Add android-fetchurl sample

Author: marcprux

.github/workflows/ci.yml

@@ -0,0 +1,33 @@
+name: swift-android-samples ci
+on:
+  push:
+    branches: [ main ]
+  workflow_dispatch:
+  pull_request:
+    branches:
+      - '*'
+  schedule:
+    - cron:  '45 2,13 * * *'
+jobs:
+  run-samples:
+    strategy:
+      fail-fast: false
+      matrix:
+        swift: ['6.1', 'nightly-6.2']
+    runs-on: macos-13
+    timeout-minutes: 60
+    steps:
+      - uses: actions/checkout@v4
+      - name: "Build Swift Package for Android (Skip)"
+        run: |
+          brew install skiptools/skip/skip || (brew update && brew install skiptools/skip/skip)
+          skip android sdk install --version ${{ matrix.swift }}
+          # https://github.com/swiftlang/swift-driver/pull/1879
+          echo 'ANDROID_NDK_ROOT=""' >> $GITHUB_ENV
+      - name: "Test Swift Package on Android (Skip)"
+        uses: reactivecircus/android-emulator-runner@v2
+        with:
+          api-level: 28
+          arch: x86_64
+          script: runall.sh
+

.gitignore

@@ -0,0 +1,110 @@
+# Xcode
+#
+# gitignore contributors: remember to update Global/Xcode.gitignore, Objective-C.gitignore & Swift.gitignore
+
+## User settings
+xcuserdata/
+
+xcodebuild*.log
+
+java_pid*.hprof
+
+.*.swp
+.DS_Store
+
+## compatibility with Xcode 8 and earlier (ignoring not required starting Xcode 9)
+*.xcscmblueprint
+*.xccheckout
+
+## compatibility with Xcode 3 and earlier (ignoring not required starting Xcode 4)
+build/
+DerivedData/
+.android/
+.kotlin/
+*.moved-aside
+*.pbxuser
+!default.pbxuser
+*.mode1v3
+!default.mode1v3
+*.mode2v3
+!default.mode2v3
+*.perspectivev3
+!default.perspectivev3
+
+## Obj-C/Swift specific
+*.hmap
+
+## App packaging
+*.ipa
+*.dSYM.zip
+*.dSYM
+
+## Playgrounds
+timeline.xctimeline
+playground.xcworkspace
+
+# Swift Package Manager
+#
+# Add this line if you want to avoid checking in source code from Swift Package Manager dependencies.
+Packages/
+Package.pins
+Package.resolved
+*.xcodeproj
+
+# Xcode automatically generates this directory with a .xcworkspacedata file and xcuserdata
+# hence it is not needed unless you have added a package configuration file to your project
+.swiftpm
+
+.build/
+
+# CocoaPods
+#
+# We recommend against adding the Pods directory to your .gitignore. However
+# you should judge for yourself, the pros and cons are mentioned at:
+# https://guides.cocoapods.org/using/using-cocoapods.html#should-i-check-the-pods-directory-into-source-control
+#
+# Pods/
+#
+# Add this line if you want to avoid checking in source code from the Xcode workspace
+# *.xcworkspace
+
+# Carthage
+#
+# Add this line if you want to avoid checking in source code from Carthage dependencies.
+# Carthage/Checkouts
+
+Carthage/Build/
+
+# Accio dependency management
+Dependencies/
+.accio/
+
+# fastlane
+#
+# It is recommended to not store the screenshots in the git repo.
+# Instead, use fastlane to re-generate the screenshots whenever they are needed.
+# For more information about the recommended setup visit:
+# https://docs.fastlane.tools/best-practices/source-control/#source-control
+
+fastlane/report.xml
+fastlane/Preview.html
+fastlane/screenshots/**/*.png
+fastlane/test_output
+
+# Code Injection
+#
+# After new code Injection tools there's a generated folder /iOSInjectionProject
+# https://github.com/johnno1962/injectionforxcode
+
+iOSInjectionProject/
+
+
+
+# Ignore Gradle project-specific cache directory
+.gradle
+
+# Ignore Gradle build output directory
+build
+
+# gradle properties
+local.properties

android-fetchurl/.gitignore

@@ -0,0 +1,8 @@
+.DS_Store
+/.build
+/Packages
+xcuserdata/
+DerivedData/
+.swiftpm/configuration/registries.json
+.swiftpm/xcode/package.xcworkspace/contents.xcworkspacedata
+.netrc

android-fetchurl/Package.swift

@@ -0,0 +1,7 @@
+// swift-tools-version: 5.10
+import PackageDescription
+
+let package = Package(name: "android-fetchurl",
+    platforms: [.iOS(.v14), .macOS(.v12)],
+    targets: [.executableTarget(name: "android-fetchurl")]
+)

