Commit Graph

75 Commits

Author SHA1 Message Date
Nikita Sobolev 3108fc1c16
gh-97923: Always run Ubuntu SSL tests with others in CI (#97940) 2022-10-07 11:58:46 -07:00
Christian Heimes 873554ef84
gh-94682: Build and test with OpenSSL 1.1.1q (gh-94683) 2022-08-29 18:19:15 +02:00
Varun Sharma b96e20c1d9
ci: add GitHub token permissions (#92999) 2022-05-21 03:55:21 -04:00
Pablo Galindo 9478b263a3
Add the 3.11 branch to the CI files 2022-05-08 04:01:20 +01:00
Hugo van Kemenade 628d6e8270
Dependabot: only bump actions for major versions (#92186) 2022-05-03 06:33:03 -06:00
dependabot[bot] eefe6911f4
build(deps): bump actions/cache from 3.0.1 to 3.0.2 (#92111)
Bumps [actions/cache](https://github.com/actions/cache) from 3.0.1 to 3.0.2.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](https://github.com/actions/cache/compare/v3.0.1...v3.0.2)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-01 14:37:52 -06:00
dependabot[bot] 3ace1034b8
build(deps): bump actions/cache from 2.1.7 to 3.0.1 (#32228)
Bumps [actions/cache](https://github.com/actions/cache) from 2.1.7 to 3.0.1.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](https://github.com/actions/cache/compare/v2.1.7...v3.0.1)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jelle Zijlstra <jelle.zijlstra@gmail.com>
2022-04-20 07:53:08 -07:00
dependabot[bot] 1ba63e3a9b
build(deps): bump actions/checkout from 2 to 3 (#32226)
Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-04-19 20:50:07 -07:00
dependabot[bot] 74e319239b
build(deps): bump actions/setup-python from 2 to 3 (#31630)
Bumps [actions/setup-python](https://github.com/actions/setup-python) from 2 to 3.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](https://github.com/actions/setup-python/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/setup-python
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jelle Zijlstra <jelle.zijlstra@gmail.com>
2022-04-19 13:03:58 -07:00
Oleg Iarygin 98ff4a6877
Replace contributor-visible mentions of BPO in .github/* (GH-91426) 2022-04-11 00:03:27 +02:00
Eric Snow e7bb7c2f04
bpo-47146: Stop Depending On regen-deepfreeze For regen-global-objects (gh-32218)
This effectively reverts the Makefile change in gh-31637. I've added some notes so it is more clear what is going on.

We also update the "Check if generated files are up to date" job to run "make regen-deepfreeze" to ensure "make regen-global-objects" catches deepfreeze.c.

https://bugs.python.org/issue47146
2022-03-31 14:29:52 -06:00
Steve Dower d0a91bd277
bpo-47037: Test debug builds on Windows in CI so that native assertions are noticed sooner (GH-31965) 2022-03-18 17:19:28 +00:00
Christian Heimes af0a50de4b
bpo-47024: Update OpenSSL to 1.1.1n (GH-31895)
Co-authored-by: Zachary Ware <zachary.ware@gmail.com>
2022-03-15 21:03:04 +01:00
Christian Heimes 434ffb7f1f
bpo-46973: Add regen-configure make target (GH-31792) 2022-03-10 18:03:27 +01:00
Victor Stinner 9204bb72a2
bpo-46633: Skip tests on ASAN and/or MSAN builds (GH-31632)
Skip tests on ASAN and/or MSAN builds:

* multiprocessing tests
* test___all__
* test_concurrent_futures
* test_decimal
* test_peg_generator
* test_tools

The ASAN job of GitHub Actions no longer excludes these tests.
2022-03-01 15:44:08 +01:00
Eric Snow 6c89589486
bpo-46541: Drop the check for orphaned global strings. (gh-31363)
https://bugs.python.org/issue46541
2022-02-15 20:06:38 -07:00
Eric Snow 81c72044a1
bpo-46541: Replace core use of _Py_IDENTIFIER() with statically initialized global objects. (gh-30928)
We're no longer using _Py_IDENTIFIER() (or _Py_static_string()) in any core CPython code.  It is still used in a number of non-builtin stdlib modules.

