertificatesBenchmark.Parse_WebPKI_Roots_from_DER.p90.json b/Benchmarks/Thresholds/5.8/CertificatesBenchmark.Parse_WebPKI_Roots_from_DER.p90.json deleted file mode 100644 index c08c649e..00000000 --- a/Benchmarks/Thresholds/5.8/CertificatesBenchmark.Parse_WebPKI_Roots_from_DER.p90.json +++ /dev/null @@ -1,3 +0,0 @@ -{ - "mallocCountTotal" : 4835000 -} \ No newline at end of file diff --git a/Benchmarks/Thresholds/5.8/CertificatesBenchmark.Parse_WebPKI_Roots_from_PEM_files.p90.json b/Benchmarks/Thresholds/5.8/CertificatesBenchmark.Parse_WebPKI_Roots_from_PEM_files.p90.json deleted file mode 100644 index 0d25cf05..00000000 --- a/Benchmarks/Thresholds/5.8/CertificatesBenchmark.Parse_WebPKI_Roots_from_PEM_files.p90.json +++ /dev/null @@ -1,3 +0,0 @@ -{ - "mallocCountTotal" : 5794000 -} \ No newline at end of file diff --git a/Benchmarks/Thresholds/5.8/CertificatesBenchmark.Parse_WebPKI_Roots_from_multi_PEM_file.p90.json b/Benchmarks/Thresholds/5.8/CertificatesBenchmark.Parse_WebPKI_Roots_from_multi_PEM_file.p90.json deleted file mode 100644 index 77e06e56..00000000 --- a/Benchmarks/Thresholds/5.8/CertificatesBenchmark.Parse_WebPKI_Roots_from_multi_PEM_file.p90.json +++ /dev/null @@ -1,3 +0,0 @@ -{ - "mallocCountTotal" : 5802000 -} \ No newline at end of file diff --git a/Benchmarks/Thresholds/5.8/CertificatesBenchmark.TinyArray.append.p90.json b/Benchmarks/Thresholds/5.8/CertificatesBenchmark.TinyArray.append.p90.json deleted file mode 100644 index a739874a..00000000 --- a/Benchmarks/Thresholds/5.8/CertificatesBenchmark.TinyArray.append.p90.json +++ /dev/null @@ -1,3 +0,0 @@ -{ - "mallocCountTotal" : 10000 -} \ No newline at end of file diff --git a/Benchmarks/Thresholds/5.8/CertificatesBenchmark.TinyArray_non-allocating_functions.p90.json b/Benchmarks/Thresholds/5.8/CertificatesBenchmark.TinyArray_non-allocating_functions.p90.json deleted file mode 100644 index 9f9de44c..00000000 --- a/Benchmarks/Thresholds/5.8/CertificatesBenchmark.TinyArray_non-allocating_functions.p90.json +++ /dev/null @@ -1,3 +0,0 @@ -{ - "mallocCountTotal" : 0 -} \ No newline at end of file diff --git a/Benchmarks/Thresholds/5.8/CertificatesBenchmark.Verifier.p90.json b/Benchmarks/Thresholds/5.8/CertificatesBenchmark.Verifier.p90.json deleted file mode 100644 index 0c617048..00000000 --- a/Benchmarks/Thresholds/5.8/CertificatesBenchmark.Verifier.p90.json +++ /dev/null @@ -1,3 +0,0 @@ -{ - "mallocCountTotal" : 1065000 -} diff --git a/Benchmarks/Thresholds/main/CertificatesBenchmark.Parse_WebPKI_Roots_from_DER.p90.json b/Benchmarks/Thresholds/6.0/CertificatesBenchmark.Parse_WebPKI_Roots_from_DER.p90.json similarity index 100% rename from Benchmarks/Thresholds/main/CertificatesBenchmark.Parse_WebPKI_Roots_from_DER.p90.json rename to Benchmarks/Thresholds/6.0/CertificatesBenchmark.Parse_WebPKI_Roots_from_DER.p90.json diff --git a/Benchmarks/Thresholds/main/CertificatesBenchmark.Parse_WebPKI_Roots_from_PEM_files.p90.json b/Benchmarks/Thresholds/6.0/CertificatesBenchmark.Parse_WebPKI_Roots_from_PEM_files.p90.json similarity index 100% rename from Benchmarks/Thresholds/main/CertificatesBenchmark.Parse_WebPKI_Roots_from_PEM_files.p90.json rename to Benchmarks/Thresholds/6.0/CertificatesBenchmark.Parse_WebPKI_Roots_from_PEM_files.p90.json diff --git a/Benchmarks/Thresholds/main/CertificatesBenchmark.Parse_WebPKI_Roots_from_multi_PEM_file.p90.json b/Benchmarks/Thresholds/6.0/CertificatesBenchmark.Parse_WebPKI_Roots_from_multi_PEM_file.p90.json similarity index 100% rename from Benchmarks/Thresholds/main/CertificatesBenchmark.Parse_WebPKI_Roots_from_multi_PEM_file.p90.json rename to Benchmarks/Thresholds/6.0/CertificatesBenchmark.Parse_WebPKI_Roots_from_multi_PEM_file.p90.json diff --git a/Benchmarks/Thresholds/6.0/CertificatesBenchmark.TinyArray.append.p90.json b/Benchmarks/Thresholds/6.0/CertificatesBenchmark.TinyArray.append.p90.json new file mode 100644 index 00000000..a22fd1b8 --- /dev/null +++ b/Benchmarks/Thresholds/6.0/CertificatesBenchmark.TinyArray.append.p90.json @@ -0,0 +1,6 @@ +{ + "mallocCountTotal" : 10000, + "memoryLeaked" : 0, + "readSyscalls" : 0, + "writeSyscalls" : 0 +} diff --git a/Benchmarks/Thresholds/main/CertificatesBenchmark.TinyArray_non-allocating_functions.p90.json b/Benchmarks/Thresholds/6.0/CertificatesBenchmark.TinyArray_non-allocating_functions.p90.json similarity index 100% rename from Benchmarks/Thresholds/main/CertificatesBenchmark.TinyArray_non-allocating_functions.p90.json rename to Benchmarks/Thresholds/6.0/CertificatesBenchmark.TinyArray_non-allocating_functions.p90.json diff --git a/Benchmarks/Thresholds/6.0/CertificatesBenchmark.Verifier.p90.json b/Benchmarks/Thresholds/6.0/CertificatesBenchmark.Verifier.p90.json new file mode 100644 index 00000000..2c4cf752 --- /dev/null +++ b/Benchmarks/Thresholds/6.0/CertificatesBenchmark.Verifier.p90.json @@ -0,0 +1,6 @@ +{ + "mallocCountTotal" : 921000, + "memoryLeaked" : 0, + "readSyscalls" : 0, + "writeSyscalls" : 0 +} diff --git a/Benchmarks/Thresholds/main/CertificatesBenchmark.Verifier.p90.json b/Benchmarks/Thresholds/nightly-6.0/CertificatesBenchmark.Parse_WebPKI_Roots_from_DER.p90.json similarity index 70% rename from Benchmarks/Thresholds/main/CertificatesBenchmark.Verifier.p90.json rename to Benchmarks/Thresholds/nightly-6.0/CertificatesBenchmark.Parse_WebPKI_Roots_from_DER.p90.json index f5b8a610..856520d1 100644 --- a/Benchmarks/Thresholds/main/CertificatesBenchmark.Verifier.p90.json +++ b/Benchmarks/Thresholds/nightly-6.0/CertificatesBenchmark.Parse_WebPKI_Roots_from_DER.p90.json @@ -1,5 +1,5 @@ { - "mallocCountTotal" : 1251, + "mallocCountTotal" : 4851, "memoryLeaked" : 0, "readSyscalls" : 0, "writeSyscalls" : 0 diff --git a/Benchmarks/Thresholds/nightly-6.0/CertificatesBenchmark.Parse_WebPKI_Roots_from_PEM_files.p90.json b/Benchmarks/Thresholds/nightly-6.0/CertificatesBenchmark.Parse_WebPKI_Roots_from_PEM_files.p90.json new file mode 100644 index 00000000..a194441a --- /dev/null +++ b/Benchmarks/Thresholds/nightly-6.0/CertificatesBenchmark.Parse_WebPKI_Roots_from_PEM_files.p90.json @@ -0,0 +1,6 @@ +{ + "mallocCountTotal" : 5810, + "memoryLeaked" : 0, + "readSyscalls" : 0, + "writeSyscalls" : 0 +} \ No newline at end of file diff --git a/Benchmarks/Thresholds/nightly-6.0/CertificatesBenchmark.Parse_WebPKI_Roots_from_multi_PEM_file.p90.json b/Benchmarks/Thresholds/nightly-6.0/CertificatesBenchmark.Parse_WebPKI_Roots_from_multi_PEM_file.p90.json new file mode 100644 index 00000000..6edd12a6 --- /dev/null +++ b/Benchmarks/Thresholds/nightly-6.0/CertificatesBenchmark.Parse_WebPKI_Roots_from_multi_PEM_file.p90.json @@ -0,0 +1,6 @@ +{ + "mallocCountTotal" : 5818, + "memoryLeaked" : 0, + "readSyscalls" : 0, + "writeSyscalls" : 0 +} \ No newline at end of file diff --git a/Benchmarks/Thresholds/nightly-6.0/CertificatesBenchmark.TinyArray.append.p90.json b/Benchmarks/Thresholds/nightly-6.0/CertificatesBenchmark.TinyArray.append.p90.json new file mode 100644 index 00000000..a22fd1b8 --- /dev/null +++ b/Benchmarks/Thresholds/nightly-6.0/CertificatesBenchmark.TinyArray.append.p90.json @@ -0,0 +1,6 @@ +{ + "mallocCountTotal" : 10000, + "memoryLeaked" : 0, + "readSyscalls" : 0, + "writeSyscalls" : 0 +} diff --git a/Benchmarks/Thresholds/main/CertificatesBenchmark.TinyArray.append.p90.json b/Benchmarks/Thresholds/nightly-6.0/CertificatesBenchmark.TinyArray_non-allocating_functions.p90.json similarity index 70% rename