android-fetchurl/Sources/main.swift

@@ -0,0 +1,76 @@
+/// This example provides a `installSystemCertificates()` function that will
+/// locate the standard Android certificate directories and assemble all the contents into
+/// a single cacerts.pem file that can be loaded by libcurl, which enables
+/// `Foundation.URLSession` to load HTTPS sites.
+import Foundation
+#if canImport(FoundationNetworking)
+import FoundationNetworking
+#endif
+#if canImport(Android)
+import Android
+#endif
+
+// tell libcurl to use the auto-generated .pem file
+try installSystemCertificates()
+
+for arg in CommandLine.arguments.dropFirst() {
+    do {
+        let url = URL(string: arg)!
+        print("Connecting to: \(url)")
+        // let data = try await URLSession.shared.data(from: url) // not available on Linux/Android
+        let data = try Data(contentsOf: url)
+        print("Fetched \(data.count) bytes")
+    } catch {
+        print("Error: \(error)")
+    }
+}
+
+/// Collects all the certificate files from the Android certificate store and writes them to a single `cacerts.pem` file that can be used by libcurl.
+///
+/// See https://android.googlesource.com/platform/frameworks/base/+/8b192b19f264a8829eac2cfaf0b73f6fc188d933%5E%21/#F0
+/// See https://github.com/apple/swift-nio-ssl/blob/d1088ebe0789d9eea231b40741831f37ab654b61/Sources/NIOSSL/AndroidCABundle.swift#L30
+func installSystemCertificates(fromCertficateFolders certsFolders: [String] = ["/system/etc/security/cacerts", "/apex/com.android.conscrypt/cacerts"]) throws {
+    //let cacheFolder = try FileManager.default.url(for: .cachesDirectory, in: .userDomainMask, appropriateFor: nil, create: true) // file:////.cache/ (unwritable)
+    let cacheFolder = FileManager.default.temporaryDirectory
+    let generatedCacertsURL = cacheFolder.appendingPathComponent("cacerts-\(UUID().uuidString).pem")
+
+    FileManager.default.createFile(atPath: generatedCacertsURL.path, contents: nil)
+    let fs = try FileHandle(forWritingTo: generatedCacertsURL)
+    defer { try? fs.close() }
+
+    // write a header
+    fs.write("""
+    ## Bundle of CA Root Certificates
+    ## Auto-generated on \(Date())
+    ## by aggregating certificates from: \(certsFolders)
+    
+    """.data(using: .utf8)!)
+
+    // Go through each folder and load each certificate file (ending with ".0"),
+    // and smash them together into a single aggreagate file tha curl can load.
+    // The .0 files will contain some extra metadata, but libcurl only cares about the
+    // -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- sections,
+    // so we can naïvely concatenate them all and libcurl will understand them.
+    for certsFolder in certsFolders {
+        let certsFolderURL = URL(fileURLWithPath: certsFolder)
+        if (try? certsFolderURL.resourceValues(forKeys: [.isDirectoryKey]).isDirectory) != true { continue }
+        let certURLs = try FileManager.default.contentsOfDirectory(at: certsFolderURL, includingPropertiesForKeys: [.isRegularFileKey, .isReadableKey])
+        for certURL in certURLs {
+            // cartificate files have names like "53a1b57a.0"
+            if certURL.pathExtension != "0" { continue }
+            do {
+                if try certURL.resourceValues(forKeys: [.isRegularFileKey]).isRegularFile == false { continue }
+                if try certURL.resourceValues(forKeys: [.isReadableKey]).isReadable == false { continue }
+                try fs.write(contentsOf: try Data(contentsOf: certURL))
+            } catch {
+                print("error reading certificate file \(certURL.path): \(error)")
+                continue
+            }
+        }
+    }
+
+
+    //setenv("URLSessionCertificateAuthorityInfoFile", "INSECURE_SSL_NO_VERIFY", 1) // disables all certificate verification
+    //setenv("URLSessionCertificateAuthorityInfoFile", "/system/etc/security/cacerts/", 1) // doesn't work for directories
+    setenv("URLSessionCertificateAuthorityInfoFile", generatedCacertsURL.path, 1)
+}

android-fetchurl/run.sh

@@ -0,0 +1,3 @@
+#!/bin/sh -ex
+skip android build --static-swift-stdlib
+skip android run android-fetchurl http://example.org https://example.org

runall.sh

@@ -0,0 +1,6 @@
+#!/bin/sh -ex
+for sample in */run.sh; do
+    cd $(dirname ${sample})
+    ./run.sh
+    cd -
+done