The replacement is: PyUnicodeObject (not pointer) fields under _PyRuntimeState, statically initialized as part of _PyRuntime.  A new _Py_GET_GLOBAL_IDENTIFIER() macro facilitates lookup of the fields (along with _Py_GET_GLOBAL_STRING() for non-identifier strings).

https://bugs.python.org/issue46541#msg411799 explains the rationale for this change.

The core of the change is in:

* (new) Include/internal/pycore_global_strings.h - the declarations for the global strings, along with the macros
* Include/internal/pycore_runtime_init.h - added the static initializers for the global strings
* Include/internal/pycore_global_objects.h - where the struct in pycore_global_strings.h is hooked into _PyRuntimeState
* Tools/scripts/generate_global_objects.py - added generation of the global string declarations and static initializers

I've also added a --check flag to generate_global_objects.py (along with make check-global-objects) to check for unused global strings.  That check is added to the PR CI config.

The remainder of this change updates the core code to use _Py_GET_GLOBAL_IDENTIFIER() instead of _Py_IDENTIFIER() and the related _Py*Id functions (likewise for _Py_GET_GLOBAL_STRING() instead of _Py_static_string()).  This includes adding a few functions where there wasn't already an alternative to _Py*Id(), replacing the _Py_Identifier * parameter with PyObject *.

The following are not changed (yet):

* stop using _Py_IDENTIFIER() in the stdlib modules
* (maybe) get rid of _Py_IDENTIFIER(), etc. entirely -- this may not be doable as at least one package on PyPI using this (private) API
* (maybe) intern the strings during runtime init

https://bugs.python.org/issue46541
2022-02-08 13:39:07 -07:00
Pablo Galindo Salgado a27505345e
Add skips to crashing tests under sanitizers instead of manually skipping them (GH-30897) 2022-01-25 23:14:03 +00:00
Victor Stinner ce7d66771e
bpo-45200: GHA Address Sanitizer skips 3 slowest tests (GH-30797)
Skip the 3 slowest tests of the Address Sanitizer CI of GitHub
Actions:

* test_tools
* test_peg_generator
* test_concurrent_futures

These tests take between 5 and 20 minutes on this CI which makes this
CI job the slowest. Making this CI job faster makes the whole Python
workflow faster. These tests are run on all others CIs.

Example of Address Sanitizer output:

    10 slowest tests:
    - test_peg_generator: 17 min 33 sec
    - test_tools: 8 min 27 sec
    - test_concurrent_futures: 5 min 24 sec
    - test_zipfile: 2 min 41 sec
    - test_compileall: 2 min 21 sec
    - test_asyncio: 2 min 17 sec
    - test_gdb: 1 min 43 sec
    - test_weakref: 1 min 35 sec
    - test_pickle: 1 min 18 sec
    - test_subprocess: 1 min 12 sec

Moreover, test_concurrent_futures also seems to be affected by
bpo-45200 bug: libasan dead lock in pthread_create().
2022-01-22 19:15:37 +01:00
Mark Dickinson 0ea2ef5fa8
Add a (conservative) timeout for Windows builds on GitHub Actions (GH-30301) 2022-01-09 10:28:34 +00:00
Kumar Aditya fc54e722a2
bpo-46106: Update OpenSSL to 1.1.1m (GH-30211)
Co-authored-by: Ned Deily <nad@python.org>
2021-12-21 21:20:16 -05:00
Christian Heimes da8cf8a747
bpo-44035: Show git diff after autoreconf and regen (GH-30117) 2021-12-17 16:17:56 +01:00
Christian Heimes 2985feac4e
bpo-46114: Fix OpenSSL version check for 3.0.1 (GH-30170) 2021-12-17 16:17:32 +01:00
dependabot[bot] 901cbbd2ca
build(deps): bump actions/cache from 2.1.6 to 2.1.7 (GH-29875)
Bumps [actions/cache](https://github.com/actions/cache) from 2.1.6 to 2.1.7.
- [Release notes](https://github.com/actions/cache/releases)
- [Commits](https://github.com/actions/cache/compare/v2.1.6...v2.1.7)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-12-11 00:46:49 +01:00
Christian Heimes 98fac8bc18
bpo-44035: Check autoconf files thoroughly (GH-29935)
Check that users don't push changes with outdated or patched autoconf.
The presence of runstatedir option and aclocal 1.16.3 are good markers.