from Benchmarks/Thresholds/main/CertificatesBenchmark.TinyArray.append.p90.json rename to Benchmarks/Thresholds/nightly-6.0/CertificatesBenchmark.TinyArray_non-allocating_functions.p90.json index 20da1eda..a125060c 100644 --- a/Benchmarks/Thresholds/main/CertificatesBenchmark.TinyArray.append.p90.json +++ b/Benchmarks/Thresholds/nightly-6.0/CertificatesBenchmark.TinyArray_non-allocating_functions.p90.json @@ -1,6 +1,6 @@ { - "mallocCountTotal" : 26, + "mallocCountTotal" : 16, "memoryLeaked" : 0, "readSyscalls" : 0, "writeSyscalls" : 0 -} +} \ No newline at end of file diff --git a/Benchmarks/Thresholds/nightly-6.0/CertificatesBenchmark.Verifier.p90.json b/Benchmarks/Thresholds/nightly-6.0/CertificatesBenchmark.Verifier.p90.json new file mode 100644 index 00000000..2c4cf752 --- /dev/null +++ b/Benchmarks/Thresholds/nightly-6.0/CertificatesBenchmark.Verifier.p90.json @@ -0,0 +1,6 @@ +{ + "mallocCountTotal" : 921000, + "memoryLeaked" : 0, + "readSyscalls" : 0, + "writeSyscalls" : 0 +} diff --git a/Benchmarks/Thresholds/nightly-main/CertificatesBenchmark.Parse_WebPKI_Roots_from_DER.p90.json b/Benchmarks/Thresholds/nightly-main/CertificatesBenchmark.Parse_WebPKI_Roots_from_DER.p90.json new file mode 100644 index 00000000..856520d1 --- /dev/null +++ b/Benchmarks/Thresholds/nightly-main/CertificatesBenchmark.Parse_WebPKI_Roots_from_DER.p90.json @@ -0,0 +1,6 @@ +{ + "mallocCountTotal" : 4851, + "memoryLeaked" : 0, + "readSyscalls" : 0, + "writeSyscalls" : 0 +} \ No newline at end of file diff --git a/Benchmarks/Thresholds/nightly-main/CertificatesBenchmark.Parse_WebPKI_Roots_from_PEM_files.p90.json b/Benchmarks/Thresholds/nightly-main/CertificatesBenchmark.Parse_WebPKI_Roots_from_PEM_files.p90.json new file mode 100644 index 00000000..a194441a --- /dev/null +++ b/Benchmarks/Thresholds/nightly-main/CertificatesBenchmark.Parse_WebPKI_Roots_from_PEM_files.p90.json @@ -0,0 +1,6 @@ +{ + "mallocCountTotal" : 5810, + "memoryLeaked" : 0, + "readSyscalls" : 0, + "writeSyscalls" : 0 +} \ No newline at end of file diff --git a/Benchmarks/Thresholds/nightly-main/CertificatesBenchmark.Parse_WebPKI_Roots_from_multi_PEM_file.p90.json b/Benchmarks/Thresholds/nightly-main/CertificatesBenchmark.Parse_WebPKI_Roots_from_multi_PEM_file.p90.json new file mode 100644 index 00000000..6edd12a6 --- /dev/null +++ b/Benchmarks/Thresholds/nightly-main/CertificatesBenchmark.Parse_WebPKI_Roots_from_multi_PEM_file.p90.json @@ -0,0 +1,6 @@ +{ + "mallocCountTotal" : 5818, + "memoryLeaked" : 0, + "readSyscalls" : 0, + "writeSyscalls" : 0 +} \ No newline at end of file diff --git a/Benchmarks/Thresholds/nightly-main/CertificatesBenchmark.TinyArray.append.p90.json b/Benchmarks/Thresholds/nightly-main/CertificatesBenchmark.TinyArray.append.p90.json new file mode 100644 index 00000000..a22fd1b8 --- /dev/null +++ b/Benchmarks/Thresholds/nightly-main/CertificatesBenchmark.TinyArray.append.p90.json @@ -0,0 +1,6 @@ +{ + "mallocCountTotal" : 10000, + "memoryLeaked" : 0, + "readSyscalls" : 0, + "writeSyscalls" : 0 +} diff --git a/Benchmarks/Thresholds/nightly-main/CertificatesBenchmark.TinyArray_non-allocating_functions.p90.json b/Benchmarks/Thresholds/nightly-main/CertificatesBenchmark.TinyArray_non-allocating_functions.p90.json new file mode 100644 index 00000000..a125060c --- /dev/null +++ b/Benchmarks/Thresholds/nightly-main/CertificatesBenchmark.TinyArray_non-allocating_functions.p90.json @@ -0,0 +1,6 @@ +{ + "mallocCountTotal" : 16, + "memoryLeaked" : 0, + "readSyscalls" : 0, + "writeSyscalls" : 0 +} \ No newline at end of file diff --git a/Benchmarks/Thresholds/nightly-main/CertificatesBenchmark.Verifier.p90.json b/Benchmarks/Thresholds/nightly-main/CertificatesBenchmark.Verifier.p90.json new file mode 100644 index 00000000..2c4cf752 --- /dev/null +++ b/Benchmarks/Thresholds/nightly-main/CertificatesBenchmark.Verifier.p90.json @@ -0,0 +1,6 @@ +{ + "mallocCountTotal" : 921000, + "memoryLeaked" : 0, + "readSyscalls" : 0, + "writeSyscalls" : 0 +} diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 448ddb5f..1f57b3ee 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -60,29 +60,6 @@ We require that your commit messages match our template. The easiest way to do t git config commit.template dev/git.commit.template -### Run `./scripts/soundness.sh` - -The scripts directory contains a [soundness.sh script](https://github.com/apple/swift-certificates/blob/main/scripts/soundness.sh) -that enforces additional checks, like license headers and formatting style. - -Please make sure to `./scripts/soundness.sh` before pushing a change upstream, otherwise it is likely the PR validation will fail -on minor changes such as a missing `self.` or similar formatting issues. - -For frequent contributors, we recommend adding the script as a [git pre-push hook](https://git-scm.com/book/en/v2/Customizing-Git-Git-Hooks), which you can do via executing the following command in the project root directory: - -```bash -cat << EOF > .git/hooks/pre-push - -if [[ -f "scripts/soundness.sh" ]]; then - scripts/soundness.sh -fi -EOF -``` - -Which makes the script execute, and only allow the `git push` to complete if the check has passed. - -In the case of formatting issues, you can then `git add` the formatting changes, and attempt the push again. - ## How to contribute your work Please open a pull request at https://github.com/apple/swift-certificates. Make sure the CI passes, and then wait for code review. diff --git a/CONTRIBUTORS.txt b/CONTRIBUTORS.txt deleted file mode 100644 index 2241032b..00000000 --- a/CONTRIBUTORS.txt +++ /dev/null @@ -1,19 +0,0 @@ -For the purpose of tracking copyright, this is the list of individuals and -organizations who have contributed source code to SwiftCertificates. - -For employees of an organization/company where the copyright of work done -by employees of that company is held by the company itself, only the company -needs to be listed here. - -## COPYRIGHT HOLDERS - -- Apple Inc. (all contributors with '@apple.com') - -### Contributors - -- Cory Benfield -- David Nadoba - -**Updating this list** - -Please do not edit this file manually. It is generated using `./scripts/generate_contributors_list.sh`. If a name is misspelled or appearing multiple times: add an entry in `./.mailmap` diff --git a/Package.swift b/Package.swift index 0dc9f3a6..4f0fc49b 100644 --- a/Package.swift +++ b/Package.swift @@ -27,7 +27,8 @@ let package = Package( products: [ .library( name: "X509", - targets: ["X509"]), + targets: ["X509"] + ) ], targets: [ .target( @@ -39,15 +40,17 @@ let package = Package( .product(name: "_CryptoExtras", package: "swift-crypto"), ], exclude: [ - "CMakeLists.txt", - ]), + "CMakeLists.txt" + ] + ), .testTarget( name: "X509Tests", dependencies: [ "X509", .product(name: "SwiftASN1", package: "swift-asn1"), .product(name: "Crypto", package: "swift-crypto"), - ], resources: [ + ], + resources: [ .copy("OCSP Test Resources/www.apple.com.root.der"), .copy("OCSP Test Resources/www.apple.com.intermediate.der"), .copy("OCSP Test Resources/www.apple.com.der"), @@ -55,18 +58,21 @@ let package = Package( .copy("OCSP Test Resources/www.apple.com.intermediate.ocsp-response.der"), .copy("PEMTestRSACertificate.pem"), .copy("CSR Vectors/"), - .copy("ca-certificates.crt") - ]), + .copy("ca-certificates.crt"), + ] + ), .target( name: "_CertificateInternals", exclude: [ - "CMakeLists.txt", - ]), + "CMakeLists.txt" + ] + ), .testTarget( name: "CertificateInternalsTests", dependencies: [ - "_CertificateInternals", - ]), + "_CertificateInternals" + ] + ), ] ) @@ -75,9 +81,8 @@ let package = Package( // we can depend on local versions of our dependencies instead of fetching them remotely. if ProcessInfo.processInfo.environment["SWIFTCI_USE_LOCAL_DEPS"] == nil { package.dependencies += [ - .package(url: "https://github.com/apple/swift-crypto.git", "2.5.0" ..