From b19dd5cc79dff2fa8d9fef082dbc317009aa2234 Mon Sep 17 00:00:00 2001 From: twangboy Date: Thu, 2 Oct 2025 13:53:37 -0600 Subject: [PATCH 1/7] Update OpenSSL to 3.5.4 --- relenv/build/darwin.py | 4 ++-- relenv/build/linux.py | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/relenv/build/darwin.py b/relenv/build/darwin.py index 1b032462..a9eca639 100644 --- a/relenv/build/darwin.py +++ b/relenv/build/darwin.py @@ -78,8 +78,8 @@ def build_python(env, dirs, logfp): build_func=build_openssl, download={ "url": "https://github.com/openssl/openssl/releases/download/openssl-{version}/openssl-{version}.tar.gz", - "version": "3.2.4", - "checksum": "2247802a1193c0f8eb41c870e8de45a2241422d5", + "version": "3.5.4", + "checksum": "b75daac8e10f189abe28a076ba5905d363e4801f", }, ) diff --git a/relenv/build/linux.py b/relenv/build/linux.py index 7285c5c3..2e59b43d 100644 --- a/relenv/build/linux.py +++ b/relenv/build/linux.py @@ -482,8 +482,8 @@ def build_python(env, dirs, logfp): build_func=build_openssl, download={ "url": "https://github.com/openssl/openssl/releases/download/openssl-{version}/openssl-{version}.tar.gz", - "version": "3.2.4", - "checksum": "2247802a1193c0f8eb41c870e8de45a2241422d5", + "version": "3.5.4", + "checksum": "b75daac8e10f189abe28a076ba5905d363e4801f", "checkfunc": tarball_version, "checkurl": "https://www.openssl.org/source/", }, From 06211e6ffbed11c85bb01c15fb5b1e93dd5ca5a2 Mon Sep 17 00:00:00 2001 From: "Daniel A. Wozniak" Date: Fri, 3 Oct 2025 16:15:08 -0700 Subject: [PATCH 2/7] Update m2cryto version for openssl test --- tests/test_verify_build.py | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/tests/test_verify_build.py b/tests/test_verify_build.py index 6808cd32..7b03a4b7 100644 --- a/tests/test_verify_build.py +++ b/tests/test_verify_build.py @@ -7,6 +7,7 @@ import os import pathlib import shutil +import ssl import subprocess import sys import textwrap @@ -668,10 +669,7 @@ def test_pip_install_m2crypto_system_ssl(pipexec, pyexec): @pytest.mark.skip_unless_on_linux @pytest.mark.parametrize( "m2crypto_version", - [ - "0.38.0", - "0.44.0", - ], + ["0.38.0", "0.44.0", "0.46.0"], ) def test_pip_install_m2crypto_relenv_ssl( m2crypto_version, pipexec, pyexec, build, build_version, minor_version @@ -679,6 +677,11 @@ def test_pip_install_m2crypto_relenv_ssl( if m2crypto_version == "0.38.0" and minor_version in ["3.12", "3.13"]: pytest.xfail("Fails due to no distutils") + if ssl.OPENSSL_VERSION_INFO >= (3, 5) and ( + m2crypto_version.startswith("0.38") or m2crypto_version.startswith("0.44") + ): + pytest.xfail("Openssl Needs newer m2crypto") + _install_ppbt(pyexec) p = subprocess.run( From 179c5658ecc3dff37e494b7c9f8ce403e8b953a1 Mon Sep 17 00:00:00 2001 From: "Daniel A. Wozniak" Date: Fri, 3 Oct 2025 16:21:18 -0700 Subject: [PATCH 3/7] Update urls to more reliable mirror --- relenv/build/linux.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/relenv/build/linux.py b/relenv/build/linux.py index 2e59b43d..c7e754e6 100644 --- a/relenv/build/linux.py +++ b/relenv/build/linux.py @@ -551,7 +551,7 @@ def build_python(env, dirs, logfp): name="gdbm", build_func=build_gdbm, download={ - "url": "https://ftp.gnu.org/gnu/gdbm/gdbm-{version}.tar.gz", + "url": "https://mirrors.ocf.berkeley.edu/gnu/gdbm/gdbm-{version}.tar.gz", "version": "1.26", "checksum": "6cee3657de948e691e8df26509157be950cef4d4", "checkfunc": tarball_version, @@ -562,7 +562,7 @@ def build_python(env, dirs, logfp): name="ncurses", build_func=build_ncurses, download={ - "url": "https://ftp.gnu.org/pub/gnu/ncurses/ncurses-{version}.tar.gz", + "url": "https://mirrors.ocf.berkeley.edu/gnu/ncurses/ncurses-{version}.tar.gz", "version": "6.5", "checksum": "cde3024ac3f9ef21eaed6f001476ea8fffcaa381", "checkfunc": tarball_version, @@ -620,7 +620,7 @@ def build_python(env, dirs, logfp): build_func=build_readline, wait_on=["ncurses"], download={ - "url": "https://ftp.gnu.org/gnu/readline/readline-{version}.tar.gz", + "url": "https://mirrors.ocf.berkeley.edu/gnu/readline/readline-{version}.tar.gz", "version": "8.3", "checksum": "2c05ae9350b695f69d70b47f17f092611de2081f", "checkfunc": tarball_version, From 1b598b0ca297327169bd51d46f1ee64927f433a8 Mon Sep 17 00:00:00 2001 From: "Daniel A. Wozniak" Date: Fri, 3 Oct 2025 16:22:04 -0700 Subject: [PATCH 4/7] Do not swollow exception --- relenv/build/common.py | 1 + 1 file changed, 1 insertion(+) diff --git a/relenv/build/common.py b/relenv/build/common.py index 209d4cac..85f4221b 100644 --- a/relenv/build/common.py +++ b/relenv/build/common.py @@ -535,6 +535,7 @@ def fetch_file(self): if self.fallback_url: print(f"Download