Comments (13)
I tried this:
#for https://github.com/terl/lazysodium-android#1-install
-keepclassmembers class * extends com.sun.jna.** {
<fields>;
<methods>;
}
Got from here:
https://stackoverflow.com/a/10588578/878126
I even tried:
-keep public class com.sun.jna.** {
public protected *;
}
And then I got a bit different error:
java.lang.UnsatisfiedLinkError: Can't obtain static method dispose from class com.sun.jna.Native
at com.sun.jna.Native.initIDs(Native Method)
at com.sun.jna.Native.<clinit>(Native.java:24)
at com.sun.jna.Native.register(Native.java:3)
at com.goterl.lazycode.lazysodium.c.<init>(SodiumAndroid.java:4)
at com.goterl.lazycode.lazysodium.c.<init>(SodiumAndroid.java:1)
Please update the repository with the file and with documentation about this.
from lazysodium-android.
I think I got it this way:
-keep class com.sun.jna.** { *; }
-keep class * implements com.sun.jna.** { *; }
Please let me know if that seems right, and that maybe I forgot anything.
from lazysodium-android.
Hello @AndroidDeveloperLB, thank you for the question. Yes there are some proguard rules to apply as you have found out. The ones you commonly need to put down are the ones from the JNA library.
I am glad you have found the solution. I should really write this down in the documentation π
from lazysodium-android.
I've added this to the installation pages.
from lazysodium-android.
@gurpreet- I can't access the link
Are those rules that I've made seem ok? Are they correct?
Please update the repository itself, with Proguard rules so that whoever uses it won't even need to bother changing his own rules.
Also, I don't understand about the license here, and whether using Proguard affects it:
#33
This repository has one license, but the other that it uses somehow 2 other licenses, and that I can choose. It is very confusing...
from lazysodium-android.
Yes I saw your other question posted, no need to mention it in this thread π
Sorry I posted the wrong link above, I've updated it. You should add this to your proguard rules basically:
-dontwarn java.awt.*
-keep class com.sun.jna.* { *; }
-keepclassmembers class * extends com.sun.jna.* { public *; }
Proguard is essentially a way of saying when obfuscating the app, please don't do anything to the following classes.
from lazysodium-android.
I asked there about it, and some people say that using Proguard might affect the license:
That's why I'm worried...
from lazysodium-android.
I believe you have very little to worry about π JNA is under APL2.0 as far as we're concerned.
Remember this is just saying please do not obfuscate (i.e modify) JNA classes (which is APL2.0 as far as we're concerned) using proguard:
-keep class com.sun.jna.* { *; }
-keepclassmembers class * extends com.sun.jna.* { public *; }
from lazysodium-android.
"Remember this is just saying please do not obfuscate (i.e modify) JNA classes (which is APL2.0 as far as we're concerned) using proguard:"
You say that according to the license I'm not allowed, or because of the crashes?
I excluded it from being obfuscated because of the crashes. Didn't know it could violate the terms. Are you sure it can?
I tried the rules you've provided. Seems to work fine. Please consider adding these into your repository, so that whoever uses it won't have to set it.
from lazysodium-android.
No there are no violations in terms if you add those proguard rules. Because you brought up licenses in this thread, I was saying even if you add those rules there would be no violations as everything is licensed APL2. Yes add those rules to also fix the problem.
from lazysodium-android.
I meant that if we ignore that it crashes, if I don't put the rules, would that be an issue because it obfuscates the code?
I think the answer is that it doesn't matter at all.
from lazysodium-android.
In terms of licenses, it doesn't matter if you do or don't obfuscate. I just read that even the GPL doesn't regard obfuscated code as real source code so you are free to obfuscate. Plus I'm pretty sure, but not certain, that the APL2 allows obfuscation.
In order for freedoms 1 and 3 (the freedom to make changes and the freedom to publish the changed versions) to be meaningful, you need to have access to the source code of the program. Therefore, accessibility of source code is a necessary condition for free software. Obfuscated βsource codeβ is not real source code and does not count as source code.
https://www.gnu.org/philosophy/free-sw.html
In terms of fixing the crash, you have to put those rules in to keep those JNA classes to stop them from being obfuscated. To be clear, let me reiterate, because you're getting confused, those rules stop JNA classes from being obfuscated. So therefore if you are not obfuscating them, then you are not modifying them, so there is no cause for concerns in terms of licensing as you are not doing anything to JNA.
However your concerns about obfuscation are unfounded because, as mentioned in the first paragraph of this comment, obfuscated code does not count as "real" code in terms of the APL/GPL/LGPL, so you can obfuscate freely.
from lazysodium-android.
Sure. Thank you very much for your time.
Please do update the repository though.
from lazysodium-android.
Related Issues (20)
- Getting UnsatisfiedLinkError when I try to init lazySodium HOT 2
- LazySodium compilation from scratch for F-Droid HOT 9
- JNA vulnerabilities HOT 3
- Keygen XCHACHA20_POLY1305_IETF HOT 2
- "Key.fromPlainString" does not works as expected. HOT 2
- Possible future issue of using this repository? HOT 5
- Lazysodium-android was removed from Google Play. HOT 5
- unable to dissolve dependency HOT 3
- file encryption example
- Weird warning when building a release version: "Missing classes detected while running R8." HOT 3
- Decryption not working on real device, but on emulator it works fine HOT 1
- Documentation link in the readme is broken HOT 1
- A getting started link in the wiki is broken HOT 1
- How to import the library HOT 2
- LazySodiumAndroid.cryptoKdfDeriveFromKey() throws an exception if key length exceeds 32 bytes HOT 1
- Base64 import error in Android SDK version below 27 HOT 3
- cryptoAeadAES256GCM is not available
- Native library (com/sun/jna/android-aarch64/libjnidispatch.so) not found in resource path (.) HOT 3
- Misleading readme: the library is NOT complete libsodium for android, it's very limited HOT 1
- Release 5.1.1 HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from lazysodium-android.