update

Author: HautlyS

.github/scripts/patch_ios_project.py

@@ -51,6 +51,13 @@ def patch_pbxproj(path):
             if new_line != line:
                 line = new_line
                 modified = True
+
+        # Handle PROVISIONING_PROFILE_SPECIFIER with regex
+        if 'PROVISIONING_PROFILE_SPECIFIER' in line and '""' not in line:
+            new_line = re.sub(r'PROVISIONING_PROFILE_SPECIFIER\s*=\s*[^;]+;', 'PROVISIONING_PROFILE_SPECIFIER = "";', line)
+            if new_line != line:
+                line = new_line
+                modified = True
 
         new_lines.append(line)
 
@@ -145,6 +152,8 @@ def create_xcconfig(apple_path):
 CODE_SIGNING_ALLOWED = NO
 DEVELOPMENT_TEAM = 
 AD_HOC_CODE_SIGNING_ALLOWED = NO
+PROVISIONING_PROFILE_SPECIFIER = 
+PROVISIONING_PROFILE = 
 
 // Ensure release optimizations
 GCC_OPTIMIZATION_LEVEL = s

.github/workflows/_build-ios.yml

@@ -1,126 +1,198 @@
-name: Build iOS
+name: Build iOS (Unsigned)
 
 on:
-  workflow_call:
-    inputs:
-      version:
-        type: string
-        default: ''
-      sign:
-        type: boolean
-        default: false
-    secrets:
-      APPLE_CERTIFICATE:
-        required: false
-      APPLE_CERTIFICATE_PASSWORD:
-        required: false
-      APPLE_PROVISIONING_PROFILE:
-        required: false
-      APPLE_TEAM_ID:
-        required: false
+  workflow_dispatch:
+  push:
+    branches:
+      - main
+    paths:
+      - 'russh-client/**'
+      - '.github/workflows/_build-ios.yml'
+      - '.github/scripts/patch_ios_project.py'
 
 jobs:
-  build:
-    name: iOS
-    runs-on: macos-14
-    env:
-      SIGNING_ENABLED: 'false'
+  build-ios-unsigned:
+    name: Build iOS (Unsigned)
+    runs-on: macos-latest
+    timeout-minutes: 60
+    
     steps:
       - uses: actions/checkout@v4
 
-      - uses: ./.github/actions/setup-env
+      - uses: pnpm/action-setup@v4
         with:
-          rust-targets: aarch64-apple-ios,aarch64-apple-ios-sim
+          version: 9
 
-      - uses: Swatinem/rust-cache@v2
+      - uses: actions/setup-node@v4
+        with:
+          node-version: '22'
+          cache: 'pnpm'
+          cache-dependency-path: russh-client/pnpm-lock.yaml
+
+      - uses: dtolnay/rust-toolchain@stable
+        with:
+          targets: aarch64-apple-ios
+
+      - name: Rust cache
+        uses: swatinem/rust-cache@v2
         with:
           workspaces: "russh-client/src-tauri -> target"
-          key: ios
 
-      - name: Update version
-        if: inputs.version != ''
+      - name: Install dependencies
+        working-directory: russh-client
+        run: pnpm install --frozen-lockfile
+
+      - name: Build frontend
+        working-directory: russh-client
+        run: pnpm run build
+
+      - name: Verify frontend dist exists
         working-directory: russh-client
         run: |
-          npm version ${{ inputs.version }} --no-git-tag-version || true
-          sed -i '' 's/^version = ".*"/version = "${{ inputs.version }}"/' src-tauri/Cargo.toml
-
-      - name: Setup signing
-        if: inputs.sign
-        env:
-          CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }}
-          CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
-          PROVISIONING_PROFILE: ${{ secrets.APPLE_PROVISIONING_PROFILE }}
-        run: |
-          KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
-          KEYCHAIN_PASSWORD=$(openssl rand -base64 32)
-          echo "$CERTIFICATE" | base64 --decode > $RUNNER_TEMP/certificate.p12
-          security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
-          security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
-          security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
-          security import $RUNNER_TEMP/certificate.p12 -P "$CERTIFICATE_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
-          security set-key-partition-list -S apple-tool:,apple: -k "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
-          security list-keychain -d user -s $KEYCHAIN_PATH
-          mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles
-          echo "$PROVISIONING_PROFILE" | base64 --decode > ~/Library/MobileDevice/Provisioning\ Profiles/build.mobileprovision
-          echo "SIGNING_ENABLED=true" >> $GITHUB_ENV
-
-      - name: Init iOS
+          if [ ! -d "dist" ]; then
+            echo "❌ Frontend dist folder not found!"
+            exit 1
+          fi
+          echo "✅ Frontend dist exists:"
+          ls -la dist/
+
+      - name: Initialize iOS project
         working-directory: russh-client
         run: pnpm tauri ios init
 
