gh-94682: Build and test with OpenSSL 1.1.1q (gh-94683)

This commit is contained in:
Christian Heimes 2022-08-29 18:19:15 +02:00 committed by GitHub
parent 9c2b9348e2
commit 873554ef84
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
9 changed files with 27 additions and 20 deletions

View File

@ -57,7 +57,7 @@ jobs:
variables: variables:
testRunTitle: '$(build.sourceBranchName)-linux' testRunTitle: '$(build.sourceBranchName)-linux'
testRunPlatform: linux testRunPlatform: linux
openssl_version: 1.1.1n openssl_version: 1.1.1q
steps: steps:
- template: ./posix-steps.yml - template: ./posix-steps.yml
@ -83,7 +83,7 @@ jobs:
variables: variables:
testRunTitle: '$(Build.SourceBranchName)-linux-coverage' testRunTitle: '$(Build.SourceBranchName)-linux-coverage'
testRunPlatform: linux-coverage testRunPlatform: linux-coverage
openssl_version: 1.1.1n openssl_version: 1.1.1q
steps: steps:
- template: ./posix-steps.yml - template: ./posix-steps.yml

View File

@ -57,7 +57,7 @@ jobs:
variables: variables:
testRunTitle: '$(system.pullRequest.TargetBranch)-linux' testRunTitle: '$(system.pullRequest.TargetBranch)-linux'
testRunPlatform: linux testRunPlatform: linux
openssl_version: 1.1.1n openssl_version: 1.1.1q
steps: steps:
- template: ./posix-steps.yml - template: ./posix-steps.yml
@ -83,7 +83,7 @@ jobs:
variables: variables:
testRunTitle: '$(Build.SourceBranchName)-linux-coverage' testRunTitle: '$(Build.SourceBranchName)-linux-coverage'
testRunPlatform: linux-coverage testRunPlatform: linux-coverage
openssl_version: 1.1.1n openssl_version: 1.1.1q
steps: steps:
- template: ./posix-steps.yml - template: ./posix-steps.yml

View File

@ -175,7 +175,7 @@ jobs:
needs: check_source needs: check_source
if: needs.check_source.outputs.run_tests == 'true' if: needs.check_source.outputs.run_tests == 'true'
env: env:
OPENSSL_VER: 1.1.1n OPENSSL_VER: 1.1.1q
PYTHONSTRICTEXTENSIONBUILD: 1 PYTHONSTRICTEXTENSIONBUILD: 1
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@v3
@ -234,7 +234,7 @@ jobs:
strategy: strategy:
fail-fast: false fail-fast: false
matrix: matrix:
openssl_ver: [1.1.1n, 3.0.2] openssl_ver: [1.1.1q, 3.0.5]
env: env:
OPENSSL_VER: ${{ matrix.openssl_ver }} OPENSSL_VER: ${{ matrix.openssl_ver }}
MULTISSL_DIR: ${{ github.workspace }}/multissl MULTISSL_DIR: ${{ github.workspace }}/multissl
@ -281,7 +281,7 @@ jobs:
needs: check_source needs: check_source
if: needs.check_source.outputs.run_tests == 'true' if: needs.check_source.outputs.run_tests == 'true'
env: env:
OPENSSL_VER: 1.1.1n OPENSSL_VER: 1.1.1q
PYTHONSTRICTEXTENSIONBUILD: 1 PYTHONSTRICTEXTENSIONBUILD: 1
ASAN_OPTIONS: detect_leaks=0:allocator_may_return_null=1:handle_segv=0 ASAN_OPTIONS: detect_leaks=0:allocator_may_return_null=1:handle_segv=0
steps: steps:

View File

@ -246,9 +246,9 @@ def library_recipes():
result.extend([ result.extend([
dict( dict(
name="OpenSSL 1.1.1n", name="OpenSSL 1.1.1q",
url="https://www.openssl.org/source/openssl-1.1.1n.tar.gz", url="https://www.openssl.org/source/openssl-1.1.1q.tar.gz",
checksum='2aad5635f9bb338bc2c6b7d19cbc9676', checksum='d7939ce614029cdff0b6c20f0e2e5703158a489a72b2507b8bd51bf8c8fd10ca',
buildrecipe=build_universal_openssl, buildrecipe=build_universal_openssl,
configure=None, configure=None,
install=None, install=None,
@ -797,10 +797,16 @@ def verifyThirdPartyFile(url, checksum, fname):
print("Downloading %s"%(name,)) print("Downloading %s"%(name,))
downloadURL(url, fname) downloadURL(url, fname)
print("Archive for %s stored as %s"%(name, fname)) print("Archive for %s stored as %s"%(name, fname))
if len(checksum) == 32:
algo = 'md5'
elif len(checksum) == 64:
algo = 'sha256'
else:
raise ValueError(checksum)
if os.system( if os.system(
'MD5=$(openssl md5 %s) ; test "${MD5##*= }" = "%s"' 'CHECKSUM=$(openssl %s %s) ; test "${CHECKSUM##*= }" = "%s"'
% (shellQuote(fname), checksum) ): % (algo, shellQuote(fname), checksum) ):
fatal('MD5 checksum mismatch for file %s' % fname) fatal('%s checksum mismatch for file %s' % (algo, fname))
def build_universal_openssl(basedir, archList): def build_universal_openssl(basedir, archList):
""" """

