Bundle Conscrypt security provider for Free builds

This fixes protocol and cipher errors on older versions of android
without requiring Google API/Services (which are non-free) to replace
the security provider from the OS. No changes are made to Play builds.

The value of conscryptVersion in build.gradle should be updated
regularly to keep the bundled version of conscrypt up to date (or
changed to "latest.release", which will cause issues with verifying
reproducible builds).

Fixes: #2814 (for users of free builds)
This commit is contained in:
Mats Wahlberg 2020-04-21 17:41:24 +02:00
parent 746190106f
commit 4c24d1c29a
3 changed files with 17 additions and 2 deletions

View File

@ -67,6 +67,12 @@ project.ext {
iconifyVersion = "2.2.2" iconifyVersion = "2.2.2"
audioPlayerVersion = "v2.0.0" audioPlayerVersion = "v2.0.0"
// Only used for free builds. This version should be updated regularly.
conscryptVersion = "2.4.0"
// Alternatively one can just use:
// conscryptVersion = "latest.release"
// but it will mess up reproducible builds.
// Google Play build // Google Play build
wearableSupportVersion = "2.6.0" wearableSupportVersion = "2.6.0"

View File

@ -88,7 +88,8 @@ dependencies {
api "com.google.android.support:wearable:$wearableSupportVersion" api "com.google.android.support:wearable:$wearableSupportVersion"
compileOnly "com.google.android.wearable:wearable:$wearableSupportVersion" compileOnly "com.google.android.wearable:wearable:$wearableSupportVersion"
} else { } else {
System.out.println("core: free build hack, skipping some dependencies") System.out.println("core: free build hack, skipping some dependencies and bundling conscrypt ("+"$conscryptVersion"+")")
implementation "org.conscrypt:conscrypt-android:$conscryptVersion"
} }
testImplementation "org.awaitility:awaitility:$awaitilityVersion" testImplementation "org.awaitility:awaitility:$awaitilityVersion"

View File

@ -1,6 +1,13 @@
package de.danoeh.antennapod.core; package de.danoeh.antennapod.core;
import android.content.Context; import android.content.Context;
import java.security.Security;
/*
* If you get an error here ("package org.conscrypt does not exist"), you are probably doing a free
* build and didn't pass -PfreeBuild to gradle (e.g. ./gradlew assembleFreeRelease -PfreeBuild).
*/
import org.conscrypt.Conscrypt;
import de.danoeh.antennapod.core.preferences.PlaybackPreferences; import de.danoeh.antennapod.core.preferences.PlaybackPreferences;
import de.danoeh.antennapod.core.preferences.SleepTimerPreferences; import de.danoeh.antennapod.core.preferences.SleepTimerPreferences;
@ -55,6 +62,7 @@ public class ClientConfig {
} }
private static void installSslProvider(Context context) { private static void installSslProvider(Context context) {
// ProviderInstaller is a closed-source Google library // Insert bundled conscrypt as highest security provider (overrides OS version).
Security.insertProviderAt(Conscrypt.newProvider(), 1);
} }
} }