-      - name: Patch Xcode for Release
-        working-directory: russh-client/src-tauri/gen/apple
-        run: |
-          find . -name "*.xcscheme" -exec sed -i '' 's/buildConfiguration = "Debug"/buildConfiguration = "Release"/g' {} \;
-          find . -name "project.pbxproj" -exec sed -i '' 's/--configuration \${CONFIGURATION:\?}/--configuration Release/g' {} \;
+      - name: Patch iOS project for unsigned release build
+        working-directory: russh-client
+        run: python3 ../.github/scripts/patch_ios_project.py
 
-      - name: Build frontend
+      - name: Build Rust library for iOS device (Release)
         working-directory: russh-client
-        run: pnpm build
+        run: |
+          cd src-tauri
+          cargo build --release --target aarch64-apple-ios
+          
+          # Copy to both debug and release folders (Xcode may look in either)
+          mkdir -p gen/apple/Externals/arm64/debug
+          mkdir -p gen/apple/Externals/arm64/release
+          
+          # The library name from Cargo.toml is russh-client -> librussh_client.a
+          LIB_FILE=$(find target/aarch64-apple-ios/release -name "librussh_client.a" -type f | head -1)
+          
+          if [ -z "$LIB_FILE" ]; then
+             echo "Looking for any .a file..."
+             LIB_FILE=$(find target/aarch64-apple-ios/release -name "*.a" -type f | head -1)
+          fi
+          
+          if [ -z "$LIB_FILE" ] || [ ! -f "$LIB_FILE" ]; then
+            echo "❌ No .a library found"
+            ls -la target/aarch64-apple-ios/release/ || true
+            exit 1
+          fi
+          
+          echo "Found library: $LIB_FILE"
+          
+          # Target destination for Tauri 2.0 structure
+          # Usually it goes into gen/apple/Externals usually
+          cp "$LIB_FILE" gen/apple/Externals/arm64/debug/libapp.a
+          cp "$LIB_FILE" gen/apple/Externals/arm64/release/libapp.a
+          
+          echo "✅ Rust library built and copied"
+          ls -la gen/apple/Externals/arm64/*/
 
-      - name: Build Rust
-        working-directory: russh-client/src-tauri
-        run: cargo build --release --target aarch64-apple-ios
+      - name: Copy frontend assets to iOS project
+        working-directory: russh-client
+        run: |
+          # Tauri iOS expects the dist folder to be available
+          echo "Frontend dist contents:"
+          ls -la dist/
+          
+          APPLE_DIR="src-tauri/gen/apple"
+          
+          # Check if assets are properly placed or recognized
+          if [ -d "$APPLE_DIR/Sources" ]; then
+            echo "Found Sources directory"
+            ls -la "$APPLE_DIR/Sources/" || true
+          fi
 
