wip: nym integration#1007
Draft
dorianvp wants to merge 18 commits into
Draft
Conversation
Three coupled changes to make Nym wallet open work end-to-end on Android.
Why Nym was broken on Android only
----------------------------------
reqwest's `rustls` feature pulls in `rustls-platform-verifier`, which on
Android routes every TLS handshake through `CertPathValidator`. Let's
Encrypt has been removing the OCSP responder URL from its certificates
through 2024-2025; when the platform verifier hits one of those certs
(validator.nymtech.net is one), Android raises a
CertPathValidatorException("Certificate does not specify OCSP responder")
*before* the SOFT_FAIL revocation option can take effect, and the chain
hard-fails as "Revoked". iOS and CLI builds are unaffected because they
use SecTrust / webpki-roots respectively, which tolerate the missing
OCSP info.
The fix lives in the upstream branches we now consume:
* zingolabs/nym @ nym_wallet_poc_2_1-zingo-mobile-fix — patches the
nym-http-api-client `default_builder()` to install a preconfigured
rustls ClientConfig backed by webpki-roots, gated behind
`cfg(target_os = "android")`. Covers all Nym-internal HTTP clients
(notably the gateway fetch in nym-client-core::init::helpers).
* zingolabs/zingo-common @ chore/echo-server-zingo-mobile-fix —
pins to the above nym branch and also explicitly overrides TLS in
NymProxy::discover_providers.
Upstream context: rustls/rustls-platform-verifier#179
Why we couldn't see any of this in logcat (separate bug, fixed here)
--------------------------------------------------------------------
android_logger 0.11 silently failed to register as the global `log`
logger on this Android version — `log::error!` calls went into the
void, making the Nym failure invisible from logcat. Bumped to 0.14
(API change: with_min_level(Level) -> with_max_level(LevelFilter)),
which registers correctly.
While at it, the previous filter spec "debug,hello::crate=zingolib"
was malformed (`hello::crate` was a stale example module name and
`zingolib` is not a valid log level). env_logger silently dropped the
invalid directive, so the effective filter was just "debug" — but the
surprise was real. Replaced with "debug,zingo=trace,...".
Also moved `android_logger::init_once` into `ensure_android_logger`,
guarded by `Once`, and called it from `with_panic_guard`. This way
every FFI entry point sets the logger up on its first invocation,
independent of whether JS calls `RPCModule.initLogging` first. The
existing `init_logging` FFI is now a no-op kept for backwards
compatibility with Kotlin's RPCModule.
Logs from Rust now appear under tag `zingo_rs`. Filter with:
adb logcat -s zingo_rs:V
Cleanup
-------
The two stray `let _ = rustls::crypto::ring::default_provider()
.install_default();` calls inside init_new and get_latest_block_server
are gone — JS already calls `RPCModule.setCryptoDefaultProvider` at
boot, which exposes the same uniffi function, so those inline calls
were redundant.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Three things end-of-day:
1. Unify dep branches. zingolib was still pinned to chore/bytes-lightclients,
which itself pulled zingo-netutils from chore/echo-server — so the Nym
OCSP fix was bypassed at runtime even though the workspace dep pointed at
the new branch. Bumped zingolib + pepper-sync + zingolib_testutils to
chore/bytes-lightclients-zingo-mobile-fix, which carries the matching
zingo-netutils branch. Cargo.lock now resolves a single copy of every
nym crate (from nym_wallet_poc_2_1-zingo-mobile-fix) and zingo-netutils
(from chore/echo-server-zingo-mobile-fix). Result: Nym wallet opens in
~13s on Android device and <13s on iOS, vs the previous 4–5 min on iOS
and outright failure on Android.
2. Drop the init_logging FFI. After the logger rework, every FFI entry
point sets up android_logger lazily on first call via `ensure_logger`
(renamed from `ensure_android_logger`), so the Kotlin side no longer
needs to bring logging up explicitly. Removed:
* `pub fn init_logging` in rust/lib/src/lib.rs
* `string init_logging();` in rust/lib/src/zingo.udl
* 52 `uniffi.zingo.initLogging()` call sites in Kotlin
(RPCModule.kt + BackgroundSyncWorker.kt)
* Regenerated rust/lib/src/uniffi/zingo/zingo.kt via uniffi-bindgen
so the tracked binding no longer references the removed symbol.
3. iOS logger via oslog. Previously every `log::error!`/`debug!` on iOS
went to /dev/null — `init_logging` only ever set up android_logger.
Added oslog 0.2 (iOS-only target dep) and bridged it inside
`ensure_logger`. Rust logs now appear under subsystem
`org.ZingoLabs.Zingo` in Console.app and via:
xcrun simctl spawn booted log stream \
--predicate 'subsystem == "org.ZingoLabs.Zingo"' --level debug
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.