From 080df47bfe9119619442f544160d7223da9651f3 Mon Sep 17 00:00:00 2001 From: cnkwocha Date: Fri, 13 Dec 2024 15:40:56 +0000 Subject: [PATCH 1/5] Enable strict concurrency Motivation: To catch potential data races at build time. Modifications: - Bump Swift tools version from 5.8 to 5.9 in Package.swift. - Enable strict concurrency in Package.swift. - Adjust documentation to section on the supported Swift versions. - Implement minor fixes for the surfaced strict concurrency warnings. - Add `-require-explicit-sendable` to the 6.0, nightly 6.0 and nightly main CI checks. Result: Strict concurrency adoption. --- .github/workflows/main.yml | 6 +++--- .github/workflows/pull_request.yml | 6 +++--- Package.swift | 8 +++++++- README.md | 3 +-- Sources/X509/SecKeyWrapper.swift | 2 +- Tests/X509Tests/SecKeyWrapperTests.swift | 6 +++--- Tests/X509Tests/SignatureTests.swift | 2 +- 7 files changed, 19 insertions(+), 14 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 4483f1ea..7d01bf70 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -13,9 +13,9 @@ jobs: with: linux_5_9_arguments_override: "-Xswiftc -warnings-as-errors --explicit-target-dependency-import-check error" linux_5_10_arguments_override: "-Xswiftc -warnings-as-errors --explicit-target-dependency-import-check error" - linux_6_0_arguments_override: "-Xswiftc -warnings-as-errors --explicit-target-dependency-import-check error" - linux_nightly_6_0_arguments_override: "--explicit-target-dependency-import-check error" - linux_nightly_main_arguments_override: "--explicit-target-dependency-import-check error" + linux_6_0_arguments_override: "-Xswiftc -warnings-as-errors --explicit-target-dependency-import-check error -Xswiftc -require-explicit-sendable" + linux_nightly_6_0_arguments_override: "--explicit-target-dependency-import-check error -Xswiftc -require-explicit-sendable" + linux_nightly_main_arguments_override: "--explicit-target-dependency-import-check error -Xswiftc -require-explicit-sendable" benchmarks: name: Benchmarks diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml index 502a14b2..b598f0d8 100644 --- a/.github/workflows/pull_request.yml +++ b/.github/workflows/pull_request.yml @@ -24,9 +24,9 @@ jobs: with: linux_5_9_arguments_override: "-Xswiftc -warnings-as-errors --explicit-target-dependency-import-check error" linux_5_10_arguments_override: "-Xswiftc -warnings-as-errors --explicit-target-dependency-import-check error" - linux_6_0_arguments_override: "-Xswiftc -warnings-as-errors --explicit-target-dependency-import-check error" - linux_nightly_6_0_arguments_override: "--explicit-target-dependency-import-check error" - linux_nightly_main_arguments_override: "--explicit-target-dependency-import-check error" + linux_6_0_arguments_override: "-Xswiftc -warnings-as-errors --explicit-target-dependency-import-check error -Xswiftc -require-explicit-sendable" + linux_nightly_6_0_arguments_override: "--explicit-target-dependency-import-check error -Xswiftc -require-explicit-sendable" + linux_nightly_main_arguments_override: "--explicit-target-dependency-import-check error -Xswiftc -require-explicit-sendable" benchmarks: name: Benchmarks diff --git a/Package.swift b/Package.swift index 9f859a62..e042c0c3 100644 --- a/Package.swift +++ b/Package.swift @@ -1,4 +1,4 @@ -// swift-tools-version: 5.8 +// swift-tools-version: 5.9 //===----------------------------------------------------------------------===// // // This source file is part of the SwiftCertificates open source project @@ -91,6 +91,12 @@ if ProcessInfo.processInfo.environment["SWIFTCI_USE_LOCAL_DEPS"] == nil { ] } +for target in package.targets { + var settings = target.swiftSettings ?? [] + settings.append(.enableExperimentalFeature("StrictConcurrency=complete")) + target.swiftSettings = settings +} + // --- STANDARD CROSS-REPO SETTINGS DO NOT EDIT --- // for target in package.targets { if target.type != .plugin { diff --git a/README.md b/README.md index 9933073f..2e111588 100644 --- a/README.md +++ b/README.md @@ -24,8 +24,7 @@ a default verifier and a number of built-in verifier