View File

@ -0,0 +1 @@
Build and test with OpenSSL 1.1.1q

View File

@ -53,7 +53,7 @@ echo.Fetching external libraries...
set libraries= set libraries=
set libraries=%libraries% bzip2-1.0.8 set libraries=%libraries% bzip2-1.0.8
if NOT "%IncludeLibffiSrc%"=="false" set libraries=%libraries% libffi-3.4.2 if NOT "%IncludeLibffiSrc%"=="false" set libraries=%libraries% libffi-3.4.2
if NOT "%IncludeSSLSrc%"=="false" set libraries=%libraries% openssl-1.1.1n if NOT "%IncludeSSLSrc%"=="false" set libraries=%libraries% openssl-1.1.1q
set libraries=%libraries% sqlite-3.38.4.0 set libraries=%libraries% sqlite-3.38.4.0
if NOT "%IncludeTkinterSrc%"=="false" set libraries=%libraries% tcl-core-8.6.12.1 if NOT "%IncludeTkinterSrc%"=="false" set libraries=%libraries% tcl-core-8.6.12.1
if NOT "%IncludeTkinterSrc%"=="false" set libraries=%libraries% tk-8.6.12.1 if NOT "%IncludeTkinterSrc%"=="false" set libraries=%libraries% tk-8.6.12.1
@ -77,7 +77,7 @@ echo.Fetching external binaries...
set binaries= set binaries=
if NOT "%IncludeLibffi%"=="false" set binaries=%binaries% libffi-3.4.2 if NOT "%IncludeLibffi%"=="false" set binaries=%binaries% libffi-3.4.2
if NOT "%IncludeSSL%"=="false" set binaries=%binaries% openssl-bin-1.1.1n if NOT "%IncludeSSL%"=="false" set binaries=%binaries% openssl-bin-1.1.1q
if NOT "%IncludeTkinter%"=="false" set binaries=%binaries% tcltk-8.6.12.1 if NOT "%IncludeTkinter%"=="false" set binaries=%binaries% tcltk-8.6.12.1
if NOT "%IncludeSSLSrc%"=="false" set binaries=%binaries% nasm-2.11.06 if NOT "%IncludeSSLSrc%"=="false" set binaries=%binaries% nasm-2.11.06

View File

@ -67,8 +67,8 @@
<libffiDir>$(ExternalsDir)libffi-3.4.2\</libffiDir> <libffiDir>$(ExternalsDir)libffi-3.4.2\</libffiDir>
<libffiOutDir>$(ExternalsDir)libffi-3.4.2\$(ArchName)\</libffiOutDir> <libffiOutDir>$(ExternalsDir)libffi-3.4.2\$(ArchName)\</libffiOutDir>
<libffiIncludeDir>$(libffiOutDir)include</libffiIncludeDir> <libffiIncludeDir>$(libffiOutDir)include</libffiIncludeDir>
<opensslDir>$(ExternalsDir)openssl-1.1.1n\</opensslDir> <opensslDir>$(ExternalsDir)openssl-1.1.1q\</opensslDir>
<opensslOutDir>$(ExternalsDir)openssl-bin-1.1.1n\$(ArchName)\</opensslOutDir> <opensslOutDir>$(ExternalsDir)openssl-bin-1.1.1q\$(ArchName)\</opensslOutDir>
<opensslIncludeDir>$(opensslOutDir)include</opensslIncludeDir> <opensslIncludeDir>$(opensslOutDir)include</opensslIncludeDir>
<nasmDir>$(ExternalsDir)\nasm-2.11.06\</nasmDir> <nasmDir>$(ExternalsDir)\nasm-2.11.06\</nasmDir>
<zlibDir>$(ExternalsDir)\zlib-1.2.12\</zlibDir> <zlibDir>$(ExternalsDir)\zlib-1.2.12\</zlibDir>

View File

@ -168,7 +168,7 @@ _lzma
Homepage: Homepage:
https://tukaani.org/xz/ https://tukaani.org/xz/
_ssl _ssl
Python wrapper for version 1.1.1k of the OpenSSL secure sockets Python wrapper for version 1.1.1q of the OpenSSL secure sockets
library, which is downloaded from our binaries repository at library, which is downloaded from our binaries repository at
https://github.com/python/cpython-bin-deps. https://github.com/python/cpython-bin-deps.

View File

@ -46,8 +46,8 @@ OPENSSL_OLD_VERSIONS = [
] ]
OPENSSL_RECENT_VERSIONS = [ OPENSSL_RECENT_VERSIONS = [
"1.1.1n", "1.1.1q",
"3.0.2" "3.0.5"
] ]
LIBRESSL_OLD_VERSIONS = [ LIBRESSL_OLD_VERSIONS = [