failed {self.url} ({exc}); trying fallback url") return download_url(self.fallback_url, self.destination, CICD), True + raise def fetch_signature(self, version): """ From 5c54d22b39a21f6bbf982cde9cf468cb498b537a Mon Sep 17 00:00:00 2001 From: "Daniel A. Wozniak" Date: Fri, 3 Oct 2025 18:11:19 -0700 Subject: [PATCH 5/7] Simplify skip check --- tests/test_verify_build.py | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/tests/test_verify_build.py b/tests/test_verify_build.py index 7b03a4b7..63f041dd 100644 --- a/tests/test_verify_build.py +++ b/tests/test_verify_build.py @@ -677,9 +677,7 @@ def test_pip_install_m2crypto_relenv_ssl( if m2crypto_version == "0.38.0" and minor_version in ["3.12", "3.13"]: pytest.xfail("Fails due to no distutils") - if ssl.OPENSSL_VERSION_INFO >= (3, 5) and ( - m2crypto_version.startswith("0.38") or m2crypto_version.startswith("0.44") - ): + if ssl.OPENSSL_VERSION_INFO >= (3, 5) and m2crypto_version in ["0.38.0", "0.44.0"]: pytest.xfail("Openssl Needs newer m2crypto") _install_ppbt(pyexec) From 22b3e9580d6f1e198c6072f5271744eec11dc1e6 Mon Sep 17 00:00:00 2001 From: "Daniel A. Wozniak" Date: Fri, 3 Oct 2025 20:13:02 -0700 Subject: [PATCH 6/7] add openssl version fixture --- tests/test_verify_build.py | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/tests/test_verify_build.py b/tests/test_verify_build.py index 63f041dd..0c904c8a 100644 --- a/tests/test_verify_build.py +++ b/tests/test_verify_build.py @@ -666,18 +666,23 @@ def test_pip_install_m2crypto_system_ssl(pipexec, pyexec): assert p.returncode == 0, p.stderr +@pytest.fixture +def ssl_version(): + return ssl.OPENSSL_VERSION_INFO + + @pytest.mark.skip_unless_on_linux @pytest.mark.parametrize( "m2crypto_version", ["0.38.0", "0.44.0", "0.46.0"], ) def test_pip_install_m2crypto_relenv_ssl( - m2crypto_version, pipexec, pyexec, build, build_version, minor_version + m2crypto_version, pipexec, pyexec, build, build_version, minor_version, ssl_version ): if m2crypto_version == "0.38.0" and minor_version in ["3.12", "3.13"]: pytest.xfail("Fails due to no distutils") - if ssl.OPENSSL_VERSION_INFO >= (3, 5) and m2crypto_version in ["0.38.0", "0.44.0"]: + if ssl_version >= (3, 5) and m2crypto_version in ["0.38.0", "0.44.0"]: pytest.xfail("Openssl Needs newer m2crypto") _install_ppbt(pyexec) From 07566d7888138a4c6d479ebbf204395b3519b1df Mon Sep 17 00:00:00 2001 From: "Daniel A. Wozniak" Date: Sat, 4 Oct 2025 00:24:05 -0700 Subject: [PATCH 7/7] Fix buggy ssl version fixture --- tests/test_verify_build.py | 55 +++++++++++++++++++++++++++++++++++--- 1 file changed, 52 insertions(+), 3 deletions(-) diff --git a/tests/test_verify_build.py b/tests/test_verify_build.py index 0c904c8a..ad3681b8 100644 --- a/tests/test_verify_build.py +++ b/tests/test_verify_build.py @@ -7,7 +7,6 @@ import os import pathlib import shutil -import ssl import subprocess import sys import textwrap @@ -666,9 +665,59 @@ def test_pip_install_m2crypto_system_ssl(pipexec, pyexec): assert p.returncode == 0, p.stderr +SSLVERSION = """ +import ctypes +import ctypes.util +import platform + +def get_openssl_version(): + ''' + Programmatically discovers the OpenSSL version using ctypes. + ''' + # Determine the library name based on the operating system + if platform.system() == "Windows": + lib_name = ctypes.util.find_library("libcrypto-3") or ctypes.util.find_library("libcrypto-1_1") + else: + lib_name = ctypes.util.find_library("crypto") + + if not lib_name: + print("Could not find OpenSSL libcrypto library.") + return None, None + + libcrypto = ctypes.CDLL(lib_name) + + # Define the C function prototypes + libcrypto.OpenSSL_version_num.restype = ctypes.c_ulong + libcrypto.OpenSSL_version.argtypes = [ctypes.c_int] + libcrypto.OpenSSL_version.restype = ctypes.c_char_p + + # Call the C functions + version_num_hex = libcrypto.OpenSSL_version_num() + version_str = libcrypto.OpenSSL_version(0).decode("utf-8") + + # Parse the numeric version + # The version number format is MNNFFPPS + major = (version_num_hex >> 28) & 0xFF + minor = (version_num_hex >> 20) & 0xFF + patch = (version_num_hex >> 4) & 0xFF + + return (major, minor, patch) + +if __name__ == "__main__": + print( + ",".join([str(x) for x in get_openssl_version()] + ) + ) +""" + + @pytest.fixture -def ssl_version(): - return ssl.OPENSSL_VERSION_INFO +def ssl_version(pyexec, tmp_path): + file = tmp_path / "script.py" + file.write_text(SSLVERSION) + ret = subprocess.run([pyexec, str(file)], capture_output=True) + print(ret) + return tuple([int(x) for x in ret.stdout.decode().strip().split(",")]) @pytest.mark.skip_unless_on_linux