< "4.0.0"), + .package(url: "https://github.com/apple/swift-crypto.git", "2.5.0"..<"4.0.0"), .package(url: "https://github.com/apple/swift-asn1.git", from: "1.1.0"), - .package(url: "https://github.com/apple/swift-docc-plugin.git", from: "1.0.0"), ] } else { package.dependencies += [ diff --git a/Sources/X509/CSR/CSRAttributes.swift b/Sources/X509/CSR/CSRAttributes.swift index 23e771df..a0fd196c 100644 --- a/Sources/X509/CSR/CSRAttributes.swift +++ b/Sources/X509/CSR/CSRAttributes.swift @@ -114,7 +114,7 @@ extension CertificateSigningRequest.Attributes: RandomAccessCollection { /// /// If an attribute already exists with this OID, it will be replaced by the new value. /// - /// - Parameter attribute: The ``CertificateSigningRequest/Attribute`` to insert. + /// - Parameter ext: The ``CertificateSigningRequest/Attribute`` to insert. @inlinable public mutating func insert(_ ext: CertificateSigningRequest.Attribute) { self[oid: ext.oid] = ext @@ -126,7 +126,7 @@ extension CertificateSigningRequest.Attributes: RandomAccessCollection { /// present in this element, the new value will replace it. If `extensions` contains multiple attributes with the same /// ``CertificateSigningRequest/Attribute/oid``, the last element will win. /// - /// - Parameter extensions: The sequence of new ``Certificate/Attribute``s to insert. + /// - Parameter extensions: The sequence of new ``CertificateSigningRequest/Attribute``s to insert. @inlinable public mutating func insert(contentsOf extensions: Extensions) where Extensions.Element == CertificateSigningRequest.Attribute { diff --git a/Sources/X509/Certificate.swift b/Sources/X509/Certificate.swift index e96f2e54..ef4bd459 100644 --- a/Sources/X509/Certificate.swift +++ b/Sources/X509/Certificate.swift @@ -58,11 +58,13 @@ import SwiftASN1 /// across the rest of the data. Allowing users to change this data makes it easy to accidentally modify /// a ``Certificate`` in one part of your code and not realise that the signature has inevitably /// been invalidated. +#if canImport(Security) /// /// ### Creating Certificates from SecCertificate and vice versa /// /// An instance of ``Certificate`` can be created from ``Security/SecCertificate`` (from the ``Security`` framework) with ``Certificate/init(_:)``. /// The opposite, that is, creating an instance of ``Security/SecCertificate`` from ``Certificate``, can be achieved with ``Security/SecCertificate/makeWithCertificate(_:)``. +#endif public struct Certificate { /// The X.509 version of this certificate. /// diff --git a/Sources/X509/CertificateSerialNumber.swift b/Sources/X509/CertificateSerialNumber.swift index bf1e198a..d6607e72 100644 --- a/Sources/X509/CertificateSerialNumber.swift +++ b/Sources/X509/CertificateSerialNumber.swift @@ -56,7 +56,7 @@ extension Certificate { /// Prefer using ``Certificate/SerialNumber-swift.struct/init(integerLiteral:)`` /// with a `StaticBigInt` which enables arbitrary-precision. /// - /// - Parameter bytes: The raw big-endian bytes of the serial number. + /// - Parameter number: The raw big-endian bytes of the serial number. @inlinable public init(_ number: Number) { // `IntegerBytesCollection` already trims leading zeros @@ -101,7 +101,7 @@ extension Certificate.SerialNumber: CustomStringConvertible { extension Certificate.SerialNumber: ExpressibleByIntegerLiteral { /// Constructs a serial number from an integer. /// - /// - Parameter integerLiteral: The raw big-endian bytes of the serial number. + /// - Parameter number: The raw big-endian bytes of the serial number. @inlinable public init(integerLiteral number: StaticBigInt) { var bytes = [UInt8]() diff --git a/Sources/X509/Docs.docc/Creating Certificates.md b/Sources/X509/Docs.docc/Creating Certificates.md index e6c403b5..6e7d5369 100644 --- a/Sources/X509/Docs.docc/Creating Certificates.md +++ b/Sources/X509/Docs.docc/Creating Certificates.md @@ -114,7 +114,7 @@ and the signature algorithm would be constrained to what that key is capable of. match the private key that the subject entity has attested to possessing. We can use the keys from `swift-crypto` for this operation. We'll select `P256.Signing.PrivateKey` as our private key, which -we can wrap up in ``Certificate/PrivateKey/init(_:)-2we15`` to get `issuerPrivateKey`. We can then derive `publicKey` via +we can wrap up in ``Certificate/PrivateKey/init(_:)-6xkmz`` to get `issuerPrivateKey`. We can then derive `publicKey` via ``Certificate/PrivateKey/publicKey``. Finally, we'll pick the only signature algorithm compatible with that key, which is ``Certificate/SignatureAlgorithm-swift.struct/ecdsaWithSHA256``. @@ -181,5 +181,5 @@ let derEncodedPrivateKey = swiftCryptoKey.derRepresentation ### Creating Certificates from SecCertificate and vice versa -An instance of ``Certificate`` can be created from ``Security/SecCertificate`` (from the ``Security`` framework) with ``Certificate/init(_:)``. -The opposite, that is, creating an instance of ``Security/SecCertificate`` from ``Certificate``, can be achieved with ``Security/SecCertificate/makeWithCertificate(_:)``. +An instance of ``Certificate`` can be created from `Security/SecCertificate` (from the `Security` framework) with `Certificate/init(_:)`. +The opposite, that is, creating an instance of `Security/SecCertificate` from `Certificate`, can be achieved with `Security/SecCertificate/makeWithCertificate(_:)`. diff --git a/Sources/X509/Docs.docc/Examining Certificates.md b/Sources/X509/Docs.docc/Examining Certificates.md index 4015867f..16fe74e1 100644 --- a/Sources/X509/Docs.docc/Examining Certificates.md +++ b/Sources/X509/Docs.docc/Examining Certificates.md @@ -163,7 +163,7 @@ The bytes to be signed are also present in the ``Certificate/tbsCertificateBytes the raw certificate bytes as parsed from the wire, which guarantees that there is no encode/decode misrepresentation in these bytes. Together these objects make it possible to validate that a signature was correctly signed, using -``Certificate/PublicKey-swift.struct/isValidSignature(_:for:)``. +``Certificate/PublicKey-swift.struct/isValidSignature(_:for:)-3cbor``. > Warning: While this is a necessary condition for determining the issuer of a certificate, it is not a sufficient one. > Users are strongly discouraged from hand-rolling their own verification logic, and should instead prefer using an diff --git a/Sources/X509/Error.swift b/Sources/X509/Error.swift index 984abac0..f4c09806 100644 --- a/Sources/X509/Error.swift +++ b/Sources/X509/Error.swift @@ -60,6 +60,8 @@ public struct CertificateError: Error, Hashable, CustomStringConvertible { /// The signature algorithm used in a ``Certificate`` is not supported by this library. /// - Parameter reason: A detailed reason explaining what signature algorithm was not supported. + /// - Parameter file: The file where the error occurs. + /// - Parameter line: The line where the error occurs. /// - Returns: A ``CertificateError`` with ``code`` set