jakeheis
commented
3 years ago What are the advantages of using a prebuilt binary dependency vs linking against the system lib as Shout does now?
Closed DimaRU closed 8 months ago
jakeheis
commented
3 years ago What are the advantages of using a prebuilt binary dependency vs linking against the system lib as Shout does now?
DimaRU
commented
3 years ago @jakeheis The main advantage is the support of many platforms and archs "from the box". Linking against the system lib support only macOS platform.
jakeheis
commented
3 years ago The reason I'm hesitant to move forward with this is that I think the system libssh2 is inherently more trusted than an arbitrary blob on Github. Not to say you're a bad actor of course, but just that a prebuilt blob is not something that can be verified as the libssh2 library people think it is (which is important when it comes to a security focused lib like libssh2). If this would make it possible to use Shout on iOS, however, it might be worth thinking about a Shout-iOS fork of this repo that used an unverified blob while Shout continues to use the verified system lib
Lakr233
commented
3 years ago For security reason we can setup GitHub CI and provide our user a hash match, that would be enough I think. It takes no point to use a system library only for security reason and hacker don’t do things like that.
Btw, @DimaRU you didn’t actually work on a project for tvOS did you? :< that OS requires bit code for all distribution to apple, and you may want embed bit code flag in compiler flag. :P
export BITCODE_GENERATION_MODE=bitcode
export CFLAGS="$CFLAGS -fembed-bitcode"
Add CSSH Libssh2Prebuild. Update .gitignore - remove unneeded
Package.resolved. Support nearly all Apple platforms from the box. Please check https://github.com/DimaRU/Libssh2Prebuild readme.