-      - name: Create IPA
-        working-directory: russh-client/src-tauri/gen/apple
-        env:
-          TAURI_CLI_NO_DEV_SERVER_WAIT: "true"
+      - name: Build iOS Archive (Unsigned Release)
+        working-directory: russh-client
         run: |
-          PROJ=$(find . -maxdepth 1 -name "*.xcworkspace" -o -name "*.xcodeproj" | head -1)
-          BUILD_TYPE=$([[ "$PROJ" == *.xcworkspace ]] && echo "-workspace" || echo "-project")
-          SCHEME=$(xcodebuild -list $BUILD_TYPE "$PROJ" 2>/dev/null | awk '/Schemes:/{getline; print; exit}' | xargs)
-          
-          if [ "$SIGNING_ENABLED" = "true" ]; then
-            xcodebuild archive $BUILD_TYPE "$PROJ" -scheme "$SCHEME" \
-              -archivePath "$GITHUB_WORKSPACE/app.xcarchive" \
-              -configuration Release -destination "generic/platform=iOS" \
-              DEVELOPMENT_TEAM="${{ secrets.APPLE_TEAM_ID }}" SKIP_INSTALL=NO
-            cat > export.plist << 'EOF'
-          <?xml version="1.0" encoding="UTF-8"?>
-          <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
-          <plist version="1.0"><dict><key>method</key><string>development</string></dict></plist>
-          EOF
-            xcodebuild -exportArchive -archivePath "$GITHUB_WORKSPACE/app.xcarchive" \
-              -exportPath "$GITHUB_WORKSPACE" -exportOptionsPlist export.plist
-            mv "$GITHUB_WORKSPACE"/*.ipa "$GITHUB_WORKSPACE/RUSSH-ios.ipa"
-          else
-            xcodebuild archive $BUILD_TYPE "$PROJ" -scheme "$SCHEME" \
-              -archivePath "$GITHUB_WORKSPACE/app.xcarchive" \
-              -configuration Release -destination "generic/platform=iOS" \
-              CODE_SIGN_IDENTITY="" CODE_SIGNING_REQUIRED=NO CODE_SIGNING_ALLOWED=NO SKIP_INSTALL=NO
-            cd "$GITHUB_WORKSPACE/app.xcarchive/Products" && mv Applications Payload
-            zip -r "$GITHUB_WORKSPACE/RUSSH-ios-unsigned.ipa" Payload
+          set -e
+          
+          XCODEPROJ=$(find src-tauri/gen/apple -name "*.xcodeproj" -type d | head -1)
+          echo "Project: $XCODEPROJ"
+          
+          SCHEME=$(xcodebuild -project "$XCODEPROJ" -list 2>/dev/null | \
+            awk '/Schemes:/{flag=1; next} flag && /^$/{flag=0} flag' | \
+            sed 's/^[[:space:]]*//' | grep -i ios | head -1)
+          
+          [ -z "$SCHEME" ] && SCHEME=$(xcodebuild -project "$XCODEPROJ" -list 2>/dev/null | \
+            awk '/Schemes:/{flag=1; next} flag && /^$/{flag=0} flag' | \
+            sed 's/^[[:space:]]*//' | head -1)
+          
+          echo "Scheme: $SCHEME"
+          
+          # Use the xcconfig if it exists (created by patch script)
+          XCCONFIG=""
+          if [ -f "src-tauri/gen/apple/Release-Unsigned.xcconfig" ]; then
+            XCCONFIG="-xcconfig src-tauri/gen/apple/Release-Unsigned.xcconfig"
           fi
+          
+          # Build with Release configuration and proper settings
+          xcodebuild archive \
+            -project "$XCODEPROJ" \
+            -scheme "$SCHEME" \
+            -configuration Release \
+            -archivePath ./unsigned.xcarchive \
+            -destination "generic/platform=iOS" \
+            $XCCONFIG \
+            CODE_SIGN_IDENTITY="" \
+            CODE_SIGNING_REQUIRED=NO \
+            CODE_SIGNING_ALLOWED=NO \
+            DEVELOPMENT_TEAM="" \
+            AD_HOC_CODE_SIGNING_ALLOWED=NO \
+            ONLY_ACTIVE_ARCH=NO \
+            GCC_PREPROCESSOR_DEFINITIONS='$(inherited) RELEASE=1 NDEBUG=1' \
+            SWIFT_ACTIVE_COMPILATION_CONDITIONS='RELEASE' \
+            ENABLE_BITCODE=NO
+          
+          echo "✅ Archive created"
 
-      - name: Cleanup signing
-        if: always() && inputs.sign
-        run: security delete-keychain $RUNNER_TEMP/app-signing.keychain-db || true
+      - name: Package IPA from Archive
+        working-directory: russh-client
+        run: |
+          set -e
+          
+          ARCHIVE_PATH="./unsigned.xcarchive"
+          
+          if [ ! -d "$ARCHIVE_PATH" ]; then
+            echo "❌ Archive not found"
+            exit 1
+          fi
+          
+          APP_PATH=$(find "$ARCHIVE_PATH/Products/Applications" -name "*.app" -type d 2>/dev/null | head -1)
+          
+          if [ -z "$APP_PATH" ]; then
+            APP_PATH=$(find "$ARCHIVE_PATH" -name "*.app" -type d 2>/dev/null | head -1)
+          fi
+          
+          if [ -z "$APP_PATH" ]; then
+            echo "❌ No .app found in archive"
+            exit 1
+          fi
+          
+          echo "✅ Found: $APP_PATH"
+          
+          mkdir -p Payload
+          cp -R "$APP_PATH" Payload/
+          zip -r -q iMAGE-unsigned.ipa Payload/
+          rm -rf Payload
+          
+          echo "✅ IPA created: iMAGE-unsigned.ipa"
+          ls -la iMAGE-unsigned.ipa
 