to ``ErrorCode/unsupportedSignatureAlgorithm``. @inline(never) public static func unsupportedSignatureAlgorithm( @@ -79,6 +81,8 @@ public struct CertificateError: Error, Hashable, CustomStringConvertible { /// The private key algorithm used in a ``Certificate`` is not supported by this library. /// - Parameter reason: A detailed reason explaining what private key algorithm was not supported. + /// - Parameter file: The file where the error occurs. + /// - Parameter line: The line where the error occurs. /// - Returns: A ``CertificateError`` with ``code`` set to ``ErrorCode/unsupportedPublicKeyAlgorithm``. @inline(never) public static func unsupportedPublicKeyAlgorithm( @@ -98,6 +102,8 @@ public struct CertificateError: Error, Hashable, CustomStringConvertible { /// The signature was not valid for the provided ``Certificate``. /// - Parameter reason: A detailed reason detailing the signature and certificate that did not match. + /// - Parameter file: The file where the error occurs. + /// - Parameter line: The line where the error occurs. /// - Returns: A ``CertificateError`` with ``code`` set to ``ErrorCode/invalidSignatureForCertificate``. @inline(never) public static func invalidSignatureForCertificate( @@ -117,6 +123,8 @@ public struct CertificateError: Error, Hashable, CustomStringConvertible { /// An extension has the wrong OID. /// - Parameter reason: A detailed reason detailing the extension and OID that didn't match. + /// - Parameter file: The file where the error occurs. + /// - Parameter line: The line where the error occurs. /// - Returns: A ``CertificateError`` with ``code`` set to ``ErrorCode/incorrectOIDForExtension``. @inline(never) public static func incorrectOIDForExtension( @@ -136,6 +144,8 @@ public struct CertificateError: Error, Hashable, CustomStringConvertible { /// A digest algorithm isn't supported /// - Parameter reason: A detailed reason indicating the algorithm identifier for the unsupported digest. + /// - Parameter file: The file where the error occurs. + /// - Parameter line: The line where the error occurs. /// - Returns: A ``CertificateError`` with ``code`` set to ``ErrorCode/unsupportedDigestAlgorithm``. @inline(never) public static func unsupportedDigestAlgorithm( @@ -155,6 +165,8 @@ public struct CertificateError: Error, Hashable, CustomStringConvertible { /// A digest private key isn't supported /// - Parameter reason: A detailed reason indicating the unsupported private key. + /// - Parameter file: The file where the error occurs. + /// - Parameter line: The line where the error occurs. /// - Returns: A ``CertificateError`` with ``code`` set to ``ErrorCode/unsupportedPrivateKey``. @inline(never) public static func unsupportedPrivateKey( @@ -174,6 +186,8 @@ public struct CertificateError: Error, Hashable, CustomStringConvertible { /// A CSR attribute has the wrong OID. /// - Parameter reason: A detailed reason detailing the attribute and OID that didn't match. + /// - Parameter file: The file where the error occurs. + /// - Parameter line: The line where the error occurs. /// - Returns: A ``CertificateError`` with ``code`` set to ``ErrorCode/incorrectOIDForAttribute``. @inline(never) public static func incorrectOIDForAttribute( @@ -193,6 +207,8 @@ public struct CertificateError: Error, Hashable, CustomStringConvertible { /// A CSR attribute is invalid. /// - Parameter reason: A detailed reason detailing the attribute that is invalid. + /// - Parameter file: The file where the error occurs. + /// - Parameter line: The line where the error occurs. /// - Returns: A ``CertificateError`` with ``code`` set to ``ErrorCode/invalidCSRAttribute``. @inline(never) public static func invalidCSRAttribute( @@ -212,6 +228,8 @@ public struct CertificateError: Error, Hashable, CustomStringConvertible { /// An OID is present twice. /// - Parameter reason: A detailed reason detailing which OID is duplicate. + /// - Parameter file: The file where the error occurs. + /// - Parameter line: The line where the error occurs. /// - Returns: A ``CertificateError`` with ``code`` set to ``ErrorCode/duplicateOID``. @inline(never) public static func duplicateOID( @@ -231,6 +249,8 @@ public struct CertificateError: Error, Hashable, CustomStringConvertible { /// The system trust store could not be found or failed to load from disk. /// - Parameter reason: A detailed reason included which locations were tried and which error got thrown. + /// - Parameter file: The file where the error occurs. + /// - Parameter line: The line where the error occurs. /// - Returns: A ``CertificateError`` with ``code`` set to ``ErrorCode/failedToLoadSystemTrustStore``. @inline(never) public static func failedToLoadSystemTrustStore( diff --git a/Sources/X509/Extension Types/NameConstraints.swift b/Sources/X509/Extension Types/NameConstraints.swift index dd752d14..28c8fc20 100644 --- a/Sources/X509/Extension Types/NameConstraints.swift +++ b/Sources/X509/Extension Types/NameConstraints.swift @@ -606,9 +606,9 @@ public struct NameConstraints { /// - permittedIPRanges: The IP address ranges that are permitted in certificates issued by this CA. /// - excludedIPRanges: The IP address ranges that are forbidden in certificates issued by this CA. /// - permittedEmailAddresses: The email address trees that are permitted in certificates issued by this CA. - /// - excludedEmailAddress: The email address trees that are forbidden in certificates issued by this CA. + /// - excludedEmailAddresses: The email address trees that are forbidden in certificates issued by this CA. /// - permittedURIDomains: The URI domains that are permitted in certificates issued by this CA. - /// - excludedURIDomains: The URI domains that are forbidden in certificates issued by this CA. + /// - forbiddenURIDomains: The URI domains that are forbidden in certificates issued by this CA. @inlinable public init( permittedDNSDomains: some Sequence = [], diff --git a/Sources/X509/Extensions.swift b/Sources/X509/Extensions.swift index 4990636c..1af5650f 100644 --- a/Sources/X509/Extensions.swift +++ b/Sources/X509/Extensions.swift @@ -177,7 +177,7 @@ extension Certificate.Extensions { /// Append a new ``Certificate/Extension`` into this set of ``Certificate/Extensions-swift.struct``. /// - /// - Parameter ext: The ``Certificate/Extension`` to insert. + /// - Parameter extension: The ``Certificate/Extension`` to insert. /// - Throws: If an ``Certificate/Extension`` with the same ``Certificate/Extension/oid`` is already present @inlinable public mutating func append(_ extension: Certificate.Extension) throws { diff --git a/Sources/X509/OCSP/OCSPPolicy.swift b/Sources/X509/OCSP/OCSPPolicy.swift index 9b32f6fd..8866f08e 100644 --- a/Sources/X509/OCSP/OCSPPolicy.swift +++ b/Sources/X509/OCSP/OCSPPolicy.swift @@ -69,7 +69,7 @@ extension OCSPRequesterQueryResult { } /// The OCSP query is considered unsuccessful and will fail verification in both ``OCSPFailureMode/soft`` and ``OCSPFailureMode/hard`` failure mode. - /// The certificate is then considered to not meet the ``OCSPVerifierPolicy`` and ``OCSPVerifierPolicy/chainMeetsPolicyRequirements(chain:)`` will return ``PolicyEvaluationResult/failsToMeetPolicy(reason:)`` with the given ``reason``. + /// The certificate is then considered to not meet the ``OCSPVerifierPolicy`` and ``OCSPVerifierPolicy/chainMeetsPolicyRequirements(chain:)`` will return ``PolicyEvaluationResult/failsToMeetPolicy(reason:)-3tp9a`` with the given reason. /// - Parameter reason: the reason why the OCSP query failed @inlinable public static func terminalError(_ reason: Error) -> Self { diff --git a/Sources/X509/RDNAttribute.swift b/Sources/X509/RDNAttribute.swift index 8ae1e462..c83c081f 100644 --- a/Sources/X509/RDNAttribute.swift +++ b/Sources/X509/RDNAttribute.swift @@ -283,7 +283,7 @@ extension RelativeDistinguishedName.Attribute { /// Create a new attribute from a given type and value. /// /// - Parameter type: The type of the attribute. - /// - Parameter value: The value of the attribute, wrapped in ``ASN1Any``. + /// - Parameter value: The value of the attribute, wrapped in `ASN1Any`. @inlinable public init(type: ASN1ObjectIdentifier, value: ASN1Any) { self.type = type diff --git a/Sources/X509/RelativeDistinguishedName.swift b/Sources/X509/RelativeDistinguishedName.swift index 1aec507f..1242e237 100644 --- a/Sources/X509/RelativeDistinguishedName.swift +++ b/Sources/X509/RelativeDistinguishedName.swift @@ -49,7 +49,7 @@ public struct RelativeDistinguishedName { /// Construct a ``RelativeDistinguishedName`` from a sequence of ``Attribute``. /// - /// - Parameter attributes: The sequence of ``Attribute``s that make up the ``DistinguishedName``. + /// - Parameter attribute: The sequence of ``Attribute``s that make up the ``DistinguishedName``. @inlinable public init(_ attribute: Attribute) { self.init(CollectionOfOne(attribute)) diff --git a/Sources/X509/Signature.swift b/Sources/X509/Signature.swift index fe31f8fb..c9cb580b 100644 --- a/Sources/X509/Signature.swift +++ b/Sources/X509/Signature.swift @@ -26,7 +26,7 @@ extension Certificate { /// signature. /// /// This type is almost entirely opaque. It can be validated by way of - /// ``Certificate/PublicKey-swift.struct/isValidSignature(_:for:)``, and it + /// ``Certificate/PublicKey-swift.struct/isValidSignature(_:for:)-3cbor``, and it /// can be generated by ``Certificate/PrivateKey``s automatically when /// used by ``Certificate/init(version:serialNumber:publicKey:notValidBefore:notValidAfter:issuer:subject:signatureAlgorithm:extensions:issuerPrivateKey:)``. /// Otherwise, this type has essentially no behaviours. diff --git a/Sources/X509/Verifier/AnyPolicy.swift b/Sources/X509/Verifier/AnyPolicy.swift index 8c2a955d..10a0b86e 100644 --- a/Sources/X509/Verifier/AnyPolicy.swift +++ b/Sources/X509/Verifier/AnyPolicy.swift @@ -37,7 +37,7 @@ public struct AnyPolicy: VerifierPolicy { } /// Erases the type of some ``VerifierPolicy`` to ``AnyPolicy``. - /// - Parameter policy: the ``VerifierPolicy`` constructed using the ``PolicyBuilder`` DSL. + /// - Parameter makePolicy: the ``VerifierPolicy`` constructed using the ``PolicyBuilder`` DSL. @inlinable public init(@PolicyBuilder makePolicy: () throws -> some VerifierPolicy) rethrows { self.init(try makePolicy()) diff --git a/Sources/X509/Verifier/RFC5280/RFC5280Policy.swift b/Sources/X509/Verifier/RFC5280/RFC5280Policy.swift index 82ced4e4..eb352e15 100644 --- a/Sources/X509/Verifier/RFC5280/RFC5280Policy.swift +++ b/Sources/X509/Verifier/RFC5280/RFC5280Policy.swift @@ -16,7 +16,7 @@ import SwiftASN1 /// A ``VerifierPolicy`` that implements the core chain verifying policies from RFC 5280. /// -/// Almost all verifiers should use this policy as the initial component of their ``PolicySet``. The policy checks the +/// Almost all verifiers should use this policy as the initial component of their policy set. The policy checks the /// following things: /// /// 1. Version. ``Certificate/Version-swift.struct/v1`` ``Certificate``s with ``Certificate/Extensions-swift.struct`` are rejected. diff --git a/Sources/X509/Verifier/TrustRootLoading.swift b/Sources/X509/Verifier/TrustRootLoading.swift index 6ab168a3..08c6feea 100644 --- a/Sources/X509/Verifier/TrustRootLoading.swift +++ b/Sources/X509/Verifier/TrustRootLoading.swift @@ -27,7 +27,7 @@ extension CertificateStore { /// A ``CertificateStore`` that includes all root Certificate Authorities (CAs) that /// are installed in the systems trust store. /// - /// You can add additional trust roots by ``CertificateStore/inserting(_:)-5sc2d`` them into the returned ``CertificateStore``. + /// You can add additional trust roots by ``CertificateStore/appending(_:)`` them into the returned ``CertificateStore``. /// /// - Note: Access this property as early as possible. It will start loading and parsing of the certificates in the background. /// Accessing this property does **not** block. diff --git a/Sources/X509/Verifier/VerifierPolicy.swift b/Sources/X509/Verifier/VerifierPolicy.swift index 216b0021..ea55ac9b 100644 --- a/Sources/X509/Verifier/VerifierPolicy.swift +++ b/Sources/X509/Verifier/VerifierPolicy.swift @@ -20,7 +20,7 @@ import SwiftASN1 /// regardless of policy, we use the same chain building algorithm. This will generate a sequence of candidate chains in /// the form of ``UnverifiedCertificateChain``. /// -/// Each of these candidate chains is then handed to a ``PolicySet`` to be checked against the certificate policy. +/// Each of these candidate chains is then handed to a ``VerifierPolicy`` to be checked against the certificate policy. /// The reason for this is to allow different use-cases to share the same chain building code, but to enforce /// different requirements on the chain. /// @@ -35,7 +35,7 @@ public protocol VerifierPolicy { /// verifier. If they aren't understood or processed, then verifying the chain must fail. /// /// ``Verifier`` uses the ``VerifierPolicy/verifyingCriticalExtensions`` field to determine what extensions are understood by a given - /// ``PolicySet``. A ``PolicySet`` understands the union of all the understood extensions of its contained ``VerifierPolicy`` + /// ``VerifierPolicy``. A ``VerifierPolicy`` understands the union of all the understood extensions of its contained ``VerifierPolicy`` /// objects. /// /// This may be an empty array, if the policy does not concern itself with any particular extensions. Users must only put @@ -48,7 +48,7 @@ public protocol VerifierPolicy { /// regardless of policy, we use the same chain building algorithm. This will generate a sequence of candidate chains in /// the form of ``UnverifiedCertificateChain``. /// - /// Each of these candidate chains is then handed to a ``PolicySet`` to be checked against the certificate policy. + /// Each of these candidate chains is then handed to a ``VerifierPolicy`` to be checked against the certificate policy. /// The checking is done in this method. mutating func chainMeetsPolicyRequirements(chain: UnverifiedCertificateChain) async -> PolicyEvaluationResult } diff --git a/Tests/X509Tests/VerifierTests.swift b/Tests/X509Tests/VerifierTests.swift index 0804d68b..bd5cdcc4 100644 --- a/Tests/X509Tests/VerifierTests.swift +++ b/Tests/X509Tests/VerifierTests.swift @@ -328,9 +328,9 @@ final class VerifierTests: XCTestCase { ) }() - // MARK: Deeply insane PKI + // MARK: Deeply crazy PKI // - // This section defines a deeply insane PKI. The PKI has one root CA and two intermediate CAs, and looks roughly like this: + // This section defines a deeply crazy PKI. The PKI has one root CA and two intermediate CAs, and looks roughly like this: // // ┌────────────────┐ // │ │ @@ -383,7 +383,7 @@ final class VerifierTests: XCTestCase { // // Finally, we need two Xs that are considered "different" so that