Use my container image to regenerate autoconf files. "Check for changes"
will fail later when any file is regenerated.

Use ccache in check_generated_files to speed up testing.
2021-12-06 13:18:56 +01:00
Christian Heimes cee07b1628
bpo-45695: Test out-of-tree builds on GHA (GH-29904) 2021-12-04 11:07:59 +01:00
Christian Heimes f4afc53bf6
bpo-45893: Add missing extern C to initconfig.h (GH-29761)
Co-authored-by: Steve Dower <steve.dower@python.org>
2021-11-24 21:12:12 +01:00
Ryan Mast 3754f55b36
Add workflow_dispatch trigger to GHA workflows (GH-27873) 2021-10-21 22:34:18 +02:00
Pablo Galindo Salgado a25dcaefb7
bpo-45350: Rerun autoreconf with the pkg-config macros (GH-28708) 2021-10-04 00:46:52 +01:00
Pablo Galindo Salgado a356272362
bpo-45200: Ignore test_multiprocessing_* in ASAN build due to false positives (GH-28492) 2021-09-21 17:28:13 +01:00
Christian Heimes cc7c680194
bpo-38820: Test with OpenSSL 3.0.0 final (GH-28205)
Signed-off-by: Christian Heimes <christian@python.org>
2021-09-07 19:04:55 +02:00
Pablo Galindo Salgado 6beaf2ffae
Check that 'configure' is generated by GNU Autoconf 2.69 (GH-28152) 2021-09-04 15:20:38 +01:00
Eric Snow 044e8d866f
bpo-45019: Add a tool to generate list of modules to include for frozen modules (gh-27980)
Frozen modules must be added to several files in order to work properly. Before this change this had to be done manually. Here we add a tool to generate the relevant lines in those files instead. This helps us avoid mistakes and omissions.

https://bugs.python.org/issue45019
2021-08-30 17:25:11 -06:00
Steve Dower d3bdbbf9a4
bpo-45007: Update to OpenSSL 1.1.1l in Windows build and CI (GH-28009) 2021-08-29 16:18:57 +02:00
Pablo Galindo Salgado 7cad0bee80
Fail the CI if an optional module fails to compile (GH-27466) 2021-07-30 16:21:09 +02:00
Ken Jin d61b69f02d
Add windows build.bat counterpart for 'make regen-all' in error message (GH-26770) 2021-07-26 23:09:30 -04:00
Christian Heimes 44fb551499
bpo-38820: Test with OpenSSL 3.0.0-beta1 (GH-26769)
Signed-off-by: Christian Heimes <christian@python.org>
2021-06-19 11:08:41 +02:00
Pablo Galindo f82262b186
Run address sanitiser in the GitHub CI (GH-26640) 2021-06-10 18:47:53 +01:00
dependabot[bot] 8916633b76
build(deps): bump actions/cache from 2.1.5 to 2.1.6 (GH-26476)
Bumps [actions/cache](https://github.com/actions/cache) from 2.1.5 to 2.1.6.
- [Release notes](https://github.com/actions/cache/releases)
- [Commits](https://github.com/actions/cache/compare/v2.1.5...v2.1.6)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-06-02 14:34:45 -03:00
Christian Heimes 7109624d45
bpo-38820: Test with OpenSSL 3.0.0-alpha17 (#26266) 2021-05-20 16:46:38 +02:00
Hugo van Kemenade 24ccc89547
Enable GitHub Actions on the 3.10 branch (GH-26242) 2021-05-19 16:14:37 +01:00
Christian Heimes e8525567dd
bpo-38820: Test with OpenSSL 3.0.0-alpha16 (GH-25942)
Also use new make target to install FIPS provider.
2021-05-06 16:30:12 +02:00
dependabot[bot] d783ce789d
build(deps): bump actions/cache from v2.1.4 to v2.1.5 (#25773)
Bumps [actions/cache](https://github.com/actions/cache) from v2.1.4 to v2.1.5.
- [Release notes](https://github.com/actions/cache/releases)
- [Commits](https://github.com/actions/cache/compare/v2.1.4...1a9e2138d905efd099035b49d8b7a3888c653ca8)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-05-04 03:09:51 +02:00
Pablo Galindo 2fc857a572
Update CI files to account for the master -> main rename (GH-25860) 2021-05-03 23:36:55 +01:00
Brandt Bucher 29282b2825
Fix broken name in build.yml (GH-25759) 2021-05-01 15:02:30 -07:00
Christian Heimes dcf658157d
bpo-38820: Test with OpenSSL 3.0.0-alpha15 (GH-25537)
Signed-off-by: Christian Heimes <christian@python.org>
2021-04-23 14:19:21 +02:00
Christian Heimes 39258d3595
bpo-43669: PEP 644: Require OpenSSL 1.1.1 or newer (GH-23014)
- Remove HAVE_X509_VERIFY_PARAM_SET1_HOST check
- Update hashopenssl to require OpenSSL 1.1.1
- multissltests only OpenSSL > 1.1.0
- ALPN is always supported
- SNI is always supported
- Remove deprecated NPN code. Python wrappers are no-op.
- ECDH is always supported
- Remove OPENSSL_VERSION_1_1 macro
- Remove locking callbacks
- Drop PY_OPENSSL_1_1_API macro
- Drop HAVE_SSL_CTX_CLEAR_OPTIONS macro
- SSL_CTRL_GET_MAX_PROTO_VERSION is always defined now
- security level is always available now
- get_num_tickets is available with TLS 1.3
- X509_V_ERR MISMATCH is always available now
- Always set SSL_MODE_RELEASE_BUFFERS
- X509_V_FLAG_TRUSTED_FIRST is always available
- get_ciphers is always supported
- SSL_CTX_set_keylog_callback is always available
- Update Modules/Setup with static link example
- Mention PEP in whatsnew
- Drop 1.0.2 and 1.1.0 from GHA tests
2021-04-17 11:36:35 +02:00
Christian Heimes 8fa1489365
bpo-43811: Test multiple OpenSSL versions on GHA (GH-25360)
The new checks are only executed when one or more OpenSSL-related files are modified. The checks run a handful of networking and hashing test suites. All SSL checks are optional. This PR also introduces ccache to speed up compilation. In common cases it speeds up configure and compile time from about 90 seconds to less than 30 seconds.

Signed-off-by: Christian Heimes <christian@python.org>
2021-04-13 10:23:45 -07:00
Christian Heimes a54fc683f2
bpo-43631: Update to OpenSSL 1.1.1k (GH-25024)
- [x] Build OpenSSL 1.1.1k for macOS
- [x] Build OpenSSL 1.1.1k for Windows

I have also updated multissl tester and various CI configurations to use latest OpenSSL. The versions were all over the place.

Signed-off-by: Christian Heimes <christian@python.org>

Automerge-Triggered-By: GH:tiran
2021-03-29 17:00:34 -07:00
Christian Heimes f6c6b5821b
bpo-41561: Add workaround for Ubuntu's custom security level (GH-24915)
Ubuntu 20.04 comes with a patched OpenSSL 1.1.1. Default security level
2 blocks TLS 1.0 and 1.1 connections. Regular OpenSSL 1.1.1 builds allow
TLS 1.0 and 1.1 on security level 2.

See: 
See: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1899878
See: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1917625
Signed-off-by: Christian Heimes <christian@python.org>
2021-03-18 15:06:50 -07:00