-      - uses: actions/upload-artifact@v4
+      - name: Upload IPA
+        uses: actions/upload-artifact@v4
         with:
-          name: ios-ipa
-          path: |
-            RUSSH-ios.ipa
-            RUSSH-ios-unsigned.ipa
-          if-no-files-found: warn
+          name: ios-unsigned-ipa
+          path: russh-client/iMAGE-unsigned.ipa
+          retention-days: 30

russh-ssh/src/connection/state.rs

@@ -10,9 +10,10 @@ use tokio::sync::broadcast;
 const STATE_CHANNEL_CAPACITY: usize = 16;
 
 /// Connection state tracking
-#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)]
+#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize, Default)]
 pub enum ConnectionState {
     /// Not connected to any host
+    #[default]
     Disconnected,
     /// Currently attempting to connect
     Connecting,
@@ -103,11 +104,7 @@ impl ConnectionState {
     }
 }
 
-impl Default for ConnectionState {
-    fn default() -> Self {
-        ConnectionState::Disconnected
-    }
-}
+
 
 impl std::fmt::Display for ConnectionState {
     fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {

russh-ssh/src/encryption/cipher.rs

@@ -45,7 +45,7 @@ impl serde::Serialize for EncryptedMessage {
         use base64::{Engine as _, engine::general_purpose::STANDARD};
         let mut state = serializer.serialize_struct("EncryptedMessage", 3)?;
         state.serialize_field("ciphertext", &STANDARD.encode(&self.ciphertext))?;
-        state.serialize_field("nonce", &STANDARD.encode(&self.nonce))?;
+        state.serialize_field("nonce", &STANDARD.encode(self.nonce))?;
         state.serialize_field("plaintext_hash", &self.plaintext_hash)?;
         state.end()
     }

russh-ssh/src/encryption/hash.rs

@@ -163,7 +163,7 @@ pub async fn hash_file_async(path: &Path) -> Result<ContentHash, HashError> {
 pub async fn hash_file_spawn_blocking(path: impl AsRef<Path> + Send + 'static) -> Result<ContentHash, HashError> {
     tokio::task::spawn_blocking(move || hash_file(path.as_ref()))
         .await
-        .map_err(|e| HashError::Io(std::io::Error::new(std::io::ErrorKind::Other, e.to_string())))?
+        .map_err(|e| HashError::Io(std::io::Error::other(e.to_string())))?
 }
 
 /// Compute BLAKE3 hash from a reader

russh-ssh/src/encryption/secure_channel.rs

@@ -62,7 +62,7 @@ impl Serialize for Identity {
     {
         use serde::ser::SerializeStruct;
         let mut state = serializer.serialize_struct("Identity", 2)?;
-        state.serialize_field("public_key", &hex::encode(&self.public_key))?;
+        state.serialize_field("public_key", &hex::encode(self.public_key))?;
         state.serialize_field("identifier", &self.identifier)?;
         state.end()
     }
@@ -309,7 +309,7 @@ impl SecureChannel {
         Ok(SecureMessage {
             encrypted,
             counter,
-            sender: self.local_identity.identifier.clone(),
+            sender: self.local_identity.identifier,
         })
     }
 

russh-ssh/src/p2p/connection.rs

@@ -119,7 +119,7 @@ impl P2PConnection {
 
         // Get connection type from the endpoint (Iroh tracks this at endpoint level)
         if let Ok(conn_type_watcher) = self.endpoint.endpoint().conn_type(self.peer_id) {
-            if let Some(conn_type) = conn_type_watcher.get().ok() {
+            if let Ok(conn_type) = conn_type_watcher.get() {
                 info.connection_type = match conn_type {
                     IrohConnectionType::Direct(addr) => {
                         info.remote_addr = Some(addr);