Patch v0.32.1

.github/workflows/build_and_test.yml

@@ -39,8 +39,10 @@ jobs:
           - '.github/workflows/build_and_test.yml'
           - 'bin/**'
           - 'rust/*'
-          - 'rust/!(bridge)/**'
+          - 'rust/!(bridge|protocol)/**'
           - 'rust/bridge/shared/**'
+          - 'rust/protocol/*'
+          - 'rust/protocol/!(cross-version-testing)/**'
           - 'rust-toolchain'
           - 'Cargo.toml'
           - 'Cargo.lock'
@@ -49,7 +51,7 @@ jobs:
           - '.clippy.toml'
           - '.rustfmt.license-template'
           - '.rustfmt.toml'
-          - 'rust/**' # deliberately re-include the rust/bridge/ directories
+          - 'rust/**' # deliberately re-include rust/bridge/* and rust/protocol/cross-version-testing
           java:
           - *all
           - '.dockerignore'
@@ -119,6 +121,11 @@ jobs:
       run: cargo fmt --all -- --check
       if: matrix.version == 'nightly'
 
+    - name: Rustfmt check for cross-version-testing
+      run: cargo fmt --all -- --check
+      working-directory: rust/protocol/cross-version-testing
+      if: matrix.version == 'nightly'
+
     - name: Check bridge versioning
       run: ./bin/update_versions.py
       if: matrix.version == 'nightly'
@@ -149,6 +156,11 @@ jobs:
       run: cargo clippy --workspace --all-targets --all-features -- -D warnings
       if: matrix.version == 'nightly'
 
+    - name: Rust docs
+      run: cargo doc --workspace --all-features
+      env:
+        RUSTFLAGS: -D warnings
+
     # We check the fuzz targets on stable because they don't have lockfiles,
     # and crates don't generally support arbitrary nightly versions.
     # See https://github.com/dtolnay/proc-macro2/issues/307 for an example.
@@ -306,5 +318,3 @@ jobs:
       - name: Run pod lint
         # No import validation because it tries to build unsupported platforms (like 32-bit iOS).
         run: pod lib lint --verbose --platforms=ios --include-podspecs=SignalCoreKit/SignalCoreKit.podspec --skip-import-validation
-        env:
-          SKIP_CATALYST: 1

.github/workflows/ios_artifacts.yml

@@ -43,16 +43,6 @@ jobs:
       env:
         CARGO_BUILD_TARGET: aarch64-apple-ios-sim
 
-    - name: Build for x86_64-apple-ios-macabi
-      run: swift/build_ffi.sh --release --build-std
-      env:
-        CARGO_BUILD_TARGET: x86_64-apple-ios-macabi
-
-    - name: Build for aarch64-apple-ios-macabi
-      run: swift/build_ffi.sh --release --build-std
-      env:
-        CARGO_BUILD_TARGET: aarch64-apple-ios-macabi
-
     - run: tar -c --auto-compress --no-mac-metadata -f ${{ steps.archive-name.outputs.name }} target/*/release/libsignal_ffi.a
 
     - run: 'shasum -a 256 ${{ steps.archive-name.outputs.name }} | tee -a $GITHUB_STEP_SUMMARY ${{ steps.archive-name.outputs.name }}.sha256'

.github/workflows/jni_artifacts.yml

@@ -1,20 +1,21 @@
-name: Publish JNI Artifacts to GitHub Release
+name: Upload Java libraries to Sonatype
+run-name: ${{ github.workflow }} (${{ github.ref_name }})
 
 on:
-  push:
-    tags:
-      - v*
-  workflow_dispatch: {} # no parameters
+  workflow_dispatch:
+    inputs:
+      dry_run:
+        description: "Just build, don't publish"
+        default: false
+        required: false
+        type: boolean
 
 env:
   CARGO_TERM_COLOR: always
 
 jobs:
   build:
-    name: Build
-
-    # Only run this in the public repository unless manually invoked.
-    if: ${{ github.event_name == 'workflow_dispatch' || !endsWith(github.repository, '-private') }}
+    name: Build for local development
 
