From faaa04099643dc323dba6da5eb81e23b1c1a0610 Mon Sep 17 00:00:00 2001
From: Russell Keith-Magee <russell@keith-magee.com>
Date: Fri, 29 Sep 2023 13:09:18 +0800
Subject: [PATCH] Initial attempt at a modern cryptography patch.

---
 README.rst                                |  1 +
 recipes/cryptography/meta.yaml            | 12 +++++-----
 recipes/cryptography/patches/mobile.patch | 12 ++++++++++
 recipes/cryptography/patches/random.patch | 21 ------------------
 src/forge/build.py                        | 11 ++++++++-
 src/forge/cross.py                        | 27 +++++++++++++++++++++--
 6 files changed, 53 insertions(+), 31 deletions(-)
 create mode 100644 recipes/cryptography/patches/mobile.patch
 delete mode 100644 recipes/cryptography/patches/random.patch

diff --git a/README.rst b/README.rst
index 078328a..61d7c30 100644
--- a/README.rst
+++ b/README.rst
@@ -158,6 +158,7 @@ Inside the recipe directory, add the following files.
       ``aarch64-apple-ios12.0-simulator``)
     - ``BUILD_TRIPLET`` - the GCC compiler triplet for the build platform (e.g.,
       ``aarch64-apple-darwin``)
+    - ``CARGO_BUILD_TARGET`` - the Rust cargo build target for the platform
     - ``PREFIX`` - a location where the compiled package can be installed in preparation
       for packaging.
 
diff --git a/recipes/cryptography/meta.yaml b/recipes/cryptography/meta.yaml
index 338ef7e..0840625 100644
--- a/recipes/cryptography/meta.yaml
+++ b/recipes/cryptography/meta.yaml
@@ -1,16 +1,14 @@
 package:
   name: cryptography
-  version: 3.4.8
+  version: 41.0.4
 
 build:
   script_env:
-    - CRYPTOGRAPHY_DONT_BUILD_RUST=1
+    - OPENSSL_STATIC=1
+    - OPENSSL_DIR={platlib}/opt
 
 requirements:
   build:
-    - cffi 1.15.1
-    - setuptools-rust 0.11.6
-    # "setuptools_rust @ git+https://github.com/freakboy3742/setuptools_rust@iOS-support",
+    - setuptools_rust @ git+https://github.com/freakboy3742/setuptools-rust@iOS-support
   host:
-    - openssl 1.1.1v
-    # - openssl 3.1.2
+    - openssl 3.1.2
diff --git a/recipes/cryptography/patches/mobile.patch b/recipes/cryptography/patches/mobile.patch
new file mode 100644
index 0000000..855044d
--- /dev/null
+++ b/recipes/cryptography/patches/mobile.patch
@@ -0,0 +1,12 @@
+diff -ru cryptography-41.0.4-orig/src/rust/cryptography-cffi/build.rs cryptography-41.0.4/src/rust/cryptography-cffi/build.rs
+--- cryptography-41.0.4-orig/src/rust/cryptography-cffi/build.rs	2023-09-20 00:20:46
++++ cryptography-41.0.4/src/rust/cryptography-cffi/build.rs	2023-09-29 13:05:45
+@@ -11,7 +11,7 @@
+     let openssl_static = env::var("OPENSSL_STATIC")
+         .map(|x| x == "1")
+         .unwrap_or(false);
+-    if target.contains("apple") && openssl_static {
++    if target.contains("apple-darwin") && openssl_static {
+         // On (older) OSX we need to link against the clang runtime,
+         // which is hidden in some non-default path.
+         //
diff --git a/recipes/cryptography/patches/random.patch b/recipes/cryptography/patches/random.patch
deleted file mode 100644
index 9160bbd..0000000
--- a/recipes/cryptography/patches/random.patch
+++ /dev/null
@@ -1,21 +0,0 @@
-diff -ru cryptography-3.4.8-orig/src/_cffi_src/openssl/src/osrandom_engine.h cryptography-3.4.8/src/_cffi_src/openssl/src/osrandom_engine.h
---- cryptography-3.4.8-orig/src/_cffi_src/openssl/src/osrandom_engine.h	2021-08-25 01:02:37.000000000 +0800
-+++ cryptography-3.4.8/src/_cffi_src/openssl/src/osrandom_engine.h	2022-09-16 11:12:59.000000000 +0800
-@@ -16,10 +16,13 @@
-   #endif
-
-   #ifdef __APPLE__
--    #include <sys/random.h>
--    /* To support weak linking we need to declare this as a weak import even if
--     * it's not present in sys/random (e.g. macOS < 10.12). */
--    extern int getentropy(void *buffer, size_t size) __attribute((weak_import));
-+    #include "TargetConditionals.h"
-+    #if TARGET_OS_OSX
-+      #include <sys/random.h>
-+      /* To support weak linking we need to declare this as a weak import even if
-+      * it's not present in sys/random (e.g. macOS < 10.12). */
-+      extern int getentropy(void *buffer, size_t size) __attribute((weak_import));
-+    #endif
-   #endif
-
-   #ifdef __linux__
diff --git a/src/forge/build.py b/src/forge/build.py
index 43514da..32a6ebe 100644
--- a/src/forge/build.py
+++ b/src/forge/build.py
@@ -193,11 +193,20 @@ def compile_env(self, **kwargs) -> dict[str:str]:
         if (sdk_root / "usr" / "lib").is_dir():
             ldflags += f" -L{sdk_root}/usr/lib"
 