chain building doesn't fail. We differ them by using SAN. // - // The following section builds this absolutely insane PKI. We re-use `ca1` defined above as our root CA. + // The following section builds this absolutely crazy PKI. We re-use `ca1` defined above as our root CA. private static let t1t2Key = P256.Signing.PrivateKey() private static let t3Key = P256.Signing.PrivateKey() private static let xKey = P256.Signing.PrivateKey() diff --git a/docker/Dockerfile b/docker/Dockerfile deleted file mode 100644 index 72742911..00000000 --- a/docker/Dockerfile +++ /dev/null @@ -1,27 +0,0 @@ -ARG swift_version=5.7 -ARG ubuntu_version=jammy -ARG base_image=swift:$swift_version-$ubuntu_version -FROM $base_image -# needed to do again after FROM due to docker limitation -ARG swift_version -ARG ubuntu_version - -# set as UTF-8 -RUN apt-get update && apt-get install -y locales locales-all -ENV LC_ALL en_US.UTF-8 -ENV LANG en_US.UTF-8 -ENV LANGUAGE en_US.UTF-8 - -# tools -RUN mkdir -p $HOME/.tools -RUN echo 'export PATH="$HOME/.tools:$PATH"' >> $HOME/.profile - -# swift-format -ARG swiftformat_version=509.0.0 -RUN git clone --branch $swiftformat_version --depth 1 https://github.com/swiftlang/swift-format $HOME/.tools/swift-format-source -RUN cd $HOME/.tools/swift-format-source && swift build -c release -RUN ln -s $HOME/.tools/swift-format-source/.build/release/swift-format $HOME/.tools/swift-format - -# install jemalloc for running allocation benchmarks -RUN apt-get update -RUN apt-get install -y libjemalloc-dev diff --git a/docker/docker-compose.2204.510.yaml b/docker/docker-compose.2204.510.yaml deleted file mode 100644 index 93914cfa..00000000 --- a/docker/docker-compose.2204.510.yaml +++ /dev/null @@ -1,26 +0,0 @@ -version: "3" - -services: - - runtime-setup: - image: swift-certificates:22.04-5.10 - build: - args: - ubuntu_version: "jammy" - swift_version: "5.10" - - test: - image: swift-certificates:22.04-5.10 - environment: - - SWIFT_VERSION=5.10 - - WARN_AS_ERROR_ARG=-Xswiftc -warnings-as-errors - - IMPORT_CHECK_ARG=--explicit-target-dependency-import-check error - # - SANITIZER_ARG=--sanitize=thread # TSan broken still - - shell: - image: swift-certificates:22.04-5.10 - - update-benchmark-baseline: - image: swift-certificates:22.04-5.10 - environment: - - SWIFT_VERSION=5.10 diff --git a/docker/docker-compose.2204.58.yaml b/docker/docker-compose.2204.58.yaml deleted file mode 100644 index c6ebebb2..00000000 --- a/docker/docker-compose.2204.58.yaml +++ /dev/null @@ -1,28 +0,0 @@ -version: "3" - -services: - - runtime-setup: - image: swift-certificates:22.04-5.8 - build: - args: - ubuntu_version: "jammy" - swift_version: "5.8" - - test: - image: swift-certificates:22.04-5.8 - environment: - - SWIFT_VERSION=5.8 - - WARN_AS_ERROR_ARG=-Xswiftc -warnings-as-errors - - IMPORT_CHECK_ARG=--explicit-target-dependency-import-check error - # - SANITIZER_ARG=--sanitize=thread # TSan broken still - - shell: - image: swift-certificates:22.04-5.8 - environment: - - SWIFT_VERSION=5.8 - - update-benchmark-baseline: - image: swift-certificates:22.04-5.8 - environment: - - SWIFT_VERSION=5.8 diff --git a/docker/docker-compose.2204.59.yaml b/docker/docker-compose.2204.59.yaml deleted file mode 100644 index 4cbca4e4..00000000 --- a/docker/docker-compose.2204.59.yaml +++ /dev/null @@ -1,26 +0,0 @@ -version: "3" - -services: - - runtime-setup: - image: swift-certificates:22.04-5.9 - build: - args: - ubuntu_version: "jammy" - swift_version: "5.9" - - test: - image: swift-certificates:22.04-5.9 - environment: - - SWIFT_VERSION=5.9 - - WARN_AS_ERROR_ARG=-Xswiftc -warnings-as-errors - - IMPORT_CHECK_ARG=--explicit-target-dependency-import-check error - # - SANITIZER_ARG=--sanitize=thread # TSan broken still - - shell: - image: swift-certificates:22.04-5.9 - - update-benchmark-baseline: - image: swift-certificates:22.04-5.9 - environment: - - SWIFT_VERSION=5.9 diff --git a/docker/docker-compose.2204.main.yaml b/docker/docker-compose.2204.main.yaml deleted file mode 100644 index 946230b3..00000000 --- a/docker/docker-compose.2204.main.yaml +++ /dev/null @@ -1,25 +0,0 @@ -version: "3" - -services: - - runtime-setup: - image: swift-certificates:22.04-main - build: - args: - base_image: "swiftlang/swift:nightly-main-jammy" - - test: - image: swift-certificates:22.04-main - environment: - - SWIFT_VERSION=main - - WARN_AS_ERROR_ARG=-Xswiftc -warnings-as-errors - - IMPORT_CHECK_ARG=--explicit-target-dependency-import-check error - # - SANITIZER_ARG=--sanitize=thread # TSan broken still - - shell: - image: swift-certificates:22.04-main - - update-benchmark-baseline: - image: swift-certificates:22.04-main - environment: - - SWIFT_VERSION=main diff --git a/docker/docker-compose.yaml b/docker/docker-compose.yaml deleted file mode 100644 index 31ead6d3..00000000 --- a/docker/docker-compose.yaml +++ /dev/null @@ -1,37 +0,0 @@ -# this file is not designed to be run directly -# instead, use the docker-compose.. files -# eg docker-compose -f docker/docker-compose.yaml -f docker/docker-compose.2204.57.yaml run test -version: "3" - -services: - - runtime-setup: - image: swift-certificates:default - build: - context: . - dockerfile: Dockerfile - - common: &common - image: swift-certificates:default - depends_on: [runtime-setup] - volumes: - - ~/.ssh:/root/.ssh - - ..:/swift-certificates:z - working_dir: /swift-certificates - - soundness: - <<: *common - command: /bin/bash -xcl "swift -version && uname -a && ./scripts/soundness.sh" - - test: - <<: *common - command: /bin/bash -xcl "swift $${SWIFT_TEST_VERB-test} $${WARN_AS_ERROR_ARG-} $${SANITIZER_ARG-} $${IMPORT_CHECK_ARG-} && cd Benchmarks && swift package benchmark baseline check --check-absolute-path Thresholds/$${SWIFT_VERSION-}/" - - update-benchmark-baseline: - <<: *common - command: /bin/bash -xcl "cd Benchmarks && swift package --scratch-path .build/$${SWIFT_VERSION-}/ --allow-writing-to-package-directory benchmark --format metricP90AbsoluteThresholds --path Thresholds/$${SWIFT_VERSION-}/" - # util - - shell: - <<: *common - entrypoint: /bin/bash diff --git a/scripts/check-cmake-lists.sh b/scripts/check-cmake-lists.sh new file mode 100755 index 00000000..f50d4550 --- /dev/null +++ b/scripts/check-cmake-lists.sh @@ -0,0 +1,33 @@ +#!/bin/bash +##===----------------------------------------------------------------------===## +## +## This source file is part of the SwiftCertificates open source project +## +## Copyright (c) 2024 Apple Inc. and the SwiftCertificates project authors +## Licensed under Apache License v2.0 +## +## See LICENSE.txt for license information +## See CONTRIBUTORS.txt for the list of SwiftCertificates project authors +## +## SPDX-License-Identifier: Apache-2.0 +## +##===----------------------------------------------------------------------===## + +set -euo pipefail + +log() { printf -- "** %s\n" "$*" >&2; } +error() { printf -- "** ERROR: %s\n" "$*" >&2; } +fatal() { error "$@"; exit 1; } + +log "Checking if the cmake files are up-to-date..." + +here="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" +FIRST_OUT="$(git status --porcelain)" +_=$("$here"/update-cmake-lists.sh 2>&1) +SECOND_OUT="$(git status --porcelain)" +if [[ "$FIRST_OUT" != "$SECOND_OUT" ]]; then + error "Changes in the cmake files detected. Please run the update-cmake-lists.sh script." + exit 1 +fi + +log "✅ cmake files are up-to-date." diff --git a/scripts/check_no_api_breakages.sh b/scripts/check_no_api_breakages.sh deleted file mode 100755 index 80197837..00000000 --- a/scripts/check_no_api_breakages.sh +++ /dev/null @@ -1,67 +0,0 @@ -#!