simdsoft / 1kiss Goto Github PK
View Code? Open in Web Editor NEWBuilding opensources for multi-platforms with github actions.
License: Apache License 2.0
Building opensources for multi-platforms with github actions.
License: Apache License 2.0
Hello, there!
As part of the university research we are currently doing regarding the security of Github Actions, we noticed that one or many of the workflows that are part of this repository are referencing vulnerable versions of the third-party actions. As part of a disclosure process, we decided to open issues to notify GitHub Community.
Please note that there are could be some false positives in our methodology, thus not all of the open issues could be valid. If that is the case, please let us know, so that we can improve on our approach. You can contact me directly using an email: ikoishy [at] ncsu.edu
Thanks in advance
The vulnerability fix that is missing by actions' versions could be related to:
(1) CVE fix
(2) upgrade of vulnerable dependency
(3) fix to secret leak and others.
Please consider updating the reference to the action.
If you end up updating the reference, please let us know. We need the stats for the paper :-)
Hi,
We need the xcframework for plataforms (macos x64, macos arm64, ios arm64, ios simulator x64 and arm64, tvos simulator and device x64 and arm64, catalyst x64 and arm64)
Create a library for each platform and use cmake platform selector to specify the correct library for each:
https://github.com/leetal/ios-cmake/blob/master/ios.toolchain.cmake#L353-L374
Create an IF that check effective platform, example:
https://github.com/tdlib/td/blob/master/CMake/iOS.cmake#L66-L119
Create a xcframework that is a simple command that unify all .a or .so or .dylib files after you use lipo:
Do a lipo to join all simulators x64 and arm64 into one lib and after, create the xcframework:
xcodebuild -create-xcframework \
-library ./libxyz_macos.a \
-headers ./include/ \
-library ./libxyz_iossimulator.a \
-headers ./include/ \
-library ./libxyz_maccatalyst.a \
-headers ./include/ \
-library ./libxyz_tvos.a \
-headers ./include/ \
-library ./libxyz_ios.a \
-headers ./include/ \
-output XYZ.xcframework
Thanks.
I've updated the buildscripts in my fork of buildware: see https://github.com/pietpukkel/buildware
Buildscript now builds (on my Mac) Mac x64 and arm64 binaries and the distribution scripts make them to fat libraries. I've also added x64 libraries for Android (have not been able to test the results yet). Delete all files in buildsrc after every build.
The only issue that I have is in bulding libjitlua. Building seems to succeed for iOS/Mac but the resulting libs are most likely corrupted. Building for Android fails (for luajit). So these build steps need some TLC from someone with a bit more expertise than I have. I also see no test that actually uses this library.
Assuming the windows powershell scripts only generate the libraries for windows, i have not touched these (or looked at them).
Hello, there!
As part of the university research we are currently doing regarding the security of Github Actions, we noticed that one or many of the workflows that are part of this repository are referencing vulnerable versions of the third-party actions. As part of a disclosure process, we decided to open issues to notify GitHub Community.
Please note that there are could be some false positives in our methodology, thus not all of the open issues could be valid. If that is the case, please let us know, so that we can improve on our approach. You can contact me directly using an email: ikoishy [at] ncsu.edu
Thanks in advance
The vulnerability fix that is missing by actions' versions could be related to:
(1) CVE fix
(2) upgrade of vulnerable dependency
(3) fix to secret leak and others.
Please consider updating the reference to the action.
If you end up updating the reference, please let us know. We need the stats for the paper :-)
Hi,
Do you have any fast contact instead of write message by message?
Thanks.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.