+        cargo_build_target = {
+            "arm64-apple-ios": "aarch64-apple-ios",
+            "arm64-apple-ios-simulator": "aarch64-apple-ios-simulator",
+            # This one is odd; Rust doesn't provide an `x86_64-apple-ios-simulator`,
+            # but there's no such thing as an x86_64 ios *device*.
+            "x86_64-apple-ios-simulator": "x86_64-apple-ios",
+        }[self.cross_venv.platform_triplet]
+
         env = {
             "AR": ar,
             "CC": cc,
             "CFLAGS": cflags,
             "LDFLAGS": ldflags,
+            "CARGO_BUILD_TARGET": cargo_build_target,
         }
         env.update(kwargs)
         return env
@@ -415,7 +424,7 @@ def build(self):
         script_env = {}
         for line in self.package.meta["build"]["script_env"]:
             key, value = line.split("=", 1)
-            script_env[key] = value
+            script_env[key] = value.format(**self.cross_venv.scheme_paths)
 
         # Set the cross host platform in the environment
         script_env["_PYTHON_HOST_PLATFORM"] = self.cross_venv.platform_identifier
diff --git a/src/forge/cross.py b/src/forge/cross.py
index 3d30578..7ce41e7 100644
--- a/src/forge/cross.py
+++ b/src/forge/cross.py
@@ -64,6 +64,7 @@ def __init__(self, sdk, sdk_version, arch):
 
         # Prime the on-demand variable cache
         self._sysconfig_data = None
+        self._scheme_paths = None
         self._install_root = None
         self._sdk_root = None
 
@@ -103,6 +104,28 @@ def sysconfig_data(self) -> dict[str, str]:
 
         return self._sysconfig_data
 
+    @property
+    def scheme_paths(self) -> dict[str, str]:
+        """The install scheme paths for the cross environment."""
+        if self._scheme_paths is None:
+            # Run a script in the cross-venv that outputs the config variables
+            config_var_repr = self.check_output(
+                [
+                    "python",
+                    "-c",
+                    "import sysconfig; print(sysconfig.get_paths())",
+                ],
+                encoding="UTF-8",
+            )
+
+            # Parse the output of the previous command as Python,
+            # turning it back into a dict.
+            config = {}
+            exec(f"data = {config_var_repr}", config, config)
+            self._scheme_paths = config["data"]
+
+        return self._scheme_paths
+
     @property
     def install_root(self) -> Path:
         """The path that serves as the installation root for native libraries.
@@ -296,8 +319,8 @@ def cross_kwargs(self, kwargs):
             p
             for p in os.getenv("PATH").split(os.pathsep)[1:]
             if not (
-                # Exclude rbenv, npm, and other language environments
-                p.startswith("/Users/rkm/.")
+                # Exclude rbenv, npm, and other language environments, except for rust/cargo.
+                (p.startswith(f"{Path.home() / '.'}") and not p.endswith("/.cargo/bin"))
                 # Exclude homebrew
                 or p.startswith("/opt")
                 # Exclude local python installs