Xcode project for Carthage support

[ilammy]

This adds an Xcode project to build OpenSSL frameworks. Carthage build system relies exclusively on Xcode projects so adding one adds support for building with Carthage. This is a modernized version of PR #27, and it should hopefully close the issue #31.

With this it is now possible to use OpenSSL via Carthage by putting the following line into Cartfile:

github "ilammy/OpenSSL" "carthage-support"

or, alternatively, with versions:

github "ilammy/OpenSSL" ~> 1.0.2

Then run carthage update which will download the source code and build the frameworks (or just download prebuilt binaries), and put them into Carthage directory.

Summary of changes

The changes are based off the 1.0.2.14 branch and do not use existing support scripts. Unfortunately, I could not find a way to reuse them from Xcode (but that should be the right way, probably). On the flip side, it's now possible to build framworks using xcodebuild from command-line.

Most of the changes are in Xcode XML stuff which is hard to review directly so I'll describe it here in more detail.

The project is configured as follows:

• Two targets OpenSSL (iOS) and OpenSSL (macOS) which build Cocoa Touch and (desktop) Cocoa frameworks respectively. They support iOS 8.0+ and macOS 10.9+.

  

• Each target has a corresponding Xcode scheme that builds it. The schemes are shared which is required for Carthage to work.

  

• Both do not compile any new code and only combine prebuilt binaries already present in the repository.

  

Some interesting caveats about configuration:

• Resulting frameworks are called openssl.framework for the sake of compatibility with existing header include usage like #include <openssl/evp.h> with all lowercase. This plays better with so-called 'modular includes' that are necessary to use the framework from Swift code.

  

• Umbrella headers openssl.h are compiled manually, because apparently inclusion order is important for OpenSSL. This is important for Swift compiler, but mostly irrelevant to both Swift and Objective-C users.

  • https://github.com/ilammy/OpenSSL/blob/c99c8522a4ecb61201aeb7d875c8e4a1334d4f92/Frameworks/ios/openssl.h#L1-L5

• In order to preserve the symbols from libssl.a and libcrypto.a we use a custom linker flag -all_load. It keeps the 'unused' symbols from being stripped out by the linker (which is the default behavior for static libraries).

  

• Speaking of linker flags, the frameworks are explicitly not code-signed. This is expected for frameworks which should be signed only by the end-users (the application). Xcode does not make it easy (even now), but it seems I got it right...

  

And that's probably it for the project configuration.

How to maintain this

Making releases

Carthage relies on git tags for versioning. Therefore, tagging a release for OpenSSL will also release the new version of Carthage package. Currently there are no suitable tags (1.0.2.14 does not contain Xcode project). You would probably like to make a new one (say, 1.0.2.14.1) which will serve OpenSSL 1.0.2o to Carthage users. After that when you release a new version, just tag it as usual and it will be made accessible via Carthage.

Prebuilt binaries

carthage build --archive will produce a ZIP archive that can be attached to a GitHub release. This will allow the users to avoid compiling OpenSSL themselves. Depending on the bandwidth it may be quicker to download an archive than to compile it from scratch.

Updating versions

It is also a good idea to keep the framework versions themselves in sync with the OpenSSL version. You can update them via Xcode here:

Note that iOS and macOS frameworks are separate, you have to update both targets. Also note that App Store requires the bundles to have three-component versions, therefore we use slightly weird scheme 1.0.214 (= 1.0.2 + 14, where 14 is the ordinal value of 'o', patch version of OpenSSL).

When updating OpenSSL version umbrella headers may need to be updated manually. You'll need to update the Frameworks/{ios,macos}/openssl.h files so that they include all relevant headers from include-{ios,macos}/openssl. Headers from the a relevant directory should be included into the respective umbrella header.

[vixentael]

@krzyzanowskim Marcin please take a look :)

We are not a Carthage-gurus ourselves, but start using it recently, so we believe that Carthage-OpenSSL will help to spread it among other projects.

We've tested various combinations before submitting this PR, it works these ways:

• usual iOS projects that use this OpenSSL-Carthage can be built and run for iPhone, can be archived for AppStore.

• other libraries use Carthage and that depend on this OpenSSL-Carthage can be added to iOS/macOS apps, run on device, archived for AppStore.

• tested on iOS (from iOS 10, but should work since iOS 8)

• tested on macOS (from 10.13, but should works since 10.10)

• tested with Swift v4+, I haven't spent time to test on previous versions

• tested with ObjC (works 👌as always)

[krzyzanowskim]

When updating OpenSSL version umbrella headers may need to be updated manually. You'll need to update the Frameworks/{ios,macos}/openssl.h files so that they include all relevant headers from include-{ios,macos}/openssl. Headers from the a relevant directory should be included into the respective umbrella header

What's in Frameworks is overwritten by a create-framework.sh script. Since you compiled headers manually, it won't survive next update. What do you think could be done to improve script to generate the proper module header? Do you mind take care of that part?

[ilammy]

@krzyzanowskim Hm... I'm not sure that it's feasible to actually derive the correct inclusion order from headers. However, I think it will be okay to automate the way I compiled the headers manually:

• include "openssl/ssl.h" first
• include all other headers in alphabetical order

This should work fine (at least for OpenSSL 1.0.2, I guess).

[ilammy]

@krzyzanowskim, as a side note, we have found that App Store is actually quite picky about framework bundle versions. I have pushed a commit that changes the bundle version from 1.0.2.14 to 1.0.214 (three components), because that's how Apple requires it to be.

When you update to a newer OpenSSL this version has to be updated accordingly.

[ilammy]

@krzyzanowskim I have updated the create-framework.sh script to produce the same header includes as in the manual files. It grabs "ssl.h" first and then appends whatever else is there in the Headers directory.

[krzyzanowskim]

Looks great thanks! I'm wondering, should we mention that in README.md as well?

[ilammy]

Yeah, I guess it makes sense to drop a note about Carthage support in README.

Something like this...

Installation

CocoaPods

Latest stable version:

pod 'OpenSSL-Universal'

Latest development version:

pod 'OpenSSL-Universal', :git => 'https://github.com/krzyzanowskim/OpenSSL.git', :branch => :master

Carthage

Latest stable version:

github "krzyzanowskim/OpenSSL"

Latest development version:

github "krzyzanowskim/OpenSSL" "master"

The 'stable' version will be broken for Carthage until a new tag is made (as 1.0.2.14 tag does not contain an Xcode project).

I'm not sure how detailed that needs to be. I guess Carthage users should be able to figure out what needs to be done with their project to link against OpenSSL framework the way then need to.

[krzyzanowskim]

Anything in Installation section would be fine. It looks good. Do you want me to copy it, or will you PR?

[krzyzanowskim]

done e7e8d01