/bin/bash -##===----------------------------------------------------------------------===## -## -## This source file is part of the SwiftCertificates open source project -## -## Copyright (c) 2022 Apple Inc. and the SwiftCertificates project authors -## Licensed under Apache License v2.0 -## -## See LICENSE.txt for license information -## See CONTRIBUTORS.txt for the list of SwiftCertificates project authors -## -## SPDX-License-Identifier: Apache-2.0 -## -##===----------------------------------------------------------------------===## -##===----------------------------------------------------------------------===## -## -## This source file is part of the SwiftNIO open source project -## -## Copyright (c) 2017-2020 Apple Inc. and the SwiftNIO project authors -## Licensed under Apache License v2.0 -## -## See LICENSE.txt for license information -## See CONTRIBUTORS.txt for the list of SwiftNIO project authors -## -## SPDX-License-Identifier: Apache-2.0 -## -##===----------------------------------------------------------------------===## - -set -eu - -function usage() { - echo >&2 "Usage: $0 REPO-GITHUB-URL NEW-VERSION OLD-VERSIONS..." - echo >&2 - echo >&2 "This script requires a Swift 5.2+ toolchain." - echo >&2 - echo >&2 "Examples:" - echo >&2 - echo >&2 "Check between main and tag 2.1.1 of swift-certificates:" - echo >&2 " $0 https://github.com/apple/swift-certificates main 2.1.1" - echo >&2 - echo >&2 "Check between HEAD and commit 64cf63d7 using the provided toolchain:" - echo >&2 " xcrun --toolchain org.swift.5120190702a $0 ../some-local-repo HEAD 64cf63d7" -} - -if [[ $# -lt 3 ]]; then - usage - exit 1 -fi - -tmpdir=$(mktemp -d /tmp/.check-api_XXXXXX) -repo_url=$1 -new_tag=$2 -shift 2 - -repodir="$tmpdir/repo" -git clone "$repo_url" "$repodir" -git -C "$repodir" fetch -q origin '+refs/pull/*:refs/remotes/origin/pr/*' -cd "$repodir" -git checkout -q "$new_tag" - -for old_tag in "$@"; do - echo "Checking public API breakages from $old_tag to $new_tag" - - swift package diagnose-api-breaking-changes "$old_tag" -done - -echo done diff --git a/scripts/generate_contributors_list.sh b/scripts/generate_contributors_list.sh deleted file mode 100755 index cfcf4255..00000000 --- a/scripts/generate_contributors_list.sh +++ /dev/null @@ -1,52 +0,0 @@ -#!/bin/bash -##===----------------------------------------------------------------------===## -## -## This source file is part of the SwiftCertificates open source project -## -## Copyright (c) 2022 Apple Inc. and the SwiftCertificates project authors -## Licensed under Apache License v2.0 -## -## See LICENSE.txt for license information -## See CONTRIBUTORS.txt for the list of SwiftCertificates project authors -## -## SPDX-License-Identifier: Apache-2.0 -## -##===----------------------------------------------------------------------===## -##===----------------------------------------------------------------------===## -## -## This source file is part of the SwiftNIO open source project -## -## Copyright (c) 2017-2018 Apple Inc. and the SwiftNIO project authors -## Licensed under Apache License v2.0 -## -## See LICENSE.txt for license information -## See CONTRIBUTORS.txt for the list of SwiftNIO project authors -## -## SPDX-License-Identifier: Apache-2.0 -## -##===----------------------------------------------------------------------===## - -set -eu -here="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" -contributors=$( cd "$here"/.. && git shortlog -es | cut -f2 | sed 's/^/- /' ) - -cat > "$here/../CONTRIBUTORS.txt" <<- EOF - For the purpose of tracking copyright, this is the list of individuals and - organizations who have contributed source code to SwiftCertificates. - - For employees of an organization/company where the copyright of work done - by employees of that company is held by the company itself, only the company - needs to be listed here. - - ## COPYRIGHT HOLDERS - - - Apple Inc. (all contributors with '@apple.com') - - ### Contributors - - $contributors - - **Updating this list** - - Please do not edit this file manually. It is generated using \`./scripts/generate_contributors_list.sh\`. If a name is misspelled or appearing multiple times: add an entry in \`./.mailmap\` -EOF diff --git a/scripts/run-swift-format.sh b/scripts/run-swift-format.sh deleted file mode 100644 index 1e9c2ce1..00000000 --- a/scripts/run-swift-format.sh +++ /dev/null @@ -1,55 +0,0 @@ -#!/bin/bash -##===----------------------------------------------------------------------===## -## -## This source file is part of the SwiftCertificates open source project -## -## Copyright (c) 2023 Apple Inc. and the SwiftCertificates project authors -## Licensed under Apache License v2.0 -## -## See LICENSE.txt for license information -## See CONTRIBUTORS.txt for the list of SwiftCertificates project authors -## -## SPDX-License-Identifier: Apache-2.0 -## -##===----------------------------------------------------------------------===## -##===----------------------------------------------------------------------===## -## -## This source file is part of the SwiftOpenAPIGenerator open source project -## -## Copyright (c) 2023 Apple Inc. and the SwiftOpenAPIGenerator project authors -## Licensed under Apache License v2.0 -## -## See LICENSE.txt for license information -## See CONTRIBUTORS.txt for the list of SwiftOpenAPIGenerator project authors -## -## SPDX-License-Identifier: Apache-2.0 -## -##===----------------------------------------------------------------------===## -set -euo pipefail - -function log() { printf -- "** %s\n" "$*" >&2; } -function error() { printf -- "** ERROR: %s\n" "$*" >&2; } -function fatal() { error "$*"; exit 1; } - -current_script_dir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" -repo_root="$(git -C "${current_script_dir}" rev-parse --show-toplevel)" - -swiftformat_bin=${swiftformat_bin:-$(command -v swift-format)} || fatal "❌ swiftformat_bin unset and no swift-format on PATH" - -"${swiftformat_bin}" lint \ - --parallel --recursive --strict \ - "${repo_root}/Sources" "${repo_root}/Tests" \ - "${repo_root}/Benchmarks/Benchmarks" \ - && swift_format_rc=$? || swift_format_rc=$? - -if [[ "${swift_format_rc}" -ne 0 ]]; then - fatal "❌ Running swift-format produced errors. - - To fix, run the following command: - - % swift-format format --parallel --recursive --in-place Sources Tests Benchmarks/Benchmarks - " - exit "${swift_format_rc}" -fi - -log "✅ Ran swift-format with no errors." diff --git a/scripts/soundness.sh b/scripts/soundness.sh deleted file mode 100755 index 6a7c39c6..00000000 --- a/scripts/soundness.sh +++ /dev/null @@ -1,208 +0,0 @@ -#!