     runs-on: ${{ matrix.os }}
 
@@ -24,21 +25,14 @@ jobs:
 
     strategy:
       matrix:
-        os: [ubuntu-20.04, windows-latest, macos-latest]
+        os: [windows-latest, macos-latest]
         include:
-          - os: ubuntu-20.04
-            library: libsignal_jni.so
           - os: windows-latest
             library: signal_jni.dll
           - os: macos-latest
             library: libsignal_jni.dylib
             additional-rust-target: aarch64-apple-darwin
-
-    env:
-      # Keep this settings in sync with java/build_jni.sh, which supports Android as well.
-      CARGO_PROFILE_RELEASE_DEBUG: 1
-      CARGO_PROFILE_RELEASE_LTO: thin
-      CARGO_PROFILE_RELEASE_OPT_LEVEL: s
+        # Ubuntu binaries are built using Docker, below
 
     steps:
     - uses: actions/checkout@v3
@@ -54,26 +48,97 @@ jobs:
       run: choco install nasm
       shell: cmd
 
+    - name: Build for host (should be x86_64)
+      run: java/build_jni.sh desktop
+      shell: bash
+
     - name: Install Protoc
       uses: arduino/setup-protoc@v1
       with:
         version: '3.x'
         repo-token: ${{ secrets.GITHUB_TOKEN }}
 
-    - run: cargo build --release -p libsignal-jni
-
-    - run: cargo build --release -p libsignal-jni --target aarch64-apple-darwin
+    - name: Build for alternate target (arm64)
+      run: java/build_jni.sh desktop
       if: matrix.os == 'macos-latest'
+      env:
+        CARGO_BUILD_TARGET: ${{ matrix.additional-rust-target }}
 
     - name: Merge library slices (for macOS)
       # Using target/release/ for both the input and output wouldn't normally be ideal
       # from a build system perspective, but we're going to immediately upload the merged library.
-      run: lipo -create target/release/${{ matrix.library }} target/aarch64-apple-darwin/release/${{ matrix.library }} -output target/release/${{ matrix.library }}
+      run: lipo -create target/release/${{ matrix.library }} target/${{ matrix.additional-rust-target }}/release/${{ matrix.library }} -output target/release/${{ matrix.library }}
       if: matrix.os == 'macos-latest'
 
-    - name: Upload
-      uses: ncipollo/release-action@4c75f0f2e4ae5f3c807cf0904605408e319dcaac # v1.11.1
+    - name: Upload library
+      uses: actions/upload-artifact@v3
+      with:
+        name: libsignal_jni (${{matrix.os}})
+        path: target/release/${{ matrix.library }}
+
+  verify-rust:
+    name: Verify JNI bindings
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v3
+
+    - run: rustup toolchain install $(cat rust-toolchain) --profile minimal
+
+    - name: Verify that the JNI bindings are up to date
+      run: rust/bridge/jni/bin/gen_java_decl.py --verify
+
+  publish:
+    name: Build for production and publish
+
+    runs-on: ubuntu-latest
+
+    needs: [build, verify-rust]
+
+    steps:
+    - uses: actions/checkout@v3
+
+    - name: Download built libraries
+      id: download
+      uses: actions/download-artifact@v3
+      with:
+        path: artifacts
+
+    - name: Copy libraries
+      run: mv ${{ steps.download.outputs.download-path }}/*/* java/shared/resources && find java/shared/resources
+
+    - run: make
+      if: ${{ inputs.dry_run }}
+      working-directory: java
+
+    - name: Upload libsignal-android
+      if: ${{ inputs.dry_run }}
+      uses: actions/upload-artifact@v3
+      with:
+        name: libsignal-android
+        path: java/android/build/outputs/aar/libsignal-android-release.aar
+
+    - name: Upload libsignal-client
+      if: ${{ inputs.dry_run }}
+      uses: actions/upload-artifact@v3
+      with:
+        name: libsignal-client
+        path: java/client/build/libs/libsignal-client-*.jar
+
+    - name: Upload libsignal-server
+      if: ${{ inputs.dry_run }}
+      uses: actions/upload-artifact@v3
       with:
-        allowUpdates: true
-        artifactErrorsFailBuild: true
-        artifacts: target/release/${{ matrix.library }}
+        name: libsignal-server
+        path: java/server/build/libs/libsignal-server-*.jar
+
+    - run: make publish_java
+      if: ${{ !inputs.dry_run }}
+      working-directory: java
+      env:
+        ORG_GRADLE_PROJECT_sonatypeUsername: ${{ secrets.SONATYPE_USER }}
+        ORG_GRADLE_PROJECT_sonatypePassword: ${{ secrets.SONATYPE_PASSWORD }}
+        ORG_GRADLE_PROJECT_signingKeyId: ${{ secrets.SIGNING_KEYID }}
+        ORG_GRADLE_PROJECT_signingPassword: ${{ secrets.SIGNING_PASSWORD }}
+        # ASCII-armored PGP secret key
+        ORG_GRADLE_PROJECT_signingKey: ${{ secrets.SIGNING_KEY }}