policies. ## Supported Swift Versions -This library was introduced with support for Swift 5.7 or later. This library will -support the latest stable Swift version and the two versions prior. +This library will support the latest stable Swift version and the two versions prior. ## Getting Started diff --git a/Sources/X509/SecKeyWrapper.swift b/Sources/X509/SecKeyWrapper.swift index 979cbf19..4e99eb2e 100644 --- a/Sources/X509/SecKeyWrapper.swift +++ b/Sources/X509/SecKeyWrapper.swift @@ -66,7 +66,7 @@ extension Certificate.PrivateKey { @usableFromInline static func keyAttributes(key: SecKey) throws -> [String: any Sendable] { - guard let attributes = SecKeyCopyAttributes(key) as? [CFString: Any] else { + guard let attributes = SecKeyCopyAttributes(key) as? [CFString: any Sendable] else { throw CertificateError.unsupportedPrivateKey( reason: "cannot copy SecKey attributes" ) diff --git a/Tests/X509Tests/SecKeyWrapperTests.swift b/Tests/X509Tests/SecKeyWrapperTests.swift index dce5664d..afd1e387 100644 --- a/Tests/X509Tests/SecKeyWrapperTests.swift +++ b/Tests/X509Tests/SecKeyWrapperTests.swift @@ -12,7 +12,7 @@ // //===----------------------------------------------------------------------===// -import XCTest +@preconcurrency import XCTest @_spi(Testing) @testable import X509 #if canImport(Darwin) @@ -62,9 +62,9 @@ final class SecKeyWrapperTests: XCTestCase { } @available(macOS 11.0, iOS 14, tvOS 14, watchOS 7, *) - func testPEMExport() throws { + func testPEMExport() async throws { for candidate in try generateCandidateKeys() { - try XCTContext.runActivity(named: "Testing \(candidate.type) key (size: \(candidate.keySize))") { _ in + try await XCTContext.runActivity(named: "Testing \(candidate.type) key (size: \(candidate.keySize))") { _ in let secKeyWrapper = try Certificate.PrivateKey.SecKeyWrapper(key: candidate.key) if !candidate.sep { diff --git a/Tests/X509Tests/SignatureTests.swift b/Tests/X509Tests/SignatureTests.swift index ff7a8c48..9a7ae8a3 100644 --- a/Tests/X509Tests/SignatureTests.swift +++ b/Tests/X509Tests/SignatureTests.swift @@ -12,7 +12,7 @@ // //===----------------------------------------------------------------------===// -import XCTest +@preconcurrency import XCTest @preconcurrency import Crypto import _CryptoExtras import SwiftASN1 From d9b750af1b522086ba59651497f01953d8859da0 Mon Sep 17 00:00:00 2001 From: cnkwocha Date: Fri, 13 Dec 2024 16:55:48 +0000 Subject: [PATCH 2/5] Add missing `@preconcurrency` `Security` import --- Tests/X509Tests/SecKeyWrapperTests.swift | 5 ++++- Tests/X509Tests/SignatureTests.swift | 5 ++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/Tests/X509Tests/SecKeyWrapperTests.swift b/Tests/X509Tests/SecKeyWrapperTests.swift index afd1e387..8fee8249 100644 --- a/Tests/X509Tests/SecKeyWrapperTests.swift +++ b/Tests/X509Tests/SecKeyWrapperTests.swift @@ -12,8 +12,11 @@ // //===----------------------------------------------------------------------===// -@preconcurrency import XCTest +import XCTest @_spi(Testing) @testable import X509 +#if canImport(Darwin) +@preconcurrency import Security +#endif #if canImport(Darwin) final class SecKeyWrapperTests: XCTestCase { diff --git a/Tests/X509Tests/SignatureTests.swift b/Tests/X509Tests/SignatureTests.swift index 9a7ae8a3..efc9d0fe 100644 --- a/Tests/X509Tests/SignatureTests.swift +++ b/Tests/X509Tests/SignatureTests.swift @@ -12,11 +12,14 @@ // //===----------------------------------------------------------------------===// -@preconcurrency import XCTest +import XCTest @preconcurrency import Crypto import _CryptoExtras import SwiftASN1 @testable import X509 +#if canImport(Darwin) +@preconcurrency import Security +#endif final class SignatureTests: XCTestCase { static let now = Date() From 71dfe4ee21a220f5460c70549c2f909e14281fb1 Mon Sep 17 00:00:00 2001 From: cnkwocha Date: Fri, 13 Dec 2024 17:51:40 +0000 Subject: [PATCH 3/5] Remove `-warnings-as-errors` from 5.10 CI check --- .github/workflows/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 7d01bf70..ae3baa9f 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -12,7 +12,7 @@ jobs: uses: apple/swift-nio/.github/workflows/unit_tests.yml@main with: linux_5_9_arguments_override: "-Xswiftc -warnings-as-errors --explicit-target-dependency-import-check error" - linux_5_10_arguments_override: "-Xswiftc -warnings-as-errors --explicit-target-dependency-import-check error" + linux_5_10_arguments_override: "-Xswiftc --explicit-target-dependency-import-check error" linux_6_0_arguments_override: "-Xswiftc -warnings-as-errors --explicit-target-dependency-import-check error -Xswiftc -require-explicit-sendable" linux_nightly_6_0_arguments_override: "--explicit-target-dependency-import-check error -Xswiftc -require-explicit-sendable" linux_nightly_main_arguments_override: "--explicit-target-dependency-import-check error -Xswiftc -require-explicit-sendable" From a46ff3f05a7e36771cc0ec2aede7be279e06adab Mon Sep 17 00:00:00 2001 From: cnkwocha Date: Fri, 13 Dec 2024 17:55:32 +0000 Subject: [PATCH 4/5] Remove `-warnings-as-errors` from 5.10 CI check --- .github/workflows/pull_request.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml index b598f0d8..1c42a699 100644 --- a/.github/workflows/pull_request.yml +++ b/.github/workflows/pull_request.yml @@ -23,7 +23,7 @@ jobs: uses: apple/swift-nio/.github/workflows/unit_tests.yml@main with: linux_5_9_arguments_override: "-Xswiftc -warnings-as-errors --explicit-target-dependency-import-check error" - linux_5_10_arguments_override: "-Xswiftc -warnings-as-errors --explicit-target-dependency-import-check error" + linux_5_10_arguments_override: "-Xswiftc --explicit-target-dependency-import-check error" linux_6_0_arguments_override: "-Xswiftc -warnings-as-errors --explicit-target-dependency-import-check error -Xswiftc -require-explicit-sendable" linux_nightly_6_0_arguments_override: "--explicit-target-dependency-import-check error -Xswiftc -require-explicit-sendable" linux_nightly_main_arguments_override: "--explicit-target-dependency-import-check error -Xswiftc -require-explicit-sendable" From edf6814f83bc77da83c5ccce66cfee72b6c41876 Mon Sep 17 00:00:00 2001 From: cnkwocha Date: Fri, 13 Dec 2024 18:09:19 +0000 Subject: [PATCH 5/5] Fix 5.10 CI flags --- .github/workflows/main.yml | 2 +- .github/workflows/pull_request.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index ae3baa9f..6faf7549 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -12,7 +12,7 @@ jobs: uses: apple/swift-nio/.github/workflows/unit_tests.yml@main with: linux_5_9_arguments_override: "-Xswiftc -warnings-as-errors --explicit-target-dependency-import-check error" - linux_5_10_arguments_override: "-Xswiftc --explicit-target-dependency-import-check error" + linux_5_10_arguments_override: "--explicit-target-dependency-import-check error" linux_6_0_arguments_override: "-Xswiftc -warnings-as-errors --explicit-target-dependency-import-check error -Xswiftc -require-explicit-sendable" linux_nightly_6_0_arguments_override: "--explicit-target-dependency-import-check error -Xswiftc -require-explicit-sendable" linux_nightly_main_arguments_override: "--explicit-target-dependency-import-check error -Xswiftc -require-explicit-sendable" diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml index 1c42a699..71297eac 100644 --- a/.github/workflows/pull_request.yml +++ b/.github/workflows/pull_request.yml @@ -23,7 +23,7 @@ jobs: uses: apple/swift-nio/.github/workflows/unit_tests.yml@main with: linux_5_9_arguments_override: "-Xswiftc -warnings-as-errors --explicit-target-dependency-import-check error" - linux_5_10_arguments_override: "-Xswiftc --explicit-target-dependency-import-check error" + linux_5_10_arguments_override: "--explicit-target-dependency-import-check error" linux_6_0_arguments_override: "-Xswiftc -warnings-as-errors --explicit-target-dependency-import-check error -Xswiftc -require-explicit-sendable" linux_nightly_6_0_arguments_override: "--explicit-target-dependency-import-check error -Xswiftc -require-explicit-sendable" linux_nightly_main_arguments_override: "--explicit-target-dependency-import-check error -Xswiftc -require-explicit-sendable"