/bin/bash -##===----------------------------------------------------------------------===## -## -## This source file is part of the SwiftCertificates open source project -## -## Copyright (c) 2022-2023 Apple Inc. and the SwiftCertificates project authors -## Licensed under Apache License v2.0 -## -## See LICENSE.txt for license information -## See CONTRIBUTORS.txt for the list of SwiftCertificates project authors -## -## SPDX-License-Identifier: Apache-2.0 -## -##===----------------------------------------------------------------------===## -##===----------------------------------------------------------------------===## -## -## This source file is part of the SwiftNIO open source project -## -## Copyright (c) 2017-2022 Apple Inc. and the SwiftNIO project authors -## Licensed under Apache License v2.0 -## -## See LICENSE.txt for license information -## See CONTRIBUTORS.txt for the list of SwiftNIO project authors -## -## SPDX-License-Identifier: Apache-2.0 -## -##===----------------------------------------------------------------------===## - -set -eu -here="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" - -function replace_acceptable_years() { - # this needs to replace all acceptable forms with 'YEARS' - sed -e 's/20[12][78901234]-20[12][8901234]/YEARS/' -e 's/20[12][8901234]/YEARS/' -} - -printf "=> Checking for unacceptable language... " -# This greps for unacceptable terminology. The square bracket[s] are so that -# "git grep" doesn't find the lines that greps :). -unacceptable_terms=( - -e blacklis[t] - -e whitelis[t] - -e slav[e] - -e sanit[y] -) - -# We have to exclude the code of conduct as it gives examples of unacceptable -# language. -if git grep --color=never -i "${unacceptable_terms[@]}" -- . ":(exclude)CODE_OF_CONDUCT.md" > /dev/null; then - printf "\033[0;31mUnacceptable language found.\033[0m\n" - git grep -i "${unacceptable_terms[@]}" -- . ":(exclude)CODE_OF_CONDUCT.md" - exit 1 -fi -printf "\033[0;32mokay.\033[0m\n" - -# swift-format -swift_format_script="${here}/run-swift-format.sh" -if ! bash "${swift_format_script}"; then - exit 1 -fi - -printf "=> Detecting changes in source files for CMake build\n" -FIRST_OUT="$(git status --porcelain)" -out=$($here/update_cmakelists.sh 2>&1) -SECOND_OUT="$(git status --porcelain)" -if [[ "$FIRST_OUT" != "$SECOND_OUT" ]]; then - printf "\033[0;31mThere are source file changes! Have you added or renamed source files? Or did you forget to run 'update_cmakelists.sh' and commit changes?\033[0m\n" - exit 1 -fi -printf "\033[0;32mokay.\033[0m\n" - -printf "=> Checking license headers\n" -tmp=$(mktemp /tmp/.swift-certificates-soundness_XXXXXX) - -for language in swift-or-c bash dtrace python cmake; do - printf " * $language... " - declare -a matching_files - declare -a exceptions - expections=( ) - matching_files=( -name '*' ) - case "$language" in - swift-or-c) - exceptions=( -name c_nio_llhttp.c -o -name c_nio_api.c -o -name c_nio_http.c -o -name c_nio_llhttp.h -o -name cpp_magic.h -o -name Package.swift -o -name 'Package@*.swift' -o -name CNIOSHA1.h -o -name c_nio_sha1.c -o -name ifaddrs-android.c -o -name ifaddrs-android.h) - matching_files=( -name '*.swift' -o -name '*.c' -o -name '*.h' ) - cat > "$tmp" <<"EOF" -//===----------------------------------------------------------------------===// -// -// This source file is part of the SwiftCertificates open source project -// -// Copyright (c) YEARS Apple Inc. and the SwiftCertificates project authors -// Licensed under Apache License v2.0 -// -// See LICENSE.txt for license information -// See CONTRIBUTORS.txt for the list of SwiftCertificates project authors -// -// SPDX-License-Identifier: Apache-2.0 -// -//===----------------------------------------------------------------------===// -EOF - ;; - cmake) - matching_files=( -name 'SwiftSupport.cmake' -o -name 'CMakeLists.txt' ) - cat > "$tmp" <<"EOF" -##===----------------------------------------------------------------------===## -## -## This source file is part of the SwiftCertificates open source project -## -## Copyright (c) YEARS Apple Inc. and the SwiftCertificates project authors -## Licensed under Apache License v2.0 -## -## See LICENSE.txt for license information -## See CONTRIBUTORS.txt for the list of SwiftCertificates project authors -## -## SPDX-License-Identifier: Apache-2.0 -## -##===----------------------------------------------------------------------===## -EOF - ;; - bash) - matching_files=( -name '*.sh' ) - cat > "$tmp" <<"EOF" -#!/bin/bash -##===----------------------------------------------------------------------===## -## -## This source file is part of the SwiftCertificates open source project -## -## Copyright (c) YEARS Apple Inc. and the SwiftCertificates project authors -## Licensed under Apache License v2.0 -## -## See LICENSE.txt for license information -## See CONTRIBUTORS.txt for the list of SwiftCertificates project authors -## -## SPDX-License-Identifier: Apache-2.0 -## -##===----------------------------------------------------------------------===## -EOF - ;; - python) - matching_files=( -name '*.py' ) - cat > "$tmp" <<"EOF" -#!/usr/bin/env python3 -##===----------------------------------------------------------------------===## -## -## This source file is part of the SwiftCertificates open source project -## -## Copyright (c) YEARS Apple Inc. and the SwiftCertificates project authors -## Licensed under Apache License v2.0 -## -## See LICENSE.txt for license information -## See CONTRIBUTORS.txt for the list of SwiftCertificates project authors -## -## SPDX-License-Identifier: Apache-2.0 -## -##===----------------------------------------------------------------------===## -EOF - ;; - dtrace) - matching_files=( -name '*.d' ) - cat > "$tmp" <<"EOF" -#!/usr/sbin/dtrace -q -s -/*===----------------------------------------------------------------------===* - * - * This source file is part of the SwiftCertificates open source project - * - * Copyright (c) YEARS Apple Inc. and the SwiftCertificates project authors - * Licensed under Apache License v2.0 - * - * See LICENSE.txt for license information - * See CONTRIBUTORS.txt for the list of SwiftCertificates project authors - * - * SPDX-License-Identifier: Apache-2.0 - * - *===----------------------------------------------------------------------===*/ -EOF - ;; - *) - echo >&2 "ERROR: unknown language '$language'" - ;; - esac - - expected_lines=$(cat "$tmp" | wc -l) - expected_sha=$(cat "$tmp" | shasum) - - ( - cd "$here/.." - { - find . \ - \( \! -path './.build/*' -a \ - \( "${matching_files[@]}" \) -a \ - \( \! \( "${exceptions[@]}" \) \) \) - - if [[ "$language" = bash ]]; then - # add everything with a shell shebang too - git grep --full-name -l '#!/bin/bash' - git grep --full-name -l '#!/bin/sh' - fi - } | while read line; do - if [[ "$(cat "$line" | replace_acceptable_years | head -n $expected_lines | shasum)" != "$expected_sha" ]]; then - printf "\033[0;31mmissing headers in file '$line'!\033[0m\n" - diff -u <(cat "$line" | replace_acceptable_years | head -n $expected_lines) "$tmp" - exit 1 - fi - done - printf "\033[0;32mokay.\033[0m\n" - ) -done - -rm "$tmp" diff --git a/scripts/update_cmakelists.sh b/scripts/update-cmake-lists.sh similarity index 92% rename from scripts/update_cmakelists.sh rename to scripts/update-cmake-lists.sh index 06f447f5..dcd930dd 100755 --- a/scripts/update_cmakelists.sh +++ b/scripts/update-cmake-lists.sh @@ -22,6 +22,7 @@ case "$(uname -s)" in find=gfind # brew install findutils ;; *) + # shellcheck disable=SC2209 find=find ;; esac @@ -32,14 +33,14 @@ function update_cmakelists_source() { # Build an array with the rest of the arguments shift src_exts=("$@") - echo "Finding source files (${src_exts[@]}) under $src_root" + echo "Finding source files (" "${src_exts[@]}" ") under $src_root" num_exts=${#src_exts[@]} # Build file extensions argument for `find` declare -a exts_arg exts_arg+=(-name "${src_exts[0]}") - for (( i=1; i<$num_exts; i++ )); + for (( i=1; i