.github/workflows/slow_tests.yml

@@ -136,7 +136,7 @@ jobs:
       working-directory: node
 
   swift-cocoapod:
-    name: Swift CocoaPod (with Catalyst)
+    name: Swift CocoaPod (all architectures)
     runs-on: macOS-latest
     needs: [check-up-to-date]
     if: ${{ always() && (needs.check-up-to-date.outputs.has-changes || github.event_name != 'schedule') }}
@@ -167,24 +167,38 @@ jobs:
         env:
           CARGO_BUILD_TARGET: aarch64-apple-ios-sim
 
-      - name: Build for x86_64-apple-ios-macabi
-        run: swift/build_ffi.sh --release --build-std
-        env:
-          CARGO_BUILD_TARGET: x86_64-apple-ios-macabi
-
-      - name: Build for aarch64-apple-ios-macabi
-        run: swift/build_ffi.sh --release --build-std
-        env:
-          CARGO_BUILD_TARGET: aarch64-apple-ios-macabi
-
       - name: Run pod lint
         # No import validation because it tries to build unsupported platforms (like 32-bit iOS).
         run: pod lib lint --verbose --platforms=ios --include-podspecs=SignalCoreKit/SignalCoreKit.podspec --skip-import-validation
 
+  rust-protocol-cross-version-testing:
+    name: libsignal-protocol Cross-version Tests
+    runs-on: ubuntu-latest
+    needs: [check-up-to-date]
+    if: ${{ always() && (needs.check-up-to-date.outputs.has-changes || github.event_name != 'schedule') }}
+
+    steps:
+    - uses: actions/checkout@v3
+
+    - run: sudo apt-get update && sudo apt-get install gcc-multilib g++-multilib
+
+    - run: rustup +stable target add i686-unknown-linux-gnu
+
+    - name: Run tests
+      run: cargo +stable test
+      working-directory: rust/protocol/cross-version-testing
+
+    - name: Run tests (32-bit)
+      run: cargo +stable test --target i686-unknown-linux-gnu
+      working-directory: rust/protocol/cross-version-testing
+
+    # We don't run Clippy because GitHub silently updates `stable` and that can introduce new lints,
+    # and we don't have a guarantee that any particular pinned nightly can build older libsignals.
+
   report_failures:
     name: Report Failures
     runs-on: ubuntu-latest
-    needs: [java-docker, android-emulator-tests, node-docker, node-windows-arm64, swift-cocoapod]
+    needs: [java-docker, android-emulator-tests, node-docker, node-windows-arm64, swift-cocoapod, rust-protocol-cross-version-testing]
     if: ${{ failure() && github.event_name == 'schedule' }}
 
     permissions: